Indicators of Compromise

Answer 1

Are artifacts or evidence observed in a computer system or network that may indicate unauthorized access, security breaches, or malicious activities. These indicators are monitored and analyzed by security professionals to detect and respond to security incidents effectively.

Question 2

Account Lockout

Answer 2

A sudden increase in failed login attempts, leading to the locking out of user accounts, can indicate a potential compromise attempt by an attacker.

Question 3

Blocked Content

Answer 3

Attempts to access or transmit blocked or restricted content can indicate unauthorized activities or attempts to bypass security controls.

Question 4

Impossible Travel

Answer 4

Login attempts from geographically distant locations within a short timeframe, which would be physically impossible for the legitimate user, may indicate account compromise or unauthorized access.

Question 5

Resource Consumption

Answer 5

Unusual spikes in resource usage, such as CPU, memory, or network bandwidth, may indicate the presence of malware or unauthorized activities.

Question 6

Resource Inaccessibility

Answer 6

Reports of users or systems experiencing difficulty accessing critical resources, such as files, databases, or applications, may indicate a compromise or denial-of-service attack.

Question 7

Out of Cycle Logging

Answer 7

Unexpected changes in logging behavior, such as sudden increases or decreases in log volume or frequency, may indicate attempts to cover up malicious activities or tamper with log records.

Question 8

Missing Logs

Answer 8

Unexplained gaps or missing entries in log files, especially in critical security logs, may indicate attempts to conceal unauthorized access or activities.

Question 9

Published/ Documented

Answer 9

Known vulnerabilities, malware signatures, or attack techniques published by security researchers or organizations can serve as indicators of compromise, prompting proactive security measures to prevent exploitation.