Step 4 - Exploiting The Weaknesses
With the target scanned and the weakest link identified, the hacker now gains a foothold in the network and will be treated as a trusted, authorised user.
Example of a Virtual WeaknessA piece of malicious code embedded in a phishing email with a lookalike PDF document attached from a client or supplier that you regularly deal with where the information may have been gained from your testimonial page of the company website. Once opened the code then allow the hacker access a foothold into the system.
Example of a Physical Weakness
A disgruntled employee, places an inline key logging device into the back of a company computer. The device then logs all key strokes (in some cases for up-to six months) until the device is removed and taken off site. The data is then analysed and then a virtual weakness could be exploited thereafter.
Protection: Check usernames against employees, frequently change passwords for guest logins, Check your electronic devices regularly, mark hardware with an ultra violet pen and check that it hasn't been replaced by a look-alike.