How To Identify A Cyber Attack and 25 Things You Can Do To Recover

A cyber attack often sounds like something out of a Hollywood heist film. But it’s not always Hugh Jackman hacking into the mainframe and it’s usually not for some complicated revenge plot. In fact, it’s more likely to be the inverse of that. It usually looks like someone sending out hundreds and thousands of malware phishing links. They’re counting on the fact that eventually, someone will click on one of these links and fall victim to attack. Therefore, regardless of your position, industry, and scale of your business, there’s always a risk of a cyber attack targeting you.

In fact, depending upon the industry you’re in, you may be at higher risk than others. Organizations in the healthcare industry are targeted significantly more than other industries, which is reflected both in the 2019 NDBS report (and reports preceding this, too) and consistent with worldwide statistics. So, it’s also important to consider if you’re in a more vulnerable position based on your industry.

However, at the end of the day, if you’ve been subjected to attack there’s only one thing to do. And, unfortunately, that does not pretend it hasn’t happened. You’ve got to respond and move forward. So, you’ve been had. Possibly even bamboozled. Maybe you were prepared. Maybe not. Either way, now you find yourself needing to take action and respond to it. In fact, it’s quite possible that you weren’t even aware of the cyber attack immediately. Or for some time after.

This highlights the importance of understanding what constitutes a cyber attack, so you know how to identify them, and of course, respond to them.

What is a Cyber Attack?

In short, a cyber attack is the deliberate exploitation of a computer system or network. For example, a hacker may use malicious code to exploit a vulnerability in the system. This code is designed to execute a command that leads to a disruption in the natural sequence of events. As a result, the target ends up with compromised or stolen data. This can then be used for various cybercrimes.

To sum up, a cyber attack could leave you with a number of results that affect you negatively. That is to say, you could be subject to anything from identity theft or fraud, to ransomware, stolen data, malware attacks, IP theft, website defacement, and more.

For more information on security in general please check out our Cyber Security Guide.

Who Is At Risk Of A Cyber Attack And Why?

At first glance, it may seem counter-intuitive. But more than anyone else, small businesses need to be wary of cyberattacks. Small businesses present a tantalizing target for attackers for a few reasons.

Small-to-medium businesses (SMBs) are less likely to have stringent security measures and appropriate incident response plans in place. Therefore, attackers find SMBs far easier to infiltrate and exploit. Additionally, they often don’t have the means to defend or recover from an attack easily, so they’ll cough up the dough in a ransomware attack just to get their data back.

The cost of a data breach is significantly more than most realize, and the financial hit is a huge one that many small businesses may not recover from. So, as they say, prevention is better than cure.

Above all, attackers are looking for two factors in a victim. Firstly, ease of access. Secondly, the potential reward. Small businesses often check that first box with minimal cybersecurity measures. Furthermore, depending on the type of business, the data onboard may be ultra juicy and worth quite a bit financially. So, they may sell the information to other malicious parties, or hold the data hostage for a significant ransom. Don’t make it easy for them!

Nine Cyber Attacks To Watch Out For

1. My Email Account Was Hacked

What Signs Do I Look For?

Here are some signs that your email account has been hacked. Look for the following:

• Your password has changed
• There’sunusual inbox activity (check sent mail, read messages, no incoming emails)
• You’ve received password reset emails from other sites
• Account access from unexpected IP address/s (your email provider usually records this information) has occurred
• Your email contacts (whether within or outside of your business) let you know that they have received strange emails from you

How Did This Happen?

Email hacks usually occur by one of the following methods of attack:

• A password hack or brute force cyber attack
• Social engineering
• Phishing email

What Do I Do Now?

• Follow Recovery Steps: 1 — 6, 7
• Follow Up Steps: 9, 20, 23

2. System Account Details Are Compromised

What Signs Do I Look For?

• Your computer speed has slowed down significantly
• Your security software has been disabled or compromised
• Software or browser add-ons appear that you don’t recognize
• Additional pop-ups are happening
• Random shutdowns and restarts are happening
• You’ve lost access to your account

How Did This Happen?

• Your email was hacked/compromised and used to access another account
• Phishing
• Password hack
• Man In The Middle
• Watering Hole Cyber Attack
• Unpatched Software

What Do I Do Now?

• Follow Recovery Steps: 1 — 6, 7, 8, 13, 14, 18, 21
• Follow Up Steps: 9, 20, 22, 23

3. My Online Storage Account Was Hacked

What Signs Do I Look For?

Some examples of online storage accounts include DropBox, Google Drive, OneDrive, and iCloud.

• Your site suddenly has content that shouldn’t be there
• You cannot access your account
• Files are missing/altered
• There’s an unusual outbound network traffic
• You’re being notified of unexpected access locations and logins
• A large number of requests for the same object/file have been received
• Suspicious admin activity (see the previous attack)
• Excessive read operations (someone is trying to gather data)
• Contacts are receiving emails with files/links to open (make sure they don’t open them!)

How Did This Happen?

• System account was compromised
• Phishing
• Social engineering cyber attack

What do I do now? 

• Follow Recovery Steps: 1 — 6, 7, 8, 9, 13, 14, 15, 16
• Follow Up Steps: 19, 20, 22, 23

4. I Received a Blackmail Email Demand

What Signs Do I Look For?

• An email stating that they have incriminating evidence on you (this may or may not be a bluff)
• An email may claim they have accessed your password through a keylogger
• They threaten to expose you to your contacts
• They make a demand for payment (most likely in BitCoin)

How Did This Happen?

• Phishing attack
• Ransomware download
• Your account was involved in another data breach

What Do I Do Now?

• Follow Recovery Steps: 1 — 6, 7, 8, 10, 11, 19
• Follow Up Steps: 9, 20, 22, 23

5. My Social Media Has Been Hacked

What Signs Do I Look For?

• Changes to your follower count
• Friend or contact requests you didn’t make
• Duplicate accounts requesting your friends/contacts
• Posts that you did not make
• Old posts suddenly deleted
• Password has been changed
• Notification that your account was accessed from a new location/device

How Did This Happen?

• Phishing email appearing to be from Facebook/other social media website
• Sneaky social media apps
• Malicious link within Facebook/Twitter

What Do I Do Now?

• Follow Recovery Steps: 1 — 6, 7, 15
• Follow Up Steps: 20

6. Our Network Has Been Attacked

What Signs Do I Look For?

• Your files and/or server has been encrypted
• The network becomes very sluggish/slow
• Your data usage is unusually high
• Programs are continually crashing
• You received a ransomware message
• Computers are functioning without local input

How Did This Happen?

• Ransomware
• Malware attack via phishing
• Rogue software
• Physical access
• Social engineering

What Do I Do Now?

• Follow Recovery Steps: 8, 13, 14, 15, 16, 18, 19, (17 if required)
• Follow Up Steps: 9, 20, 21, 22, 23

7. There’s Been a Fraudulent Financial Transaction

What Signs Do I Look For?

• Money has been transferred to the wrong account
• Account deductions that you didn’t authorize
• Suspiciously large orders that don’t match usual order activity
• Unexpected invoices that have not been verified
• Large payments not arriving despite remuneration advice
• Advice to change address or bank details without the appropriate cross-checks

How Did This Happen?

• High ranking accounts compromised ― submitting payment requests to the accounts department. An example of this is hackers posing as the director, requesting accounts to submit a payment to X account
• Man in the Middle (posed as a financial institution)
• Invoice details were changed through a compromised system account (eg Xero, MYOB account, or accounting system login)
• Payroll/AR/AP has been hacked via phishing, social engineering, or malware

What Do I Do Now?

• Follow Recovery Steps: 1 — 6, 7, 8, 12, 13, 14, 15, 16, 19, 24
• Follow Up Steps: 9, 20, 21, 22, 23

8. We Got Infected With A Malware Cyber Attack

What Signs Do I Look For?

• Excessively slow computer processing
• Programs opening and closing automatically
• Lack of storage space
• New programs/add-ons that you did not install
• Security software disabled
• Excessive popups
• Browser keeps redirecting sites

How Did This Happen?

• Phishing
• Rogue software
• Opening or executing a malicious file (either by email or removable media)
• Insufficient firewall protection
• You allowed a program to install bundled add-ons
• Unpatched software/operating system

What Do I Do Now?

• Follow Recovery Steps: 8, 18, 13, 15, 19,
• Follow Up Steps: 9, 20, 21, 22, 23

9. I Received a Suspicious Phone Call

What Signs Do I Look For?

• You’re being offered money or a free product that you didn’t enter to win (reminder: if it seems too good to be true, it usually is!) 
• Any call that claims to have detected viruses or infections on your computer
• Calls that claim you owe taxes or other government payments
• If the caller deflects or refuses to answer your questions
• The caller is pushing you to make an immediate financial decision
• The caller is threatening deportation or arrest

How Did This Happen?

• You submitted information somewhere that sold your information to a third-party
• For example, you entered a raffle or sweepstakes or signed a petition
• You recently signed up for a service or website
• Social media ― your profile may be too public, and scammers used public information against you

What Do I Do Now?

• Follow Recovery Steps: 1, 6, 11, 25, 13
• Follow Up Steps: 20, 23

Cyber Attack Recovery Steps

1. If you still have access to the account, immediately change your password to something more secure

A tip for creating a secure (yet memorable) password, is to create a phrase or selection of random words together. Something like Grass Silver Calculator Seven is a random combination of words that is simple enough to remember but difficult to guess. Google has a good guide here for creating a strong password.

2. Update your recovery contact information

• Setting Up Recovery Information for Google
• Recovery Information and Account Security for Microsoft

3. Advise your email contacts so they know to question suspicious emails

Just a tip ― it’s best to do this in another medium other than email so they don’t get mixed up with the suspicious emails! Contact your contacts by phone, or even put out a social media blast.

4. Change your security question/s

• Change Your Security Questions for Apple
• Tips for Creating a Good Security Question

5. Configure your email settings (attackers might add a rule to forward all emails to another address)

• Changing Gmail Settings
• Changing Outlook Settings

6. Any other accounts with the same password should also be updated

• Use the site Have I Been Pwned to see if your password has been compromised, or here for any compromised email addresses.

7. Enable multi-factor authentication. Services like Gmail already offer this

• Setting up multi-factor for Office 365
• Set up 2-step verification for G Suite

8. Perform a security scan for malware

If you don’t have a tool for this already, here are some great anti-malware programs to get you started:

• BitDefender
• AVG AntiVirus
• Malwarebytes

9. If you haven’t already, implement the ‘Essential Eight’ as laid out by the ACSC

The ‘essential eight’ is easy to remember and an effective list of strategies you can use to reduce your risk of attack. We’ve given an overview of these steps here in an easy-to-read format. These are a must-do, regardless of if you have had a cyber attack.

10. Do not engage the blackmailer

• Some great steps to take when confronted with cyber blackmail.
• Example of a real cyber blackmail attack

11. Notify ACORN of the cyber attack

ACORN (Australian Cybercrime Online Reporting Network) is the Australian resource and body for reporting any cyber-attacks you may experience. ACORN will evaluate your crime report and can direct your case to relevant law enforcement.

12. Call your financial institution and freeze the account/s

• Tips for bank security and fraud prevention
• Detecting fraud within your account

13. Communicate with your team, and keep them in the loop

• Ensure you have open communication channels with your team
• Be honest with your team about where things stand
• Keep them informed so they know to be on high alert
• Schedule a meeting to inform them in person, as mass emails can often go unread

14. Notify the OAIC if you need to comply with the NDBS after a cyber attack

• Form to submit a report for Notifiable Data Breach
• Understanding what constitutes an NDB and do you have to comply?

15. Notify any affected users

• The OAIC has a guide on how to go about notifying affected users

16. Follow your Business Continuity Plan

• If you don’t have a business continuity plan, make one now
• What’s in a BCP?
• Business Continuity Plan Template

17. Restore from a back-up

• Schedule regular backups for your system and keep them stored safely.
• Back up for Windows
• Talk to your IT Managed Services provider about ongoing backups for your network

18. Isolate the infected site (disconnect endpoints and server from rest of the network)

• Your security protection software should have a guide for doing this (e.g. Symantec ATP)
• Consult your IT managed services provider about containing the malware infection

19. Call IT security professionals for specialized assistance

• If you don’t have someone on board for IT Managed Services then find a reputable team to assist you with your current issue
• Then look at implementing IT managed services for your business to prevent the issue in future

20. Refresh your cybersecurity training for yourself and your team

• A good IT services team will offer this as a service to your business
• Utilize online resources to build your cybersecurity knowledge

21. Review monitoring systems to identify and understand how the threat entered

• If you have an IT managed services provider; they will do this for you
• Some network monitoring tools: Spiceworks, Pulseway, Atera

22. Document the process from identification, to containment and recovery

This provides valuable learning information for future events and can be used to improve your Business Continuity Plan. Take note of how the threat entered, how it was managed and what can be done better next time

23. Consider employing an IT company to perform network monitoring and manage your cybersecurity

• Reasons Why We Advocate for using IT Managed Services

24. Report the Cyber Security Incident to ACSC

• Submit a report here
• Reporting to the ACSC helps them identify greater patterns of cyber-attacks and developing new policies

25. Report the scam to ACCC

• Submit a report here
• Reporting to the ACCC means they can advise the community about new or unheard of scams.