In this lecture we will discuss the fundamental phases of a cyber attack. The first phase, reconnaissance, will be covered in detail here, while the remaining phases will be covered in the Attack lecture.

What is a "Cyber Attack"?

Conceptual View of an Attack

Phases of an Attack


For this class, we define a cyber attack as occurring in three basic phases:
The following sections discuss these three phases, with an emphasis on reconnaissance

Phase I: Reconnaissance


The goal of the reconnaissance phase is to identify weak points of the target. A successful military strategist would dedicate ample resources on reconnaissance to find weaknesses in the enemy's defenses or to assess the enemy's capabilities. In either case, any information gathered about the target may be the crucial piece needed to reveal a critical weakness in defense or an unknown offensive capability of the enemy. Hacker on computer

A cyber attack is not all that different than a military attack. A cyber attacker will dedicate a significant amount of time observing and probing the target computer network to find weaknesses in its defense. Any weakness found may lead to infiltration of the target network. Here is a list of some critical information that should be obtained during the reconnaissance phase:

This information is obtained by scouring all the resources available to the attacker using two distinct methods: passive and active.

Phase II: Infiltration & Maneuver

Phase III: Exfiltrate & Maintaining Access