Locks and Security News: your weekly locks and security industry newsletter
28th October 2020 Issue no. 531
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
From Cyber Security-intelligence: eleven signs you've been hacked!
Here are 11 sure signs you've been hacked and what to do in the event of compromised data. Note that in all cases, the first recommendation is to completely restore your system to a known good state before proceeding...
This used to mean reformatting the computer and restoring all programs and data. Today, depending on your operating system, it might simply mean clicking on a Restore button. Either way, a compromised computer can never be fully trusted again.
The recovery steps listed in each category below are the recommendations to follow if you don't want to do a full restore, but again, a full restore is always a better option.
1: Fake antivirus messages
As soon as you notice the fake antivirus warning message, power down your computer. Boot up the computer system in Safe Mode, No Networking, and try to uninstall the newly installed software. Then follow up with a complete antivirus scan. The scanner will often find other sneak remnants left behind.
2: Unwanted browser toolbars
Most browsers allow you to review installed and active toolbars. Remove any you didn't absolutely want to install. When in doubt, remove it.
3: Redirected Internet searches
You can often spot this type of malware by typing a few related, very common words (for example, "puppy" or "goldfish") into Internet search engines and checking to see whether the same websites appear in the results. The traffic sent and returned will always be distinctly different on a compromised computer versus an uncompromised computer. Removing the bogus toolbars and programs is often enough to get rid of malicious redirection.
4: Frequent random popups
When you're getting random browser pop-ups from websites that don't normally generate them, your system has been compromised. You'll need to get rid of bogus toolbars and other programs if you even hope to get rid of the pop-ups.
5: Your friends receive fake emails from your email account
If one or more friends reports receiving bogus emails claiming to be from you, do your due diligence and run a complete antivirus scan on your computer, followed by looking for unwanted installed programs and toolbars. Often it's nothing to worry about, but it can't hurt to do a little health check when this happens.
6: Your online passwords suddenly change
If the scam is widespread and many acquaintances you know are being reached out to, immediately notify all your contacts about your compromised account. Do this to minimize the damage being done to others by your mistake. Second, contact the online service to report the compromised account. Most online services are used to this sort of maliciousness and can quickly get the account back under your control with a new password in a few minutes.
7: Unexpected software installs
There are many free programs that show you all your installed programs and let you selectively disable them. My favorite for Windows is Autoruns. It doesn't show you every program installed but will tell you the ones that automatically start themselves when your PC is restarted. Most malware programs can be found here. The hard part is determining what is and what isn't legitimate. When in doubt, disable the unrecognized program, reboot the PC, and re-enable the program only if some needed functionality is no longer working.
8: Your mouse moves between programs and makes correct selections
If your computer "comes alive" one night, take a minute before turning it off to determine what the intruders are interested in. Don't let them rob you, but it will be useful to see what things they are looking at and trying to compromise. If you have a cellphone handy, take a few pictures to document their tasks. When it makes sense, power off the computer. Unhook it from the network (or disable the wireless router) and call in the professionals. This is the one time that you're going to need expert help.
9: Your anti-malware software, Task Manager, or Registry Editor is disabled and can't be restarted
You should really perform a complete restore because there is no telling what has happened. But if you want to try something less drastic first, research the many methods on how to restore the lost functionality (any Internet search engine will return lots of results), then restart your computer in Safe Mode and start the hard work. I say "hard work" because usually it isn't easy or quick. Often, I have to try a handful of different methods to find one that works. Precede restoring your software by getting rid of the malware program, using the methods listed above.
10: Your bank account is missing money
In most cases you are in luck because most financial institutions will replace the stolen funds (especially if they can stop the transaction before the damage is truly done). However, there have been many cases where the courts have ruled it was the customer's responsibility to not be hacked, and it's up to the financial institution to decide whether they will make restitution to you. If you're trying to prevent this from happening in the first place, turn on transaction alerts that send text alerts to you when something unusual is happening. Unfortunately, the bad guys are learning to reset the alerts or your contact information before they steal your money. So make sure your financial institution sends you alerts anytime your contact information or alerting choices are changed.
11: You get calls from stores about non-payment of shipped goods
Think about how your account was compromised. If it was one of the methods above, follow those recommendations. In any case, change all your logon names and passwords (not just the one related to the single compromised account), call law enforcement, get a case going, and start monitoring your credit.
Most malicious hacking originates from one of three vectors: unpatched software, running Trojan horse programs, and responding to fake phishing emails. Do better at preventing these three things, and you'll be less likely to have to rely on your antimalware software's accuracy.
25th June 2014