RECONNAISSANCE

ATTACK
• Definition of attack
• News article
• How attacks work
• Flowchart
• How to mitigate it
 Reconnaissance attacks are general

WHAT IS
knowledge gathering attacks.
These attacks can happen in both logical

RECONNAISSANCE and physical approaches. Reconnaissance

attacks begin with a scan of the network

ATTACK from the infected endpoint to locate the

asset and services an attacker wants to
target.
ACTIVE
RECONNAISSANCE
Active reconnaissance is a type of computer
attack in which an intruder engages with the
targeted system to gather information about
vulnerabilities. This type of recon requires that
attacker interact with the target. This recon is
faster and more accurate however it also
makes much more noise. 
 Passive reconnaissance is an attempt to gain information
about targeted computers and networks without actively
PASSIVE
engaging with the systems. It is a gathering the information
RECONNAISSANCE
without alerting victim. If the victim host alerted then it
drastically increases security against the attack.
 Some common examples of reconnaissance
attacks include packet sniffing, ping sweeping, port
EXAMPLES OF scanning, phishing, social engineering and internet
RECONNAISSANCE information queries.  Port scanning would be discovering
ATTACKS  that an ip address was listening on port 443 for HTTPS
traffic.That allows the hackers to know that they can
attempt explotaition geared towards HTTPS.
 NEWS
ARTICLE 1
• COI on SingHealth cyber attack: Hackers
searched for PM Lee's records using his NRIC
number
Hackers that infiltrated the SingHealth database
had specifically searched for Prime Minister Lee
Hsien Loong's personal data and outpatient
prescription records using his NRIC number.
These started off as reconnaissance on the
database, before the person made direct queries
on three NRIC numbers. One of these belonged
to PM Lee; the other two belonged to "non-
VIPs".
 NEWS
ARTICLE 2
• Most cyber security strategies ignore
the way attackers really work
• According to the report, 99% of internal
reconnaissance and lateral movement did
not originate from malware, but from
legitimate applications or from riskware
such as scanners.
• Malware was detected in a wide variety
of cases, but researchers found that while
attackers often use malware as the initial
exploit to gain access in targeted attacks,
they often rely on admin tools and even
native utilities and web browsers to
expand their reach inside network while
avoiding detection.
HOW RECONNAISSANCE
WORKS

hackers first identify a vulnerable target and explore

the best ways to exploit it. Targeted phishing emails
are common in this step, as an effective method of
distributing malware. it would look like e-mails that
they could potentially receive from a known vendor or
other business contact. The next is creating fake web
pages. These web pages will look identical to a
vendor’s web page or even a bank’s web page. hackers
will be able to steal your money, sell your information
or post your incriminating e-mails on WikiLeaks
FLOWCHART
HOW TO
MITIGATE IT
A firewall is an effective way to stop ping
sweeps, port scans, and other network probes.
Strong authentication is an effective way to defeat
password sniffers. Use of two-factor
authentication makes it extremely difficult for an
attacker to gather passwords with a
packet sniffer
Antisniffer tools designed to
detect the presence of packet sniffers on a
network.
 REFERENCES

https://www.youtube.com/watch?v=mlZybyTZFZ0 (link for basic reconnaissance attack)

https://www.youtube.com/watch?v=jm47Qk6hf_A (what is reconnaissance attack)
https://www.youtube.com/watch?v=n2yJgWniXo4 how reconnaissance attack works)
https://attivonetworks.com/solutions/recon-exploit/ (what is reconnaissance attack)
https://whatis.techtarget.com/definition/active-reconnaissance (what is active reconnaissance
attack)
https://asmed.com/active-vs-passive-reconnaissance/ (different between active and passive
reconnaissance)