Malwares have now become so discreet and complex that they can get past the most advanced anti-malware software unnoticed. Security software can......
This month we will be discussing the 9 signs that show you have been hacked and how you can protect yourself.
Malwares have now become so discreet and complex that they can get past the most advanced anti-malware software unnoticed. Security software can and do miss malware when the malware signature is not in their database. This is especially the case when a new malware is less than 24 hours old. It is within these moments a lot of harm and damages can be done by attackers.
If you are worried that a file might contain malware, scan it on VirusTotal first by uploading the file. Virustotal.com has over 60 antimalware scanners, hopefully one will be able to detect the malware.
So how do you know you have been hacked and what can you do to protect yourself from it?
Below are 9 signs that shows you have been hacked and suggestions on how to remediate (aka fix) them.
Do you have an old social media account that you created a long time ago? That is a perfect target to use because it’s your genuine account and you are not even aware that it is being used for fraudulent activities. Hackers often use these compromised email/social media accounts to send malicious messages to your social media friends requesting help or information from them.
Most of your friends would believe it's you who sent the message and some might fall prey to the attacker by doing what is asked of them.
What to do?
If you find out your account have been compromised or an evil twin account was created, the first thing you want to do is to warn all your friends about the incident and clearly let them understand the messages weren't from you. After this, if you still have access to the social media site, quickly change your password and set up two-factor authentication. Uninstall apps you don't use often, cancel old accounts you no longer use and update your apps every time there's a new update. If you find an account impersonating your profile, most social media platforms have a way for you to report them. Here are links for reporting fake Facebook and Twitter. A quick google search should show you how to report fake accounts on other social media platforms.
What to do?
If you are able to, close the tab and restart the browser which should be enough if the malware has not been downloaded onto your machine locally.
In case your computer already got compromised, shut it down and restore to a time before the malware was installed. It will be important that you have system restore enabled on your machine so that you can restore if you should need it.
Here is a quick video that shows you how to verify and easily create restore point.
While system restore help you to reverse your mistakes, remember, don't click or install any program if the source look suspicious.
What to do?
Inspect your favorite web browser(s) for toolbar apps that do not seem familiar to you. If this happens, delete the unwanted toolbars or close the browser and restart. A right click on the application will usually do the trick (at least that’s the case with Google chrome extensions).
As shown in the image above, with a real ransomware message, attackers ask for a “ransom” to unlock your data. In this example, they demanded $300 worth of Bitcoin as payment. Also, a timer, located in the box on the left shows a count down. If you do not pay the ransom, the hackers will permanently delete all your data - which is often unrecoverable.
One of the most recent ransomware attacks was WannaCry.
What to do?
The FBI recommended that ransoms should not be paid so the attackers do not profitable from their unethical and illegal behavior. If people continue to pay the ransom, more people will become victimized because the attackers are profiting. The bad news is there really isn’t a way to remove the ransomware and retrieve your data. Your only other option is usually to wipe your machine and restore your operating system. Antimalware software like Malwarebytes is a great way to prevent ransomware from claiming your machine. And it is always good to have your critical data backed up somewhere (i.e. cloud) as an insurance policy in case you need to restore from it.
What to do?
Report to the online services about the issue and they might help you get back into the account. If you are sure that you have been hacked, reach out to your contacts list on the account and warn them about the incident. It is possible the attacker sent messages to others and deleted the evidence in your sent box.
What to do? Uninstall programs you do not recognize and reboot your computer. If you find some programs are needed for other software to function properly, it may mean that you may have to stop using that software as well. If you are using a windows machine, you can uninstall unwanted programs from the settings menu. Click on the “Apps” icon to review programs installed on your machine.
What to do?
When you are sure it's an attack, quickly disconnect your network and shutdown your device. Change all your online account login details using your mobile phone or another computer. It may help to Install a second or third anti-malware on your computer to scan. Make sure those anti-malware come with root kit defense… If your computer is infected with a root kit, it means the compromise is deep (registry/kernel level). It is difficult to detect if the rootkit has been completely removed, so as a precautionary measure, it may be a good idea to reinstall your operating system. On rare occasions the root kit can infect your machine at the bios level (which is an even deeper reach), if that is the case you may need to request professional help or re-purpose your computer into a door stopper. Once the issue has been remediated, be cautious of not clicking on the same thing that installed the malware on your computer in the first place.
What to do?
Report immediately to your bank to see if there's something that can be done. For preventative measure, It is best to turn on transaction alerts for unusual logins and transactions. Also, customers can set thresholds and block all international transaction while notifying the bank to stop any transaction exceeding a certain amount unless they give explicit permission.
SECURITY ANALYST OF THE MONTH:TASHA!
Congrats to our security analyst of the month: Tasha!
Tasha is an extraordinary security analyst. She is the “Jackie” of all trades ensuring our policies and procedures are technically sound. She can manually assess technical security controls to ensure they meet compliance. Tasha recently stood up our second IPSec tunnel for our test environment to reach servers in Azure. She is an outstanding firewall admin/ISSO; I am very happy to have her on the front line of our network defense. She has hardened our clients network devices and drafted organizational policies to minimize risks. Recently, she discovered a weakness with our network contingency plan and quickly set up an effective back up and restoration process for our client’s firewalls.
Tasha, Not only are you a talent in the field, you have the hard work and dedication to match. You recently secured your CEH and Sec+ certification and I know the CISSP is next on your list of conquest 😉. I am beyond proud to have someone of your caliber on our team. Cheers to you as you continue to aim to be the best in the game.