Monday, 14 October 2019

Have I been hacked? How to detect and react to cyber-attacks

Have I been hacked banner












Author
by Phil Chapman

Cyber threats come in all shapes and forms, and it’s not always obvious that you’ve been compromised. In this post we highlight where and what to look for, and how to detect and react to the most common cyber-attacks in 2019.

As the world grows digital, so does the number of cyber-attacks and the amount of damage they can inflict. According to a report by the Internet Society, more than £500 billion are lost each year to hacks. No one is safe: attacks affect companies, individuals and governments. It’s no surprise that cyber security offers some of the highest-paying jobs in IT.

You can’t fight what you don’t know is there, so the first step is to be aware. No matter the culprit, method used, or affected system, detecting security threats always starts with you. To explain why is that the case, let’s start with an analogy that should help you understand your role in the process.


How to avoid a car crash


Owning and running a computer in any shape or size is a lot like owning and running a car. No matter how advanced, as soon as you roll it out onto a public highway, the dangers begin.

A few facts about cars

  • Your car is going to need regular maintenance, checks and repairs.
  • You’re going to need some basic skills to keep your car in good working order
  • If you use your car ‘off-road’ or visit dodgy areas, it's more likely to get stolen, damaged or break down quicker.
  • Your car will eventually break down and stop running – it’s only a matter of time and how much care you take of it.
You quickly become aware of the look and feel of your new car. What it sounds like, how it behaves. You’re invariably the first person to notice when there’s something strange going on. And when disaster strikes, you’re always the first person on scene.

Some malfunctions can be avoided by management systems, while others may be avoided by good servicing routines. Some can be repaired quickly, yet others may take time and ultimately may end up in a write-off.

Does it sound familiar? That’s because all of the above also applies to computers.


How to spot something’s wrong with your computer


Once you have installed, configured and set up your computer you will soon get to know where everything is and what it looks like. You will set your own screensavers, desktop background, icons, colours, applications, and preferences.

Once you have it configured, you will quickly become familiar with the machine you have in front of you. And if something feels wrong, the first person in the position to read all the signs and act on it is you.

And act you should. Like with a car, it’s never a good idea to ignore these signs. So where do you start?


Where to check for signs that you’ve been compromised


Computers systems and data can be compromised by in a multitude of ways. Hackers (ranging from black-hatters to well-intentioned hacktivists) and security experts are constantly adapting to keep an edge on the battlefront of cyber security.

The following list covers the main vulnerabilities on your computer system, what signs should you be looking for, and the most common cyber threats you can expect.


Check your Internet Browsers (IE, Edge, Safari, Chrome etc)


Certain applications are a known target for hackers and malware, and browsers sit at the forefront. You should be wary of:
  • Extra icons or menu bars appearing, normally at the top of the application under the search bar.
  • Making sure that your ‘Home Page’ is as you would expect and has not been changed either from the default or your specified page.
  • Always ensuring that what you search for or input is where you end up going.
  • That most content is secured with Transport Layer Security (TLS) especially if you are sending private or personal information down the line – so always ensure that the connection is using HTTPS and that a padlock or similar icon is displayed.
  • Never accepting a connection which suggests that the ‘Certificate’ is invalid, revoked or unknown (without doing appropriate checks).
  • Multiple pop-ups on sites and never click on unknown links or warning notices that you do not fully understand.
  • Browse safely and avoid visiting sites which you know to be nefarious or likely to infect your machine (illegal download sites, unofficial torrents etc). Nothing is ever totally free.
  • Check your ‘Add-Ons’ on a regular basis and make sure that there are no hidden scripts running when you start your browser.
Common browser attacks include cross-site scripting, cross-site request forgery, typo squatting, session hijacking and man-in-the-middle attacks, which may manifest themselves in a variety of ways.

Keep checking the above areas of your browser and occasionally give it a clean-up.


Check popular local applications


Routinely used applications such as Office tools are also honeypots for hackers and most rules above also apply here. In addition to that, mind the following:
  • Watch out for changes in the ‘ribbon’ area and especially spreadsheets and database applications which use macros or add-ons.
  • Be careful of where the application is saving data and ensure that the applications are not ‘calling out’ to internet sites to synchronise data as you save it - unless you are 100% certain that it should be.
Macro Virus, Worm and Trojan Malware are common ways your local applications may be infected. These can open inroads for more severe attacks such as Spyware and Ransomware.


Check your Social Media and Email Accounts


Social Media and Email Accounts all come with built in Security mechanisms, but again are a key target for hacking - in particular Phishing attacks.
  • Use strong, unique passwords and change them routinely.
  • Revise your security settings, keep your friends to YOUR friends and don’t accept requests from contacts with whom you have no affiliation with.
  • Never click on a link that you do not recognise in an email and be suspicious of any activity which directly affects your bank accounts with either money being offered in or demanded out.
  • Keep up to date with latest data leaks that might include services you use. A good way of doing this is by using a website called Have I been pwned. The service analyses public data breaches and notifies users if their data is amongst compromised records.
As of today, the most prevalent Social Media and Email Account attacks are Phishing, Malware attacks and Mandate Fraud.


Check your desktop and local environment


Your computer’s desktop can also show signs that indicate your computer may be compromised.
  • Watch out for extra shortcuts which appear without your knowledge or changes to the desktop background and colours which you have not implemented.
  • Be very careful of pop-up warnings in the notification area (bottom right corner on a Windows Machine, top left on a lot of Linux based machines). Especially notifications telling you to update using internet-based links or run scans which you do not fully understand.
All types of Malware can infect your system at this level, with the more serious being Rootkit and Ransomware attacks. These generally render your machine useless or defenceless if not spotted quickly.


Physically listen for suspicious fan activity


Sometimes it pays to listen to your computer. Listen for unwarranted or unprompted fan activity that suggests hidden processes may be running.
  • If you are not using it and the fan is still working hard and indications are that it is using a lot of processor time and memory – you could be under attack.
  • Task Manager, Tasklist or Running Processes will give a good indication of what could be running in the background when the machine should really be idle.
  • Kill any processes that are nefarious and do a deep scan with a virus checker.
Malware which uses crypto-jacking techniques may be using your resources to mine for crypto-currency for someone else’s benefit.

Cyber Security best practices in 2019


On top of individual measures, here are a few fundamental security best practices to help you prevent and mitigate cyber threats within your computers and devices.

Always use Anti-virus and/or Firewall software

Invest in or ensure that you are using the built in anti-virus, anti-malware and firewall software. Make sure you know what it looks like, what it does and how to use it. Most are automatic and require very little user input, making it easy to identify and take action against threats.


Keep software updated at all times

Keep your device and software patched and as up to date as possible. If your machine tells you it needs to restart to install the latest updates, do it as soon as possible.

Systems generally automatically updated with the latest security and critical patches and require very little input from the user.

If you use Windows, new features are added twice a year which means that you may need to make yourself familiar with a new tool or look to your desktop. You have control through Windows Updates settings on your computer of these updates and decide when and if it should take place.


Use only legitimate software and devices

Ensure that you always use properly licensed and legitimate software and devices. Software and Devices will run with a Digital Signature from the manufacturer which guarantees that it has come from a reputable source.

It doesn’t necessarily mean that it’s guaranteed to run properly or safe from future infection, but vendors can be held accountable and have incentives to maintain security tight.


Remove unused apps to reduce potential entry points

Ensure that you remove any unwanted or unnecessary applications and programs. Retail computers generally ship with the manufacturer’s own applications, games and settings which you may or may not want or use. Keep only those that you do. 

Unused, out-of-date applications just increase the attack surface into your system. So, if you don’t use it, remove it - saves you disk space and a potential headache.


Backup regularly and securely

Back up your data regularly or use a reputable cloud-based service to store your stuff. However, be extra careful with sensitive or very personal data.

Once you have set up your computer and configured it to your liking, make a system image. This can generally be done through the built-in backup software on most modern computers, like Windows-based machines.


Practice active security

Finally, try and exercise a security-first mindset. By following these security best practices and doing scheduled checks, you greatly reduce risk of being hacked, infected with malware, or suffering data breaches.

To end with the car analogy, drive carefully and always keep your eyes and ears on the road. You will take the odd wrong turn, suffer the odd scratch on the paintwork and spill coffee on the upholstery but with a good cleaning and servicing routine it would not stop you from motoring for many years of pleasure.

And remember: when in doubt, always get guidance from the manufacturer or reputable source. It will save you time and money in the long run.


Author
Phil Chapman has over 30 years’ experience in intelligence, counter terrorism, police, customs and financial services. Before joining Firebrand as an instructor, he’s worked for the Royal Air Force, MoD and GCHQ. Phil has upskilled more than 800 operational officers since.