Cyber attacks may be of different nature, they can target a single individual or the power grid of an entire nation, they can be politically or economically motivated and can stealthy or sensationally visible (hacktivism), but each attack, from the simplest, to the complex can be characterized and described by the attack killchain.
The attack killchain is composed by eight phases.
The reconnaissance phase is typically the first phase of an attack, during this phase the attacker studies his target with the objective to collect as many information as possible to find the most effective strategy to be implemented for carrying a successful attack. In this first phase the attacker defines the attack surface, that is defined as:
All the points that an attacker can reach from his current position
Publicly available sources, such as social media, target's website and state datasources are used by the attacker to understand the internet footprint of the target, contacts of the C level staff, the mission and the services offered by the organization building the target surface. The target surface can be expanded with information about the employees, data acquired from data breaches and more.
Often the reconnaissance phase is underrated by the defender, even if the defensive options are limited, it is possible to reduce the level of publicly available information and try to control them. Hiding information will not make the system more secure, but will increase the cost of the attack.
In this phase the attacker transforms the plan in something more operational, acquiring knowledge and tools to implement the attack. This phase is technically challenging and its cost depends on the skills necessary for the implementation of the exploit that the attacker wants to use. Usually this phase is outsourced.
From the Cambridge English dictionary, vulnerability:
The quality of being vulnerable (able to be easily hurt, influenced or attacked)
Adversaries may use several techniques for accessing an IT system, ranging from social engineering or software vulnerabilities on edge devices (joint CSA top routinely exploited vulnerabilities), for this reason is fundamental to understand what is the cause of vulnerabilities, how they are classified and how to mitigate issues caused by them.
In general the final artifact of software development will: implement a subset of the requirements, introduce side-effects (or undesired functionalities) and bugs. The last two aspects can lead to potential vulnerabilities.
A security flaw, glitch, or weakness found in software code that could be exploited by an attacker. - NISTIR 8011 Vol. 4