April 2017, Issue 88

 

I am Hacked, Now What?

Centre for IT Services

 

Protecting your personal computer and mobile devices can be challenging if the user are not equipped with the knowledge on how to take steps in securing these devices.

No matter how securely when you utilise technology in your daily life, there are still chances your computer or devices can still be hacked or compromised.

In this newsletter, you will learn how to determine if your computer or mobile devices have been hacked and, if so, what can you do about it.

The faster you could determine that your computer and/or mobile devices have been compromised, the higher chances that the harm and damages due to cyber-attack can be reduced/minimised significantly upon quick remediation of the problem.

 

Symptoms that you may have been hacked
It can be very challenging for users to determine if they have been hacked regardless being a novice intermediate or expert user. Quite often, there is no single method to figure it out but hackers often leave footprints behind such as indicators. Whenever the behaviour of your systems matches with such indicators, the more likely it has been hacked.

  • Anti-virus program triggered an alert that your system is infected, particularly when it says it was unable to remove or quarantine the affected files.
  • The browser’s homepage has been altered unknowingly or the browser is redirecting you to unknown websites that were not initiated by you.
  • New user accounts appeared on your computer or device that was not created by you. You would need to take note for new programs that was not installed by you too.
  • Computer operating systems or applications keeps crashing, icons for unknown applications/programs, or strange pop-up windows keep appearing unintentionally.
  • A program keeps prompting your authorisation to apply changes to your system.
  • Your account password no longer works when trying to log into your system or an online account, even though the password is correct.
  • Spam emails were sent from your email accounts without your knowledge.
  • Mobile device have unexplained high data or battery usage pattern.
  • Mobile device causing unauthorised charges to premium SMS services.

 

How to respond
Whenever you observe your computer or devices is behaving and showing some symptoms and/or abnormalities, your computer/device could have been hacked. It is recommended that you quickly seek help and report the incident to our NSS – Service Desk (servicedesk@ntu.edu.sg) immediately. Do not attempt to fix the problem as you might cause more harm than good due to risk of destroying valuable evidence used for an investigation.
Here are some recommended steps that you can take to minimise the risks:

  • Anti-Virus
    If the anti-virus software alerts you on infected files, you can follow the actions recommended which normally include quarantining the file, cleaning the file, or deleting the file. Majority of the anti-virus vendors provide links for the users to understand the nature of the malware and the specific infection involved. When in doubt, it is advisable to quarantine the file on the follow-up actions. If it is not possible to do so, delete the malicious file immediately.

  • Change Your Password
    This does not only restrict to your computer and mobile devices but also for all your online accounts. Always use a different computer that is secure and uninfected to perform the password change.

  • Backups
    Perform regular backups ensure that you are protecting yourself against catastrophe incidents such as a ransomware infection whereby the files are encrypted and render unrecoverable. Regardless of which backup method used. Perform periodically check on the backup files to ensure that those files can be restored when required and allocate secure location for the storage of the backup drives.

  • Rebuilding Your Computer or Device
    If you are unable to fix the virus, a more secure option is to rebuild the affected system. Do not reinstall the operating system from backups as they may contains the same vulnerabilities that allowed the hacker to gain access to the system originally. The purpose of backup is used for recovering your data only. For mobile device, it can be as simple as restoring your mobile device to factory default setting after completing the backup of your personal data in the mobile device. Once you have rebuilt your computer or device, make sure to perform a system update with the latest anti-virus software, and always keep it current and enable automatic updating for operating system patches whenever is possible.

Source: https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201604_en.pdf