Do you feel that something is wrong with your computer or your network? We describe 10 advertising signs that indicate you’ve been compromised and what you can do to stay safe.
1. Threat actors proudly tell you
Sometimes if they want to make money from their attack, the threat actors (the bad guys) need to contact you.
Encryption of all the files on your network and your company’s inability to process the data will have informed you that the network has been compromised. The ransom note tells you how to pay to restore access to your own data.
The official advice is not to pay a ransom, although estimates suggest that 50% of victims pay. In 2019, Florida municipalities paid 1.1 million USD on ransomware over a two week period. Paying the ransom allows cybercriminals to win. They get what they want. They are therefore encouraged to start over. And others are encouraged to try their hand at what they see as easy money.
Of course, not paying the ransom means you have to shut down, clean up, and restore your systems from backups. But that’s not always possible. Sophisticated threats can reside in your systems for weeks before triggering encryption. They take the time to make sure they have infected your local and sometimes remote backups.
It should be noted that even if you pay the ransom, you may not get a working decryption key. They often fail. So you are still faced with many manual steps and downtime. And best practices say you should always do a deep clean and restore your systems. You need to make sure that all leftover ransomware has been removed.
Doxxing attacks require communication from the threat actors. These attacks exfiltrate sensitive and private documents and threaten to publish them publicly on the Internet. It is a form of digital blackmail. For a fee, they promise to delete the documents instead of releasing them.
Pop-up ads offering to speed up your system, remove malware, or pretend to be technical support are all indicators that your network or computer has been compromised.
It could just be a vulnerability in your browser that has been exploited, and until you click on an ad, nothing else will happen to your computer. On the other hand, it may indicate that your operating system is already infected and adware has been installed.
Another type of attack that looms is a simple email scam. The email will suggest that a hacker managed to use your webcam and captured footage of you in some kind of compromising situation. Unless you pay, they threaten to disclose the footage to their friends and family.
These fraudulent emails can be ignored. They are fashionably sent to thousands and thousands of people in the hope that a small percentage will pay off. A small percentage of very large numbers is still a good salary for cybercriminals.
Using someone’s webcam to spy on them is of course possible. It’s called camfectant and unfortunately it is on the rise. It is used for everything from industrial espionage to criminal harassment. But these are by their very nature secret crimes and the perpetrators do not come forward.
RELATED: Why you should use a webcam cover
2. Your browser becomes unreliable
If your browser has acquired new toolbars that you did not install, it has been infected. Toolbars can act as keyloggers that capture account credentials for sites you visit, or they can harvest credit and PayPal details on e-commerce sites. They can trigger other malware downloads, sometimes selected based on your browsing habits.
If you are lucky, the worst thing that you will suffer is that your web searches are redirected to websites that you did not search. The threat actors are paid to drive traffic to the websites and use the redirects to drive as much traffic as possible. It can go hand in hand with unauthorized toolbars, but web redirects can be the result of stand-alone infections.
3. People receive fraudulent invitations from you
Threat actors create scam and impersonator profiles on social media platforms and send invites to friends of the person with the real profile, or they gain access to the real profile probably through a fishing attack.
The real or fake profile may be used to disseminate contentious or otherwise sensitive messages to harm you, your business, or the company you work for. The profile can be used to gently extract information from your friends – a technique called social engineering – to help with credential theft or identity theft.
Your friends may receive a message – allegedly from you – asking them to receive payment on PayPal on your behalf. You sold something and need to get paid for it, but there is something wrong with your PayPal account.
Because the victim is urged to receive and not to make payment, and the request comes from you, their suspicions are not aroused. The message also asks them to transfer the money to their bank account and then to yours. Account details are included in the message.
But, of course, the bank account belongs to the threat actors. Once the money is in their bank account, the initial PayPal transaction is canceled. The victim is now out of his pocket at the rate of the entire transaction.
4. Passwords change mysteriously
If you can’t connect to an online service or platform, make sure the service is up and running. They may have a breakdown. But if they are up and running and other users have no issues, then it is likely that your account has been hacked. If a threat actor has successfully logged into your account, they will change the password so that you cannot log in.
They may have guessed your password or used a shape dictionary attack. Your password may have been related to a data breach at another site where you used the same password. You may have been the victim of a phishing attack. But once the threat actors get in, they’ll change your password to keep you out.
You must report the incident to the site as soon as possible. Of course, the onus is on you to prove to them that you are the true owner of the account, not a threatening social engineer to gain access to the account. It all takes time. Suggest that the technical support representative lock the account immediately and allow access to it only after they have made sure they know who the real owner is.
If you have used the credentials for this account on other systems or platforms, immediately change the password on those systems.
5. The software materializes on your computer
If software appears on your computer and you don’t know where it came from, it may be enemy action. Viruses and malware take hold and hide. Trojans, towards, and other malware such as adware may appear as normal applications. They will appear in the list of applications installed on your computer.
Unexplained software does not necessarily mean that you have been compromised over a network or the Internet. Free software sometimes comes with a trap that you need to read the terms and conditions to find out. The cost of some free software is to unwittingly agree to install other packages that you don’t know about as well. The other packages will likely collect user information that can be monetized by software authors, such as statistics about your computer and internet usage that can be sold to marketing companies.
If you leave your computer unattended and online, threat actors have the brief opportunity they need. It is possible to start computers from USB sticks and inject a replacement program that will run the next time you connect. The plug-in downloads installers for other malware and programs. The attacker doesn’t even need your login credentials to plant the seed for further infection.
Unattended laptops, even if they are disconnected and turned off, are particularly susceptible to this type of “Bad maid” attack because they are left unattended in hotel rooms or taken for inspection at border posts.
6. The cursor flies solo
A moving mouse pointer without your hand on the mouse may indicate hardware problems or be due to “drift” in software drivers. But if cursor movements are useful and the pointer makes selections in menus and opens and closes windows, there are two options. Your technical support team may remotely access your computer for valid reasons, although they must notify you in advance, or you have been infected with a remote access trojan (RAT) and the threat actors are connected to your computer.
A RAT allows threat actors to log on and control your computer and watch what you do. It can also log keystrokes so they can see what you did when they weren’t logged in. They can transfer files to and from your computer and turn your microphone and webcam on and off, without turning on the indicator lights.
A typical approach is to connect your computer and then wait. If they see a long period of inactivity and it’s late in your time zone, they’ll connect to your computer. If the threat actors have seen a very long period of time without any activity on your part, they may take control during the day.
This is when you might see the cursor move on its own.
7. Your shields are down and will not rise
If your defensive software such as personal firewall, antivirus, and anti-malware is disabled and refuses to return to service, you have been infected with a virus or other malware.
Modern malware is able to disable your defensive software and prevent it from being reactivated, reset, or reinstalled. This is a clear indicator that you have been infected with malware.
8. You were bleeding money
Most cybercrime is financially motivated. Whether the threat actors can get your credentials from a valuable asset such as online banking, PayPal, or cryptocurrency digital wallet they will rub their hands with joy and empty it.
If they manage to mount a Phishing attacking someone in accounts and convincing them that a member of the suite needs those funds transferred immediately, or that this bill needs to be paid immediately, you can lose tens of thousands of dollars in one afternoon.
9. Your private data is on the public web
If your data is on the web, there is no doubt that you have been compromised. Sometimes this is done as a doxxing attack. Sometimes the public parade of private documents is carried out because the perpetrators are social justice hacktivists and for whatever reason, your business fell under their radar.
Another risk often overlooked is the employee who has a grievance. In 2014 a Senior auditor at Morrisons UK supermarket named Andrew Skelton posted the personal details of 100,000 of his colleagues on a file-sharing website. He then informed the British press. His motive was revenge against his employer. He was still suffering from a disciplinary meeting held a month earlier.
10. Your own systems tell you
All alerts from your Intrusion Detection System (IDS) or other monitoring software should be treated as real incidents until an investigation proves otherwise.
Inexplicable activity captured in the system logs, such as strange connections at unusual times or from geographically strange IP addresses or large data movements at night, can indicate that something is wrong.
A prerequisite for using this type of alert is an understanding of your normal traffic and network behavior. Free tools like Sniff, wire, Edge, and Graylog can help you. You can’t master all of this with manual processes alone, so get software to help.
What can you do to protect your systems?
Cyber security is difficult. It’s been said time and time again: every attack should be fought back, but bad guys only need to be lucky once. A tiered approach with a skilled workforce, the right defense and surveillance software, and good IT governance will go a long way in keeping your systems secure. Choose the appropriate measures from this list and apply them.
Keep all operating systems and applications up to date.
Use quality firewalls and only open ports after reviewing and accepting a business case.
Enforce strong passwords and prohibit reuse of passwords on more than one system or website. Name an acceptable company password manager.
Where possible, apply two-factor authentication.
Set up a multi-layered backup system and store backups in different locations.
Test your backups, data recovery processes, and disaster recovery plans.
Create and run dry a Incident response plan. Repeat it with the stakeholders. Make sure everyone involved knows the plan is in effect, has been implemented, and if something goes wrong, it is being followed. Don’t let the excitement get people out of the story.
Set up monitoring software that examines access attempts, system logs, network traffic, and issues alerts for suspicious or out-of-range activity.
Explore safety and security protocols with your bank to avoid large transfers without additional and correlated information or validation.
Use the best endpoint protection suites including anti-virus, anti-malware, and web browsing.
Educate your staff on cyber awareness and keep this training up to date.
Foster a safety-oriented culture in which staff are empowered to question unusual requests, report suspicious and unexplainable events, and suggest improvements without fear of grievance. If they see something, they should say something.