<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Am I being hacked! What's next?

Published on
11,637 Points
537 Views
1 Endorsement
Last Modified:
btan
It is more than words to describe oneself and one's action speaks for itself.
To share tips on how to stay ALERT and avoid being the next victim - at least not due to your own poor cyber habits and hygiene!

Recently, the online "Password Pwned" website has a new release. What is interesting, if you are not aware yet, is that you can check whether your password exists in any leaked data from those major published data breaches. 


For info, it has another existing "Email or Username Pwned" service. It is free. This service is intuitive enough to easily figure out how to use it - key in your password or email address, and the result appears in a second or so. Just that simple. 


Some of you may feel uncomfortable keying in your password but there is a way to build your confidence to use it. Nevertheless, you would not be worst off since your details like username or email are likely already public information.


Don't get me wrong, I am not asking for support or donation on the service. But if you do that, it is great to motivate the community to build more of such useful tool. We do need these to help ourselves to be more vigilant. 


This leads to the intent of my article - don't be the next victim of those breaches. I have written in the past on protecting one's identity and privacy. In reflection to those, I find what is missing is really to be watching out for compromise indicators - red flags and clues that tells you something may be wrong. 


The ALERT strategy is to check on your computer (or mobile device). That is the place that all wrong starts!  I have drawn up an ALERT summary plan. The gist is to make us stay ALERT, respond quickly, and be able to protect ourselves from the traps.

 


Compromise Indicator


Antivirus / Firewall - Do you see any alert triggers. Any message saying a particular threat such as malware being contained or an unsuccessful quarantine of the threat?

 

  • It begs the question, how has malware even managed to get into your computer. Scan your thumb drive or any other portable peripheral. Look out for temp folder having any executables. Also, check for any other wireless connectivity of your computer, especially public hotspots (that you are strongly discouraged to use).


Browser  - Do you see anything amiss in the settings that you would not have expected, such as the default page being changed, or are there new extensions or duplicated add-ons (but of different names, authors etc) found?


  • These could not happen unknowingly if you are the only user and not done by you. Reset them to original and observe for the next few days on any changes again. Check your AV scan results too.


Shortcut - Do you find missing your favorite desktop shortcuts out of nowhere, and you're not the one who removed them? And not due as a result of your clean up software?


  • Look at your icons - have they changed from their usual color, size, etc not due to recent patch release? Check the execution path as it may be trying to run another unknown executable (planted) in your computer (or a remote connection one).


Software - Do you keep seeing software giving errors prompts or are there other unknown pieces of software installed not due to a recent patch release?


  • It may be asking for higher permissions to run other installations of plugins or libraries etc. But likely it is may be due to a recent visit of certain non-reputable websites, or opening up some unknown email attachment.

    Check the installed software list and your startup folder for any "new" add-ons like Teamviewer, VNC (those with remote administration features). You should avoid logging in as an administrator in the daily use of your computer by default. Rather, use a standard account.


File - Do you see an opening of a file failing taking longer than usual to open? If they are files that you have always been opening.

  • Check out the file extension. Open your File Explorer (in windows) and make sure the view settings are set to allow you to see the full file extension. Identify any additional file extensions that are appended. It may be running an executable instead of just the usual Microsoft document. 


Email - Do you see emails in your "Sent Items" folder reducing or increasing,  and this is neither due to your usual archival schedule or of your own doing?

  • It is a common conduit where malware can consolidate stolen information and then send it back to the hacker or cybercriminal. This is another alternative to the usual internet connection which may not always be successful if the AV or firewall are watching closely. Stay vigilant on spams and phishing email. If unsure, do not click and act on it hastily.


Account - Do you log in as administrator as usual and observe there is some unusual account that is created not to your doing or knowledge?


  • It is best practice to log in as a normal user by default so that malware and hackers cannot gain high privilege easily when your computer gets compromised. Account created for remote access, or shadow account that remains silent and may be used for running another suspicious backdoor executable to make sure your computer remains accessible to the remote connection.

  • Disable unnecessary services like remote desktop (RDP), Telnet, SSH, file shares (SMB), file transfer (ftp). Always do regular account and access right reviews.


Login - Do you have difficulty logging into your machine or an online account like Hotmail, Yahoo, Facebook etc. Any recent call or alert that you received whereby there is an unauthorized login by another remote machine or device.

 

  • Your account may have been hacked. Report it to the provider if you are denied access, or reset your login password and check on your recovery account (hopefully, you have set it up).

  • Have a strong passphrase as that will already deter opportunistic attempts by the bad guys.

  • Go for multi-factor authentication where possible. This simply means to ask for not just password login but adding another check for the passcode (like a One-time password from Google Authenticator or Authy) or using your biometric (like Face ID or Touch ID for iPhone/iPad). Minimally opt for the passcode if you are wary of the use of biometric, or if it is not available. 


The above list may not be an exhaustive list. It is not intended to be. It is not that drilling into each clue is non-trivial, but the hard truth is that we learn from our mistakes. Incidents can (and will) happen to anyone. 


Stay ALERT


The only way (that I see) worthy to take away if there is nothing useful so far, I urge that minimally you be ALERT on the red flags (as a first thing do right). 


  • Attentive - Protect yourself by being vigilant. A call to action for you improving your cyber hygiene habits.

  • LEarn  - Detect the clues and confirm if it is a "hit". If you are in doubt, ask around. Do not be silent on it.

  • React - Response swiftly. Do not panic. Unplug computer. Do not switch off the machine as it may remove precious traces for investigation. Escalate and report to your peers or supervisor or senior accordingly.

  • Teach - Prepare to share with others. You learn more when you share. Part of after action review of what is done wrong, what can be done and what should be improved in the long run.


Have a safe and secure cyber journey!


1
Comment
Author:btan
0 Comments

Featured Post

Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Join & Write a Comment

Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month