How To Tell If You Are Under Attack!

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 13 February 2017

35% of all cyber attacks are never detected and 54% of attacks go unnoticed for months, even years, leaving the bad guy to continually access your systems to steal more and more information every day. Not sure if you have been breached? Don’t know how to identify an attack within your systems? Below is a list of advice to help discover if your company is under attack.

  • There has been a sudden rise in your network traffic. It could be one of two things; your new blog post is extremely interesting or you are under attack.
  • An escalation of malformed data packets has been sent through your network and a large amount have been caught by your firewall.
  • An increase in failed log in attempts have been logged. An attacker may be trying to brute force into your network or application.
  • After monitoring your network for some time, day-to-day trends appear. However, lately the patterns in your traffic have been inaccurate. You should investigate further into this matter.
  • Alerts have been picked up by your Intrusion Detection System (IDS), but IT have not had the time to examine them all. Ensure that all priority alerts are handled first.
  • There has been unusual activity within accounts including administrative, such as the time they authenticated, actions that were carried out, what information they were accessing/editing.
  • Everything within System32 has a Microsoft signature. If something is running from System32 without the signature then it is malware.

Other behaviour all employees should be aware of:

  • Your work machine has got extremely slow at even completing the simplest of tasks.
  • New programs that you did not install are now present.
  • Your anti-virus has stopped running. To avoid detection, an attacker may disable your anti-virus so they can continue being undetected.
  • Fake emails from co-workers that contain attachments. These attachments could contain malicious software such as ransomware.
  • Random acts happening on your screen that are not in your control; e.g movement of your cursor which is landing correctly and performing actions.
  • Passwords for accounts have been changed.
  • Your web camera light comes on when you are not using it.

Even if your computer is functioning, does not mean that you have not been breached. It is important to report any peculiar signs to your IT team.

In 2017, cyber attacks are becoming as common as breathing. There is no way to completely obliterate the risk of being hacked but if you are smart about your security and vigilant of the pit falls, you will certainly decrease your chance of attack greatly. What do you do if you have been breached? Read next week’s issue to find out.

Still not convinced that you will get breached? Fortinet track real-time threats across the world that our caught by their customers’ FortiGate firewalls. To see the live global threat map, click here!

Relax. Your security is Intact.

Author: Intact Security