{"id":87288,"date":"2020-10-12T11:00:26","date_gmt":"2020-10-12T08:00:26","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it\/"},"modified":"2020-10-12T11:00:26","modified_gmt":"2020-10-12T08:00:26","slug":"have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it\/","title":{"rendered":"#Have you Been Hacked? 10 Indicators That Say Yes \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3dc819d39b1\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3dc819d39b1\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it\/#1_The_Threat_Actors_Proudly_Tell_You\" >1. The Threat Actors Proudly Tell You<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it\/#Ransomware\" >Ransomware<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it\/#Doxxing\" >Doxxing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it\/#Adware\" >Adware<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it\/#Extortion_Emails\" >Extortion Emails<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it\/#2_Your_Browser_Goes_Rogue\" >2. Your Browser Goes Rogue<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it\/#3_People_Receive_Fraudulent_Invitations_From_You\" >3. People Receive Fraudulent Invitations From You<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/buradabiliyorum.com\/en\/have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it\/#4_Passwords_Mysteriously_Change\" >4. Passwords Mysteriously Change<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/buradabiliyorum.com\/en\/have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it\/#5_Software_Materializes_On_Your_Computer\" >5. Software Materializes On Your Computer<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/buradabiliyorum.com\/en\/have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it\/#6_The_Cursor_Flies_Solo\" >6. The Cursor Flies Solo<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/buradabiliyorum.com\/en\/have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it\/#7_Your_Shields_Are_Down_And_Wont_Come_Up\" >7. Your Shields Are Down And Won\u2019t Come Up<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/buradabiliyorum.com\/en\/have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it\/#8_Youre_Haemorrhaging_Money\" >8. You\u2019re Haemorrhaging Money<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/buradabiliyorum.com\/en\/have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it\/#9_Your_Private_Data_Is_On_The_Public_Web\" >9. Your Private Data Is On The Public Web<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/buradabiliyorum.com\/en\/have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it\/#10_Your_Own_Systems_Tell_You_So\" >10. Your Own Systems Tell You So<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/buradabiliyorum.com\/en\/have-you-been-hacked-10-indicators-that-say-yes-cloudsavvy-it\/#What_Can_You_Do_To_Protect_Your_Systems\" >What Can You Do To Protect Your Systems?<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#Have you Been Hacked? 10 Indicators That Say Yes \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-7317\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/9c0a7a3b843e4b9eb4079826a779e45f\/p\/uploads\/2020\/10\/30aa6cfb.png\" alt=\"\" width=\"700\" height=\"300\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>Got a nagging feeling something isn\u2019t quite right on your computer or network?\u00a0We describe 10 giveaway signs that say you\u2019ve been compromised\u2014and what you can do to stay safe.<\/p>\n<h3 id=\"the-threat-actors-proudly-tell-you\"><span class=\"ez-toc-section\" id=\"1_The_Threat_Actors_Proudly_Tell_You\"><\/span>1. The Threat Actors Proudly Tell You<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sometimes, if they are going to make money out of their attack the threat actors (the bad guys) need to communicate with you.<\/p>\n<h4><span class=\"ez-toc-section\" id=\"Ransomware\"><\/span>Ransomware<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>The encryption of all the files on your network and the inability of your company to process data will have informed you that the network has been compromised. The ransom note tells you how to pay to restore access to your own data.<\/p>\n<p>The official advice is to not pay ransoms, although estimates suggest that 50% of victims do pay. In 2019, municipalities in Florida paid\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.bbc.co.uk\/news\/technology-48770128\">USD 1.1 million<\/a>\u00a0over ransomware in one two-week period. Paying the ransom lets the cybercriminals win. They get what they want. So they are encouraged to do it again. And others are encouraged to try their hand at what they see as easy money.<\/p>\n<p>Of course, not paying the ransom means you must shutdown, cleanse, and restore your systems from backups. But that\u2019s not always possible. Sophisticated threat actors can reside in your systems for weeks before they trigger the encryption. They take the time to make sure they have infected your local\u2014and sometimes your remote\u2014backups.<\/p>\n<p>If restoring your systems isn\u2019t an option for you, you may find the decryption key online. Sites such as the\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.nomoreransom.org\/en\/index.html\">No More Ransom Project<\/a>\u2014an initiative backed and supported by\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.europol.europa.eu\/\">Europol<\/a>\u2014exist to help you with this.<\/p>\n<p>It\u2019s worth noting that even if you do pay the ransom you may not get a working decryption key. They often fail. So you\u2019re still faced with a lot of manual steps and downtime. And best practices say you should <em>still<\/em> do a deep cleanse and restore your systems. You need to ensure all remnants of the ransomware have been removed.<\/p>\n<h4><span class=\"ez-toc-section\" id=\"Doxxing\"><\/span>Doxxing<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Doxing\">Doxxing attacks<\/a>\u00a0require communication from the threat actors. These attacks exfiltrate sensitive and private documents and threaten to post them publicly on the internet. It\u2019s a form of digital blackmail. For a sum of money, they promise to delete the documents instead of releasing them.<\/p>\n<h4><span class=\"ez-toc-section\" id=\"Adware\"><\/span>Adware<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Pop-up adverts offering to speed up your system, remove malware, or pretending to be tech support are all indicators that your network or computer has been compromised.<\/p>\n<p>It might just be a vulnerability in your browser that has been exploited, and until you click on an advert nothing will else h<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>en to your computer. On the other hand, it might indicate your operating system is already infected and\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Adware\">adware<\/a>\u00a0has been installed.<\/p>\n<h4><span class=\"ez-toc-section\" id=\"Extortion_Emails\"><\/span>Extortion Emails<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Another type of attack that announces itself is a simple email scam. The email will suggest that a hacker has managed to use your webcam and has captured footage of you in some sort of compromising situation. Unless you pay up, they threaten to release the footage to friends and family.<\/p>\n<p>These scam emails can be ignored. They are sent out scatter-gun fashion to thousands and thousands of people in the hope that a small percentage pay up. A small percentage of a very large number is still a good payday for the cybercriminals.<\/p>\n<p>Using someone\u2019s webcam to spy on them\u00a0<em>is<\/em>\u00a0possible, of course. It\u2019s called\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Camfecting\">camfecting<\/a>\u00a0and sadly it is on the rise. It is used for everything from industrial espionage to stalking. But these are, by their nature, covert crimes and the perpetrators don\u2019t announce themselves.<\/p>\n<p><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.reviewgeek.com\/55779\/why-you-should-consider-using-a-webcam-cover\/\"><strong>RELATED:<\/strong> <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.reviewgeek.com\/55779\/why-you-should-consider-using-a-webcam-cover\/\"><strong><em>Why You Should Use a Webcam Cover<\/em><\/strong><\/a><\/p>\n<p><\/a><\/p>\n<h3 id=\"your-browser-goes-rogue\"><span class=\"ez-toc-section\" id=\"2_Your_Browser_Goes_Rogue\"><\/span>2. Your Browser Goes Rogue<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>If your browser has acquired new toolbars that you didn\u2019t install, it has been infected. The toolbars may act as keystroke loggers that capture the account credentials for sites that you visit, or they may harvest credit and PayPal details from e-commerce sites. They may trigger further malware downloads, sometimes selected according to your browsing habits.<\/p>\n<p>If you\u2019re lucky, the worst you\u2019ll suffer is your web searches are redirected to websites you did not search for.\u00a0The threat actors are paid to drive traffic to websites and use redirections to generate as much traffic as they can.\u00a0This can go hand in hand with the rogue toolbars, but web redirections can be the result of standalone infections.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"3_People_Receive_Fraudulent_Invitations_From_You\"><\/span>3. People Receive Fraudulent Invitations From You<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Threat actors set up fraudulent and copycat profiles on <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">social media<\/a> platforms and send invitations to the friends of the person with the real profile, or they gain access to the real profile probably through a fishing attack.<\/p>\n<p>The real or bogus profile can be used to spread contentious or otherwise sensitive messages to undermine you, your company, or the company you work for. The profile can be used to gently tease information out of your friends\u2014a technique called social engineering\u2014to aid in credential theft or identity theft.<\/p>\n<p>Your friends may receive a message\u2014purportedly from you\u2014asking them to receive a payment on PayPal on your behalf. You\u2019ve sold something and need to be paid for it, but something is wrong with your PayPal account.<\/p>\n<p>Because the victim is asked to\u00a0<em>receive<\/em>\u00a0and not make a payment, and because the request has come from\u00a0<em>you,<\/em>\u00a0their suspicions are not aroused. The message also asks them to transfer the money to their bank account and then on to yours. The details of the account are included in the message.<\/p>\n<p>But, of course, the bank account belongs to the threat actors. Once the money is in their bank account the initial PayPal transaction is reversed. The victim is now out of pocket to the tune of the entire transaction.<\/p>\n<h3 id=\"passwords-mysteriously-change\"><span class=\"ez-toc-section\" id=\"4_Passwords_Mysteriously_Change\"><\/span>4. Passwords Mysteriously Change<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>If you cannot log in to an online service or platform, make sure the service is operational. They might be having an outage. But if they are up and running and other users have no problems, it\u2019s likely that your account has been hijacked.\u00a0If a threat actor has managed to log in to your account they will change the password so that you cannot log in.<\/p>\n<p>They may have guessed your password or used some form of dictionary attack.\u00a0Maybe your password was in a data breach from a different site where you\u2019d used the same password. You might have fallen prey to a phishing attack. But once the threat actors are in, they\u2019ll change your password to keep you out.<\/p>\n<p>You need to report the incident to the site as soon as you can. Of course, the onus is on you to prove to them that you are the genuine owner of the account, and not a threat actor social engineering their way into gaining access to the account. All of that takes time.\u00a0Suggest to the support representative that they lock the account down right away, and only allow any access to it once they have satisfied themselves that they know who the genuine owner is.<\/p>\n<p>If you\u2019ve used the credentials on that account on any other systems or platforms, change the password on those systems immediately.<\/p>\n<h3 id=\"software-materializes-on-your-computer\"><span class=\"ez-toc-section\" id=\"5_Software_Materializes_On_Your_Computer\"><\/span>5. Software Materializes On Your Computer<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>If software appears on your computer and you have no idea where it came from, it might be enemy action. Viruses and malware install themselves and hide.\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Trojan_horse_(computing)\">Trojans<\/a>,\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Computer_worm\">worms<\/a>, and other malicious software such as adware may appear as regular applications. They will show up in the list of installed applications on your computer.<\/p>\n<p>Unexplained software doesn\u2019t necessarily mean you\u2019ve been compromised across a network or the internet. Free software sometimes comes with a catch you need to read the terms and conditions to find out. The cost of some free software is unwittingly agreeing to have other packages you didn\u2019t know about installed as well. The other packages will probably gather user information that can be monetized by the software authors, such as statistics regarding your computer and internet use that can be sold to marketing companies.<\/p>\n<p>If you leave your computer unattended and logged in, the threat actors have the brief opportunity they need.\u00a0It\u2019s possible to boot computers from USB memory sticks and to inject a stub program that will run when you next log in. The stub downloads installers for other malware and programs. The attacker doesn\u2019t even need your log in details to plant the seed for further infection.<\/p>\n<p>Unattended laptops, even though they are logged out and turned off, are particularly susceptible to this type of <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/689599\/what-is-an-evil-maid-attack-and-what-it-teaches-us\/\">\u201cevil maid\u201d<\/a> attack because they are left unattended in hotel rooms or taken to be inspected at border crossings.<\/p>\n<h3 id=\"the-cursor-flies-solo\"><span class=\"ez-toc-section\" id=\"6_The_Cursor_Flies_Solo\"><\/span>6. The Cursor Flies Solo<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>A moving mouse pointer without your hand on the mouse may indicate hardware issues or be due to \u201cdrift\u201d in the software drivers. But if the cursor movements are purposeful and the pointer is making selections from menus and opening and closing windows, there are two options. Your technical support team may be remotely accessing your machine for valid reasons\u2014although they should advise you of the fact in advance\u2014or you have been infected with a\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Remote_desktop_software#RAT\">remote access trojan<\/a>\u00a0(RAT) and the threat actors are connected to your computer.<\/p>\n<p>A RAT allows the threat actors to connect and control your computer and observe what you do. It can also record keystrokes so that they can see what you did when they were not connected. They can transfers files to and from your computer, and turn your microphone and webcam on and off\u2014without turning on tell-tale LEDs.<\/p>\n<p>A typical approach is to connect your computer and then wait. If they see a long period of inactivity and it is late in your timezone they will connect to your computer. If the threat actors have seen a very long period without any activity from you they may risk taking control during daylight hours.<\/p>\n<p>That\u2019s when you might see the cursor moving on its own.<\/p>\n<h3 id=\"your-shields-are-down-and-wont-come-up\"><span class=\"ez-toc-section\" id=\"7_Your_Shields_Are_Down_And_Wont_Come_Up\"><\/span>7. Your Shields Are Down And Won\u2019t Come Up<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>If your defensive software such as personal firewall, anti-virus, and anti-malware are turned off and refuse to come back into service, you\u2019ve been infected with a virus or other malware.<\/p>\n<p>Modern malware is capable of disabling your defensive software and preventing it from being turned back on, reset, or re-installed. That is a clear-cut indicator that you have been infected by malicious software.<\/p>\n<p>Sometimes other tools such as\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Process_Explorer\">Process Explorer<\/a>\u00a0and\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Task_manager\">Task Manager<\/a>\u00a0are disabled as well.<\/p>\n<h3 id=\"youre-haemorrhaging-money\"><span class=\"ez-toc-section\" id=\"8_Youre_Haemorrhaging_Money\"><\/span>8. You\u2019re Haemorrhaging Money<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Most cybercrime is financially motivated. If the threat actors can obtain your credentials to a valuable asset such as online banking, PayPal, or a cryptocurrency\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Digital_wallet\">digital wallet<\/a>\u00a0they\u2019ll rub their hands with glee and empty it.<\/p>\n<p>If they successfully mount a\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Phishing#Spear_phishing\">spear-phishing<\/a> attack against someone in accounts and convince them that a c-suite member needs these funds transferred immediately, or that this invoice needs to be paid straight away you can lose tens of thousands of dollars in an afternoon.<\/p>\n<h3 id=\"your-private-data-is-on-the-public-web\"><span class=\"ez-toc-section\" id=\"9_Your_Private_Data_Is_On_The_Public_Web\"><\/span>9. Your Private Data Is On The Public Web<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>If your data is on the web, there\u2019s no doubt you\u2019ve been compromised.\u00a0Sometimes this is done as a doxxing attack. Occasionally the public parading of private documents is carried out because the perpetrators are social justice <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Hacktivism\">hacktivists<\/a> and for whatever reasons your enterprise has fallen under their crosshairs.<\/p>\n<p>Another often overlooked risk is the employee with a grievance. In 2014 a\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.bbc.co.uk\/news\/uk-england-leeds-33566633\">senior auditor at UK supermarket Morrisons<\/a>\u00a0named Andrew Skelton posted the personal details of 100,000 of his fellow employees to a file-sharing website. He then tipped off the British press. His motive was revenge against his employer. He was still smarting from a disciplinary meeting held one month earlier.<\/p>\n<h3 id=\"your-own-systems-tell-you\"><span class=\"ez-toc-section\" id=\"10_Your_Own_Systems_Tell_You_So\"><\/span>10. Your Own Systems Tell You So<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Any and all alerts from your intrusion detection system (IDS) or other monitoring software should be treated as genuine incidents until an investigation proves otherwise.<\/p>\n<p>Inexplicable activity captured in system logs such as strange logins at unusual times or from geographically odd IP addresses or large movements of data at night can indicate something is amiss.<\/p>\n<p>A pre-requisite to using this type of alerting is an understanding of your normal network traffic and behavior. Free tools like\u00a0Snort,\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/678918\/how-to-use-wireshark-filters-on-linux\/\">wireshark<\/a>,\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/689026\/transform-your-wireshark-workflow-with-brim-on-linux\/\">Brim<\/a>, and <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.graylog.org\/products\/open-source\">Graylog<\/a> can help with this. You can\u2019t get on top of this stuff with manual processes alone, so get software to help you.<\/p>\n<h3 id=\"what-can-you-do-to-protect-your-systems\"><span class=\"ez-toc-section\" id=\"What_Can_You_Do_To_Protect_Your_Systems\"><\/span>What Can You Do To Protect Your Systems?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Cybersecurity is tough. It\u2019s been said many times: you have to repel every attack, but the bad guys only need to get lucky once. A multi-layered approach with an educated workforce, appropriate defensive and monitoring software, and good IT governance will go a long way to keeping your systems safe. Pick the appropriate measures from this list and action them.<\/p>\n<ul>\n<li>Keep all operating systems and applications patched up to date.<\/li>\n<li>Use quality firewalls and only open ports after a business case has been reviewed and accepted.<\/li>\n<li>Enforce robust passwords and forbid the re-use of passwords on more than one system or website.\u00a0 Nominate a company-acceptable\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Password_manager\">password manager<\/a>.<\/li>\n<li>Where possible, enforce\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Multi-factor_authentication\">two-factor authentication<\/a>.<\/li>\n<li>Put in place a multi-layered backup system, and store backups in different locations.<\/li>\n<li>Test your backups, your data restoration processes, and your disaster recovery plans.<\/li>\n<li>Create and dry-run an\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Incident_management\">Incident Response Plan<\/a>. Rehearse it with the stakeholders. Make sure everyone involved knows that the plan is in force, that it has been walked-through, and that in the event of an incident it is <em>actually followed<\/em>. Don\u2019t let the excitement make people go off-script.<\/li>\n<li>Put in place monitoring software that looks at access attempts, system logs, network traffic, and raises alerts on suspicious or out of bounds activity.<\/li>\n<li>Explore safety and security protocols with your bank to prevent large transfers without additional, correlating information and validation.<\/li>\n<li>Use top-rated end-point protection suites encompassing anti-virus, anti-malware, and web browsing.<\/li>\n<li>Educate your staff in cyber-awareness, and keep that training topped up.<\/li>\n<li>Foster a security-minded culture in which staff are empowered to question unusual requests, report suspicious and inexplicable events, and suggest improvements without fear of recrimination. If they see something, they should say something.<\/li>\n<\/ul>\n<p>\u00a0\n<\/p><\/div>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener noreferrer\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/7259\/have-you-been-hacked-10-indicators-that-say-yes\/\" target=\"_blank\" rel=\"noopener noreferrer\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Have you Been Hacked? 10 Indicators That Say Yes \u2013 CloudSavvy IT&#8221; Got a nagging feeling something isn\u2019t quite right on your computer or network?\u00a0We describe 10 giveaway signs that say you\u2019ve been compromised\u2014and what you can do to stay safe. 1. The Threat Actors Proudly Tell You Sometimes, if they are going to make&#8230;<\/p>\n","protected":false},"author":1,"featured_media":87289,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2020\/10\/30aa6cfb.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-87288","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/87288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=87288"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/87288\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/87289"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=87288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=87288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=87288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}