Has your computer been acting strange, or have you noticed commands that shouldn’t be there? Most don’t know and never find out about the millions of people who are hacked every year. Here are some signs you have been hacked.

Unusual software behavior

• Your software is acting strangely, such as programs disappearing or new programs appearing without your knowledge.
• New accounts appear on a server without authorization, and no one can remember creating them.
• You notice many failed login attempts on a service, and the IP addresses from where the attempts are being made aren’t listed as authorized to access it.

Unusual activity on an account

• You notice that significant amounts of data have been downloaded from your home computer or internal network in what seems like a concise amount of time.
• The bandwidth usage on your computer or network has significantly increased, and the IP addresses from where this is happening aren’t authorized to use it.
• You notice that someone has accessed an account you don’t own without your knowledge, such as a shared administrative account for your company or even a social media account. One of the first things hackers do after controlling a computer system is trying and gaining access to other accounts controlled by users on that system.
• You notice someone has used your account to do something you wouldn’t typically do, like send an email with profanity or make a purchase. Hackers commonly use compromised accounts for social engineering attacks against others in the company or organization they target. They may even pretend to be you directly to gain access to sensitive systems.
• You notice your computer starts behaving unexpectedly – programs freeze up or quit for no reason, web browsers crash or won’t start properly, and so on.
• Unusual physical behavior. This can be someone actually walking up to your computer with a screen you’ve never seen before, installing software without your knowledge, or tampering with networking equipment.
• Unusual file activity. Look at access logs for network shares and log files for details on what’s been happening on your network, computers, or applications. If you notice unusual activity that correlates to the other signs mentioned here, then you could very well have a problem.

Unusual user behavior

• There can be many different causes of this, ranging from legitimate employee activity to malicious insider threats and everything in between. The main thing to look for is patterns of unusual activity that aren’t part of your organization’s normal business practices, especially when it occurs over a short period of time.
• You notice someone sending large amounts of email messages or posting something on social media sites. It could be legitimate news reporting, but if they’re not authorized to act on behalf of your company or organization, then that should be a cause for concern.
• You notice unusual activity by people who have been away from the office for an extended period of time or are usually out on the road. Still, they’re in the office at an unusual time. Call them and see what they’re up to, and if it doesn’t make sense, there could be a problem.
• You notice someone has logged in to an account without your knowledge or approval, even if they later confirm with you that it was them. This can be done by legitimate users – such as members of your team sharing administrative access for a server or computer – and unauthorized attackers. Keep an eye on things and investigate anything you’re unsure of.

This is a shortlist of the most common indicators for cyberattacks, in no particular order. It’s by no means comprehensive, but it should give you some ideas about where to look if you think your organization might be under attack or that you yourself have been hacked. If this is the case, don’t panic. Our Incident Response Team is standing by for immediate assistance.

For questions regarding this email and our response protocol, don’t hesitate to contact us at [email protected].