Chat directly with me if you want. Go to my
Chat page to find a web messenger!
This title immediately caught my attention and probably yours as well: How to detect a hacker attack – something I definitely want to know. And then I realized that the article a) is written from a techie and b) does not really cover the attacks I am worried of most. But I will address this toward the end and would appreciate your ideas as well.
If you look at the article, it gives 4 tips:
Suspiciously high outgoing traffic for dial-up and ADSL Look out for strange looking files in the root directories of your drives and/or too much disk activity. If your personal firewall is reporting blocking large packets of data from the same IP address A lot of hackers still rely on trojans and backdoors. So, if your anti-virus software starts finding a lot of those, try increasing protection, use an Internet security suite instead of a basic anti-virus
That’s just an excerpt. If I look at my mom and dad – they never look at 1 (I do not do it either), 2 (I would just see it if I would clean up my machine), 3 (It might be in the event log but who is looking at the even log?). 4 is definitely a good thing as we said since ages (actually since Blaster) that there are three things you should do to protect your PC:
If we take it to a company level, the 4 tips about might look slightly different: 1 is network monitoring (if you see the anomalies), 2 is rarely done, 3 is rarely done and 4 again I hope is done.
But what really worries is me are not the attacks we are finding with the 4 tips above. Those are not the ones, which keep me up at night as they are noisy.
What about the stealth, targeted attacks – the real attacks? They do not create a lot of traffic (as the data is slipped out slowly), they hide the files “behind” other files, the use the universal firewall tunneling protocol (called HTTP) to transfer data and the malware they are using is just written for this single purpose: To attack just you!
How do we defend against those attacks? How do we even find them? They will sneak in through social engineering and I have to admit, that I am not clear what we can do against them – really. A few things come to my mind:
What else? What do you do? I would be really interested hearing your ideas and approaches