5 Clues You’re a Victim of a Network Hack

October 23, 2018 Eric Dosal Eric Dosal

So, your business has worked diligently to protect itself from online attackers — setting up early warning systems and defenses such as intrusion detection/prevention systems (IDS/IPS), installing firewalls at the perimeter of the network and on individual endpoints, consistently applying patches to all key software, training employees in good cybersecurity hygiene, and taking other measures to prevent a network security breach. However, despite your best efforts, it’s important to remember this: it’s impossible to stop 100% of all network hacking attempts.

Sooner or later, there will be an attacker who is skilled, determined, or lucky enough to breach your network. The question is this: How can you be sure if your network was hacked? Here is a list of ways how to know if you’ve been hacked:

Network Hack Sign #1: Sudden Increases in System Crashes/Bugs

One warning sign of a network hack (and that attackers have successfully uploaded malware to your system) is a sudden increase in the occurrence of system crashes and bugs. When malicious actors upload malware to your system, it can create program conflicts or drain available processing resources needed to keep your network running smoothly. This can cause individual network components to crash or to operate abnormally.

If you notice a sudden uptick in network components crashing or system bugs cropping up, it could be a sign that you’ve become the victim of a network hack. However, it could also be an issue caused by an innocuous piece of new software or a recent system update.

Network Hack Sign #2: Pop-Ups

One of the more obvious signs that you’ve had your network hacked by someone with malicious intent is that users on your network start seeing pop-ups demanding specific actions on their part, such as:

  • Your device has been breached, please call (123) 456-7890 to repair this issue now.
  • Your files have been encrypted. To receive the encryption key, send $1,000 to us by noon tomorrow, or else we’ll delete the key.
  • You’ve won! Click here to claim your prize!

The second message is particularly common in ransomware attacks, where the attacker uses malware to encrypt all of the sensitive data on your network and holds it for ransom. If you don’t pay, they threaten to delete the encryption key. Sadly, paying the ransom does not guarantee that they’ll give you the encryption key.

The other messages often mask attempts to collect more information or to trick users into downloading even more malware.

Network Hack Sign #3: Unusual Activity On Workstations During Off Hours

If your business uses security information and event management (SIEM) software, you may notice logs of activity on your company’s workstations at hours where there should be no activity. This could be an indication that those workstations have been hacked and are being accessed remotely by attackers.

Alternatively, employees may notice that their mouse cursors move or that new windows, tabs, or programs are being opened without their input while they work.

Network Hack Sign #4: Mass Email Sends from Employees That Usually Don’t Send Them

If an attacker has successfully hacked the user account of one of your employees, they may then abuse the account privileges they’ve acquired to send mass email spams to the rest of the organization. The goals of these emails can vary from one attack to the next—some attackers use highly targeted attacks to trick victims into giving up sensitive information by posing as a trusted sender (spear-phishing), while others try to trick users on your network into downloading malware.

Sudden mass email sends from employees who would not normally send such emails can be a warning sign that your network was hacked.

Network Hack Sign #5: Degraded Network/Router Performance

Some network attacks start by targeting the Wi-Fi routers that many businesses use to enable internet access at work. One strategy has attackers using their computers to imitate your company’s actual routers—collecting the access credentials that your workstations and wireless devices are attempting to send so they can access your routers themselves. Once they have the data, they’ll have access to your network and can begin accessing the rest of your systems from there.

One of the router hacking signs you can spot is a sudden drop in your network connection or router’s performance. A reduction in network performance may indicate an abnormal traffic load from an attacker trying to download large amounts of information from your network. Or, users may notice abnormal delays in connecting to the network router as their devices instead connect to the fake routers set up by hackers.

I Got My Network Hacked, What to Do Now?

So, you might be wondering what to do if your computer has been hacked or your network is compromised. The first thing you should do, before a network hack even occurs, is prepare an incident response plan (IRP). You should have a well-defined strategy for what to do to counter an attack against your network so you can engage in the five critical steps for recovering from a security breach:

  1. Stopping the attack (by identifying, containing, and eliminating the breach).
  2. Investigating the attack methodology (to adjust your defenses and close the security gap).
  3. Notifying any and all parties who may have been affected (to protect their interests and maintain regulatory compliance with data breach notification laws).
  4. Restore any lost or damaged network assets (by engaging your data loss prevention solution or replacing compromised hardware as needed).
  5. Preparing for the next attack (using collected data to close security gaps, training employees to recognize intrusion attempts, etc.).

The IRP helps to identify roles and responsibilities for what each employee should do in the event of a network hack attempt. It can also help to define which tools employees should leverage to help mitigate the breach, if any.

One of the most important things to do if an asset on your business network has been compromised is to quarantine the asset as quickly as possible. This helps to cut off an attacker’s access to your network. Before a compromised asset is reintroduced to the network, it needs to be thoroughly checked for malware—probably even reformatted entirely and restored from a data backup—to minimize the risks involved.

Need help preparing for the worst-case scenario of getting your network hacked? Contact the experts at Compuquip Cybersecurity today for help and advice.

network-security-checkup