{"id":1961,"date":"2026-06-10T12:56:28","date_gmt":"2026-06-10T11:56:28","guid":{"rendered":"https:\/\/conscia.com\/ie\/?p=1961"},"modified":"2026-06-10T12:56:29","modified_gmt":"2026-06-10T11:56:29","slug":"weve-been-hacked","status":"publish","type":"post","link":"https:\/\/conscia.com\/ie\/blog\/weve-been-hacked\/","title":{"rendered":"\u2018We\u2019ve been hacked!\u2019"},"content":{"rendered":"\n

Imagine a developer downloading a project from GitHub. \u2018Inventory Manager\u2019 looks like a normal Visual Studio project with a standard code structure. No warnings appear. But behind the fa\u00e7ade, malicious code is hiding, establishing a C2 connection to the attacker\u2019s server. Nmap maps the network. Using Hashcat, the attacker cracks the password for a service account. The account has admin rights on four servers. Ransomware then encrypts the finance folder and the SQL database. The result is that the business comes to a complete standstill.<\/p>\n\n\n\n

Attack patterns and the threat landscape<\/strong><\/h3>\n\n\n\n

Cyberattacks are multi-step processes. Attackers use a chain of small, quiet steps \u2013 for example initial access, network discovery and password recovery. Lateral movement and encryption are other typical phases. It is rarely a single vulnerability that determines the scale of an attack.<\/p>\n\n\n\n

Ransomware<\/a> is the biggest threat today, and the number of attacks continues to rise. At the same time, no defence is 100 per cent effective. That is why recovery and resilience are just as critical as preventive work.<\/p>\n\n\n\n

Simple weaknesses in complex environments<\/strong><\/h3>\n\n\n\n

An IT environment often contains several trivial yet critical weaknesses. These might include weak passwords that can be cracked using tools readily available online. Or service accounts with simple passwords and extensive permissions, enabling lateral movement. Inadequate network segmentation can also allow attackers to move through the environment unhindered.<\/p>\n\n\n\n

Protection through network segmentation<\/strong><\/h3>\n\n\n\n

Segmentation is an important tool in cybersecurity<\/a>. For example, the backup server is often protected by several layers of security. It runs on a dedicated server, completely separated from the production environment, which enables separate identities. In addition, the backup environment is not connected to the production domain. Firewalls and isolated networks block unauthorised access. Moreover, authentication credentials \u2013 such as service accounts \u2013 from production do not work in the backup environment.<\/p>\n\n\n\n

Do not back up the attack<\/strong><\/h3>\n\n\n\n

Backup is a crucial part of a company\u2019s resilience and a clear target during an attack. That is why it is important to ensure that the backup system scans all backups on at least two occasions: immediately after they are created and before restoration. This identifies malware, suspicious activity and other threats, so that only clean and verified backups are allowed to be restored to production.<\/p>\n\n\n\n

Fast restoration without disruption<\/strong><\/h3>\n\n\n\n

Once a cyberattack has been stopped, the restoration process begins. IT can now start the work of restoring virtual servers. The virtual servers start directly from scanned and clean backups. At the same time, data is migrated to production storage in the background. Users can continue working throughout the process, with minimal impact on the business.<\/p>\n\n\n\n

\u2018Having a strong recovery strategy, reliable backups and a well-prepared incident response process is at least as crucial as preventive work.\u2019<\/p>\n\n\n\n

Build stronger resistance and resilience<\/strong><\/h3>\n\n\n\n

Recovery is now just as important as preventive work. And with the right strategy, you can minimise the damage and the impact of a cyberattack.<\/p>\n\n\n\n