Hackers may have attacked your company in a way that isn't immediately apparent. Attackers use various methods to try to stay hidden and steal as much data as possible before they are found. An advanced persistent threat is one in which an attacker steals important information over a long period of time without being noticed. By the time you find out they are there, your business or customers may have already been affected. However, as the brilliant criminologist Edmond Locard once said, "Every contact leaves a trace". This post will present some valuable indicators that a hacker may have infiltrated your network or machine and what to do next.
Warning signs that you may have been hacked:
Slow internet connectivity
The computer takes a long time to respond to your activity (e.g. typing, clicking, scrolling)
Applications take a long time to load or respond
The computer takes a long time to boot
Numerous unsuccessful login attempts
Unusual after-hours activity
High unsubstantiated traffic volume
Unexplained system reboots or shutdowns
Something just doesn't look right
New files of unknown origin and function
Unexplained changes to your website's design or content
Pop-up messages from anti-virus or anti-malware tools (especially when you have no such tool installed)
Why did this happen?
Many businesses don't yet know they have been breached because they have not first identified baseline traffic or conducted an activity to determine what is abnormal. Here is how we can help:
Application procedure reviews to identify areas of improvement and resolutions, for instance, real-time monitoring, source code repositories, and change management.
Security baseline assessments to determine where your organization stands in terms of best practices, security policies, and potential weak points based on a review of the current state of the infrastructure. This will give your company a solid plan for security remediation and hardening.
Establishing a vulnerability management program in your environment will gradually reduce the vulnerabilities on your network and increase security posture.
Cybersecurity training to give end users the ability to effectively detect and appropriately respond to cyber attacks in a timely manner.
What NOT to do if your system is being attacked?
Only disconnect the machine's network connection if instructed to do so by a member of the security team. Doing so will prohibit the investigator from evaluating the incident in real-time and collecting data against the attacker.
Do not perform a system reset; this will erase all of the data, applications and settings previously stored on your system, making it difficult for investigators to identify the threat source.
Do not turn off or reboot the computer. You may do so only if instructed by a member of the security team. Likely, the processes left by an attacker would not resume after a reboot, making it more difficult for the investigator to establish the source of the issue.
What to do if your system is being attacked?
Take pictures and/or recordings of the screen display, including the machine's clock.
Note as much information as possible on the attack and what has occurred on your machine.
Contact your IT Manager or Cyber Incident Response Team (CIRT) and report the issue. Don't have a CIRT? Contact our team of cybersecurity experts at Symptai Consulting.
Prevention is the cornerstone of cyber resilience and your most vital line of defence against hackers. After that is detection and response; by following our guide, you will be able to identify whether or not your system has been breached. Also, you will be prepared ahead of time by employing the necessary procedures and controls to prevent or minimize the impact on your organization in the event of an attack. At Symptai Consulting, we outline the security measures that should be in place as well as any recommended improvements that may be implemented in your environment to reduce risks.