Signs that you’ve been hacked and ways to avoid it
Recent large-scale attacks on millions of websites show how important it is to continuously implement protective measures, such as security patch updates. We’ve also put together some more recommendations on incident prevention and recovery both for businesses and individual users.
Site management platforms under siege
In September, millions of website owners were attacked by cybercriminals. The first series of attacks were exploiting the vulnerability in the file manager plug-in of WordPress. Even though the developer promptly released the patch, a huge number of site owners are still running the flawed version of the plug-in.
And since September 11th, hackers targeted thousands of websites that use the e-commerce platform Magento. The campaign was a typical attack by the Magecart hacker group, according to Willem de Groot, the founder of Sanguine Security. The malicious code was injected in the stores to steal the payment card data of their customers. A total of 2806 websites was compromised. The majority of them were running the outdated Magento 1.x version, which isn’t being supported by Adobe since June 30, 2020.
These cases show how important it is to update software in time to make sure you have all the security patches.
Useful resources for designing an enterprise security policy
In light of recent events, we recommend businesses to study two freshly published guidebooks on cybersecurity.
Five Eyes intelligence alliance that includes Australia, Canada, New Zealand, the United Kingdom and the United States published a guidebook on “Technical Approaches to Uncovering and Remediating Malicious Activity”. The authors give general recommendations on user education, account control, backups, workstation management, audit, encryption and other key areas. They also recommend soliciting incident support from a third-party IT security organization in case of an incident to get proper expertise, ensure that the actor is eradicated from the systems, and avoid follow-up compromises. Read the guidance.
British National Security Center has published updated guidance on “Mitigating malware and ransomware attacks”. Their key recommendations are:
Make regular backups with the use of different reliable solutions and storage locations.
Prevent malware from being delivered and spreading to devices by filtering the received files, blocking websites that are known to be malicious, actively inspecting content and using signatures to block known malicious code.
Prevent malware from running on devices with the “defense in depth” approach.
Prepare for an incident with detailed technical, legal and communication plans.
Recommendations for individual users
Individual users should suspect a potential threat if they see strange activities on their devices, such as:
1. Digital security software suspending its activity or failing. The biggest enemies of malware are antivirus programmers, firewalls and other defensive systems. This is why malware is often programmed to sabotage them. So if your antivirus software is sending you weird notifications, take appropriate security measures.
2. Poor system performance, abrupt shutdowns and reboots. Of course, sometimes it might happen due to hardware problems, overheating or a need to reinstall your system. But numerous incidents of this kind might signal of malware.
3. System settings change. If your default browser or the homepage have changed arbitrarily, it means you might have a security breach. Another dangerous symptom is when your system keeps asking you to change something in your settings, for instance, to give some program more privileges without a proper reason.
4. Appearance of programs or browser plug-ins that you haven’t installed. An app or plug-in themselves might not pose a serious threat, but the fact that they are being installed without your consent means that your systems are in danger.
5. No usual receipts in your inbox. If the media or apps that you are subscribed to stop sending the receipts, it may be because your account is stolen and the criminals have changed the email connected to it.
6. Random letters from the website or app security center. If you receive a notification about a new password that you haven’t changed yourself, it means your account data is compromised.
7. Suspicious financial transactions. If you start receiving notifications of purchases that you didn’t make, call the bank immediately and suspend your card or account. Most likely the criminals gained access to your financial credentials.
8. Your password not working. If you can’t access the social networks, email services, or online stores with your active password, it might mean that your account was hijacked. But the good news is that there might be a way to regain access to your account with such security checks as two-factor authentication and control questions. Make sure to set them up in advance, just in case.
9. Messages, likes or subscriptions that you had nothing to do with. After gaining access to your accounts and contacts, malware can start acting on your behalf. Even one random added friend or community might show that your account is being operated by a threat actor.
10. Your data hitting the dark web. You can find out if your data was leaked by the hackers with specialized digital security services such as Breach Report. Forewarned is forearmed, after all! Also, subscribing to the Breach Report monitoring service will allow you to receive notifications in case of a breach. As you can see, such unfortunate events are nothing out of the ordinary in the modern digital landscape.