When should an organisation raise a security alarm? Internet security solutions firm McAfee says when someone is trying to login at odd hours, when a system is re-infected within minutes after being cleansed of malware, or when some id is trying to login to the network from multiple points.
McAfee, now part of Intel Security, has come out with a list of some typical signals that indicate a possible compromise, intrusion or attack on computer networks. In its latest report ‘When Minutes Count’, the firm lists out eight most common attacks that watchful organisations track and neutralise.
Second, if a system is re-infected with malware within five minutes of cleansing, it signals the presence of a rootkit or persistent compromise. Lastly, if a user account is trying to login to multiple resources within a few minutes from different regions, it shows that the user’s credentials have been stolen or that a user is up to some mischief.
Internal hosts communicating with known bad destinations or to a foreign country where organisations don’t conduct business is one of the most common attacks, the report said. “Multiple alarm events from a single host or duplicate events across multiple machines in the same subnet over a 24-hour period, such as repeated authentication failures, indicate a problem,” the report warns.