The 7 Stages Of Cyber Attack

The 7 Stages Of Cyber Attack - MediaOne Marketing

There is no question that technology plays a crucial role in our lives today. Everything from banking to e-commerce to government depends on the internet in one way or another. While all these areas work hard to maintain security, there is always the potential for threats to arise from within.

What exactly is a cyberattack?

A cyberattack is a malicious act that takes place within the cybersecurity perimeter – in other words, during the time when a computer or network is accessible to hackers. So, while the attack itself might be perpetrated from outside the network, the damage is done from within. This sort of attack is typically carried out by hackers for the purpose of stealing confidential information, disrupting services, or causing economic damage.

get google ranking ad

That being said, these attacks aren’t necessarily limited to harming computer hardware and files. There are many ways that ransomware attacks cripple businesses and leave a lasting impact on individuals.

The Rise In Ransomware Attacks

The cost of a ransomware attack can be measured not only in monetary terms, but also in the time it takes to restore one’s data. The latter is especially relevant if one is reliant on productivity apps like Microsoft Office or Adobe Acrobat, as many businesses and organizations are. A successful ransomware attack can thus be considered a business and productivity loss scenario par excellence.

According to the Norton cybersecurity report, titled ‘State of Cybersecurity in 2022’, 47% of respondents reported that they had experienced a ransomware attack in the past year. This figure rose to 62% among businesses and organizations in the Asia-Pacific region.

Although the number of incidents is reportedly on the rise, Google security advisor Tim Wu wrote in a blog post that ransomware is no longer solely a ‘biter’s bane’ and can be used for innovative and pragmatic purposes.

“Ransomware started out as a way for hackers to make money. Now that they’ve developed a tool that can be used for legitimate purposes, they’re finding ways to put that tool to practical use,” Wu wrote. “For example, cybercriminals might use ransomware to temporarily disrupt the functioning of a website or an organization’s IT infrastructure, in order to make a point or to extort money from the organization.”

How Do Ransomware Attacks Work?

To put it simply, ransomware attacks work on the basis of tricking users into paying a ransom in order to regain access to their data. Once this is accomplished, the hackers have access to the computer or network – and can then move about at will, stealing files and inserting malware at will. In the meantime, the business or individual has lost a potential source of income as well as the ability to function productively during the course of the attack.

The bad news is that this tactic is highly effective. According to a report by Envisional, 92% of respondents would pay a ransom to retrieve their data if they experienced a ransomware attack.

This number rose to 96% in the case of a WannaCry attack and 98% in the case of an attack by the NotPetya ransomware.

ALSO READ  Avoid The Top 10 Branding Mistakes

The Impact On Normal Users

While businesses and organizations have been the primary targets of ransomware attacks, normal users have also been affected. In fact, 48% of respondents in the Norton survey reported that they’d sustained some damage as a result of a ransomware attack.

This is mainly due to the fact that many ransomware attacks are now cryptojacking-based, meaning that they depend on users downloading and installing legitimate-looking cryptojacker malware. Once this is accomplished, the user’s device is free to mine cryptocurrencies for the hacker.

Where Do These Attacks Come From?

The primary source of ransomware attacks is now considered to be Eastern Europe and Asia. In fact, the Russian Federation is known to be a hotbed of cyber activity, so it’s no wonder that a third of all ransomware attacks are linked to Russia.

Further complicating the issue, the United States recently accused Russia of interfering in the 2020 U.S. presidential election, and unveiled a series of sanctions against the country. Most recently, the U.S. government charged a Russian national with attempting to sell malware that could infiltrate American democracy and influence elections.

What’s more, the spread of mobile devices – and the continuous increase in the number of people using them – has made it easier for hackers to target individuals. As we’ve already established, mobile devices can be more vulnerable to cyberattacks than larger computers, meaning that hackers can access and damage them with relative ease.

Red Flags To Look Out For

The 7 Stages Of Cyber Attack

While there are many reasons why someone would want to steal your personal data, it’s always best to be on the lookout for something that doesn’t seem right. This way, you can be sure that your data is safe and that the people trying to steal it aren’t going to do any harm.

Here are some of the most common red flags that should raise suspicion and cause you to take action:

  • Vague or strange emails.
  • Anomalous network activity.
  • Inconsistent or misleading behavior on the part of the person you’re dealing with.
  • A sudden increase in communication with unknown parties.
  • Too much data being transferred for no apparent reason.

How Can One Safeguard Himself/herself From Getting Caught In A Ransomware Attack?

The first step in safeguarding oneself from getting caught in a ransomware attack is to ensure that all software is up-to-date. It is also advisable to change one’s passwords frequently and to use different passwords for different accounts. Another important step is to ensure that all security devices and software are functioning correctly. Lastly, it’s essential to be vigilant and aware of one’s surroundings – especially whilst using public Wi-Fi. When connected to such networks, one becomes vulnerable to cyberattacks because one’s personal data is readily accessible to everyone around them.

The takeaway from all this is that technology constantly evolves and changes, meaning that even those in the know can become vulnerable to cyberattacks if they aren’t careful enough. With this in mind, it’s important to be mindful of one’s own security and to take the necessary precautions. As for the future of cyberattacks, it’s hard to say with certainty yet. What we can do, however, is prepare for and mitigate against these threats – which is exactly what businesses and organizations must do if they want to keep their data secure.

ALSO READ  A Productivity Hack to Help You Tackle Your Content Marketing To-Do List

Although most cyber attacks are perpetrated by malicious individuals, sometimes the threat is more far-reaching and comes from a nation-state. This is why it is considered a national security issue in many countries.

Here are the seven stages of a cyber attack as defined by the National Institute of Standards and Technology (NIST):

Initial Cyber Attack

The initial cyber attack stage begins when a cyber criminal (cracker) accesses a website or an email account and attempts to gain access to sensitive information. This stage can last for several days or weeks before the victim notices any suspicious activity.

During this stage, the cyber criminal is gathering information, mainly email addresses, which they will use in later stages of the cyber attack. This is the easiest stage to detect because it is the earliest stage of the attack and there will be no sophisticated hide-and-seek tactics used to avoid detection.

The Lying In Wait Stage

The second stage is called the lying in wait stage and it begins when the cyber criminal decides to attack. At this point, the cyber criminal will be planning and preparing the attack, possibly for several weeks. They will be doing this in secret, using a variety of tactics, including social engineering, to avoid being detected.

During this stage, the cyber criminal will start spreading false information about the victim, hoping to trick them into giving away sensitive information. For example, the cyber criminal may start a rumor that a certain company’s server has been infected with a virus. If the victim follows the trail of this rumor to investigate, they will discover that the server has in fact been compromised but by this stage of the attack, the damage may already have been done.

The Weaponization Stage

The weaponization stage starts when the cyber criminal takes action and begins installing malware, or malicious software, on the targeted computer. This software can perform various tasks, from stealing passwords to tracking the movement of the target and storing this information in a database.

During this stage, the cyber criminal may use several different methods to gain access to the computer. One way is to exploit a known vulnerability in the computer’s operating system. They may also use social engineering to trick the user into installing the malware. Once installed, the malware will begin operating in the background, carrying out its assigned tasks without the user’s knowledge or consent.

ALSO READ  Top Furniture Assembly Service Providers in Singapore

The Delivery And Installation Of Malware

The delivery and installation of malware stage begins when the cyber criminal hands over the weaponized computer to the target. They will do this in person or through an intermediary, such as a digital marketing agency or a public relations firm. Alternatively, the cyber criminal may use a delivery service to ‘outsource’ the delivery and installation process.

The target will then begin downloading and installing the malware onto their computer, which could take several hours to complete. Once installed, the malware will begin operating in the background, doing its dirty work.

The Monitoring And Harvesting Of Data

The monitoring and harvesting of data stage begins when the malware starts recording and storing information about the victim’s activities, including their keystrokes, emails, browsing histories, and phone calls. These are all details that the cyber criminal can use to access the victim’s personal information if needed.

This information can then be used to develop a profile of the victim and build a database of all the details they can get their hands on. This information can then be used for identity theft or financial gain through the commission of illegal activities, such as credit card fraud. Alternatively, the cyber criminal may sell this information to other criminals or hackers for a profit.

The Final Stages

The final two stages of a cyber attack are called the resolution stage and the post-resolution stage. In the resolution stage, the cyber criminal will be analyzing the data they have gathered and either deleting or renaming the recorded files, removing any backdoors, and patching any security faults. Finally, the cyber criminal will destroy all evidence of the criminal act.

In the post-resolution stage, the cyber criminal will be continuing to monitor the targeted computer or mobile device and ensure that no traces of the illegal activity remain. This is why the post-resolution stage is often called ‘cleaning up’ or ‘scrubbing’ the system.

Cybersecurity hack: 5 things you can do right now to protect yourself

This seven-stage framework is a generalized guide to follow in order to properly deal with a cyber attack. However, in the beginning, you should always assume that your computer or mobile device is infected with malware until you get proof otherwise. And whenever possible, always avoid clicking on suspicious links or opening suspicious files because they may all be part of the attack. As a general rule, it is always best to be on the safe side and avoid installing software applications from sources that you do not trust.

This article is meant to help you make the right decision when it comes to your personal safety and security. Remember, safety and security on the internet should not come at the expense of convenience. If you want to stay safe, you must sometimes make the choice between convenience and security. But the truth is, as long as you are not a target of a cyber attack, you will never be truly at risk.

About the Author

Tom Koh

Tom is the CEO and Principal Consultant of MediaOne, a leading digital marketing agency. He has consulted for MNCs like Canon, Maybank, Capitaland, SingTel, ST Engineering, WWF, Cambridge University, as well as Government organisations like Enterprise Singapore, Ministry of Law, National Galleries, NTUC, e2i, SingHealth. His articles are published and referenced in CNA, Straits Times, MoneyFM, Financial Times, Yahoo! Finance, Hubspot, Zendesk, CIO Advisor.


Search Engine Optimisation (SEO)

Baidu SEO: Optimising Your Website for Chinese Audiences

In today’s interconnected world, expanding your online presence to capture international markets has become essential. When targeting the Chinese market, …

Enterprise SEO: Everything You Need to Know

Are you looking to enhance your online presence and boost organic traffic to your website? If you’re operating on a …

10 Tested SEO-optimised Content Development Techniques

Content development refers to creating or improving material that conveys information to a particular audience. In addition to textual material …

7 Emerging Skills Every SEO Must Master in 2023

7 Emerging Skills Every SEO Must Master in 2023 One thing almost all SEOs can agree on is that SEO …

How to Use Keyword Intent to Maximize Conversion Rate

After keyword research, you’re armed with a list of potential keywords to target.  Let’s say one of the keywords is …

Search Engine Marketing (SEM)

Leveraging Social Media for Search Engine Marketing (SEM)

You’ve probably heard of social media, and how important it is to businesses and marketers. Chances are, you use one …

PSG Grants: The Complete Guide

How do you kickstart your technology journey with limited resources? The Productivity Solution Grant (PSG) is a great place to …

Is SEO Better Or SEM Better?

I think we can all agree that Google SEO is pretty cool! A lot of people get to enjoy high …

How To Remove A Web Page Without Affecting Overall SEO

Before removing an old page from your website, do you ever stop to think about the potential effect it might …

Toxic Links Threats and Disavows: Complete SEO guide

Your website is only as strong as the backlinks you have. We’re not talking numbers here but quality.  If you …

Social Media

How to Find Influencers to Promote Your Small Business in Singapore (Low Cost)

In today’s digital age, social media influencers have become powerful tools for businesses looking to increase their brand awareness and …

Instagramming Your Way to Success: Tips for Effective Social Media Marketing in the Travel Industry

Social Media has revolutionised how businesses connect with their audience. In the travel industry, where experiences and visuals play a …

The Rise of Influencer Marketing: Leveraging Social Media to Promote Your Travel Planning Agency

Social media has become an integral part of our daily lives. People from all walks of life use social media …

App Marketing on a Budget: Cost-Effective Strategies for Maximum Impact

In today’s digital landscape, app marketing plays a crucial role in driving the success of your mobile application. However, many …

Leveraging Influencers: A Powerful Tool for App Promotion

The digital landscape is continuously evolving, attention is divided among countless apps and platforms, and app promotion has become more …


The Rise of Influencer Marketing: Leveraging Social Media to Promote Your Travel Planning Agency

Social media has become an integral part of our daily lives. People from all walks of life use social media …

8 Strategies for Bug Hunting: Debugging, Testing, and Code Review

Bugs are among the most unpleasant aspects of the software development process, whether you’ve worked on a little side project …

How Does A Virtual Private Network Work

If you’re reading this, I assume you’re either a small business owner who’s looking to expand your reach, or an …

Digital Identity Theft: How to Protect Yourself from Scams and Fraud

We are always online in this day and age of technology, which makes personal data more exposed than ever. Digital …

The Legal Consequences of Cybersecurity Breaches in Singapore

Technology has advanced greatly in the digital age. It paves the way for a higher risk of cybersecurity breaches. There …


What Are Virtual Fitting Rooms and How Do They Work? (2023)

Shopping for clothes online can be tricky. It’s difficult to know how something will look and fit without trying it …

Planograms: What They Are and How They’re Used in Visual Merchandising

As a retailer, you know the importance of creating an appealing and organised display of your merchandise. The way you …

PSG Grants: The Complete Guide

How do you kickstart your technology journey with limited resources? The Productivity Solution Grant (PSG) is a great place to …

The Importance of Authenticity in Your Brand Voice Strategy

Most companies are aware of the value of branding. The reputation of a firm may make or break it, after …

Featured Snippet Optimization: Complete Guide In 2022

You’ve probably seen the boxes that pop up at the top of the SERP featuring a summary of an answer …


15 Ways to Remain Empathic While Still Making Deals

Empathy is an essential quality in any negotiation. It allows you to understand the other party’s perspective, build trust and …

10 Prospect Qualification Mistakes That Are Hurting Your Sales

10 Prospect Qualification Mistakes That Are Hurting Your Sales Prospecting is one of the most important aspects of sales. It’s …

How Pros Write Business Proposals To Win New Clients

As a business owner or entrepreneur, one of the most critical skills you need to have is the ability to …

Baidu SEO: Optimising Your Website for Chinese Audiences

In today’s interconnected world, expanding your online presence to capture international markets has become essential. When targeting the Chinese market, …

Time Management Tips for Busy Entrepreneurs (Free Tools)

Are you one of the entrepreneurs juggling multiple tasks, constantly racing against the clock? Do you often find yourself overwhelmed …

Most viewed Articles

10 Ways to Improve Your E-Commerce SEO

If you want to grow your e-commerce business, you’ve probably thought about SEO (search engine optimization) already. After all, a successful e-commerce SEO strategy can

Other Similar Articles