The Five Phase Approach of Malicious Hackers, typically approach an attack using five common phases.
It is important to understand these phases of hacking attacks in order to better defend against them. Here we’ll discuss the five hacker phases to better understand them and how they relate to each other.
1. Reconnaissance:-
Before hacking your Online business or corporate infrastructure, hackers first perform routine and detailed reconnaissance. Hackers must gather as much information about your business and networks as possible. Anything they discover about their target (you) can be valuabe during their attack phases.
2. Scanning (Network & System):-
Hackers may be either general hackers or specialized hackers, such as phreakers, but their intent is majorily the same to access information and services that they should not gain access to. In many ways, this phase of network scanning is an extension of the reconnaissance phase. Hackers want to learn more about your network mapping, phone system structure, and internal informational architecture. Learning what routers, firewalls, IDS systems, and other network components exist can lead hackers to beneficial hacking information by researching known vulnerabilities of known network devices. Typically, hackers perform port scans and port mapping, while attempting to discover what services and versions of services are actively available on any open or available ports.
3. Gaining Access:-
Open ports can lead to a hacker gaining direct access to services and possibly to internal network connections. This pahse of attack is the most important and the most dangerous. Although some hack attacks don’t need direct network access to damage your business, such as Denial of Services (DoS), simple methods of attack are available to network-connected hackers including session hijacking, stack-based buffer overflow, and similar security exploits. Smurf attacks try to get network users to respond and the hacker uses their real IP Addresses to flood them with problems.
4. Maintaining Access:-
Hackers may choose to continue attacking and exploiting the target system, or to explore deeper into the target network and look for more systems and services. Not all attackers remain connected to the exploited network, but from a defensive strategy it must be expected. Hackers may deploy programs to maintain access by launching VNC clients from within your network, providing access to external systems, opening Telnet sessions and similarly serious services like FTP and SSH, or upload rootkits and Trojans to infiltrate and exploit your network and systems to the point where they have complete root level control.
5. Cover Tracks:-
Most hackers will attempt to cover their footprints and tracks as carefully as possible. Although not always the case, remove proof of a hacker’s attacks is their best defense against legal and punitive action. It is most likely that low-end hackers and newbie hackers will get caught at a much higher rate than expert level hackers who know how to remain hidden and anonymous.
These five phases of a hacker’s attack loop back to the beginning. A successful attack with maintained access often results in continuing reconnaissance.
It is important to understand these phases of hacking attacks in order to better defend against them. Here we’ll discuss the five hacker phases to better understand them and how they relate to each other.
1. Reconnaissance:-
Before hacking your Online business or corporate infrastructure, hackers first perform routine and detailed reconnaissance. Hackers must gather as much information about your business and networks as possible. Anything they discover about their target (you) can be valuabe during their attack phases.
2. Scanning (Network & System):-
Hackers may be either general hackers or specialized hackers, such as phreakers, but their intent is majorily the same to access information and services that they should not gain access to. In many ways, this phase of network scanning is an extension of the reconnaissance phase. Hackers want to learn more about your network mapping, phone system structure, and internal informational architecture. Learning what routers, firewalls, IDS systems, and other network components exist can lead hackers to beneficial hacking information by researching known vulnerabilities of known network devices. Typically, hackers perform port scans and port mapping, while attempting to discover what services and versions of services are actively available on any open or available ports.
3. Gaining Access:-
Open ports can lead to a hacker gaining direct access to services and possibly to internal network connections. This pahse of attack is the most important and the most dangerous. Although some hack attacks don’t need direct network access to damage your business, such as Denial of Services (DoS), simple methods of attack are available to network-connected hackers including session hijacking, stack-based buffer overflow, and similar security exploits. Smurf attacks try to get network users to respond and the hacker uses their real IP Addresses to flood them with problems.
4. Maintaining Access:-
Hackers may choose to continue attacking and exploiting the target system, or to explore deeper into the target network and look for more systems and services. Not all attackers remain connected to the exploited network, but from a defensive strategy it must be expected. Hackers may deploy programs to maintain access by launching VNC clients from within your network, providing access to external systems, opening Telnet sessions and similarly serious services like FTP and SSH, or upload rootkits and Trojans to infiltrate and exploit your network and systems to the point where they have complete root level control.
5. Cover Tracks:-
Most hackers will attempt to cover their footprints and tracks as carefully as possible. Although not always the case, remove proof of a hacker’s attacks is their best defense against legal and punitive action. It is most likely that low-end hackers and newbie hackers will get caught at a much higher rate than expert level hackers who know how to remain hidden and anonymous.
These five phases of a hacker’s attack loop back to the beginning. A successful attack with maintained access often results in continuing reconnaissance.
Join The Community