Has Your IT Network Been Hacked?

Examples of signs that could indicate your IT network has been hacked. Article from the cyber-security experts at All Covered.

July 30, 2012 by Andreas Krebs

Has your it network been hacked?Has your business's IT network been exhibiting strange behaviors? Maybe one user's computer has a newly developed habit of randomly restarting or your entire IT network is operating more slowly than usual. There is a good probability that your business's IT network has been hacked. The term "hacked" means that some computing resource has been compromised by a malicious application (aka cyber-threat). Regardless of whether only one computer or the entire IT network is exhibiting signs of having been hacked, it is necessary to find and remove the threat as soon as possible.

Symptoms of infection

In the event that an individual computer or the entire IT network has been hacked, regardless of the nature of the threat, most threats will cause computing resources to behave in the similar ways.

Individual machines that have been hacked will often exhibit the following symptoms:

  • Unusual internet connectivity (sometimes fast, sometimes very slow)
  • The default web page has been changed to another page
  • The default search page has been changed to another page
  • The antivirus program doesn't work at all or it freezes and/or crashes regularly
  • The web browser will not browse to web pages from Microsoft, Symantec, or other web pages owned by software or security firms
  • New files or folders have appeared on the computer in unusual locations with strange names
  • Web pages exhibit strange behavior such as flashing for a moment
  • Web history cannot be deleted
  • The screen saver has been changed

The entire IT network will often exhibit the following symptoms if it has been hacked:

  • Internet connectivity is slower than usual
  • Firewall logs are larger than normal and rapidly generated
  • Domain controller event logs are larger than normal and rapidly generated
  • Server event logs have been deleted or modified so that they no longer capture data
  • Security event logs are showing multiple errors for failed logon types, typically in blocks of 10 that occur in rapid succession
  • Network backups take longer than usual to complete
  • Network backup data set is larger than expected
  • Individual machines will not update patches properly
  • Some security patches will consistently fail
  • Some machines will not accept antivirus definition updates
  • Some machines have antivirus that consistently fails
  • Unusual services such as FTP or Web Services are installed on secondary servers
  • Unusual applications are present on the servers
  • Unusual folders appear on network shares
  • Unusual files appear in the root of network shares
  • Shared folders will have unknown .bat and .exe files
  • VoIP phones, if used, might have a higher rate of latency and/or poor connections during phone conversations

Learn more

The best way to protect your business's IT resources is to familiarize yourself and your business's computer users with the symptoms that indicate that a computer or the entire IT network have been used. Encourage users to report any strange behaviors to your technical support department. To learn more about the symptoms of being hacked or if you suspect that your IT network has been hacked and you would like assistance removing the malware and securing your systems, please contact the cyber-security experts at All Covered.