Cyber Attack Symptoms

Safe & SecurityComputer NetworkNetwork

If we think an advance level of anti-virus has been installed on our computer, and we are fully secure as it performs a full system threat infection scan regularly. However, there may be instances where the scan did not detect any threat, or you cannot perform a scan. In these scenarios, we recommend that to notice the aggressive methods or symptoms to detect threats or attack.

  • If it has been noticed an unwarranted presence of PowerShell in the task manager then our computer is definitely under attack.

  • If a connection found to be established on port 4444 or 445 without your cognizance (as it can be viewed by using netstat -ano command) then you are surely in the hand of a hacker.

  • If you observe your firewall/defender shut down without your cognizance, then you are under privilege-escalation attack, as the hacker can shut off your defense system remotely by merely hitting this command NetSh Advfirewall set current profiles state off.

  • If you yet found some unduly request established to port 80 and 443 by showing it from netstat -no command or Wireshark, despite closing the browser then you are under port redirection attack.

  • If an unduly strange pdf file is found to be running in your task manager, then you might be under attack of malicious malware or virus infection which might be bundled or hide with the PDF file.

  • If you suddenly notice a large number of unwanted UDP requests from Wireshark then someone is trying to Distributed denial of service attack you in pursuit of down your network or service unavailable.

  • If your mouse moves between programs and makes selections. A computer is functioning automatically without internal input, then you are being controlled by intruders.

  • Files Suddenly become encrypted and barring access to them until victims pay the requested amounts of money, then you are under a ransomware attack.

  • If your browser begins redirecting to somewhere else other than its usual homepage that’s set up in preferences or goes to strange places when people attempt to use the internet, it’s probably because of a hacker’s infiltration.

  • If you realized that streaming videos suddenly start buffering or failed to play and web pages take forever to load, then you are under the Wi-Fi piggybacking attack.

  • Analyze your router's DNS settings with F-Secure Router tool. If your router's DNS default settings have been changed suddenly, then you are under the DNS hijacking attack.

Precautions Measures

It is recommended to adhere to the following precautionary measures by the end-user, to thwart the emerging potential cyber attack

  • We can terminate the hacker ongoing session by killing the malicious file from the task manager. But nowadays, hackers can hide the malicious shell into a regular windows process such as explore.exe by using the advance Metasploit technique prependmigrate=true to explore.exe file. So nonetheless, we kill the malicious file, yet the hacker has the session of our machine. So, kill the explorer.exe process instead.

  • Allways on the firewall with blocking all the ports except port 80 and 443 and running windows defender anti-virus with most update definitions.

  • Don’t open the strange PDF file or unknown URL received from a strange source.

  • Install the Intrusion detection and prevention system at your router and put the sensitive server into the DMZ.

raja
Published on 18-Mar-2020 11:50:54
Advertisements