Indicators of Compromise (IOCs) – Early Signs of Cyber Threats

First Republic Bank
October 1, 2020

There is a near-constant threat of hackers compromising internet-connected devices, with attacks occurring as often as every 39 seconds. Cybercriminals often gain access to sensitive information through compromised devices to steal information and money.

Early identification of warning signs is often the most effective way to detect an attack, stop it in its early stages, and limit costly damage. These red flags — known as indicators of compromise (IOCs) — can act as warning signs that malicious activity may already be happening on your computer.

  1. Pop-up warning. Ransomware is a type of malicious software that encrypts files on your machine and then produces a message requesting that you pay within a certain period of time to be able to regain access to your files. A typical ransom would be a $300 payout within 48 hours, which could be an enticing solution to quickly solve the problem. However, paying the fee could make you a target for future attacks as ransomware attackers will know you’re likely to pay, and there is also no guarantee that the attacker will actually let you access your files once you pay.
  2. Antivirus alerts. Antivirus software is designed to detect and stop malicious activity on your computer. A pop-up alert from your antivirus solution could be a false alarm — but it could also mean that malicious code has been identified on your device.
  3. Login from an unusual geographic location. An email or other notification that someone has accessed your account from an unexpected city, state or country may indicate a compromise, particularly if you’re not traveling or logging in with a VPN. This type of alert will often ask you to confirm the suspected login — was it, indeed, you? Once you decline notification, immediately log in to the account to review the account login activity.
  4. Unusual web browser activity. If your internet browser is directing your searches to seemingly random or unwanted websites, some sort of malware or malicious application(s) may be installed on your computer. These redirected searches are often sent to sites meant to mimic the page the user thinks they are on — often called “browser hijackers.” The criminal’s hope is that you’ll input your user ID and password, giving them instant access to your credentials, your username and password for that site.
  5. Stop receiving emails. If a person or third party has claimed they have emailed you and you have not received it yet, that could be an indicator of compromise. Cybercriminals often, once they have access to your email account, insert filters into your email account that prevent you from seeing emails that would tip you off to the compromise.

What steps can I take to keep my device safe from cybercriminals?

Early detection of IOCs is critical to stopping cyberattacks and limiting their potential damage. The most effective defense against cyberattacks is awareness. There are a number of basic IOC steps everyone can easily take to help maintain cyber safety:

  • Use unique usernames and strong passwords or passphrases for all important online accounts. Don’t choose easily guessed or recycled passwords. If a user’s data is breached on one account, it’s an easy leap for a hacker to apply that information to other related accounts, as well.
  • Activate two-factor authentication for all important online accounts.
  • Ensure you have an antivirus solution on your device configured to regularly scan for malware. Be sure to enable automatic updates for your antivirus solution.
  • Enable security notification settings on all devices, particularly if you toggle between desktop, laptop and mobile devices.
  • Make sure your security settings are current and up to date for all devices. If not already set up, set your device to automatically receive updates.
  • Review and remove extensions and applications that you do not use or did not download yourself. Also, if you get notified of any account activity that you did not participate in, log in to that account and change your password.
  • Back up your information on an external drive periodically and disconnect the drive from your device and network once completed.
  • Keep current on internet security trends, so you’re aware of new cybersecurity threats as they emerge.

At First Republic, we offer complimentary cybersecurity services to proactively safeguard your accounts and improve your security posture. To schedule and learn more about these services, please contact your Preferred Banker, Relationship Manager or your Wealth Manager at First Republic Private Wealth Management.

This information is governed by our Terms and Conditions of Use.