How to Identify a Cyber Attack: 10 Warning Signs

If you aren’t paying attention, a cyber attack can seem like a sudden, random occurrence. But if you know how to identify a cyber attack and what to look for, you’ll find that cyber attackers are leaving a trail of breadcrumbs with every move they make.

A watchful eye and NSP Cyber Security Services combined can turn these warning signs into the notice you need to avoid a major breach.

In this article, we’ll cover 10 of the most common warning signs that someone has been, or still is, in your network and planning a cyber attack.

1.    Login issues

If members of your team are having unprecedented login issues, this could be a sign that someone has been in your network. Login issues can present themselves in several different ways, including:

• • Repeated failed login attempts: If your logs are showing numerous failed login attempts, especially from various accounts, this is a sign that a hacker is attempting to brute-force access.
  • Users’ passwords have changed: If team members can’t log in to their accounts and haven’t changed their passwords themselves, a cyber attacker may have gained access to your network through their account.
  • Unfamiliar or erratic IP addresses: If someone is logging in from an unusual IP address, they may just have a new device like a personal smartphone. But, if their IP address is showing a location outside of the country, that could be a sign the account is compromised. Alternatively, if someone logs in from China and then again from the United States within a few hours, this could also be a bad sign.

2.    Suspicious emails

No matter how robust you think your phishing and scam email policies and education are, users can still be duped into clicking malicious links or even entering sensitive information into fake web portals.

If anyone on your team receives a suspicious email, it’s vital they report it. This way, your IT team knows that someone is attempting to access your network and they can reinforce firewalls and further educate the team on how to avoid scams.

Lateral phishing, where a phishing email is sent from an internal email address, is a sign that someone has managed to get into one account and is working to access another account for more data.

3.    Slow network responses

Sometimes even the internet has a bad day. Slower than normal internet speeds aren’t always a sign of a bad actor on your network, but if the speed reduction is sudden, severe and persistent then it could be a sign that an attack is underway.

In this case, a hacker may have placed unauthorised software within your network that is syphoning out data to be held for ransom. This software can drain your bandwidth significantly, causing slower internet speeds.

4.    Pending software updates

If core software is out of date within your system, you may be lacking new and vital cybersecurity features. Software security patches exist to address vulnerabilities that hackers could exploit.

Your IT team needs to ensure the software is kept up to date across the organisation. Microsoft 365 allows IT administrators to push updates to users’ devices, and control which security features they can access.

Read more: 8 cyber security tips that make you a more challenging target

5.    Unauthorised file changes

Hackers typically want to access your network to change, corrupt or encrypt valuable data and hold you to ransom. Once they’ve gained access, they’ll most likely delete or edit essential system files to avoid detection.

This change can happen very quickly — even in a matter of seconds — so if you’re not paying attention, you might not notice the change. Constant monitoring of your networks and data is crucial to ensure any changes are recorded and verified.

6.    Unauthorised network scanners

Network scanners are often legitimate, valuable tools for your IT team to employ. But if there’s a network scanner in your system that can’t be linked to a valid deployment by a member of your team, the odds are a hacker put it there.

A hacker will usually start by accessing one device, after which they might use a network scanning tool to assess what else is on the network that could be of value, or might have an exploitable weakness.

7.    Mimikatz

Mimikatz is an open-source credential dumping tool that was designed to demonstrate issues with Windows authentication components. Originally developed, and still maintained, by Benjamin Delpy, Mimikatz is a great tool for penetration testing and cybersecurity professionals to assess vulnerabilities.

On the flip side, it’s also a very dangerous tool for hackers to use and enables them to extract usernames and passwords and gain access to accounts across your systems.

8.    Small isolated attacks

Maybe your team has fended off a small cyber attack. It may feel like that storm has been weathered, but in many cases, this small attack will just be a test.

Test attacks allow hackers to learn about your defences and adapt their attack to specifically target your vulnerabilities. This kind of attack is the closest thing to a hacker giving you a real warning of the attack to come.

Sometimes the time between a small attack and a larger effort can be as short as a few hours, so your team must be prepared to respond and adapt as soon as possible.

Read more: What NZ businesses need to know about avoiding cyber security risks

9.    Attempted backup tampering

Your backups are just as valuable to hackers as they are to you. Cyber attackers aim to take, alter or delete your valuable data and sell it back to you at a high price. Of course, with backups, you could just restore the data that was stolen.

Naturally then, hackers want to tamper with your backups so you have no other option than to give in to their demands. Any sign that your backups have been altered without authorisation is an indication of an impending cyber attack.

10.  A small number of encrypted devices

The slower hackers move on your network, the harder they are to detect. So, they’ll put everything they need in place so they can act quickly when the time comes.

Moments before a full ransomware assault, you may find a limited number of devices on your network become encrypted by hackers. This is a sign hackers are testing for your response to assess how successful they’ll be.

If you notice this sign, odds are an attack is just moments away.

Defend against cyber attacks with NSP

Don’t get caught with an unsecured network. The New Zealand government recommends a cyber security risk assessment to ensure your defences are up to scratch and you can’t be held to ransom.

For a no-obligation cyber security consultation, get in touch with the NSP team today.