Hacked? Many companies wouldn’t even know

It’s sad, but true: Many companies that fall victim to a cyberattack might not even know about it for a very long time. Some might never find out. 

The latest evidence comes from perhaps the biggest IT security story of the year: the leaked photos of celebrities that came to light over the Labor Day weekend. (While there were certainly bigger breaches in terms of number of users affected, this one’s certainly gotten the most buzz among non-IT pros.)

Security researcher Dan Kaminsky noted that many of the compromises that produced photos would seem to date back well before the day of the leak. It appears they were collected and traded among a group of cyberthieves well before they were leaked to the general public.

Despite there being a clear demand for such salacious material based on the huge amounts of press it’s generated, the group was able to keep their ring hush-hush. As Kaminsky says:

The key element of a darknet is, of course, staying dark.  It’s hard to do that if you’re taunting your victims, and so generally they don’t.  Some of the images Daniel [Wolf] found in his research went back years.  A corollary of not discovering one attack is not detecting many, extending over many victims and coming from multiple attackers.

Contrary to the stereotype of a hacker crowing about their successes, this group essentially remained silent preferring to keep their spoils a closely guarded secret.

In other words, by the time the breach was discovered, the damage had been done long ago.

Discovering attacks takes persistence

There’s no flashing light that goes off when there’s a breach of your systems. The actual process of discovering a breach will require close observation and cooperation from users.

Here are some signs to look for:

  • Unusual activity on privileged accounts. While low-level users might be an entry point for hackers getting into systems, they won’t be stopping there. The higher the privileges, the more damage hackers can do and the more money they stand to make. Watch for privileged accounts logging in at odd hours or from unrecognized locations.
  • Outbound traffic. If you’re seeing a surge in outbound DNS traffic, it could indicate that information is leaving your systems for an attacker’s.
  • Strange files. Most hackers are smart enough to hide malicious files with cryptic or non-threatening file names. But if large files are appearing on your systems, you can and should investigate them for malicious activity.
  • Warnings from users. If users are noticing a pattern of strange behavior, that could be an early indicator of an underlying problem. For each help desk ticket you handle, take a step back and consider whether it could be more than an isolated glitch.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy