8 Indicators of Compromise to Spot Potential Breaches
- Cybercriminals are continuously working on improving their tools and techniques.
- These advanced techniques may sometimes result in victims not aware that they’re under a cyberattack.
Here are a few indicators of compromise you can keep an eye on to detect a breach as early as possible and minimize damages,
Unusual activity in user privileged accounts
User privileged accounts are a popular target in cybercrimes, considering that they can access sensitive data and modify settings. Tracking time of activity, volume of data accessed, and location can help identify if you’ve fallen victim to a cybercrime.
Exceptionally slow device performance
Cryptojacking attacks exploit the system’s processing power to mine for bitcoins. The mining happens in the background, and victims can access the systems normally. However, because the system’s processing power is used for mining, the device may suddenly become extremely slow or heat up very quickly.
Data stacked up in random places
According to security experts, criminals stack up data files in a particular place before attempting to exfiltrate them. Monitor your systems periodically for data files in places where they’re usually not stored.
In many cases, distributed denial-of-service (DDoS) attacks are used as a distraction when injecting malware or performing other malicious activities. If your systems are hit by a DDoS attack, always make sure to check the systems and network for other cybercriminal activities.
Abnormal usage patterns
Account access after working hours, access from different countries, account logins from multiple IPs over a short period of time are all examples of abnormal usage patterns. All accounts, privileged or not, must be monitored for usage patterns to detect security breaches.
Database read volume spikes
When hackers have gained access to your database, they try to access massive amounts of data to steal them. This will increase database read volumes, which is an important indicator to watch out for.
Suspicious file changes
Unexplained modification of files including addition or deletion of data is a big red flag. Keep an eye on system files as well as many malicious activities leave a trail behind.
Although this is a well-known indicator, make sure you’re vigilant about this even for small amounts. Meticulously verify each transaction to make sure that there are no transactions off the record.