Levels of Intrustion

Cyber-Criminals and other APT (Advanced Persistent Threats) use several tactics to intrude into Corporate and Business Networks, stealing valuable data or even perpetuating their presence for Long Term Industrial Espionage.

While prevention and planning ahead may be some of the best strategies to deal with this type of sophisticated threats, it's difficult to determine if your business may be at risk or already under attack at some degree.

Commonly Cyber-Criminals, given the involved complexity, will take several first steps before they attempt to intrude into a Business Network, since valuable information could be extracted even without fully compromising or taking control over a Network.

Each of these steps represent a certain degree of intrusion over a Business or its Network, involving different security risk and of course a way to protect against them.

Identifying these steps could help companies to prevent attackers from finding a foothold into the Network in the first place, thus discouraging and perhaps even stopping them from moving into the next more dangerous ones.

Level 1

A Level 1 intrusion doesn't necessarily begins inside a Network, attackers first need to clearly identify their victim's location, pinpointing crucial data such as Net-blocks and IP Ranges belonging to the target Business. 

From corporate Websites to personal Blogs, all these serve to this purpose. Attackers look to hack into any of these as a way to collect information, or through the use of sophisticated Malware, launch an attack from a system previously infected by the compromised/hacked site. At which point they are also capable of identifying Web servers and other Network infrastructure.

 

Level 2

A Level 2 intrusion begins when an attacker has gained a foothold into the Business Network. Small appliances (not necessarily a a corporate Firewall) and any device with connectivity capabilities are used as entry points, or as a way to inspect, tamper or hijack Network traffic

The most typical (an also simple) example of this type of intrusion is known as DNS / ARP Poisoning Attacks. Although currently this is the less dangerous less sophisticated way to manipulate Network traffic and the information contained within it.

 

Level 3

When an Internal System is used as way to extract information this is known as a Level 3 Intrusion. Nonetheless there's some gray areas, as an attacker could extract information from a Server or Endpoint without ever taking direct control over any primary or secondary Network infrastructure.


However, this does require of extensive knowledge of the Business Network from the attacker, as primary defenses such as corporate Firewalls, IPS and Servers need to be bypassed through the use of specially crafted (targeted) Malware.

 

Level 4.

More commonly known as Industrial Espionage either for the extraction of specific applications or Industrial Secrets, short or Long Term.

Needless to say, this is the type of intrusion that has taken many companies (of any size) out of business...

Big Corporations, medium-size businesses and even entrepreneurs creating a new software application, can be target of this type of attack.

At this stage attackers have already taken control of multiple Endpoints and even Main Servers, moving through the Network at their leisure. Admin privileges have been acquired, credentials stolen and sensitive information such as patents and designs of any kind are extracted as they are produced.

 

Level 5

As incredibly as it may sound this severe type of intrusion is most commonly seen on Medium to Small size business, as it involves not only the extraction of sensitive data, vital for the company's operations, but the blatant stealing of cloud-based assets such as Corporate website and Online Stores.

Furthermore, any online Network infrastructure, most typically Web Servers, are used by the attackers to launch assaults into ongoing targets.

At this Level we can assume that every single device belonging to the target is compromised, making it difficult for it (target company or entrepreneur) to rebuild or attempt to operate online once more with the same business identity.

However and as complicated as it may sounds, with the right help companies and entrepreneurs alike can overcome this situation and get back into business.