Anatomy of an Attack

From Spear Phishing Attack to Compromise in Ten Steps

Detecting Targeted Attacks Means Understanding How Attackers Operate

Skilled, determined attackers can break, enter and succeed within minutes. Other times, they spend days plotting, establishing backdoors and fortifying their positions inside your company. This sophistication and persistence presents challenges for those trying to scope, contain and remediate the threat. Here's what a typical economic espionage attack looks like.

  1. The attacker sends a spear phishing e-mail to gain entry to target.
  2. When the victim opens the attachment, custom malware is installed.
  3. The custom malware beacons to a command and control web site and pulls down additional malware.
  4. The attacker establishes multiple backdoors to ensure access can be maintained if the other systems are found.
  5. The attacker now has access to the system and dumps account names and passwords from the domain controller.
  6. The attacker cracks the passwords and now has access to legitimate user accounts to continue the attack undetected.
  7. The attacker performs reconnaissance to identify and gather data.
  8. Data is collected on a staging server.
  9. Data is exfiltrated from the staging server.
  10. The attacker will cover their tracks by deleting files but can return at any time to conduct additional activity.