IMCAFS

 Home

15 signs. you're black

Posted by tetley at 2020-03-11
all

In today's threat version, anti malware software will hardly make you feel at ease. In fact, anti malware scanners are very inaccurate, especially in less than 24 hours of attacks. Malicious hackers and malware can change their strategies at will. Swapping a few bytes, previously identified malware programs become unrecognized. All you have to do is delete any suspicious malware file on Google's VirusTotal, which contains more than 60 different anti malware scanners to ensure that the detection rate is not as advertised.

To solve this problem, many antimalware programs monitor program behavior (usually called heuristics) to catch previously unrecognized malware. Other programs use virtualized environments, system monitoring, network traffic detection, and all of the above to be more accurate. They still regularly let us down. If they fail, you need to know how to detect malware passing through.

How to know if you're black

Here are 15 positive signs that you've been hacked and what to do in a compromise.

Note that in all cases, recommendation 1 is to fully restore the system to a known good state before proceeding. In the early days, this meant formatting the computer and recovering all programs and data. Today, it might just mean clicking the restore button. Either way, the damaged computer can no longer be fully trusted. If you do not want to perform a full restore, follow the recommended recovery steps listed in each of the categories below. Again, full recovery is always a better option, in terms of risk.

1. You receive the blackmail software message

One of the worst messages anyone can see on their computer is a sudden screen takeover, telling them that all data is encrypted and asking for payment to unlock it. Blackmail software is huge! After a slight decline in activity in 2017, ransom schemes have started to roar. Billions of dollars in lost productivity, billions of dollars in ransoms. Small businesses, large businesses, hospitals, police stations and the city as a whole are being stopped by ransomware. About 50% of victims pay ransom to make sure it doesn't disappear soon.

Unfortunately, according to the online security insurance companies that often participate in the payment, paying the ransom does not result in the working system taking up about 40% of the time. It has been proved that the blackmail software program is not error free, and it is not so easy to unlock the indistinguishable encryption link system as to put in the decryption key. Even if they pay the ransom, most victims end up with many days of downtime and additional recovery steps.

How to do it: first, if you have a good, recently tested data backup of the affected system, all you have to do is restore the involved system and fully verify (officially called unit test) to ensure that the recovery is 100%. Sadly, most companies don't have as good backups as they think. Test your backup! Don't make ransomware your company's first critical backup test.

The best protection is to ensure that you have good, reliable, and tested offline backups. Ransomware is becoming more and more complex. Bad people who use malware spend time calculating how to cause the most damage in a compromised enterprise environment, including encrypting or destroying your most recent online backups. If you do not have a good, tested backup that malicious intruders cannot access, you will be at risk.

If you are a file storage cloud service, it may have a backup copy of your data. Don't be overconfident. Not all cloud storage services can recover from ransomware attacks, and some services do not cover all file types. Consider contacting cloud based file services and explaining your situation. Sometimes technical support can recover your files, not yourself.

Finally, several websites may be able to help you recover your files without paying a ransom. They either come up with a shared secret encryption key or reverse engineer the ransomware in other ways. You need to determine the ransomware program and version you are facing. Updated antimalware programs may identify the culprit, although generally all that must continue is extortion, which is usually enough. Search the name and version to see what you find.

2. You get a fake antivirus email

You have received an infected pop-up message on your computer or mobile device. The pop-up message pretends to be an anti-virus scanning product and claims to have detected a dozen or more malware infections on your computer. Although this is not as popular as before, fake antivirus warning messages are still situations that must be handled in the right way.

They can happen for two reasons: your system has been compromised, or it has not been compromised outside of the pop-up message. Hope for the latter. These types of fake anti-virus messages often have found a way to lock the browser, so you can't get rid of the fake messages without killing the browser and restarting it.

What to do: if you're lucky, you can close the tag and restart the browser, everything is fine. A fake message does not show a backup. It's a one-off fluke. Most of the time you are forced to kill the browser. Restarting it sometimes reloads forced fake ads to your original page, so you get fake AV ads again. If this happens, restart the browser in stealth or privacy mode, and you can browse to other pages and stop displaying fake AV messages.

Worse, fake AV messages have damaged your computer (usually due to social engineering or unfixed software). If this is the case, turn off the computer. If you need to save anything and can do so, do so before powering off. Then restore the system to a previously known clean image. Most operating systems have reset capabilities built specifically for this purpose.

Note: the related scam is an unexpected browser message in the technical support scam, warning that your computer has been stolen, and dialing the toll free number on the screen for technical support assistance. A general warning claims to be from Microsoft (even if you are using an apple computer). These technical support scammers, rather than requiring you to install programs and then give them full access to your system. They will run a fake anti-virus software, which is not surprising, found a lot of viruses. Then they sell you a program to solve all your problems. All you need to do is give them a credit card to start the process. Fortunately, these types of scam warnings can usually be resolved by restarting the computer or closing the browser program and avoiding the site hosting it. Rarely does this type of malware do anything to your computer that needs to be fixed.

If you have provided you with a credit card as a result of one of the technical support scams, please report to your credit card company immediately and obtain a new credit card. If you have remote access to your computer by an impostor, follow the instructions above to reset your PC.

3. You have an unnecessary browser toolbar

This is a common sign of leverage: your browser has multiple new toolbars whose names seem to indicate that the toolbars should help you. Unless you identify the toolbar as from a well-known vendor, it's time to dump the fake toolbar.

What to do: most browsers allow you to view installed and active toolbars. Remove anything you don't want to install. If in doubt, please delete it. If the fake toolbar is not listed here, or you can't easily remove it, see if your browser has the option to reset it to its default settings. If this does not work, follow the instructions listed above to fake antivirus messages.

You can usually avoid using malicious toolbars by making sure that all software is fully patched and looking for free software to install them. Tip: read the license agreement. Toolbar installation is usually indicated in a license agreement that most people do not read.

4. Your Internet search is redirected

Many hackers make a living by redirecting their browsers to places you don't want to go. Hackers get paid to make your clicks appear on other people's websites. They don't usually know that their site's hits are from malicious redirects.

You can often find such malware by typing relevant, very common words (for example, "puppy" or "goldfish") into an Internet search engine and checking whether the same website appears in the results - almost always without your terms. Unfortunately, many of today's redirected Internet searches are hidden from users by using other agents, so they will never return false results to alert users.

Usually, if you have a fake toolbar program, you will also be redirected. Technology users who really want to confirm can sniff their browser or network traffic. The traffic sent and returned will always be significantly different between infected and uncompromising computers.

How to do it: follow the same instructions as removing pseudo toolbars and programs. Usually this is enough to get rid of malicious redirection. In addition, if you check your C: \ windows \ system32 \ drivers \ etc \ hosts file on a Microsoft Windows computer to see if any malicious appearance redirection is configured in it. The hosts file tells your PC where to go when entering a specific URL. It's almost no longer in use. If the file stamp on the host file is recent, it may be modified maliciously. In most cases, you can simply rename or delete it without causing problems.

5. You will see frequent random pop ups

The popular sign that you are hacked is also a more annoying sign. Your system has been compromised when you get random browser pop ups from sites that do not normally generate them. I'm often surprised that legal and other websites can bypass the browser's anti pop-up mechanism. It's like fighting spam, but even worse.

What to do: it doesn't sound like a record breaker, but usually random pop ups are generated by one of the three malicious mechanisms. If you even want to get rid of pop ups, you need to get rid of fake toolbars and other programs.

6. Your friends will receive social media invitations you haven't sent

We've seen this before. When you have contacted a friend on this social media site, you or your friend will be invited to be a friend. Usually, you're thinking, "why did they invite me again? They didn't contact me, I didn't notice, and now they are inviting me again. "Then you notice that the new friend's social media site doesn't have other recognizable friends (or maybe just a few) and doesn't have any old posts. Or your friend is contacting you to find out why you sent a new friend request. In either case, hackers will take control of your social media site, create a second fake page that looks similar, or you or your friends have installed rogue social media applications.

What to do: first, warn other friends not to accept unexpected friend requests. For example, "don't accept Bridget's new invitation. I think she's black! "Then contact Bridget to confirm otherwise. Spread the news in your common social media community. Next, if not the first, contact the social media site and report that the site or request is false. Each site has its own methods for reporting false requests, which you can find by searching their online help. It's usually as simple as clicking the report button. If your social media site is really hacked (and it's not a second fake similar page), you need to change your password (if not, see help on how to do this).

Better yet, don't waste time. Change to multiple authentication (MFA). So bad people (and rogue apps) can't easily steal and take over your social media. Finally, be careful about installing any social media application. They are often malicious. Periodically check the installed applications associated with your social media account / page and remove all but the ones you really want.

7. Your online password is invalid

If you enter the online password correctly and it doesn't work properly, you may be hacked. I usually try again in 10 to 30 minutes, because the website that I encounter technical problem cannot accept my valid password in a short time. Once you are sure that your current password is no longer valid, it is likely that a rogue hacker has logged in with your password and changed it to block you.

Often in this case, victims respond to phishing emails that purport to come from the real look of the service. Bad guys use it to collect login information, log in, change passwords (and other information to complicate recovery), and use the service to steal money from victims or their acquaintances (pretending to be victims).

How to do it: if scams are common and many acquaintances have been contacted, please inform all close contacts of your intruded account immediately. This will minimize the harm your mistakes do to others. Second, contact the online service to report the infected account. Most online services now have an easy way or email address to report a compromised account. If you report an account as compromised, the service usually does the rest to help you restore legal access. In addition, consider issuing MFA.

If you use infected sign in information on other sites, change these passwords now. Be careful next time. Websites rarely send emails that require you to provide login information. If you have any questions, please go directly to the website (do not use the link sent to you in the email), and check whether the same information is requested when you log in using legal methods. You can also call the service over the phone line, or email them to report or confirm the validity of the phishing email they received.

8. You have observed an unexpected software installation

Unnecessary and unexpected software installation is an important sign that your computer has been hacked. In the early days of malware, most programs were computer viruses that worked by modifying other legitimate programs. They do it to hide themselves better. Nowadays, most malware programs are trojans and worms, which usually install themselves like legal programs. This may be because when the courts catch up with them, their creators are trying to take a very detailed route. They can try to say, "we are a legitimate software company.".

Unnecessary software is usually installed legally by other programs, so please read the license agreement. Usually, I will read the license agreement and make it clear that they will install one or more other programs. Sometimes you can opt out of other installed programs; sometimes you can't.

What to do: there are many programs that show you all installed programs and allow you to selectively disable them. My favorite Microsoft Windows Game is Microsoft's free program, AutoRuns or process explorer. They don't show you every program that has been installed, but they tell you which program (AutoRuns) will start automatically when the PC restarts or which program (Process Explorer) is currently running.

9. Move the mouse between programs and select

If you move your mouse pointer and make useful choices at the same time (this is an important part), you must be black. The mouse pointer usually moves randomly, usually due to hardware problems. If these actions involve choosing to run a particular program, then a malicious person will be involved somewhere.

This technique is not as common as some other attacks. Hackers will break into the computer, wait for it to idle for a long time (such as after midnight), and then try to steal your money. Hackers will break into bank accounts and transfer funds, trade stocks, and take all kinds of malicious actions to reduce your cash burden.

What to do: if your computer "lives all night," take a minute to determine the intruder's interest before shutting it down. Don't let them rob you, but it's useful to see what they're looking at and try to compromise. Take a few pictures to record their mission. If it makes sense, turn off the computer. Remove it from the network (or disable the wireless router) and call a professional. This is the time you need expert help.

Use another known good computer to change all other logins and passwords now. Check your bank account transaction history, stock account, etc. Consider payment credit monitoring services. If you are the victim of this attack, you must take it seriously. A full recovery of the computer is the only option you should choose to restore. If you lose any money, be sure to ask the forensic team to make a copy first. If you have suffered a loss, please call law enforcement and file a case. If so, you need this information to best recover your actual loss.

10. Disable antimalware, task manager or registry editor

This is an important sign of malicious compromise. If you notice that your antivirus software is disabled and you don't, you may be used - especially if you try to start task manager or registry editor, they won't start, start and disappear, or start states in a reduced way.

What to do: perform a full recovery because there is no telling what happened. If you want to try something less drastic first, if you are on a Windows computer, try running Microsoft AutoRuns or Process Explorer (or similar programs) to eradicate the malicious programs that cause the problem. They usually identify your problem program, and then you can uninstall or remove it.

If malware "fights back" and doesn't allow you to easily uninstall it, explore many ways to recover lost functionality (any Internet search engine will return a lot of results), then restart your computer in safe mode and start hard work. I say "work hard" because it's usually not easy or unpleasant. Usually, I have to try different ways to find an effective way. Recover the software before using the methods listed above to get rid of the malware program.

11. Your online account is in arrears

I mean a lot of money. Online bad guys don't usually steal a little money. They like to transfer everything or almost everything to foreign exchange or banks. It usually starts when your computer is compromised or you respond to fake phishing from your bank or stock exchange. Bad people log in to your account, change your contact information, and transfer large amounts of money to themselves.

To prevent this, enable transaction alerts to send you text alerts when an exception occurs. Many financial institutions allow you to set thresholds for transaction amounts, and you will be warned if you exceed them or enter a foreign country. Unfortunately, many times the bad guys reset the alarm or your contact information before stealing your money. Therefore, make sure that your financial or trading organization alerts you whenever your contact information or alert selection changes.

12. The person you are hacked should inform you

One of the main ways for any organization to discover that they have been successfully invaded is to be notified by an unrelated third party. This has been the case since the beginning of computers, and still is. Verizon's highly respected data breach investigation shows that more companies are told they are being attacked by unrelated third parties rather than admitting to their compromised organizations. In July 2019, Microsoft revealed that since the beginning of this year, it has detected ethnic state attacks against more than 10000 customers.

What to do: first, find out if you're really black. Make sure everyone slows down until you are sure you have successfully invaded. If confirmed, follow the predefined event response plan. Do you have one? If not, practice now and with stakeholders to make sure everyone knows that your IR plan is a well thought out plan to follow. You don't want anyone at their own hunting party or anyone who invites more people "to a party" until you decide who needs to participate. Your biggest challenge is getting people to follow the plan in an emergency. Communicate and practice in advance.

13. Confidential data has been disclosed

There is no evidence that you have been hacked, just like your organization's confidential data on the Internet or dark networks. If you don't notice it first, the media and other interested stakeholders may contact your organization to confirm or understand what you're doing.

What to do: like the previous logo, first make sure it's really your confidential data. In many cases, hackers claim to disclose company data, but there is no confidential information. Either they file claims and data, only public data, or they have data from other companies. So, make sure first, unless you already use encryption software.

14. Your credentials are in the password dump

Billions of valid (at least once) login credentials on the Internet and dark networks. They are often attacked by phishing, malware, or database leaks from websites. As with other types of data leaks, you are usually not notified by a third party. You have to take the initiative to look for this threat. The sooner you know it, the better.

You can use various websites (such as "I'm out of date") to check a damaged credential, various free open-source intelligent tools (such as the harvester) to check multiple accounts, free business tools (such as knowbe4's password exposure test), or any business service seeking your company's data and credentials is charged.

Action: reset all login credentials after confirming for the first time that the dump contains any currently used credentials. Start the IR process to see if you can figure out how your organization's login credentials end outside the company. In addition, MFA is implemented.

15. You observe strange network traffic patterns

What to do: if you see unexplained unexpected and strange traffic, it's better to terminate the network connection and start IR investigation. Years ago, we might have said that we had made mistakes in operating prudently. Today, you can't take any risks. Kill any suspicious transfers until they are proven legal.

If you don't know about effective network traffic, you need to do so. Dozens of tools are designed to help you better understand and record network traffic. I recommend looking at free open source alternatives like bro and snort, but both take a lot of time, resources and research to use effectively. Instead, find a good business solution that has done all the hard work for you.

Prevention is the best treatment

It is sheer stupidity to hope that anti malware programs can perfectly detect malware and malicious hacking. Please pay attention to these common symptoms and symptoms of hacker attacks on your computer. If you are as at risk as I am, always perform a full computer recovery in the event of a violation. Once your computer is compromised, the bad guys can do anything and hide it anywhere. It's better to start from scratch.

Most malicious hacker attacks come from one of three vectors: running Trojans, unpatched software, and responding to spoofed phishing emails. Better at preventing these three things, and you're less likely to rely on the accuracy of your antimalware software - and luck.

Learn more about mobile computer encryption, please pay attention to smart block 360 encryption!

© 2023