Top 16 warning signs that could indicate a Cyber Breach

Detect Anomalous Activity Ahead of a Data Breach

Indicators Of Compromise

• Login from a malicious IP address - The IP address has been associated with suspicious behaviour.
• Atypical travel - Someone attempting to access an account from a location far from the users locations.
• Unfamiliar sign-in properties - Unusual sign-in attempts.
• Password spray - Attempting multiple passwords to gain access.
• Suspicious inbox forwarding & redirects - Forwards of email or another provider (a typical activity performed by hackers to continue to monitor emails).
• Data deletion - Large deletions of data.
• Anonymous IP address - Someone trying to obscure their IP address.
• Malware linked IP address - An IP address that has been associated with prior attacks.
• New country - Attempts from a different country.
• Leaked Credentials - Someone using login details which have been leaked.
• Suspicious email deletion activity - Deleting emails after intercepting email dialogue.
• Data copied - Large copies of data.
• Login from a principal user not seen in 60 days - Login after a long period of inactivity.
• Vulnerability scanner detected - Attempts to scan for exploitable vulnerabilities.
• Suspicious User Agent detected - Using a suspicious web client to access resources.
• An event log was cleared - A hacker attempting to hide their activity by clearing the event logs.

• Tags