GlobalSign Blog

31 Jul 2018

5 Signs Your Network Has Been Hacked

Network hacks are already incredibly common and increasing in severity and frequency each year. Statistics from a joint 2017 study from Accenture and Ponemon Institute found an average company experiences 130 security breaches annually, representing a yearly increase of more than 24 percent.

Plus, a separate conclusion made by the National Cyber Security Alliance discovered 60 percent of small-to-medium-sized businesses shut down within six months of a hack.

Cybercriminals have a variety of goals when orchestrating attacks. They might want valuable information to sell on the black market, or they might hope to harm a company’s reputation so severely that the resultant damage takes months to repair and is prohibitively costly.

Hackers thrive on notoriety too, whether it causes more recognition from fellow criminals or their dirty deeds fill newspaper headlines.

The first step in stopping network attacks is knowing the signs of trouble. Here are five common symptoms that a hacker has broken into a network.

1. Ransomware Messages

Ransomware messages are some of the of most apparent signs of network attacks because they often appear on the front page of sites and restrict access to content unless victims pay a specified fee by transferring an online payment to a hacker.

These attacks don’t necessarily only happen because an employee visits an infected website while at work. Sometimes the problems start when a person opens an email or spam message that directs the recipient to go to a site that contains malware or download infected files. Often, they look legitimate, so people don't think twice about doing as the email instructs. Then, hackers install ransomware on the person’s computer, thereby entering the corporate network.

Statistics from 2016 revealed a 6,000 percent increase in ransomware attacks via that kind of content. People may also find it surprising that most victims from that year paid the imposed fees.

How to respond: the best approaches to take are not to pay any amount of demanded money and seek expert assistance first. Companies should also shut down and disconnect any infected parts of their systems to prevent further damage, plus communicate about the attack with law enforcement.

Ransomware messages frequently affect businesses of all types and sizes, and it’s crucial to have a plan for handling them when — not if — they happen. Backing up data and implementing a recovery solution can drastically aid businesses in putting the pieces back together after these attacks.

2. Computers Functioning Without Internal Input

If a mouse cursor starts moving on its own or it seems an external party is controlling things, that’s another sign of hacking. It’s what’s known as a remote desktop hack. Such an attack can be frightening for all involved because it’s so obvious something is wrong and the equipment is not secured.

How to respond: companies can react by immediately disconnecting all affected computers from the network, then trying to determine the point of entry, plus monitoring network traffic for suspicious activity. Next, they should run a virus scan, sign out of all programs or services on an affected machine, and set up new passwords for everything.

3. People Receiving Strange Messages Not From the Genuine Account Holder

Some network troubles begin when individuals in a victim’s contact list get odd emails from them. They commonly have links or attachments because those things make it easier for hackers to cause damage to other people who interact with those elements.

For example, a person with a hacked account might unknowingly send messages to everyone in their contact lists that contain files to download. The content might say something seemingly innocent, such as encouraging colleagues to “download these files from a presentation I attended”.

If people take the bait and download them, the hacker enjoys a broader reach, as other computer users at a company infect their machines. By trusting that the virus-filled attachment includes necessary, company-specific information, they will consent to transfer malware to their systems, and in turn, the whole network.

These kinds of hacker-distributed messages can also come across team communication platforms, like Slack or Skype.

How to respond: affected persons should contact the associated services to inform them of compromised accounts. It’s also useful for them to learn some password protection strategies, such as multi-factor authentication (MFA) or a time-based one-time password (TOTP).

Sometimes, these messages don’t originate when hackers break into accounts. Instead, they occur when hackers use spoofing and phishing attempts to send emails that appear to be coming from the person, but only because they’re designed to look so authentic.

Companies can try to prevent future problems of that sort by educating employees about types of online content that could pose risks. For example, research indicates context and curiosity are two of the most common triggers that could make people click on a link set up by a hacker, and relevant context is especially compelling.

If the content surrounding the link fits an individual’s need or life situation, or if it merely seems interesting, the ingredients are there to potentially coerce a person to click and possibly contribute to a network infection. Moreover, businesses can teach people what phishing attempts look like by showing them emails that appear to come from legitimate companies but only try to steal passwords or other sensitive information.

4. Files Suddenly Become Encrypted

Another kind of ransomware attack may not involve the messages described earlier. It involves hackers encrypting files, barring access to them until victims pay the requested amounts of money.

Unfortunately, it’s virtually impossible for everyday individuals to detect encrypted files until they click on them and cannot open them. Therefore, it’s crucial to take proactive safeguards against malware issues.

Running a daily anti-virus scan is a smart first step, but users should also keep the associated software updated to make sure it recognizes most of the latest varieties of malware. Moreover, as discussed earlier, they should be constantly vigilant when clicking on links or downloading attachments that seem out of the ordinary. Often, it’s those components that give hackers access to a company network.

Keeping essential files in multiple places is also a wise move. Instead of only storing them on a work computer, people might put them on a USB drive, as well as save them in a cloud-based application like G Suite. Then, even if hackers lock down files in one location, proactive individuals might still have access to them in others.

How to respond: once files get compromised like this, the best approach is to restore things to the pre-encryption-attack state with a full disk image backup of the affected machine. If no backed-up files exist, professional guidance is needed to determine if it’s possible to decrypt the data without giving in to the hacker’s demands.

5. Odd Redirects

If a browser begins redirecting to somewhere other than its usual homepage that’s set up in preferences or goes to strange places when people attempt to use the internet, it’s probably because of a hacker’s infiltration.

These issues are due to a redirect virus. The infections can appear on computers when bundled with downloaded software or inserted into unwanted browser extensions.

Some of the pages that show up on a computer because of this problem look similar to the actual sites. They may have nearly identical color schemes, footer links or fonts, and that’s because hackers hope to further trick people who aren’t sufficiently observant.

Another kind of redirect virus shows itself when people click on links at legitimate sites but are shown advertisements instead of the real content.

How to respond: ideally, people should not try to resolve the issue without fully backing up their data. Then, they can use redirect detection software — some of which is free — to scan for problems and remove them.

To avoid future complications, a company’s tech experts should always install software on behalf of users. It’s easy for people to consent to software additions that include redirect viruses because they blindly accept prompts and don’t read about the installation components.

Timely Reactions Are Crucial

Now that people know some of the most telltale signs of compromised networks, they're well-equipped to take action with the provided suggestions. A prompt response could limit the adverse effects cybercriminals have on organizations.

About the Author

Kayla Matthews is a Pittsburghian technology journalist who has written for Hacker Noon, Cloud Tweaks, Houzz, and more. She's also the owner and editor of the tech productivity blog, Productivity Bytes.

Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign

Share this Post

Write for Us

Apply Now

Recommended Next: 6 Reasons You Need to Invest in Penetration Testing for 2018