YOU ARE AT:FundamentalsStages of a cyber attack

Stages of a cyber attack

Virtual networks: a bullseye for hackers

Virtualization of networks are on the rise as are cyber attacks. According to a report by FireEye and Mandiant, approximately 97% of organizations have had at least one hacker bypass there defense architecture. Moreover, network security devices like next generation firewalls are often outmatched by sophisticated strikes. Like most major attacks, successful cyber attacks are arranged and meticulously implemented. Although breaching tactics may differ in details, they often progress through similar stages. Here is a list of steps successful cyber attacks often take.


Prior to the attack, hackers gather as much information about a company as possible. They seek a vulnerable target, whether it be a company website or third party. Once the intruders determine a place of entry, they can select their ammunition. Target phishing emails, for instance, are often chosen as a way of spreading malware.


After the target is located, the hackers identify a soft spot that enables them to obtain access. They use common tools on the internet to scan a company’s network to pinpoint these areas. It can often take months for hackers to scan for vulnerabilities.

Take control

The intent of an attack is usually to secure resources, from finances to sensitive information. Tools like Rainbow Tables allow hackers to take credentials and infiltrate any system that the administrator account has access to. Once the hackers have seized elevated privileges, they can take control of the network.

Maintain access

The next step for the invaders is to ensure control over the network is maintained for the amount of time needed to fulfill their tasks. At this point, the hackers have overcome various security controls, but are more likely to be uncovered. Intrusion and extrusion detection methods include moving content to external sites and internal devices; thwarting initiation between data center servers and networks; finding connections to nonstandard protocols; and noticing abnormal network or server operations.


The assault phase doesn’t occur for every cyber attack. Hackers might resort to modifying or disabling a user’s hardware. Unfortunately, even if the intruders are exposed at this stage of the game, it’s too late since they have control of the network.


It might seem commonsensical to hide one’s fingerprints following a crime, but hackers aren’t exactly commonsensical. Some intruders will leave a mark behind as a staple claiming authorship of the stunt. In addition, the tactic is commonly used to bewilder the forensic examination process. Many trail techniques are used including log cleaners, zombified accounts and Trojan commands, to name just a few.

Combat the hacks

Detecting threats early as they occur in real time is essential to shielding a network from a successful cyber attack. With the noted list in hand, network operators can recognize when a system is being breached and take the necessary steps to keep intruders at bay.


Nathan Cranford
Nathan Cranford
Nathan Cranford joined RCR Wireless News as a Technology Writer in 2017. Prior to his current position, he served as a content producer for GateHouse Media, and as a freelance science and tech reporter. His work has been published by a myriad of news outlets, including COEUS Magazine, dailyRx News, The Oklahoma Daily, Texas Writers Journal and VETTA Magazine. Nathan earned a bachelor’s from the University of Oklahoma in 2013. He lives in Austin, Texas.

Editorial Reports

White Papers


Featured Content