Computer networks are hacked all the time, but what does that really mean?  How does hacking work?  There are a number of different individual approaches that clever cybercriminals use, but there is a common overall strategy.  If you have a computer nerd curiosity, here’s an overview of the approach.

Based on the Lockheed Martin Cyber Kill Chain, here’s a high-level summary of how attacks are planned and carried out as described by OpenDNS:

1. Recon

The attacker discovers trusted email and website addresses, also probes networks and systems for weaknesses.  This can include harvesting email addresses, capturing information through wi-fi breaches, and other approaches.

2. Stage

This is the planning phase for the attack.  The infrastructure for launch, install and callback steps are created.  Multiple pre-built cybercrime kits or custom code is used to build payloads.  In addition, multiple networks and systems are staged to host initial payloads, malware drop hosts, and botnet controllers.

3. Launch

Attacker sends or spoofs emails, or injects malicious ads or scripts into websites.

4. Exploit

Vulnerable software executes code or the user is tricked into executing code.   This is when you get an email that looks like it’s from a friend but it really isn’t, or you click on an ad in a website that looks legitimate but takes you to an infected site.

(Other exploit emails include fake UPS delivery notices and bank account confirmations.  Most recently, hackers are trying to exploit the Microsoft Windows 10 upgrade by worrying the user into believing that the upgrade has caused computer damage.)

5. Install

The code infects your system, modifies privileges, scans the environment and then connects to the malware drop host.

6. Callback

Nearly every time the compromised system calls back to a botnet server.  This is when the attacker gains command and control and will either receive new instructions, or if the target data has been acquired, to steal it.  This could happen immediately, several months from now, or even later.

7. Persist

The attacker repeats steps 4 through 7 until actions on their objectives (such as stealing personal information, client information, etc.) are fully achieved.

Compromises can happen in seconds, even though noticeable damage might not be revealed for days, months or years.   Now that you know how breaches occur, be vigilant at your computer, phone and tablet to avoid becoming a victim.