Today’s threat landscape is constantly changing and evolving as are the tactics, techniques, and procedures (TTP’s) or our adversaries. The number of cyber attackers and data breaches is growing every day, and has increased significantly in the last few years, both in magnitude, and scope. As more and more people are putting their personal lives online, it is becoming easier, and cheaper for cyber criminals to hack into online accounts, computers, networks, and mobile devices; which in turn can grant these hackers access to your personal data.
The ultimate goal of Cybersecurity is to protect and Confidentiality, Integrity, and Availability (CIA) of computer systems and data. Whenever a system or network is hacked, data in one form or another is leaked, an account is hijacked, credentials stolen, it is almost guaranteed that one of these fundamental principles has been violated. Many times, cyberattacks remain undetected, sometimes taking weeks, months, or in some cases years before you realize what has happened. However, there are some tell tale signs to look out for that might indicate that you or your systems/networks may have been compromised, and it can save you some time and money if spotted early enough.
We’re going to provide you with a few clear signs that you can use in order to identify whether you have been hacked, and how to possibly remediate these issues.
Unwanted Browser Toolbars & Extensions
One of the most common signs of compromise is a new, mysterious browser toolbar or extension with a name that indicates it is meant to assist you. If you do not remember downloading that toolbar/extension, or do not recognize the name of the vendor it is supposedly from, it’s time to uninstall it.
How to remediate?
Fortunately, most browsers allow us to easily review and remove or activate toolbars or extensions. If the toolbar or extension is not listed there, then check to see if the browser has the option to reset itself back to its default state.
In the future, be sure to double check that when installing some applications or programs that there are no unwanted toolbars being installed as “shareware”, also be sure to read the licensing agreement, as these will typically contain whether a toolbar will be installed or not.
Random or Constant Pop-Ups
Browsing one of your favorite websites and getting hit with pop-ups that you typically would not see on that site? That’s an obvious sign that you have been compromised. These pop-ups can also come in the form of fake antivirus messages, and fake protection alerts. Many websites, both legitimate and malicious can bypass a browsers ad or pop-up blocker, so this is not a viable source of determining whether you were actually compromised or not.
How to remediate?
As with the solution above, many times pop-ups are caused by a malicious browser toolbar that was unwittingly installed, or browser add-on/extension. Simply looking in the browsers settings, you can identify whether there is an unwanted toolbar, add-on or extension installed.
Internet Searches Being Redirected
Typing in a website to search for and noticing it’s being redirected? A common way to verify this is to look at the address bar for the URL, if it does not exactly match the website for which you’re searching, then it’s more than likely being redirected by a hacker. The hacker gets paid every time someone clicks to visit a website.
How to remediate?
Once again, this is primarily due to the installation of malicious and unwanted toolbars and browser extensions/add ons. Again, simply searching for these can be a way to fix this issue, or resetting the browser to its default settings.
By far one of the worst messages you can get on their computer is one telling them that all of their data has been encrypted, and in order to get it back they have to pay a ransom to decrypt it. Ransomware is a huge market for cyber criminals, in the last 3 years ransomware has caused over $20 billion worth of damage to corporations with ransom demands reaching upwards of $100,000, mostly in the form of Bitcoin.
Unfortunately, paying the ransom often does not result in the data being fully decrypted, or an actual working system. These programs as with any software, contain bugs and unlocking the encrypted data is not as easy as inputting the decryption key. The best way to prevent ransomware is to only download software from trusted sources, and always, always keep full backups.
Strange Mouse Movements and Clicks
If your mouse pointer is moving across the screen and you didn’t do it, it’s a guarantee of one thing, and ghosts is not the answer, you’ve been hacked! Though sometimes this can be from hardware technical issues. If the pointer is jumping all over the screen and not doing anything on the screen, then it’s more than likely a technical glitch. However, if the pointer is making clear movements and taking actions to click on certain links or parts of the browser, then it is more than likely because of a hacker.
How to remediate?
This is where you will most likely need to call in digital forensics professionals to assist in figuring out how the attackers got in to begin with. But you can also do something to learn what the attackers are after. Take a few minutes and observe what it is they are doing and what they may be after. If they start getting too close to something you don’t want them getting access to, turn off the computer, and/or disconnect it from the network.
Be sure to check us out next week in order to read Part 2 of the How To Tell If I Have Been Hacked blog post.