Planning is the first thing to do before any cyber attack or cyber crime is carried out. Cyber security engineer or criminal hacker has to make a plan that accounts the stages involved while planning cyber attack or security testing by security engineer. These stages involved in the planning for a cyber crime or attack are known as Phases of cyber crime, Phases of cyber attack or Phases of hacking. Any type of cyber crime or attack needs planning, a cyber attack planning is categorized into two stages namely, Passive Attack and Active Attack. Passive attack attempts to gather information about the target, whereas Active Attack is carried out to alter or disrupt the system.
Both passive and active attack can be carried out and useful for both Insider Attack and Outsider Attack. Planning is the set up of phases required to be carried out during the attack. To understand how cybercriminals plan cyber crimes, the followings are some phases involved planning cyber crime.
- Reconnaissance: Reconnaissance is the act of gathering information by searching and capturing information. The first phase that need to be carried is reconnaissance for information gathering. Information gathered are required to further up the attack by scanning them for acquiring more information in detail or attack can also be carried out at this stage if information gathered is enough.
- Scanning and Scrutinizing: Scanning and Scrutinizing is the act of searching and discovering of vulnerability and system’s information and services. Information gathered in first stage are used in this stage to discover more possible information required for lunching the attack.
- Lunching Attack: Lunching attack is the act of automating and executing attack toward the target system with help of information gathered and the attack execution tool.
- Gaining Access and Maintaining: Gaining Access refers to successful attack or any act that allow attacker to gain unauthorized access to a system. Maintaining access is the creating of backdoor on the compromised system, access could be repeated with the help of backdoor. Maintaining access may also necessary if attacker wish to access the system again without prior scanning.
- Covering Tracks: When it comes to finding of who is responsible for an attack, evidence left behind during the attack can be used to trace back any perpetrator. Tracks can be covered by staying anonymously before carrying out any attack and cleaning up i.e, history, created file, etc. after completing the attack.
Above stages involved in cyber crime planning are for all areas of cyber attack and hacking. One stage has to be completed and successful before moving to another stage. When carrying out penetration testing on system, these phases in planning are followed to ensure proper security testing.