NetworkTigers on what to look out for if you think your business has been hacked.
The economic toll of being hacked is increasing, with the average median cost rising from $10,000 to $18,000 over the last year. 40% of hacked companies face costs of $25,000 and up, and many never recover.
Operational downtime results in additional lost revenue and, depending on your industry, an erosion of public trust in your ability to protect information that can have adverse effects extending far into the future.
Cyberattack prevention tips and security best practices are paramount to making sure an attack is not successful. However, in some cases, it may already be too late.
Whether due to lax security in the past or a sophisticated attacker, many organizations are shocked to learn that threat actors have already taken root in their systems.
Know the signs! Security experts warn that just as with criminal cases in the real world, acting appropriately within the first 48 hours of being hacked is imperative.
Ten signs that your business has been hacked
1. Suspicious login notices and activity
One of the first indicators of malicious activity is an unusual amount of attempts to connect with a component of your network. This can be a domain, a device, or a user account. Evidence of multiple password attempts is a dead giveaway that someone is trying to access areas of your system that they shouldn’t. Login attempts at odd hours may signal that someone is trying to break into your system when they think no one is paying attention.
Multifactor authorization prevents this from being successful, but between social engineering campaigns and other means of circumvention, it’s far from foolproof.
2. Unusual messages from internal accounts
Links, attachments, and requests that seem out of place should be thoroughly investigated for validity. Receiving an odd message from a colleague that appears to be from an internal account could be an external phishing attempt. However, it could also mean that their account has already been hijacked, and a bad actor is looking to penetrate your system further.
A hacked business account can also be leveraged against your customers and contacts. If your clientele report that they are receiving suspicious messages originating from your company, it’s likely that your organization is being used as a launchpad for a phishing campaign.
3. Slow network, computer, or internet operation
A network slowdown that can’t be explained may result from data being transferred out of your system. It could also indicate that malicious software is working in the background of your everyday operations or that remote operation is taking place.
4. Mysterious programs or files on your system
Some malware allows hackers to install and execute software on your system. Any new apps or files appearing on devices within your network must be investigated immediately. These applications can often be difficult or impossible to delete without advanced IT know-how.
Changes to file names are also a red flag, as hackers will modify them to cover their tracks and avoid detection. These can be subtle and nearly impossible to notice without technological assistance, so consistent network monitoring that can determine the difference between regular file changes and those that imply malicious intent is critical.
5. A service or platform you use has been hacked
With so much online activity in the cloud or through the systems of outside companies, many organizations find themselves hacked after exploiting a third-party service or app. Attackers move quickly, so as soon as a flaw is discovered within a widely used application, they begin scanning for opportunities to use it. When news breaks that a provider has been hacked, proactive administrators will assume that their network has already been prodded.
Keep your apps and platforms updated automatically, and monitor cybersecurity news outlets and social media accounts for any warnings related to the platforms you utilize. Be sure to understand any third party’s security landscape and set up a means to monitor and report its risks.
6. Logins no longer work
The first thing a hacker will do once they gain access to an account is changing the login credentials to prevent the intended user from getting in and disturbing them while they do their dirty work. If you or your employees are mysteriously locked out of an account or platform, it’s a good sign that someone else now holds the keys.
7. Unrecognized devices on your network
The appearance of a device you don’t recognize on your business’ network is a telltale indicator that someone has connected to it without your knowledge. Remote access may be initiated, and the device needs to be booted from your network immediately.
8. You can’t control a device
Most evidence that your business has been hacked is subtle, as attackers try to remain under the radar for as long as possible. In some cases, however, a user may be unable to control their computer or device and witness it being operated remotely by a hacker. If a device seems to have a mind of its own, from opening programs you didn’t click to downloading software you didn’t authorize, quick action is required to prevent it from being weaponized further.
9. Unusual network traffic or device processes
Network traffic originating from foreign countries or increasing at times when activity is expected to be low should be considered suspicious. It can denote data exfiltration or that your device is part of a botnet that may be leveraged to initiate DDoS attacks.
Similarly, a mysterious internet-connected process in your device’s manager is cause for concern. Cryptojacking, using a victim’s computer to mine for crypto, is a commonly occurring technique that can seriously hinder your system’s operation while opening it up to other attacks.
10. You receive a ransomware demand
Receiving a message demanding a ransom in return for control of your network is typically the be-all-end-all sign that your organization is in serious trouble. Once your system is infected with ransomware, prevention is firmly in the rearview, and mitigation processes need to be implemented immediately to prevent attackers from moving laterally within your network.