In this video, we cover the stages in cyber attacks as covered on the Information Systems and Controls on the CPA exam.
Start your free trial: https://farhatlectures.com/
Let's consider a hypothetical cyberattack on a corporation, "GlobalTech Inc.," to illustrate the stages of a cyberattack through a comprehensive example:
1. Reconnaissance
The attackers begin by gathering as much information as possible about GlobalTech. They use various techniques such as scanning the company's public website, searching through social media for employee information, and using tools to map out the network infrastructure. They discover that GlobalTech uses a specific Customer Relationship Management (CRM) software known for its vulnerabilities and identify potential targets within the company through LinkedIn, such as IT staff and executives.
2. Gaining Access
Utilizing the vulnerabilities found in the CRM software, the attackers craft a phishing email campaign targeted at the identified employees. The emails contain malicious links purportedly for a critical software update. Once an employee clicks on the link and attempts the update, malware is installed on their system, giving the attackers initial access to GlobalTech's network.
3. Escalation of Privileges
With the foothold established, the attackers exploit system vulnerabilities to escalate their privileges. They discover the credentials of a network administrator by deploying a keylogger on the infected machine. This allows them to gain higher level access, equivalent to that of IT staff, enabling broader control over GlobalTech's systems.
4. Maintaining Access
The attackers then install additional malicious software to create backdoors into the system, ensuring they can return at will, even if the initial entry points are discovered and closed. They use these backdoors to explore the network quietly, identifying valuable data repositories and further embedding themselves into the system without detection.
5. Network Exploitation and Exfiltration
Now with broad access, the attackers proceed to their primary goal: data exfiltration. They identify and access several databases containing sensitive intellectual property and customer information. The data is quietly packaged and transmitted to an external server controlled by the attackers. Additionally, they deploy ransomware across the network, encrypting critical files to disrupt operations and demand payment.
6. Covering Tracks
As the data exfiltration completes and the ransomware begins to take effect, the attackers work to conceal their actions. They clear logs that could indicate their presence, modify system registry files to hide the malware, and delete any tools they used that are no longer necessary. This makes it challenging for GlobalTech's IT department to understand how the breach occurred and assess the full extent of the damage.
This scenario underscores the structured approach cybercriminals use to infiltrate and exploit businesses, demonstrating the importance of robust cybersecurity measures at every stage to identify and mitigate threats.
#cpaexaminindia #cpaexam #cpareviewcourse