If Padvish detects malware inside your network, it indicates that you’ve been hacked, and a forensic or threat analysis team must analyze you ASAP. Seconds matter the most. Read the following topic to know about the signs of intrusion and how to encounter them.
Padvish Forensic team analyzed recent cyber-attacks and acknowledged that the duration of attacks decreased from weeks to lower than 24 hours in some cases which was due to intruders’ hastiness, and indicates that these intruders had no specific goals but to cause damages with their maximum potential.
On one hand, it indicates that dedicating time to fortifying your network by zoning and defining the right policies can be a good way to fend off these types of attacks. on the other hand, these attacks harshly decreased the time for monitoring networks and reactions, and users have to secure their network ASAP if an intrusion is detected.
In this topic, you will read about signs and warnings that Padvish will provide you with about intrusion and how to analyze them. Normally, Antivirus is not your network’s only defensive layer, but recent cyber-attack statistics show that Padvish is successful in detecting cyber-attacks and notifying users on time. This shows the importance of concerning Padvish’s warnings.
Signs of intrusions in the network
If you’ve witnessed any of the following signs in your network, then you’re hacked and must seek help from a forensic team ASAP:
Detecting HackTool malware: Padvish knows all intrusive tools with this name. This type of malware is used to scan networks, add backdoors, gain permission and etc.
Detecting RiskTool malware: these tools have double usage, but intruders use them to bypass security mechanisms, eavesdrop and etc. Obviously, facing a new RiskTool in the network is critical and indicates the possibility of a hack.
Detecting APT malware: APT or Advanced-Persistent Threat groups are intruders that are experts in hacking and sabotaging systems and are often backed by a foreign State. Padvish detects their tools by APT name.
Detecting IPS: any log in the IPS section of the console indicates network infection, and the risk is high so you have to decrease it to zero by installing an anti-virus. But some exploits are specifically used by intruders and must analyze with more accuracy:
- Hacktool.Win32.CobaltStrike
- Exploit.ZeroLogon.Possibility
- Backdoor.Win32.chinachopper
- Malware Infection By RDP
Recommendations
Make sure Padvish Management Server is connected to the Padvish MDR system
Following March 2022, the free level of the Padvish MDR system is activated for all Padvish enterprise clients to ensure 24/7 monitoring.
To use this free level which has stopped dozens of attacks, you only need to make sure that Padvish Management Server is connected to cloudpms.padvish.com. If you use a hierarchical structure, you must connect all of your slave servers to this address as well.
The Event Manager section in Padvish Management Console (PMC) lets you define events so notifies you through email when a suspicious log is viewed. It is recommended to define events for all the above detections.
Custom Report defining and real-time monitoring in PMC
Using the Custom Reports section of Padvish Management Console (PMC) you can create reports to view the above detections and check them regularly and periodically (hourly or daily).
Call Padvish Support Team as soon as you’ve witnessed a dangerous detection
Our experts are at your service 24/7 through +98-21-4391 2000
Securing every network layers
Other recommendations such as network zoning, closing remote connections through the Internet or Intranet and etc. are accessible through Amnpardaz Knowledge Base (https://kb.amnpardaz.com/2021/1063)
Also, an abstract of the latest cyber-attacks and how to encounter them in any network, despite having Padvish is accessible through Amnpardaz Newsroom (https://news.amnpardaz.com/1401/03/5960)