Indicators of Compromise

Indicators of Compromise (IOCs) are evidence or proof of a possible security breach or malicious activity. By analyzing IOCs, cybersecurity experts will gain valuable insights into the tactics, techniques, and procedures employed by threat actors.

Some common indicators of compromise include:

1. Unusual privileged user account activity: This refers to suspicious actions performed by privileged user accounts, such as unexpected logins, unusual access patterns, or unauthorized changes to user permissions. Attackers often try to gain higher account privileges.

2. Login anomalies: These are irregularities in login attempts, such as multiple failed login attempts from different locations or at unusual times, indicating potential unauthorized access attempts.

3. Increases in database read volume: Unusual spikes in database read activity may suggest unauthorized data extraction or exfiltration, indicating a potential data breach.

4. Unusual domain name system (DNS) requests: DNS requests that differ from regular patterns, such as requests for suspicious domains or frequent requests for known malicious domains, may indicate malicious activity.

5. A rapid increase of requests for a particular file: A sudden surge in requests for a specific file may indicate a targeted attack or an effort to exploit a vulnerability associated with that file.

6. Unexplained configuration or system file changes: Unauthorized modifications to system configurations or critical files, without a valid reason or proper documentation may be an indication of intrusion or an effort to compromise the system.

These IOCs act as indicators or evidence that help security professionals identify and investigate potential security incidents. By monitoring and analyzing these indicators, organizations can detect and respond to threats promptly, mitigating the impact of cyber attacks and protecting sensitive information.