How to spot a cyberattack if you are not a security pro

April 2024 Editor's Choice

Business owners and executives dread receiving the call that criminals have breached their computer systems. It may happen in a flash, but this moment is often the culmination of days to months of moves by cybercriminals, finding ways into systems, gaining control, and eventually executing an attack. It is the proverbial iceberg; the breach is just the visible tip of the operation.

"Vigilance and knowledge are our most potent weapons in the battle against cyberattacks," asserts Gerhard Swart, Chief Technology Officer at Performanta. It is in the criminals' best interest if ONLY security teams can detect the signs of an impending attack. The good news is that anyone can grasp the basics of a cyberattack and spot suspicious activities."

How to spot a cyberattack

Popular culture's depiction of a cyberattack is often very misleading. The cybercriminal figure is someone sitting in a dark room, typing a few commands into a laptop, then sitting back and sipping a drink while their code causes havoc. The reality is very different.

Cyberattacks have multiple stages that can happen sequentially or concurrently. Security experts often refer to a standard blueprint called the Cyber Kill Chain, developed by Lockheed Martin. This blueprint describes seven stages: reconnaissance, weaponisation, delivery, exploitation, installation, command and control, and actions.

Briefly, the stages involve:

1. Reconnaissance: The criminals find targets and research their weak areas, such as weak passwords.

2. Weaponisation: The criminals prepare tools for the attack, such as malware or deepfakes.

3. Delivery: The criminals initiate an attack to try and enter the systems, often using phishing emails.

4. Exploitation: The criminals worm into the systems and prepare for a larger attack.

5. Installation: The criminals use their extended knowledge of the breached computer systems to install more tools and backdoors.

6. Command and control: The criminals expand their control to run the breached systems effectively.

7. Actions: The criminals launch their main assault, at which point the breach often becomes visible.

Detection is better than cure

Knowing these details, how can you spot an attempted cyberattack? There are often telltale signs to look out for, namely:

• There has been a surge in phishing emails targeting your or your employees. Emails that are not from where they claim to be, stress great urgency, or contain unsolicited attachments or links should be treated with suspicion.

• Unusual network traffic or file access attempts: reports of unexpected traffic or files being accessed, especially by accounts that normally do not do so (such as a sales accountant trying to access financial records).

• Account logins at strange times or unusual locations: when someone logs in at 2am or from an undisclosed location, that can be a massive red flag.

• Stolen or lost devices: Though stolen devices can be a case of petty theft; if someone loses a phone that can authenticate account logins, there is cause to take that seriously.

• Passwords no longer work: If you cannot access an account yet have not changed the password, there is reason to be concerned.

The above signs might also result from other causes, but as the maxim goes, just because you are paranoid does not mean they are not out to get you.

Three steps to strengthen security

Firstly, they should support and encourage security training for their staff, including regular tests, and do so supportively. Businesses should make their employees feel like part of the solution, not the problem. Secondly, businesses should encourage general vigilance - if someone notices something strange, they should speak up. Employees should be given accessible channels to notify security concerns, even frivolous ones. Thirdly, businesses should look to invest in technology services that improve detection, visibility, and reporting. Security tasks can quickly overwhelm security and IT teams, while the right security services alleviate such pressure.

"When you stop that phishing mail or inform your security admin about suspicious activity, you deal a big blow to the attackers' plans," says Swart. "When companies combine good security habits and technologies with security-savvy employees, they become a very hard target, and the bad guys usually go looking for something easier."

It might seem worth taking the risk. After all, what are the odds you will be attacked? Unfortunately, they are considerable as South Africa is a major cybercrime target, and fixing the damages of a cyberattack is very costly. Prevention is better and cheaper than cure! Even if you are not a security pro, you can help spot cyberattacks and avoid such risks.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

AI-enabled tools reducing time to value and enhancing application security
Editor's Choice
Next-generation AI tools are adding new layers of intelligent testing, audit, security, and assurance to the application development lifecycle, reducing risk, and improving time to value while augmenting the overall security posture.

Read more...
Perspectives on personal care monitoring and smart surveillance
Leaderware Editor's Choice Surveillance Smart Home Automation IoT & Automation
Dr Craig Donald believes smart surveillance offers a range of options for monitoring loved ones, but making the right choice is not always as simple as selecting the latest technology.

Read more...
AI enables security solutions to define business strategies
Regal Distributors SA Editor's Choice
While allowing technologies to do exactly what they should do with even more efficiency and precision, AI is also empowering these same technologies to break through their traditional boundaries and create an ecosystem where one interface delivers outcomes across highly segmented verticals.

Read more...
Putting cyber into surveillance
Dallmeier Electronic Southern Africa Cathexis Technologies Technews Publishing Editor's Choice
Cybersecurity has become an essential part of the physical security industry. However, unlike other IoT technologies, of which security products are a part, surveillance technologies have more to protect.

Read more...
2024 State of Security Report
Editor's Choice
Mobile IDs, MFA and sustainability emerge as top trends in HID Global’s 2024 State of Security Report, with artificial intelligence appearing in the conversation for the first time.

Read more...
Cyberthreats facing SMBs
Editor's Choice
Data and credential theft malware were the top two threats against SMBs in 2023, accounting for nearly 50% of all malware targeting this market segment. Ransomware is still the biggest threat.

Read more...
Are we our own worst enemy?
Editor's Choice
Sonja de Klerk believes the day-to-day issues we face can serve as opportunities for personal growth and empowerment, enabling us to contribute to creating a better and safer environment for ourselves and South Africa.

Read more...
Protecting IP and secret data in the age of AI
Editor's Choice
The promise of artificial intelligence (AI) is a source of near-continuous hype for South Africans. However, for enterprises implementing AI solutions, there are some important considerations regarding their intellectual property (IP) and secret data.

Read more...
Super election year increases risks of political violence
Editor's Choice
Widening polarisation is expected in many elections, with terrorism, civil unrest, and environmental activism risks intensifying in a volatile geopolitical environment. Multinational businesses show an increasing interest in political violence insurance coverage in mitigation.

Read more...
Enhance control rooms with surveillance and intelligence
Leaderware Editor's Choice Surveillance Mining (Industry)
Dr Craig Donald advocates the use of intelligence and smart surveillance to assist control rooms in dealing with the challenges of the size and dispersed nature common in all mining environments.

Read more...