Symptoms indicating one of your devices is being attacked

What signs may indicate that a device is infected or being attacked by a hacker.

Clear signs that indicate that your device is infected by a virus or Trojan, or is under attack by hackers.

As a rule, cybercriminals try conduct their attacks stealthily. After all, the longer they remain undetected by the victims, the more likely the criminals will achieve their goals. However, they don’t always succeed in hiding their activity. Often, based on a number of signs, you can tell that something is wrong with your computer or smartphone. And if corporate users timely detect these signs and notify their information security personnel (or at least IT specialists), this greatly complicates the attackers’ attempts to complete their attack. Thus, we’ve decided to list the most obvious symptoms that may indicate that malware is running on a device or that hackers are interfering with it.

Device is running slowly

Almost any user system starts to boot up and/or run slower over time. This can be for various reasons: the disk is full, some software requires more resources after an update, or the cooling system is simply clogged with dust. But it can also be a sign of malicious code running on the device. We recommend that you notify at least your IT department about such problems — especially if the performance drop is drastic.

The computer is constantly accessing the hard drive

If the machine is constantly flashing the HDD access light, making a lot of noise, or just copying files absurdly slowly though you haven’t initiated any resource-consuming processes, this may mean that either the disk is failing, or that some program is constantly reading or writing some data. Either way, it’s not normal behavior: better to play it safe and check with IT.

Account issues

If suddenly some services or systems stop granting you access after entering your password (correctly), this is a reason to be wary. You can try to reset your password, but if someone else has changed it there’s no guarantee they’ll not do it again. It’s better to notify the person responsible for security. You should also do this if you’re suddenly logged out of the services, or if you’re receiving multiple notifications regarding attempts at changing your password. All this may indicate a possible attack.

Pop-up windows

A device occasionally notifying the user that an update is needed, or that the battery is about to run out — this is normal. But regular error messages are a sign that something isn’t working properly, and the IT department should be made aware of this. Similarly, it’s not normal if unsolicited windows with advertisements or requests to confirm your password suddenly start appearing.

Suspicious browser behavior

Sometimes incorrect browser behavior can serve as evidence of an attack — and not just from the aforementioned suddenly appearing windows. If adware-type malware breaks into a computer, it can begin to replace banners on different pages with the same type of advertising but of dubious legality. Of course, this may also mean a problem on the side of banner exchange networks. But the same ad appearing on every site — this is an alarming symptom. In addition, you should pay attention to redirects. If you enter one address, and the browser regularly redirects you to another, you should tell the specialists about this.

Inaccessible or missing files or folders

If quite recently files or directories opened normally but now you can’t open them — or they’ve completely disappeared — this is a clear reason to contact the IT department. Maybe you accidentally deleted an important file, but maybe it was encrypted by ransomware or deleted by a wiper.

Unfamiliar files or applications have appeared

If you’ve neither installed new software nor downloaded or updated anything, but you still have new programs, files, in-program buttons, plug-ins, tools or something else unfamiliar on your computer, then it’s better to check with IT what they are and where they came from. It’s especially worth paying attention to ransom notes. There have been cases when the victims ignored such notes because all the files seemed to be unchanged and available. But then it turned out that the ransomware failed to encrypt files, but successfully exfiltrated it to attackers’ servers.

Remote connection notifications

Attackers often use legitimate remote-access software. As a rule, such software displays a message on the screen that someone has remotely connected to the machine. If such a notification appears without your consent, or if you’re suddenly offered to grant access to an unknown person, most likely your computer is being attacked by a hacker. Genuine system administrators warn users via a trusted communication channel in advance about the need for a remote connection.

Something is preventing your computer from shutting down or restarting

Many viruses need to remain present in RAM. Spy Trojans also need time to upload gathered information to the attackers’ servers. As a result, malware has to keep the computer running for as long as possible. If you notice that your device isn’t shutting down properly, tell the security officer or IT specialist as soon as possible.

Letters or messages you didn’t send

If your contacts complain that they’ve received emails or instant messages from you but you didn’t send them, this means that someone has either gained access to your accounts or is manipulating one of your devices. In either case, someone responsible for corporate security should be notified.

How to stay safe

Of course, not every attack can be detected with the naked eye. Therefore, we recommend using security solutions that can detect and stop malicious activity before it becomes apparent to the user.