During my conversations with security executives, a topic that consistently comes up is what, exactly, constitutes a modern hacking operation. Security professionals understand they\u2019re no longer facing script kiddies who lack a comprehensive plan. However, they\u2019re also not fully aware of how detail-oriented adversaries are when developing an attack campaign.Today\u2019s hacking operations are well-organized and developed by well-funded teams of highly trained adversaries who have diverse experiences and backgrounds. In fact, attack planning is handled like a business operation and includes hiring plans, budgets and timelines.To help security professionals better understand the attacks they\u2019re facing, I thought I\u2019d share some of my observations on the work that goes into planning a hack.Goals define the operationAn attack starts long before a network is breached. The first step in any attack is setting the operation\u2019s goals. Hackers don\u2019t randomly pick an entity, blindly attack it and hope they\u2019ll discover valuable information. Targets are selected based on the data they possess and how that information will help the hackers meet their goals.Typically, the criminal entity behind the attack sets the goals, which vary depending on their objectives and motives. For example, a nation-state that uses a cyber attack to provide the country\u2019s businesses with a research and development advantage would set a goal of stealing intellectual property and trade secrets from prosperous companies.+ Also on Network World:\u00a0Rip up the script when assembling a modern security team +Larger campaigns may often include several smaller goals that when combined reach the main objective. In some cases, the campaign may include hacking into several targets to achieve a goal. For example, an operation may include hacking into another company in order to infiltrate the intended target\u2019s network. Hackers used this approach in the Target breach when they first compromised the HVAC vendor\u2019s system to access the Target network.This leads me to my next point about goals: Hackers will do anything to accomplish them. They\u2019ll disregard rules and will use deception whenever possible. Criminals intent on making money, obtaining intellectual property or carrying out other nefarious activities are behind these operations, not people who follow corporate policies.Getting to know youThe reconnaissance that hackers conduct goes beyond mapping a company\u2019s IT network or learning about its technology. They\u2019re interested in gathering as much information as possible on their target, especially around how the business and its key personnel operate. These details will help attackers navigate around any technological or human barriers that hinder the attack.To collect these details, hackers will use social media to learn where key members of your security team worked or went to college. If a hacker has penetrated your network, they\u2019ll review emails and calendar entries to learn when key security personnel are on vacation and attack when there\u2019s a staffing gap.Not to make you paranoid, but in some cases hacking organizations will use insiders to obtain information on their target. They\u2019ll either use a person already working at the organization or attempt to get someone hired by the company, allowing them to operate from within the target. Job interviews can teach the adversary how the company handles security events and how security personnel are measured and evaluated. If an adversary knows, for example, that a company\u2019s security team is measured by how quickly it remediates incidents, an attack may include malware that\u2019s easy to discover as a way to distract them from the real operation.Gathering all this information makes reconnaissance very time consuming. I\u2019ve seen some hackers start reconnaissance a year before the initial infiltration. But all of this preparation increases the chances of the operation succeeding.Celebrate diversityHacking teams are composed of people who have various backgrounds whose expertise can help the operation. An attack targeted at a mine may include a geological expert, for instance, who can provide firsthand knowledge on how this organization functions. This diversity gives the hackers new ways of approaching the operation. Companies would be wise to follow a similar practice when building out their security teams, a point I made in a recent Network World blog.The roles on a hacking team are also diverse. For example, there\u2019s usually a group of people dedicated to deception. This often-overlooked group creates a campaign that distracts the security team from the main operation. The distraction is meant to mitigate the risk of the campaign being discovered. Some of the more common distractions include a DDoS attack that brings down a company\u2019s website or malware that a security team can easily detect. These decoy threats mask the real threat and allow it to continue unabated. \u00a0Penetrating a network is the simplest part of an operation and is sometimes outsourced, a point that surprises many people because they consider penetration the operation\u2019s most important component. But outsourcing penetration to someone who specializes in the task guarantees that the hackers will get into the organization. The reason is simple: Teams that handle penetration get paid only if they infiltrate the target. With their paycheck on the line, these teams will do everything possible to defeat a company\u2019s defenses.Taking it easyHacking operations aren\u2019t rushed. Attackers want to remain undetected in your IT environment for as long as possible. This approach allows them to minimize mistakes and, of course, gather more data and compromise more systems. I\u2019ve seen cases where attackers went undetected for a year, giving them ample time to access systems like Microsoft Active Directory and Outlook Web App. Having this access let attackers collect every employee\u2019s log-in credentials and maintain persistence in the environment.Think like the enemyTo combat more complex hacking operations, security teams need to adopt a hacker\u2019s mindset. Remember, hackers are out to deceive a company. Security incidents, even minor ones, should be treated as a potential threat. Companies need to aggressively monitor their IT environment and look for any behavioral changes. Catching just one incident could expose the entire campaign.