Small initiative to bring security in mind.
Today, I was reading and came
across some very useful posts regarding how to recover from a hack incident. It
is important, useful and applicable to all, know the aftermaths of being hacked/compromised/phished/malware
installed, irrespective whether you are an individual or an organization. Very truly
described by the authors Karl Thomas and Mat Honan that getting hacked/breached/compromised
is a horrible experience, being individual or as an organization we may lose
money, revenue, pride, dignity, faith, respect, personal data (pictures, email/chat
conversations, ) etc. etc. Their blog entries inspired me to write something,
useful may be not, but I wanted to write. Thankful to them :-) and my workplace :-)
Knowingly/unknowingly, many
people of us are a member of “being hacked” community at some point of time in our
life, it could be a prank by known or a serious breach by unknown. I know, it’s
not easy to believe, it’s stressful and confusing, hard to decide what to do
next, where to go, where to begin immediately after being hacked. We feel lost,
cheated and unable to decide, now what to do with this mess. Many times, we
never know when our account got hacked/compromised/phished.
It’s good to start following the incident
trails as soon as you sense it. Collect whatever you find, write, make a note
of everything you see and feel, related to this breach, either a person, event,
activity etc. There are few steps suggested:
Ask yourself, what could be the reason of this breach? Why were you
targeted? Here are some examples, attacker what to do something nasty, if he
compromises your:
Online bank
account credentials – Obviously monetary gain
Email
– Want to use your account for sending spam, harvest your email address book, staging
you for something, revenge, rivalry, benefiting himself on behalf of your,
impersonation, defaming you, hoax.
Social
networking account – Spreading a word on behalf of you to the masses, sending
spam, harvest your social networking address book, staging you for something,
revenge, rivalry, benefiting himself on behalf of your, impersonation, defaming
you, hoax.
Is your
system started behaving nasty – felt something like this:
o
I opened an e-mail attachment and nothing
happened; now my machine is acting funny.
o
My antivirus software has stopped working and the
computer keeps shutting down!
o
My programs are not working properly, and they
all are very slow
o
A bunch of files I have never seen before are all
over the My Document folder.
o
A number of my files won’t open or have
disappeared!
o
All file suddenly looking weird, unable to open
any document, all encrypted, asking for money to decrypt them.
o
Task manager, regedit, folder/file options not
opening, hidden files not visible, unable to change settings.
o
And many more … … …
What you did?
o
Have you opened any email pretending to be coming
from your Bank, Courier Company, Airlines etc. with any attachments like PDF,
XLS/XLSX, PPT/PPTX, DOC/DOCX, ZIP, RAR, 7ZIP, EXE, SCR, SWF etc.?
If yes, you have opened that email, downloaded this
file and executed, YOU ARE A VICTIM OF SOCIAL ENGINEERING ATTACK. Your system
is compromised or installed with Trojan/Backdoor/Keylogger or some kind of sophisticated
malware.
o
Got any email from your bank stating the
detection of huge amount transaction and need you to confirm, you did it or
not, by clicking on to a link present in email body?
If yes, you believed in that text matter and clicked
on the URL/link, YOU ARE A VICTIM OF SOCIAL ENGINEERING ATTACK. Your system is
compromised or installed with Trojan/Backdoor/Keylogger or some kind of sophisticated
malware.
o
In this new digital age, you might get SMS, MMS,
or request to install new Banking APP. If you installed that banking app on
your smart phone other than genuine application stores (Google Play Store-Android,
iTunes-Apple, Microsoft Windows Store-Windows etc.), YOU ARE A VICTIM OF SOCIAL
ENGINEERING ATTACK. Your smartphone device/system is compromised or installed
with Trojan/Backdoor/Keylogger or malicious application or some kind of sophisticated
malware.
o
Any new application appeared on your smartphone,
which you didn’t installed?
What you do?
o
Follow the money/transactions, new shipments,
new orders, new payment methods added, new beneficiary added, new accounts
linked.
o
Check for last non-financial/financial
activities under your banking account. If you found anything fishy, go &
report to bank and also seek help from them or local law enforcement agency
i.e. cyber Cell, Police.
o
Check for any changes in your banking/social
networking/email account security. Is security question changed? Mobile/Phone number
changed? Transaction alert disabled or enabled on new Mobile/Phone numbers?
Primary/secondary email Id changed? If yes, review them all and change the
entire set of security and account recovery options.
o
Check your account (Inbox, sent, draft,
deleted/trash or any other folder/tag created) for any message, email not sent
by you, check properly.
o Scan your computer system with good, reputed antivirus and disinfect the same.
o Keep your browser up-to-date, disable unwanted BHO, plug-ins and extensions, disable auto-opening of external files, like ppt/pptx, doc/docx, xls/xlsx, pdf etc. Disable JavaScript and Java applet execution, or atleast set them not execute automatically, without permission. There are many more settings you can do in browser, which are not explained here. :-)
o Keep your browser up-to-date, disable unwanted BHO, plug-ins and extensions, disable auto-opening of external files, like ppt/pptx, doc/docx, xls/xlsx, pdf etc. Disable JavaScript and Java applet execution, or atleast set them not execute automatically, without permission. There are many more settings you can do in browser, which are not explained here. :-)
Speak up, it is essential to broadcast among your loved ones and
business about the breach incident. Make them aware if you are unable to
contaminate this mess right now. It will help them not to open or view
something received from you, it could be septic. In this way, you are
protecting them from what you are affected with. And in another sense, you are
making them aware of this incident. Sometimes you may get help also, from the
one who knows better way to deal with this situation or have solution for this
problem.
Internal security audit, use
antivirus programs for smartphones, Windows PC etc. from reputed vendors, use
MBSA for windows to review the security of your windows PC etc. check for the
presence of Trojan, Backdoor, Virus, Worm, Keylogger, Adware, Crimeware,
Rootkits, Botnet etc. with the help of reputed antivirus. Check for the
password strength, change them and keep more secure passwords. Check for the
new user account added on to your system. Enable and strengthen your firewall
program.
Locking credit card, if you have supplied your credit card details anywhere mentioned above, you need to better take care of it, disable it for some time until you restore your digital fortress.
Take backup of your account, now and regularly too, accounts like Apple,
Facebook, Google, Microsoft, Twitter and Yahoo etc.
There are many more things which
is not possible to write at this time, in this much small space, I may write
specific, if anyone need, suggest or give ideas. J
Rebuilt your digital world and strengthen the security of your digital
fortress. :-)
#@v3 $@f3 8r0w$!n9 . . .
nj0y !!!
