How do I know if I’ve been hacked?

How do I know if I’ve been hacked?

Cyber criminals are skilled at what they do and can often infiltrate your system without a trace. Jake Madders and Jon Lucas, directors of Hyve Managed Hosting, reveal how to spot an intruder on your system and work out if you’ve been hacked.

The financial damage caused by cybercrime each year is expected to hit $6 trillion globally by 2021. It’s a staggering figure, and it’s only getting worse.

Hackers have gone from being opportunists, taking advantage of weak spots in an organisation’s armour, to creating a sub-industry of sophisticated, targeted breaches that can devastate corporations and destabilise countries.

Threats like malware and phishing scams have always been a problem for businesses, but targeted hacks are quickly becoming their number one concern.

According to a 2020 report from Verizon, a staggering 52% of security breaches this year have been the result of sophisticated hacking, with 32% involving phishing or malware.

These hacking breaches are particularly damaging because they’re often highly targeted, usually designed to extract, extort or expose valuable data. Attacks like these can bring even the largest businesses to their knees instantly, decimating their reputation, eroding consumer trust and damaging key relationships with partners and shareholders.

This isn’t going unnoticed. Gartner recently reported that 68% of business leaders are aware that the risk landscape is getting more complex and that their businesses are becoming increasingly vulnerable. The same report estimates that worldwide spending on cybersecurity is going to reach $133 billion by 2022.

It isn’t easy for businesses though. When it comes to cybersecurity, visibility is everything, and that can be quite hard to achieve if you’re not sure what to look for.

Cybercrime is often referred to as ‘the invisible threat’ and with good reason. 

Sometimes a company’s defences can be breached without them even being aware, and this ‘back door’ can stay open for weeks or months before any negative signs start to show.

Individuals are also at risk, and while a CEO or a leading politician might be able to afford their own server or a private cybersecurity team, most of us are out in the open, reliant upon third-party applications to keep us safe.

So aside from having a robust cybersecurity system or team in place, what signs should individuals and businesses look for to see if they’ve been hacked?

What are hackers looking for?

The best way to understand cybercriminals is to try and put yourself in their shoes. They often spend a lot of resources on new sophisticated methods and techniques, not because they like hard work, but because they want to leverage technology to make breaching security systems as easy as possible.

Hackers will always be on the lookout for anything they can use against you or the company you work for, as well as anything that they stand to profit from.

This includes things like passwords, valuable data, personal files, credit card information, registry access, website access and more.

Some hackers are little more than cyber-thieves looking to empty a few bank accounts, whereas others may feel they have a point to prove by targeting specific businesses and holding data ransom (ransomware).

How can businesses spot hackers?

There are several signs to look out for when it comes to detecting whether or not a hacker has gained access to your business. Some of the most common include:

Observing strange network patterns

One of the most common forms of hacking is a ‘Distributed Denial of Service’ or DDoS attack, and unusual network traffic is one of its tell-tale signs.

If you or your IT team notice highly unusual traffic, it could mean you’re haemorrhaging data unexpectedly to a third party.

That’s why it’s a good idea for large businesses (particularly those with their own servers) to monitor their traffic closely. If anything, unexpected occurs in terms of traffic patterns or volume, kill the network connection and start investigating as early as is convenient.

Finding your credentials in an online dump

If your business (or one of your devices) is ever breached, the chances are any log-on credentials you use will end up on the dark web.

Passwords can easily be gotten by hackers through things like malware and phishing scams that con you into entering your details into fake forms. When your log-on credentials for a particular application are stolen, that application won’t inform you.

Instead, you need to check for compromised credentials yourself using open sources intelligence tools like The Harvester or Password Exposure Test. If these ‘dumps’ contain your login credentials for a particular account, change them immediately.

Changes to your registry

If you notice things in your registry being changed, or you suddenly can’t access it for whatever reason, the chances are you’ve already been compromised.

Malware can infect your registry, and if it’s particularly sophisticated it can be very difficult to regain control. When this happens it’s best to carry out a full system restore, which may require you to reboot in safe mode depending on the type of malware.

Being targeted by hackers can be catastrophic for individuals and businesses, but disaster can be avoided by staying alert.

Once the type of attack has been identified, the damage can usually be contained. If you know of a particular malware infection or breach in a particular part of your business, for example, you can move to secure that area of the network and prevent further damage or theft.

Remember, cybercriminals are opportunists. No business is immune to the threat of cyberattacks, and in many ways it’s an ongoing exercise in risk mitigation and damage limitation.