Indicators of compromise (IOCs) are forensic evidence of discrepancies, or unusual activities in the organization's network, that help identify security threats, data breaches, insider threats, and more before any harm occurs. IOCs act not just as a warning sign for impending attacks, but they also help in analyzing what has happened. By learning about possible security threats, organizations can deploy their counter security measures to limit or prevent damage to their network.
IOCs appear in various guises, such as anomalous user behavior, unwarranted file activities, unusual network traffic, and more. All these signs are stored in an IOC database over the internet that helps you identify signals of a vulnerability. Some databases also allow you to upload the IOC information identified within your network. The most common indicators of compromise are:
Personal information and critical business data are stored in secure databases, making them prime target for attackers. A sudden spike in read volume, which indicates the number of users who accessed the database, is a sign of data exfiltration.
Telltale signs that something is wrong occurs when you find login patterns, or access attempts coming from a region where your organization does not operate. IP addresses are crucial indicators that help you identify the geographical origin of the attack.
Hackers often try to access data by escalating the privileges of low-level user accounts. Any sudden changes in user account activity, such as a sudden spike in permission changes, can indicate a possible insider attack.
This sign indicates when unusual network activities are found as intruders try to extract data, or when information is being sent to a command and control server.
When malware enters the system, it attempts to change registry and system files. Keeping an eye on registry changes helps identify the presence of malware.
Attackers try several tactics to identify the most successful one. If a file receives several requests over a short period, it is a sign that you might be under attack.