Serious Discussion Malware or Hacking ?

Have you been malware infected or hacked ?

  • Total voters
    3
Victor M

Victor M

Level 12
Thread author
Verified
Top Poster
Well-known
Oct 3, 2022
573
Here is ChatGPT's view on this:

Distinguishing Between Hacking and Malware Incidents​

Hacking Incident​

  • Definition: Unauthorized access or manipulation of computer systems, networks, or devices by exploiting vulnerabilities.
  • Indicators:
    • Unusual Login Attempts: Logins from unknown or suspicious locations.
    • Account Changes: Unauthorized creation, deletion, or modification of user accounts.
    • System Changes: Alterations to system settings or configurations without authorization.
    • Sensitive Data Access: Unauthorized access to sensitive files or data.
    • Network Traffic: Unexplained changes in traffic patterns, such as increased outbound traffic.
    • Installation of Tools: Unauthorized installation of hacking tools (e.g., keyloggers, remote access tools).
    • Man-in-the-Middle (MITM) Attacks: Interception of communications between two parties without their knowledge.
    • Phishing Attempts: Emails or messages designed to trick users into revealing credentials or downloading malware.
    • Exploitation of Vulnerabilities: Evidence of exploited known or zero-day vulnerabilities in software or hardware.
    • Data Exfiltration: Large or unusual amounts of data being sent to external addresses.
    • Privilege Escalation: Unauthorized elevation of user privileges within the system.

Malware Incident​

  • Definition: The presence and impact of malicious software designed to damage, disrupt, or gain unauthorized access to computer systems.
  • Updated Indicators:
    • Malware Signatures: Detection by antivirus or anti-malware software.
    • System Performance: Unexplained slowdowns or unusual system behavior.
    • Pop-up Ads: Unexpected ads or browser redirects indicating adware.
    • Ransomware: Files being encrypted with ransom demands.
    • Information Stealers:
      • Session Cookies: Theft of session cookies to hijack active sessions.
      • Credentials: Harvesting of usernames, passwords, and other credentials.
      • Financial Data: Theft of credit card numbers and banking information.
    • Spyware: Monitoring user activity and collecting data without consent.
    • Botnets: Infection causing the system to become part of a botnet, resulting in unusual outbound connections.
    • Rootkits: Malicious software that hides its presence and activities.
    • Network Traffic: Connections to known malicious IP addresses or domains.
    • Fileless Malware: Malware that resides in memory and doesn’t leave a footprint on the hard drive.
    • Command and Control (C2) Traffic: Communication with a remote server to receive commands.

Common Indicators and Overlap​

Some signs can indicate both hacking and malware incidents, such as:

  • Unauthorized Access: Unusual activity on the system.
  • Suspicious Processes: Unknown processes running on the system.
  • Configuration Changes: Unexplained changes in system or network configurations.

Investigation Steps​

  1. Log Analysis: Review system, network, and application logs for signs of unauthorized access or malware execution.
  2. Network Monitoring: Monitor traffic for unusual patterns or connections to known malicious sites.
  3. System Scans: Use antivirus and anti-malware tools to scan for and identify malicious software.
  4. User Reports: Gather information from users about unusual behavior or issues with their devices.
  5. File Integrity Checks: Verify the integrity of system files and configurations to detect unauthorized changes.
  6. Threat Intelligence: Use threat intelligence feeds to identify known indicators of compromise (IOCs).
Click to expand...

So, how many of you have had malware infections and how many of you have had hacking incidents ?


In my 30+ yrs in the IT field, I have had both. Today, I just classify malware as automated hacking. After all it is hackers who write malware and put their techniques into lines of code.

One needn't be shy about it. It is sometimes the fault of anti-malware, and sometimes inadequate system configuration. We were all non-tech-savvy once. I had poor tools, insecure configs and I was more than once just careless. Now I have better tools (thanks to this forum), more secure configs, and a sheet of Op Sec rules that I never disobey. We learn from our mistakes.

Maybe we should call our forum Infected Anonymous :)
 
Last edited by a moderator:
  • Like
Reactions: vtqhtr413

Similar threads

lokamoka820
    • Like
Hot Take What is Kernel-Level Malware and How to Protect Against It
Replies
5
Views
479
General Security Discussions
Trident
Trident
Trident
    • Like
    • Applause
    • +Reputation
  • Poll
Serious Discussion Pre-execution vs post-execution protections explained
Replies
6
Views
1,032
General Security Discussions
Trident
Trident
Nunzio_77
    • Like
Serious Discussion Data leak: Avast Free or Bitdefender Free?
Replies
28
Views
2,318
General Security Discussions
ifacedown
ifacedown

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top