NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

The Seven Steps of a Successful Cyber Attack

June 5, 2018

  • Blog
  • Archive

Advanced cyberattacks can nest inside a network for more than 200 days on average before discovery. That’s a long time for an attacker to stealthily gather private data, monitor communications and map the network.

As with any ambitious endeavor, a successful cyberattack requires careful planning and precise execution. One thing that effective hacks have in common is the ability to remain covert – right up until the moment that the time is right and the attackers strike. While the precise methods of attacks vary, they usually follow a series of similar steps, referred to as the cyberattack chain.

Here are the seven steps to a successful cyberattack:

Reconnaissance

Before launching an attack, hackers first identify a vulnerable target and explore the best ways to exploit it. The initial target can be anyone in an organization, whether an executive or an admin. The attackers simply need a single point of entrance to start. Targeted phishing emails are common in this step as an effective method of distributing malware.

Scanning

Once the target is identified, the next step is to identify a weak point that allows the attackers to gain access. This is usually accomplished by scanning an organization’s network – with tools easily found on the Internet – to find entry points. This step of the process normally goes slowly, sometimes lasting months, as the attackers search for vulnerabilities.

Access and Escalation

Now that weaknesses in the target network are identified, the next step in the cyberattack is to gain access and then escalate. In almost all such cases, privileged access is needed because it allows the attackers to move freely within the environment. Rainbow Tables and similar tools help intruders steal credentials, escalate privileges to admin, and then get into any system on the network that’s accessible via the administrator account. Once the attackers gain elevated privileges, the network is taken over and is now “owned” by the intruders.

Exfiltration

With the freedom to move around the network, the attackers can access systems with an organization’s most sensitive data – and extract it at will. But stealing private data is not the only action intruders can take. They can also change or erase files on compromised systems.

Sustainment

The attackers have now gained unrestricted access throughout the target network. Next is sustainment, or staying in place quietly. To accomplish this, the hackers may secretly install malicious programs like root kits. This allows them to return whenever they want. And with the elevated privileges acquired earlier, dependence on a single access point is no longer necessary. The attackers can come and go as they please.

Assault

Fortunately, this step is not taken in every cyberattack, because the assault is the stage of an attack when things become particularly nasty. This is when the hackers might alter the functionality of the victim’s hardware, or disable the hardware. The Stuxnet attack on Iran’s critical infrastructure is a classic example. During the assault phase, the attack ceases to be stealth. However, the attackers have already taken control of the environment. So it’s generally too late for the breached organization to defend itself.

Obfuscation

Usually the attackers want to hide their tracks, but this is not universally the case – especially if the hackers want to leave a “calling card” behind to boast about their exploits. The purpose of trail obfuscation is to confuse, disorientate and divert the forensic examination process. Trail obfuscation covers a variety of techniques and tools including log cleaners, spoofing, misinformation, zombied accounts, trojan commands, and more.

Defending Against the Seven Steps of a Cyber Attack

Almost every network is vulnerable to cyberattack. According to Mandiant, 97% of organizations have already been breached at least once. And perimeter security tools, like next generation firewalls, offer little real protection against advanced, targeted attacks.

The key to blocking a cyberattack is controlling privileged access. Each step beyond number three in the process described above requires privileged credentials to succeed.

Our privileged identity management solution can automatically discover privileged accounts throughout the network, bring those accounts under management, and audit access to them. Each privileged credential is updated continuously. So even if an intruder compromises a credential, it cannot be leveraged to leapfrog between systems and extract data.

If you have the ability to control privileged access, a cyberattack can be mitigated. Otherwise, study the damage done to Target, Sony Pictures and others – and prepare your crisis management team accordingly.


Webcasts

The 7 Steps to a Successful Cyberattack: How to Defend Against Them

Photograph of Chris Stoneff

Chris Stoneff, VP Security Solutions, Development

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.