{"id":78182,"date":"2024-07-23T13:38:16","date_gmt":"2024-07-23T11:38:16","guid":{"rendered":"https:\/\/www.skaylink.com\/?p=78182"},"modified":"2025-04-04T14:39:50","modified_gmt":"2025-04-04T12:39:50","slug":"you-have-been-hacked-and-now-what","status":"publish","type":"post","link":"https:\/\/www.skaylink.com\/en\/insights\/blog\/you-have-been-hacked-and-now-what\/","title":{"rendered":"\u201cYou\u2019ve been hacked\u201d \u2013 and now what?"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Home<\/a><\/span><\/span><\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Blog<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

\u201cYou\u2019ve been hacked\u201d \u2013 and now what?<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tCompromise recovery \u2013 the fastest and most effective way to gain control of your own infrastructure after attacks\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tJuly 23, 2024\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\n\t\t\t
\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\n\t\t\t
\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

All of a sudden, nothing works anymore! A cyberattack has paralyzed your company\u2019s systems. And it doesn\u2019t matter whether the data has been encrypted, exfiltrated or backup copies have been made useless: the damage is severe, and the collateral damage can continue for a long time. Sometimes, an attack may have been prepared, unnoticed over several months, before it actually starts. This means that the cyber criminals were hiding in your system for a long time and know about and control many of your tools, apps, and accounts. Now it\u2019s important to act rapidly and strategically to prevent the loss of your entire infrastructure. Compromise recovery is the way to go:<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

Regain control \u2013 and keep it in the long term!<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Compromise recovery means returning control over its systems to an organization after an infiltration in such a way that control can be permanently maintained. This is usually achieved by changing a number of security settings, workflows, and use habits. Within an extremely short period of time, the company often has to make up for what it neglected for a long time. A challenge \u2013 even for the administrators of the relevant organization. They usually have to change their way of working and better understand where the especially dangerous vulnerabilities in the system are.<\/p>\n

In compromise recovery, the most important first step is always restoring the authentication services and limiting the effects of ransomware, for instance. This is how our experts normally proceed:<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t
This is what a compromise recovery looks like according to Microsoft\u2019s recommendation.<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Strategy is the victor: monitor and quickly remove attackers<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

If attackers are already in the system, first and foremost it\u2019s important to understand how they got in, where they already are, and what exactly they\u2019re doing \u2013 without them knowing that you know. Only then can they be removed in one quick action and locked out permanently. Successful compromise recovery rests on multiple pillars:<\/p>\n

    \n
  1. Detect the scope of the compromise by detecting and evaluating incidents and risk indicators, for example.<\/li>\n
  2. Tactically monitor attackers using appropriate threat protection products.<\/li>\n
  3. Tighten up systems through appropriate controls in order to reduce the area susceptible to attack of users with high-privilege access and thereby prevent attackers from taking control again.<\/li>\n
  4. Drive attackers out of the systems quickly while simultaneously providing newly structured systems.<\/li>\n<\/ol>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    System segmentation is essential here. Prioritization is simpler and new systems can be prepared to fit requirements. With its processes and procedures, administration is always the top priority: attackers absolutely want to access it in order to gain comprehensive control. And when an attack is successful, system administration has usually already been infiltrated.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    In order to prevent future attacks, it\u2019s important to introduce appropriate monitoring tools and train their users accordingly. This is the only way for the responsible parties to recognize risks in the company and learn what they have to pay attention to. In compromise recovery, this may be associated with an analysis of the attack and the tactical monitoring of the attackers. Administrators find out directly why the attack was successful \u2013 and how to make it as undesirable as possible in the future for attackers to attack, for example through multi-factor authentication.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t
    The most important actions after a cyberattack<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
    \n\t\t\t\t\t
    \n\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Help in the worst case scenario \u2013 with a lasting effect<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    With professional compromise recovery, the entire infrastructure does not have to be completely restructured. This makes companies ready to back to work faster after attacks. A clearly improved administrative environment and new security processes will also ensure more security for the long term. The advantages:\u00a0<\/p>\n