Startertutorials Blog
Tutorials and articles related to programming, computer science, technology and others.
Subscribe to Startertutorials.com's YouTube channel for different tutorial and lecture videos.

Categories: Security and Hacking. 1 Comment on How Cybercriminals Plan Attacks
4
(27)

In this article we will have a look at how cybercriminals plan attacks. This article describes all the phases in performing cyber attacks like reconnaissance, scanning & scrutinizing, and launching an attack.

 

Watch this video to learn how cybercriminals plan attacks:

 

Cybercriminals commit cybercrimes using different tools and techniques. But, the basic process of performing the attacks is same in general. The process or steps involved in committing the cybercrime can be specified in 5 steps namely:

1) Reconnaissance
2) Scanning and Scrutinizing
3) Gaining Access
4) Maintaining Access and
5) Covering the tracks

 

The simplified or condensed process consists of 3 steps namely:

1) Reconnaissance
2) Scanning and Scrutinizing and
3) Launching an Attack

 


Subscribe to our monthly newsletter. Get notified about latest articles, offers and contests.


The 3 step process of how cybercriminals plan attacks is illustrated in the below image.

 

How Cybercriminals Plan Attacks

 

Reconnaissance

Reconnaissance is an act of exploring to find someone or something. Reconnaissance phase begins with Footprinting. Footprinting involves gathering information about the target’s environment to penetrate it. It provides an overview of system vulnerabilities. The objective of this phase (reconnaissance) is to understand the system, its networking ports and services, and any other related data. An attacker attempts to gather information in two phases: a) passive and b) active attacks.

 

Passive Attacks

This attack is used to gather information about a target without their knowledge. These attacks include:

  • Google or Yahoo search
  • Facebook, LinkedIn, other social sites
  • Organization’s website (target)
  • Blogs, newsgroups, press releases, etc
  • Job postings on Naukri, Monster, Craiglist, etc
  • Network sniffing

 

Active Attacks

This attack involves exploring the network to discover individual hosts to confirm the data gathered using passive attacks. This attack involves the risk of being detected and so it is called “Active Reconnaissance”. This attack allows the attacker to know the security measures in place.

 

Scanning and Scrutinizing

Scanning involves intelligent examination of gathered information about target. The objectives of scanning are:

  • Port scanning
  • Network scanning
  • Vulnerability scanning

 

Scrutinizing is also called enumeration. 90% of the time in hacking is spent in reconnaissance, scanning and scrutinizing information. The objectives are:

  • Find valid user accounts or groups
  • Find network resources or shared resources
  • OS and different applications running on the target

 

Launch an Attack

An attack follows the below steps:

  • Crack the password
  • Exploit the privileges
  • Execute malicious software (backdoor)
  • Hide or destroy files (if required)
  • Cover the tracks

 

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Suryateja Pericherla

Suryateja Pericherla, at present is a Research Scholar (full-time Ph.D.) in the Dept. of Computer Science & Systems Engineering at Andhra University, Visakhapatnam. Previously worked as an Associate Professor in the Dept. of CSE at Vishnu Institute of Technology, India.

He has 11+ years of teaching experience and is an individual researcher whose research interests are Cloud Computing, Internet of Things, Computer Security, Network Security and Blockchain.

He is a member of professional societies like IEEE, ACM, CSI and ISCA. He published several research papers which are indexed by SCIE, WoS, Scopus, Springer and others.

1 Comment

You can follow any responses to this entry through the RSS 2.0 feed.

Please post yoyr document for the Fuel for Cyber Crime

I am Dr PL Pradhan CSE Professor

pradhan.cse@nmrec.edu.in

Leave a Reply

Your email address will not be published. Required fields are marked *