Dealing with a Cyber Security Incident

Published on 02 Apr 2014

by GOsafeonline

There is no silver bullet in cyber security. There is always a possibility for your devices, such as computer, smartphone and tablet; or online identity, such as email, Facebook and Twitter accounts, to be compromised by someone with malicious intent.

Given this, it is important that we practice, good infocomm security hygiene. The more infocomm security measures you adopt in securing your devices and online identity, the less likely that you will be a victim of a cyber security incident.

That said, there might be times when our devices or online identity still get compromised, perhaps due to a new malicious software (malware) with no known patch or virus signature; or simply because we have forgotten to update our antivirus software’s virus definitions. In such situation, all is not lost if we know how to salvage the situation to minimise potential damages such as compromised online identity or sensitive information loss.

We will look at a number of ways to identify if your devices or online identity has been compromised, as well as some basic steps you should take in respond to such incidents.

 

 

Is Your Device Compromised?

1

Security software has detected a malware.
Your security software (such as antivirus software) is doing its job by flagging that your device has been infected by a malware. To deal with this incident, follow the steps recommended by your security software to remove or quarantine the malware.

2

Antivirus software has been disabled or cannot to be updated.
Some malware avoids antivirus software’s detection by disabling it or causing virus definition updates to cease. In such situation, try to execute the antivirus software in your operating system’s “Safe mode with networking”. If that doesn’t work, download and use alternative antivirus software, updated with latest virus definitions. Otherwise, try using a portable antivirus software (i.e. one that runs off your thumb drive) downloaded from another computer.

3

Unknown software / apps found on device.
These may be malicious software or app that are unknowingly installed on your devices when you unwittingly browse malicious websites, download malicious attachments in emails, or use storage devices such as thumb drives infected with malware. Perform a full system scan with your antivirus software, updated with the latest virus definition to remove them.

4

Device is responding slowly or unstably.
A malware infected device usually runs numerous malicious processes in the background, such as sending information back to its command and control server, taking up much processing power. This would usually cause devices to have slow and unstable responses. Perform a full system scan with your antivirus software, updated with the latest virus definition to remove the malware.

5

Malware cannot be removed by antivirus software.
If your device is not functioning properly, yet your antivirus software cannot detect any malware; or worse still, the antivirus software is not working, you may need to reinstall your device’s operating system. You could reformat your hard disk drive and reinstall the operating system; or perform a “factory reset” on your device. Once that is done, install all the latest patches of the operating system, and the latest virus definition for your antivirus software.

 

Is Your Online Identity Compromised?


When your email, social media or any other service providers whom you have an account with inform that your account has been compromised (check the authenticity of the information first), or when information that their customers’ databases have been leaked hit the news, your credentials would most likely have been compromised.

In addition to such information, there are also some tell tale signs that you can take note of to verify if your online identity has been compromised:

 

1

You cannot log in.

Knowing that you entered the correct username and password, and yet you cannot log in to your account. An attacker could have compromised your account, either by guessing or resetting your password.  In such situation, contact your service provider immediately to regain access to it.

After regaining access to your account, change your password immediately. Choose a complex password (at least eight characters long, including lower and upper cases, symbols, and numbers) that is not similar to your previous password. Also change the password of any other online accounts that you have used the same password on. As your account may have been configured to allow future access by the offender, review all account settings, especially your personal, security, and privacy settings where applicable.

 

2

 

Strange activities are performed using your account.

Your email contacts or social network friends informed you that they received strange emails or messages from you, which you have never sent out. There is high chance that your account has been compromised. 

As above, change your passwords immediately and review all your account settings.

 

Report Cyber Security Incident

In event that you are unable to resolve the security incident, you could contact SingCERT for further advice and assistance.

SingCERT’s contact details: