These Red Flags Could Mean You’ve Been Breached

PurFoods, a meal delivery service, recently suffered a data breach that exposed more than 1.2 million customers’ data. Although the company’s systems were breached in January 2023, it wasn’t until the following July that the discovery was made. 

The attackers enjoyed six months of unhindered access to all the data they wanted. 

Although the details are sketchy, apparently suspicious activity was noticed as early as February. It isn’t clear what happened between February and July, but one thing is certain: if action had been taken at the first red flag, much of the damage could have been prevented — including the class action lawsuit that PurFood’s customers have filed against the company.

If your company comes under cyberattack, there will likely be warning signs that something is wrong. Ignoring those red flags could mean a disastrous fallout. Here are top warning signs that could indicate your company is being attacked by hackers.

Related: How to Train Your Compliance Personnel for Greater Security Success

User-level Red Flags

If your users know what to look for, you can often spot the earliest warning signs that a cyberattack could be taking place. Train your employees to watch for these red flags.

Erratic computer behavior

When bad actors get onto systems, they start doing things within the system, such as installing their own software or modifying your existing software. These activities can affect computer behavior.

Don’t dismiss odd computer behavior like strange shutdowns, blue screens, or applications running on their own. If your computer runs slow or your laptop battery drains much too fast, you could have nefarious programs running in the background.

Passwords that don’t work

Don’t dismiss a password that suddenly doesn’t work. This usually happens with shared programs that are on your computer as well as your phone — for example, your email. 

If suddenly your email on your phone is popping up with a message that you need to reenter your password for your email, that could be a sign that someone has gotten ahold of your email account and has reset the password, locking you out.

Related: Password Stealers: What Are They, and How Do You Avoid Them?

Unusual emails or text messages

Often, especially in ransomware cases, attackers will gain entry by sending messages that look like they came from a trusted source. The message might say something about an email attachment that needs your review. If you didn’t expect the message, be suspicious of it. 

Conversely, if your contacts ask about a strange email or message from you that you didn’t send, take action immediately.

Redirected website activity

Occasionally a website needs to redirect you to another domain. Often it’s a legitimate action, but sometimes it can be a sign that an attacker is taking you to their own fake website.

If you’re on a site that you aren’t familiar with and you get redirected to an unexpected page, be wary. Especially if this happens when doing an internet search.

Other signs of a breach

Also watch out for these warning signs:

• Emails requesting a password reset
• Emails from an unknown source that asks questions about user account data
• Random popups
• Contacts receive social media invitations from you that you didn’t send
• Browser toolbars in your browser that you didn’t enable
• Money missing from your bank account

System Level Warning Signs of a Breach

Some warning signs of a cyberattack are visible at the system level. Watch for these red flags.

Unexplained user accounts

Take note of user accounts that suddenly appear, which you can’t immediately explain. Instruct system admins to report any time they notice a new user account on a given system. They should be reviewing the full list of system accounts periodically throughout the year, depending on the requirements of the certifications and standards the organization is subject to. 

Unexpected software installations

Watch for new software that has been recently installed on your machines or systems. If you can’t account for it, take proactive measures. If you have File Integrity Monitoring enabled, make sure these reports are being reviewed as they are available.

Nonfunctioning Task Manager or Registry Editor

Bad actors will sometimes try to conceal their activity by disabling the Task Manager or Registry Editor so that you can’t see what they’re doing under the hood. If you can’t see the trojan they’ve installed running in the background, it buys them more time to do more damage.

Moving mouse pointer

If a mouse pointer moves around on its own between programs and makes selections, someone could be controlling it remotely. It’s a strong indication that a bad actor has broken into your system and is actively working on it. 

Few people have seen that happening, but I have witnessed it. It’s creepy as hell to see it unfolding live on the screen in front of you, without your consent. Take action immediately.

Other warning signs

Also watch out for these warning signs:

• Reports of excessive failed login attempts for a particular user or system
• Anti-virus program malfunctions or becomes disabled for no apparent reason
• Unexpected system reboots or shutdowns
• Computer, network, or internet connection slows down
• Strange network traffic patterns or unexpected traffic

Cyberattack Red Flags at the Support Level

Often, attackers will gain entry to a system with information they’ve obtained through research beforehand. Bad actors will gather seemingly innocuous information about your organization, and they will obtain it by contacting your staff at various levels, including customer service or technical support.

Spotting these red flags can help prevent a successful attack altogether. Some examples include:

• A caller asks unexpected but “harmless” questions about employees or the company
• You receive a report from “security researchers” you’ve never heard of
• Reports from customers or partners state that they have seen signs of breach
• The media attempts to discuss your recent data breach (there’s nothing worse than being the last to know your organization has been breached)

You Don’t Have to Be a Statistic

Ponemon’s 2023 data breach study has just been released. One of the findings was that only one-third of breaches are discovered by the organization itself. Two-thirds of the time, someone else finds out first and notifies the organization. That source could be the bad actor in the form of ransomware announcement, a customer or partner who discovered their account was hacked, or even the FBI contacts you regarding evidence they’ve been exposed to.

You don’t have to be a statistic, but you do need to pay attention. It is critical not to brush off any red flags that you see. That odd little quirk might be benign. But it could also be the first sign that you’re being hacked. Never automatically dismiss those little red flags, always look at things through the lens of a possible breach early warning sign.

I can’t overstate the importance of training your personnel to follow cybersecurity best practices and to pay attention to the warning signs. In the end, the health and protection of your organization could be at stake. Cybersecurity isn’t just an IT thing, because IT can’t be everywhere or see everything. Everyone in your company needs to be vigilant. 

Share these red flags with every employee in your organization and give them instructions about what to do if they observe anything unusual.