Criminals will use various tools to search for open network ports, identify unpatched, legacy or otherwise vulnerable software, all of which could have an effect on security.
Attackers will idenfity known weaknesses in Internet-facing services which are then targeted using tested techniques or 'exploits'.
Once an attacker has a foothold on the edge of your infrastructure, they will then attempt to run further network scans and re-use stolen credentials to move through your network.
Port scans and vulnerability scans are normal for any systems connected to the Internet. You (or your service provider) need to ensure that all internet-facing servers that an attacker might be able to find are hardened, and that the software running on them is fully patched.
If your organisation has the ability and/or budget to conduct penetration tests, then this can be a useful way of determining potential vulnerabilities. A penetration test is an authorised test of a computer network or systems designed to look for security weaknesses.
If you are a technical professional responsible for designing and maintaining networks, then we recommend you follow the NCSC cyber security design principles at https://www.ncsc.gov.uk/collection/cyber-security-design-principles.
Remember, if you are or have been affected by cyber crime, please report it to Action Fraud.
We always encourage victims to report the crime to ActionFraud via phone (0300 123 2040) or website (https://www.actionfraud.police.uk). Reporting helps build intelligence for law enforcement, which can aid investigations and informational campaigns.