Vulnerability Exploitation
Exploiting vulnerabilities is another common method of infiltration. Attackers will scan computers to gain information about them. Below is a common method for exploiting vulnerabilities:
Step 1. Gather information about the target system. This could be done in many different ways such as a port scanner or social engineering. The goal is to learn as much as possible about the target computer.
Step 2.One of the pieces of relevant information learned in step 1 might be the operating system, its version, and a list of services running on it.
Step 3. When the target’s operating system and version is known, the attacker looks for any known vulnerabilities specific to that version of OS or other OS services.
Step 4. When a vulnerability is found, the attacker looks for a previously written exploit to use. If no exploits have been written, the attacker may consider writing an exploit.
Figure 1 portrays an attacker using whois, a public Internet database containing information about domain names and their registrants. Figure 2 portrays an attacker using the nmap tool, a popular port scanner. With a port scanner, an attacker can probe ports of a target computer to learn about which services are running on that computer.
Advanced Persistent Threats
One way in which infiltration is achieved is through advanced persistent threats (APTs). They consist of a multi-phase, long term, stealthy and advanced operation against a specific target. Due to its complexity and skill level required, an APT is usually well funded. An APT targets organizations or nations for business or political reasons.
Usually related to network-based espionage, APT’s purpose is to deploy customized malware on one or multiple of the target’s systems and remain undetected. With multiple phases of operation and several customized types of malware that affect different devices and perform specific functions, an individual attacker often lacks the skill-set, resources or persistence to carry out APTs.