This is what is meant by the term hacking attack Detection of vulnerabilities in a computer system or network to exploit the resulting security vulnerabilities. These targeted attacks are carried out by a so-called "hacker".
In general, the hacker has established himself as a self-taught personality or even a rogue programmer who is able to modify application programs, for example. This gives it functions and behavior that were not intended by the developers when originally programmed.
However, this motive is considered to be a very narrow view that does not even begin to encompass the broad spectrum of reasons a person would turn to the hacking attack. In this context, a white hat hacker is pursuing ethical intentions and, with the permission of the owner, tries to identify a system for security gaps in order to close them again in the next step. If the hacker does not have the permits and still operates, he is breaking the law and making himself liable to prosecution.
In 1950, members at MIT first used the term "hacking" as an attack to create potential solution processes for a technical problem.
Basically, the "hacking" attack is about overcoming original restrictions and about the need to find new application possibilities and solution strategies through manipulation.
Phreaking (a subculture of hacking attack), for example, focuses on telephony security mechanisms and the manipulation of telephone lines.
In addition to the technical nature of the hacking attack, the human factor (Social Engineering) into account, for example to trick a user into downloading a malicious attachment or revealing personal information.
The attacker thus tries to trick a person into actions that have a negative effect on the company and a positive effect on the hacking attacker.
We are already on the categorization of hackers as well as various methods
like Man in the Middle, Brute Force or Denial of Service Attacks.
In this section we at ProSec want to enlighten you about the different phases of a hacking attack. It is important to mention that we are not on the level of the script kiddies here, but on the level of the technical attacker or even APT. Attacks in this area usually follow a pattern and require a certain amount of preparation time. This scheme is often referred to as the attack chain.
The phase before a hacking attack is known as “gathering information”, i.e. selecting potential victims. Either the target that is to be used for the attack is already known in advance, or research is being carried out in this regard in order to identify a possible target.
First comes the reconnaissance phase, scouting over the target determined before the hacking attack. This includes, among other things, researching which applications and systems are in use, which employees are working and which information is already visible to the "outside". Basically, the hacker thinks about potential ways in which a network break-in could be successful.
Depending on the size of the company and interest in damage, the duration here can vary.
Once all the information necessary for an attack has been gathered, the weaponization phase follows. This includes developing suitable malware in order to later be able to carry out a remote code execution or to find out how the hacker can later spread in the network in the event of a hacking attack (lateral movement).
Here, too, the complexity varies depending on the know-how of the attacker.
See also the wiki text Threat Modeling.
The delivery phase is the delivery to a device to be infected. Basically, you're trying to "deliver" the previously developed malware to the target network. The only thing that is missing afterwards is that the “human factor” helps out here and is exploited as a supplier. A classic example is the attachment to a phishing email or the USB stick in the parking lot.
In the exploit phase of the hacking attack, the malware is now executed in order to take advantage of the vulnerability information collected in advance. This can be, for example, outdated machines that pose an increased security risk
The installation phase, as the name suggests, installs the malware on the target computer, for example to create a "backdoor" and thus load additional payloads or store so-called "droppers". This refers to independently executable programs that are used to release malicious programs. An example of one that everyone knows is Emotet.
Once the malware is installed and the exploit is successful, the hacker has remote access to the infected machine. This is known as the Command & Control phase and gives the hacker permanent access.
The last phase is the Actions on Objective,
so to speak, the target of the hacking attack. This can be:
Encrypting the data on the system for a ransom (classic ransomware)
Data exfiltration (to access sensitive data such as customer data, etc.)
Destroying the data (simply to cause damage)
to manipulate information
Attacking other companies present in the supply chain (watering hole)
Constant outflow of information
damage to reputation
The attacker can then plan how to proceed with the hacking attack in the victim's internal network, with options for concealing traces.
The hacking attack described above can be simulated in a practical manner by means of a penetration test. For this purpose, ProSec GmbH uses various methodologies and guidelines such as "PTES". This is referred to as a guideline that establishes a certain standard.
We uncover your vulnerabilities to give you an overview of your security gaps and the potential possibilities of a hacking attack. We recommend carrying out regular penetration tests, in which the organisations, networks and systems are checked for potential vulnerabilities and a hacking attack can be prevented.
