Cyber Security Blog & News

Four Phases of an Attack That Small Businesses Should Know at All Times


With the recent cyber attack headlines and the latest Cyber Security Framework (released by the fed govt), it’s easy to get information overload. Small businesses are increasingly targeted by hackers — due to a perceived lack of resources; these attackers are after intellectual property, client protected information, bank account numbers, and more. Will your latest antivirus software update prevent these ongoing attacks? The short answer is… no! If we were to break down the threat landscape and define threats in terms of ‘methods’, we would discover four categories. These categories, or phases of an attack, are: First Contact, Local Execution, Establishing Presence, and Malicious Activity. As you’ve noticed, I’ve ‘bolded’ Establishing Presence. This is the phase where our anti-virus software finally comes into play and identifies the threat. This is only if the anti-virus software recognizes the threat, that is, if an existing signature for the threat is known. Some viruses are so ‘new’ that anti-virus software fails to identify them as threats during a routine scan. This is why it’s so important to not only understand the phases, but also learn about the different ways of preventing each stage. So here is some general information about each phase of a cyber attack.

First Contact This is how the attacker first crosses path with its victim. The interaction is usually via a malicious web site, but can also occur through email or infected devices, such as external storage devices. To avoid initial contact, you need a filter that stops the attack before it reaches your desktop.

Local Execution Once there is contact, the attacker runs their malicious code on your machine. This is referred to as the ‘breaking in’ phase. The virus embeds itself on hardware, applications, or your operating system. It looks for flaws in your current software applications, or even weak passwords. When that flaw is identified it writes its code and moves on to phase three.

Establishing Presence At this point the attack, or virus, preserves itself, ‘setting up shop’ on your machine. It can block access to security software updates, change web browser security settings, or even hide itself in known good processes. And as mentioned before, this is where antivirus software comes into play, only if it is known threat or there is an existing signature for it. If you’ve reached this phase without detection, it is too late!

Malicious Activity And finally the attacker can start stealing information as it departs your system. This information includes customer bank accounts, intellectual property, financial records, passwords, and other identity information.

So how can a business help protect itself for any or all phases of a cyber attack? Simple… a layered, comprehensive and solid security management approach. The first step in achieving this is to consult with a cyber security company that can ensure that your resources are not compromised by running a security health check, as well as providing suggestions and procedures on remediation and management.