So you’ve had a cyber attack. Whether or not you prepared for it, now you find yourself needing to take action and respond to it. It’s quite possible that you weren’t even aware of the cyber attack immediately, or for some time after. It can take companies around 200 days on average to even notice a data breach or attack.

This highlights the importance of understanding what constitutes a cyber attack, so you know how to identify them, and of course respond to them.

 

What is a Cyber Attack?

A cyber attack is a deliberate exploitation of a computer system or network. They use malicious code to exploit a vulnerability in the system, often executing a command that leads to a disruption in the natural sequence of events. This usually leads to compromised data, which can be used for any number of cyber crimes.

A cyber attack could end up with any number of results that affect you negatively. Some examples include identity theft, fraud, ransomware/extortion, DDoS, stolen data, malware attacks, IP theft, website defacement and more.

For more information on security in general please check out our Cyber Security Guide

 

Who Is At Risk Of A Cyber Attack And Why?

More than anyone else, small businesses need to be wary of cyber attacks. Small businesses present a tantalising target for attackers for a few reasons.

Small businesses are less likely to have stringent security measures, and are therefore easier to infiltrate and exploit. In addition, they often don’t have the means to defend or recover from an attack easily, so they’ll cough up the dough in a ransomware attack, just to get through it.

The cost of a data breach is significantly more than most realise, and the financial hit is a huge one that many small businesses may not recover from. So prevention is the best cure. 

Attackers are looking for two factors; ease of access and potential reward. Small businesses often check that first box with minimal cyber security measures, and depending on the type of business, the data on board may be ultra juicy and worth quite a bit financially. They may sell the information to other malicious parties, or hold the data hostage for a significant ransom. Don’t make it easy for them!

 

 

Cyber Attacks Info Graphic

 

Types of Cyber Attack To Watch Out For

My Email Account Was Hacked

What Signs Do I Look For?

Here are some signs that your email account has been hacked. Look for the following:

  • Your password has changed
  • Unusual inbox activity (check sent mail, read messages, no incoming emails)
  • Password reset emails from other sites
  • Account access from unexpected IP address (your email provider usually records this information)
  • Your contacts inform that they have received strange emails from you

How Did This Happen?

Email hacks usually occur by one of the following methods of attack:

  • Password hack/Brute force attack
  • Social engineering
  • Phishing email

What Do I Do Now?

 

My System Account Details Have Been Compromised

What Signs Do I Look For?

  • Your computer speed has slowed down significantly
  • Your security software has been disabled or compromised
  • Software or browser add-ons that you don’t recognise
  • Additional pop-ups
  • Random shutdowns and restarts
  • You’ve lost access to your account

How Did This Happen?

  • Your email was hacked/compromised and used to access another account.
  • Phishing
  • Password hack
  • Man In The Middle
  • Watering Hole Attack
  • Unpatched Software

What Do I Do Now?

 

My Online Storage Account Was Hacked

What Signs Do I Look For?

Some examples of online storage accounts include DropBox, Google Drive, OneDrive or iCloud.

  • Your site suddenly has content that shouldn’t be there
  • You cannot access your account
  • Files are missing/altered
  • Unusual outbound network traffic
  • Unexpected access locations and logins
  • Large number of requests for the same object/file
  • Suspicious admin activity (see previous attack)
  • Excessive read operations (someone is trying to gather data)
  • Contacts are receiving emails with files/links to open.

How Did This Happen?

  • System account was compromised
  • Phishing
  • Social engineering

What do I do now? 

 

I Received a Blackmail Email Demand

What Signs Do I Look For?

  • An email stating that they have incriminating evidence of you (this may or may not be a bluff)
  • Email may claim they have accessed your password through a keylogger
  • They threaten to expose you to your contacts
  • Email makes a demand for payment (most likely in BitCoin)

How Did This Happen?

  • Phishing attack
  • Ransomware download
  • Your account was involved in another data breach

What Do I Do Now?

 

My Social Media Account Has Been Hacked

What Signs Do I Look For?

  • Changes to your follower count
  • Friend or contact requests you didn’t make
  • Duplicate accounts requesting your friends/contacts
  • Posts that you did not make
  • Old posts suddenly deleted
  • Password has been changed
  • Notification that your account was accessed from a new location/device

How Did This Happen?

  • Phishing email appearing to be from Facebook/other social media website
  • Sneaky social media apps
  • Malicious link within Facebook/Twitter

What Do I Do Now?

 

Our Network Has Been Attacked

What Signs Do I Look For?

  • Your files and/or server has been encrypted
  • Your network becomes very sluggish/slow
  • Your data usage is unusually high
  • Programs are continually crashing
  • You received a ransomware message
  • Computers are functioning without local input

How Did This Happen?

  • Ransomware
  • Malware attack via phishing
  • Rogue software
  • Physical access
  • Social engineering

What Do I Do Now?

 

I’ve Identified a Fraudulent Financial Transaction

What Signs Do I Look For?

  • Money has been transferred to the wrong account
  • Account deductions that you didn’t authorise
  • Suspiciously large orders that don’t match usual order activity
  •  Unexpected invoices that have not been verified
  • Large payments not arriving despite remuneration advice
  • Advice to change address or bank details without appropriate cross-checks

How Did This Happen?

  • High ranking accounts compromised — submitting payment requests to accounts department
  • E.g. Hackers pose as the director, requesting accounts to submit a payment to X account
  • Man in the Middle (posed as financial institution)
  • Invoice details were changed through a compromised system account (eg Xero, MYOB account, or accounting system login)
  • Payroll/AR/AP has been hacked via phishing, social engineering or malware

What Do I Do Now?

 

We’ve Been Infected With a Virus or Malware

What Signs Do I Look For?

  • Excessively slow computer processing
  • Programs opening and closing automatically
  • Lack of storage space
  • New programs/add-ons that you did not install
  • Security software disabled
  • Excessive popups
  • Browser keeps redirecting sites

How Did This Happen?

  • Phishing
  • Rogue software
  • Opening or executing a malicious file (either by email or removable media)
  • Insufficient firewall protection
  • You allowed a program to install bundled add-ons
  • Unpatched software/operating system

What Do I Do Now?

 

I Received a Suspicious Phone Call

What Signs Do I Look For?

  • You’re being offered money or a free product that you didn’t enter to win (reminder: if it seems too good to be true, it usually is!) 
  • Any call that claims to have detected viruses or infections on your computer
  • Calls that claim you owe taxes or other government payments
  • If the caller deflects or refuses to answer your questions
  • The caller is pushing you to make an immediate financial decision
  • The caller is threatening deportation or arrest

How Did This Happen?

  • You submitted information somewhere that sold your information to a third-party
  • For example, you entered a raffle or sweepstakes, or signed a petition
  • You recently signed up for a service or website
  • Social media — your profile may be too public, and scammers utilised the information against you

What Do I Do Now?

 

Recovery Steps

 

Cyber Security Recovery Steps

 

1. If you still have access to the account, immediately change your password to something more secure.

A tip for creating a secure (yet memorable) password, is to create a phrase or selection of random words together. Something like Grass Silver Calculator Seven is a random combination of words that is simple enough to remember but difficult to guess. Google has a good guide here for creating a strong password.

 

2. Update your recovery contact information.

 

3. Advise your email contacts so they know to question suspicious emails.

Just a tip — best to do it in another medium other than email so they don’t get mixed up with the suspicious emails! Contact your contacts by phone, or even put out a social media blast.

 

4. Change your security question/s

 

5. Configure your email settings (attackers might add a rule to forward all emails to another address)

 

6. Any other accounts with the same password should also be updated.

  • Use the site Have I Been Pwned to see if your password has been compromised, or here for any compromised email addresses.

 

7. Enable multi-factor authentication. Services like Gmail already offer this.

 

8. Perform a security scan for malware.

If you don’t have a tool for this already, here are some great anti-malware programs to get you started:

 

9. If you haven’t already, implement the ‘essential eight’ as laid out by the ACSC.

The ‘essential eight’ is easy to remember and an effective list of strategies you can use to reduce your risk of attack. We’ve given an overview of these steps here in an easy-to-read format. These are a must do regardless of if you have had a cyber attack.

 

10. Do not engage the blackmailer.

 

11. Notify ACORN of the cyber attack.

ACORN (Australian Cybercrime Online Reporting Network) is the Australian resource and body for reporting any cyber attacks you may experience. ACORN will evaluate your crime report, and can direct your case to relevant law enforcement.

 

12. Call your financial institution and freeze the account/s

 

13. Communicate with your team, and keep them in the loop

  • Ensure you have open communication channels with your team
  • Be honest with your team about where things stand
  • Keep them informed so they know to be on high alert
  • Schedule a meeting to inform them in person, as mass emails can often go unread

 

14. Notify the OAIC if you need to comply with the NDBS after a cyber attack.

 

15. Notify any affected users

 

16. Follow your Business Continuity Plan

 

17. Restore from a back-up.

  • Schedule regular backups for your system and keep them stored safely.
  • Back up for Windows
  • Talk to your IT Managed Services provider about ongoing backups for your network

 

18. Isolate the infected site (disconnect endpoints and server from rest of the network)

  • Your security protection software should have a guide for doing this (e.g. Symantec ATP)
  • Consult your IT managed services provider about containing the malware infection

 

19. Call IT security professionals for specialised assistance.

  • If you don’t have someone on board for IT Managed Services then find a reputable team to assist you with your current issue
  • Then look at implementing IT managed services for your business to prevent the issue in future

 

20. Refresh your cyber security training for yourself and your team.

  • A good IT services team will offer this as a service to your business
  • Utilise online resources to build your cyber security knowledge

 

21. Review monitoring systems to identify and understand how the threat entered.

  • If you have an IT managed services provider; they will do this for you
  • Some network monitoring tools: Spiceworks, Pulseway, Atera

 

22. Document the process from identification, to containment and recovery.

This provides valuable learning information for future events and can be used to improve your Business Continuity Plan. Take note of how the threat entered, how it was managed and what can be done better next time.

 

23. Consider employing an IT company to perform network monitoring and manage your cyber security.

 

24. Report the Cyber Security Incident to ACSC.

  • Submit a Report Here
  • Reporting to the ACSC helps them identify greater patterns of cyber attacks and developing new policies

 

25. Report the scam to ACCC.

  • Submit report Here
  • Reporting to the ACCC means they can advise the community about new or unheard of scams.