Identifying suppliers and customers may involve ‘social engineering’ where a hacker makes bogus sales calls to the company.Īmong publicly available data, hackers collect Internet Protocol (IP) address information and run scans to determine what hardware and software the target company is using. Company websites and online contact resources such as Linkedin are two obvious sources for researching key people in organizations. At this stage, hackers are asking themselves who the important people in the company are, who they do business with, and what public data is available about the target organization. The whole point is getting to know the target. Targeted phishing emails are common as an effective method of distributing malware in this phase.
Attackers need only a single point of entrance to get started. The initial target can be anyone in the company.
In the reconnaissance phase, hackers identify a vulnerable target and explore how to exploit it. Phase one: Reconnoitring a target for hacking This provides a common basis for understanding how and when threats arise so that vigilance, prevention, and effective responses can be optimized,” said Trond Solberg, Managing Director, Cyber Security, DNV. “While the specifics of individual attacks may vary, it is possible to define seven phases of a cyber-attack. Instead of attacking their primary targets directly, they have targeted less secure vendors that those targets use. Hackers have also been using a new attack vector that has not been seen before. Increasingly, attacks have targets the disruption of services rather than seeking to steal data for financial gain. In some recent high-profile incidents, hackers’ motives have also changed. This presents a 24/7 challenge for cyber security teams, who need to know where their operations are exposed to threats before hackers can find them. Cyber-attacks to critical infrastructure are becoming more common, complex and creative. Seven phases of a cyber-attack remain fundamental to understanding how hackers access and exploit critical infrastructureĬhange is a constant in the never-ending contest between cyber security teams and hackers.
Recognizing the seven stages of a cyber-attack - DNV Sectors Services Insights About us Sign in Sign in to Veracity Open menu Open search