Summary
A Compromised Computer is defined as any computing resource whose confidentiality, integrity, or availability has been adversely impacted, either intentionally or unintentionally, by an untrusted source. A compromise can occur either through manual interaction by the untrusted source or through automation.
Body
A Compromised Computer is defined as any computing resource whose confidentiality, integrity, or availability has been adversely impacted, either intentionally or unintentionally, by an untrusted source. A compromise can occur either through manual interaction by the untrusted source or through automation. Gaining unauthorized access to a computer by impersonating a legitimate user or by conducting a brute-force attack would constitute a compromise. Exploiting a loophole in a computer’s configuration would also constitute a compromise. Depending on the circumstances, a computer infected with a virus, worm, trojan, or other malicious software may be considered a compromise.
Symptoms of a compromised computer include, but are not limited to, the following:
- Frequent pop-up windows, especially the ones that encourage you to visit unusual sites, or download antivirus or other software
- Changes to your home page
- Mass emails being sent from your email account
- Frequent crashes or unusually slow computer performance
- Unknown programs that startup when you start your computer
- Programs automatically connecting to the Internet
- Unusual activities like password changes
University Owned Devices
The UT Health Science Center is required by various state and federal regulations to investigate any incident that may involve the breach of personally identifiable information and other non-public information according to GP-002-Data & System Classification. The UT Health Science Center is also required to notify an individual if the privacy of their personally identifiable information has been breached. Failure to preserve evidence or conduct an investigation related to a compromised computer could result in unnecessary financial costs for the institution. It is also important that the details of a compromise and the ensuing investigation remain confidential. The Office of Cybersecurity has IR-001-Security Incident Response which outlines how we respond to incidents regarding our devices, data, and systems.
Personally Owned Devices
If the symptoms stated above are occurring on a personally owned device, there are things to do immediately to mitigate the threat to your device and information. Note that the UT Health Science Center does not offer any guarantee on remediating personally owned devices.
- Reset your passwords on every account to which that device had access
- Log out of all online accounts
- Disconnect from the internet
- Remove external hard drives, such as USBs or any other attached devices
- Scan the device for malware and viruses
- Wipe the hard drive if necessary – hopefully, you have a backup of your data
- Closely monitor credit and financial accounts
Lastly, to avoid being targeted again, here are some tips:
- Keep security applications (antivirus/antimalware) up-to-date
- Keep all operating systems and software up-to-date
- Maintain strong passwords
- Do not leave your device unattended in public
- Keep files backed up