Attacks by hackers can manifest as something alarming, like a drained bank account, or they may leave subtler evidence. Some of the most serious attacks are only detected through study of logged data, and they may only be discovered after serious damage has been done. The IT service desk can help educate end-users on what to look out for, and encourage them to report problems right away so that damage can be contained.
Here are 5 signs the IT service desk should watch out for, and what to do when any of these problems crop up.
Attacks can range from the merely annoying to the devastating.
1. Unwanted Toolbars and Redirected Searches
New browser toolbars may be the result of not opting out of toolbar installation when installing software. These can be annoying without being dangerous. But when a toolbar is from a source you don’t recognize, it needs to be removed, which can often be done with browser tools. If this doesn’t work, power the machine off immediately, boot it up in Safe mode with no networking, and try uninstalling any new software. You may consider restoring the computer to a state prior to the problem. Afterward, a complete antivirus scan is in order. Redirected internet searches are another sign of compromise, and they can often be eliminated by the removal of unwanted toolbars and software as described.
2. People Receiving Fake Emails from Legitimate Contacts
If someone reports getting unusual emails that appear to be from a legitimate contact, their computer may have been compromised with malware that hunts for email addresses. Sometimes email addresses are pulled from social media, and sometimes these emails have a contact’s name, but not their correct email address. When this happens, the sender’s computer should have a complete antivirus scan, and should be searched for unwanted software and toolbars and purged of them as described above. It can’t hurt to run an antivirus scan on the recipient’s computer too. Changing email passwords is also smart, because email is typically where password resets for all other accounts are sent.
3. New Software Is Installed Unexpectedly
Today, many malware programs installed on computers are worms and Trojans, and they install themselves just like legitimate software. Sometimes unwanted software (like unwanted toolbars) is installed as part of legitimate software installs, and it’s simply an annoyance that needs to be opted out of. To cope with unwanted software that may or may not be legitimate, you can use a utility like Autoruns that lets you selectively disable software that automatically starts when the machine is booted, and that’s where a lot of malware can be found. If you’re unsure if unwanted software is harmful, disable the questionable software, reboot, and have the user report any unexpected loss of usual functionality.
4. Significantly More Elevated Logins, Particularly at Unusual Times
Sometimes advanced persistent threats (APTs) are only discovered through non-obvious changes to a system or network. APTs are extremely dangerous because their goal isn’t simply compromising one computer, but compromising an entire network. One way attackers do this is by reading an authentication database, stealing, and using credentials. By doing this, they learn which accounts have elevated privileges and permissions, so they can then compromise more assets. If you notice a significant number of these “elevated” logins, particularly at odd hours, you could have a serious problem. Unfortunately, there is no one fix for APTs, but they often start with isolating infected machines and sometimes calling in outside help from APT specialists.
5. Large Amounts of Data Flowing Unexpectedly
Another non-obvious sign of an APT is significant, unexpected flow of data from an internal origination point to other machines, whether internal or external. These data flows may be quite targeted. For example, someone may be picking up email coming from a particular foreign country. Some email systems allow you to learn where the latest user logged in from and where the last message was accessed, but not all of them do. Another reason why this type of APT is difficult to spot is that you need to understand baseline data flows in order to spot abnormal flows. If you don’t know what your typical baseline data flows are like, you need to find out so this type of threat can be identified quickly.
Some hacks reveal themselves through serious and unavoidable computer problems, while others are so subtle that they can do serious damage before being detected. When your IT service desk uses Samanage both for service desk functions and IT asset management, you’ll have an easier time managing threats, because of powerful risk detection features like automatic scanning for unauthorized software. Monitor risks, educate end-users, and have plans for coping with attacks, and you can minimize the threat and damage they can cause.