It is not always easy to identify if your computer has been infected with malicious code. Some viruses may completely destroy files and shut down your computer, while others may only subtly change your computer’s normal operations.
Look out for the following warning signs that may indicate your computer or IT network has been infected with malicious code:
- Machines that are suddenly running slowly, crashing or have completely shut down.
- Strange network usage patterns.
- Huge transfers of data to unknown destinations.
- Visits from unfamiliar IP addresses.
- Changes to system hardware, firmware, or software characteristics without your knowledge, instruction, or consent.
- Unwanted disruption or denial of service.
If you have installed antivirus software, it may alert you to malicious code on your computer. The antivirus software may be able to clean the malicious code automatically, but if it can’t, you will need to take additional steps.
Once a cyber security incident has been identified you will need to analyse the attack and confirm what type of incident has occurred. The nature of the incident will determine the type of assistance you will need to address the incident and the type of damage and remedial efforts that may be required.
When investigating the attack seek to answer the following questions:
- Who has attacked us?
- Why have we been attacked?
- When did the attack occur?
- What is the scope and extent of the attack?
- What did the attackers take from us?
- What is the potential business impact?