Disruptive Thinking. PHOTO: Cybercrime Magazine.

How To Disrupt The 5 Phases of Hacking

Think like a cybercriminal

Aleksandr Yampolskiy

New York City, N.Y. – Nov. 19, 2021

At SecurityScorecard, we spend a lot of time trying to understand the mind of a hacker. What is motivating them, and — even more critically — what can your organization do to keep them away? As attacks increase both in number and sophistication, figuring out the right strategies to mitigate security risks is critical.

Fundamentally, hackers operate just like the rest of us: they want to maximize their return on investment. They may even use the same type of cost-benefit analyses you and your business regularly employ — even if their ultimate goals are less ethical. Still, the bottom line is that increasing the cost of attacking your organization can decrease the benefit to attackers, causing them to move on to easier targets. This is an important point: you don’t need to stop 100 percent of cyberattacks, you simply need to make life harder for the attacker. That one principle should guide much of your thinking when it comes to security.


Cybercrime Radio: The Security Scorecard Story

Aleksandr Yampolskiy, co-founder and CEO


Let’s take a look at the hacking roadmap:

1. Reconnaissance

During the reconnaissance stage, attackers gather information about the organization’s networks, hosts, and people. They can do this actively (by using tools to scan target websites) or passively (by collecting information that’s publicly available on websites or social media). This information can be used in a variety of ways, such as identifying vulnerable ports for direct attacks or decision-makers to target or impersonate in social engineering attacks.

2. Scanning

Reconnaissance might uncover particularly compelling findings. For instance, a hacker might learn from social media that a company is planning a scheduled service interruption for maintenance. This creates a moment ripe for outside attack. Now, they move to the scanning phase to find potential security weaknesses.

3. Gaining access

Once a hacker has detected a potential vulnerability or weakness, they can exploit it to get into systems and networks. They will then attempt to escalate their privileges, with the ultimate goal of achieving administrator status, with the power to install malware.

4. Maintaining access

Now that the hackers are in the system, they can pivot from a simple “smash and grab” attack to an advanced persistent threat (APT) — a dreaded circumstance for any business owner. APTs will attempt to move laterally through compromised systems to identify more valuable assets, and will sometimes even maintain a foothold in the system after their initial attack is complete.

5. Clearing tracks

To evade detection, hackers often attempt to remove all evidence of their presence in the system. They might change log data or uninstall malware, hoping that this prevents them from ever getting caught.

Remember to always start with basic security measures.



As a blackhat hacker working with the LulzSec group, Hector Monsegur found that organizations often failed to perform basic security tasks, like installing software security updates regularly or updating their remote desktop protocol (RDP) clients and servers. By identifying these vulnerabilities during the reconnaissance phase, Monsegur and his associates were able to easily break into corporate networks and systems.

Think like a hacker

We built SecurityScorecard’s platform to think like a hacker does, looking for the same weaknesses and vulnerabilities that hackers assess before beginning an attack. This is why we continuously monitor for security weaknesses like unpatched software and clients. When we built our scoring system, we used the mind of a hacker to develop our scoring system — which is why a SecurityScorecard security rating of “A” indicates a cleaner attack surface with less chance of being hacked.

Any general — or football coach — will tell you that understanding how your enemy thinks is critical. In the cybersecurity world, it can mean the difference between a frustrated hacker … or a costly breach.

– Aleksandr Yampolskiy is co-founder and CEO at SecurityScorecard, the leading security rating platform.


Sponsored by SecurityScorecard

SecurityScorecard is the global leader in cybersecurity ratings and the only service with over two million companies continuously rated. Our mission is to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees, and vendors.