Am I Being Hacked? Know What an Attack Looks Like Before Your Business Gets Blindsided

by Sep 3, 2020General, Vulnerabilities and CVE's0 comments

Am I Being Hacked? Know What an Attack Looks Like Before Your Business Gets Blindsided

Is your system acting a little strange? How about your phone? If you’re reading this, chances are it is. If not, congratulations! You’re part of the few and the proud who inform themselves about “hacking” before it’s a problem.

Hacking might not be what you think it is. More often than not, there isn’t a hooded figure sitting in the darkness, dramatically lit only by the green glow of their system console. Although that can happen, it typically doesn’t unless there’s a massive lucrative interest on the part of the attacker. You’re more likely to get hit by a piece of malicious software (malware) than be the target of a matrix-level sophisticated network attack.

Before we get started… if your business or team is in the midst of an attack, click here – our experienced US-based team of network intrusion specialists are available to offer direct human assistance.

Here are Five Different Hacks You Should Know About

We’ll cover the direct attack of Hollywood fanfare… but it’s a lot less glamorous in reality. Stick with us to the end to read about that one. In the meantime, here are five hacks you should actually be concerned about because they pose the greatest probable threat to your business’ financial, data and reputation health. By the way, this information is also available in our handy-dandy and conveniently free-of-charge Emergency Response Handbook so you can show your higher-ups a well-designed guide on how to not be a punching bag for cyber criminals.

Malware, Ransomware & Viruses

Malware, ransomware and viruses all act maliciously to infect as many systems as possible. The difference is in their intended use by a hacker: Malware is typically is meant to deliver your valuable information to a hacker; Ransomware is used to encrypt your data, preventing access until a ransom (usually in Bitcoin) is paid; and Viruses are typically meant to cause as much irreversible damage and vulnerability as possible. All of these can be indicated by odd popups, severe system slowdowns, unintentionally duplicated files, file/program lockups and more… but sometimes they’re unnoticeable and even untraceable by anti-virus and endpoint protection.

Social Engineering

Social engineering comes in many forms, but always involves a cyber criminal posing as someone they’re not. You might receive an email that looks just like an Amazon password reset, or it might be a direct email from someone pretending to be a familiar accountant from one of your customers or vendors. Sometimes social engineering is done in-person, with the malicious actor posing as a UPS driver or internet service technician to gain entry to your office. In any case, it involves fooling you into giving valuable information, credentials or access… so be alert!

Direct Intrusions & Internal Actors

Direct intrusions might be the result of a social engineering effort mentioned above, or it might even be at the hands of a noticeably embittered employee. Very often it is. This type of intrusion aims to steal money, data and resources, or is even meant to deliberately cripple an organization with malware or data loss.

Website & Application Attacks

It is important to keep your website up-to-date and actively monitored, especially if you rely on your website for e-commerce, price lists and customer interaction. The appropriate security software and conventions can pick up on intrusion attempts, but sometimes it’s as easy as watching for uncharacteristically long load times, odd popups or redirects. Internally developed apps and web applications are also a common target for attackers, as they often handle financial information, personal information of clients and customers, and the exchange of valuable data. Keep an eye out for odd behavior, and schedule regular app/web security testing!

Malicious Downloadables

As mentioned in the Social Engineering section, sometimes a fake email is sent from a malicious actor, imploring you to click a link, download a file (such as an “invoice”) or install a piece of software. Often this is under the guise of a trusted source, so keep an eye out for this type of deception – we offer training for your organization on how to spot these attempts. Another, more devious, method however is to leave company-branded USB drives in a parking lot or break room. These look harmless, and are even made to look like they belong to the company… but often are laced with auto-installed malware as soon as you stick them into your computer. There’s a pretty simple way to avoid this. You wouldn’t eat something random you picked up off the ground, right? So don’t feed your computer something you found in the parking lot or conference table!

What Do I Do in the Event of an Attack?

Hopefully, you’ve prepared your organization against an attack ahead of time. This recent article describes some steps you can take now to secure your organization against the likely threat of a cyber crime. If you find yourself in the midst of file lockdowns, really odd system behaviors, missing files (or funds), or anything else that might indicate an attack, take these steps right away:

1. Disconnect everything network-related. Yes, everything.

Stop clicking things right away. Don’t attempt to shut down the system – it could contain useful forensic information or make things worse. Disconnect every ethernet cable from every device possible. That includes every laptop, desktop, backup drive, server, Wi-Fi router, networking router and switch – starting with your own computer, then your base-level ISP device (your first point of network access such as the box your Internet Service Provider installs or connects your router to). Immediately inform the higher ups and have them put out notice to everyone in the organization to do the same.

Move on to disabling Wi-Fi directly on all phones and computers, then disconnect all BlueTooth and other NFC (Near-Field Communication) devices.

2. Take Notes, Assess Damage and Confirm Recoverability.

After you’ve disconnected everything, take really good notes. Include the date and time of anything strange, the frequency of the occurrence, what you were doing before you noticed odd network or system behavior and the current state of all systems. Also take note of what files were affected and when, if applicable.

Next, assess the damage. What was targeted? Who was targeted and in what department or professional role? What data and systems are inaccessible? Are your backups safely disconnected? Take notes on all of these things, too.

Lastly, confirm recoverability. Have your backups been running on an optimal schedule? Do you have offsite backups as well as onsite backups? Can any lost progress for the day be reconstituted in short-order? Assess if anything seems totally unrecoverable at this time (such as files locked up with BitLocker or another form of Ransomware).

3. Contact a Digital Security Provider.

Hey, that’s us! Shameless plug. Contact us immediately. You want a team you can trust on your side – and Secure Network Technologies is a team of heavily experienced ethical hackers who understand deeply how cyber criminals work… and therefore how to mitigate the damage as much as possible. We hold many globally recognized digital security certifications and nearly 30 years of experience that ranges from protecting small businesses and enterprise level customers to federal agencies and state municipalities.

4. Download Our Free Emergency Response Handbook

While you’re waiting for the pros to do their job, download our free Emergency Response Handbook for future reference. You can pass it around the office and up to your supervisors to start implementing a response and security plan to prevent this type of occurrence (or recurrence) in the future.

By: Secure Network Technologies