What is an indicator of compromise (IoC)?

In the field of computer security, an Indicator of compromise (IoC) is an object or activity that, observed on a network or on a device, indicates a high ... Solutionsfor: HomeProducts SmallBusiness1-50employees MediumBusiness51-999employees Enterprise1000+employees Solutionsfor: HomeUsers Products KasperskyTotalSecurity KasperskyInternetSecurity KasperskyAnti-Virus KasperskyInternetSecurityforMac KasperskyInternetSecurityforAndroid KasperskyFree FreeTools KasperskyBatteryLife KasperskySecureConnection KasperskySafeKids KasperskyPasswordManager KasperskySecurityScan KasperskySoftwareUpdater KasperskyVirusScannerforMac Viewmore Renew Downloads Support ResourceCenter Encyclopedia GlossaryTheGlossarycontainsseveralhundreddefinitionsoftermsthatyoumightcomeacrossinourarticlesandblogs,oronotherinformationsecuritysites.Unlikethein-deptharticlesintheKnowledgeBase,everydefinitionintheGlossaryissuccinct,whileremaininghighlyinformative. (Thissectioniscurrentlyunderconstruction) KnowledgeBaseIntheKnowledgeBase,youwillfindvariousarticlesaboutcommonthreats,ageneralclassificationofmalwareandunwantedmessages,andabriefhistoricaloverviewoftheevolutionoftheseandmanyotherthreats. TheKnowledgeBasenowhasthreemainsections: –TheDetectableObjectssectiongivesdetailedinformationaboutmaliciousandpotentiallydangerousprogramsthatweprotectusersagainsteverysingledayallaroundtheworld,aswellasadviceonwhattodoincaseofinfection. –IntheSpamandPhishingsection,youwilllearnaboutphishingandspammailings,howtheircreatorsearnmoneyfromthem,andhowthistypeofthreathasevolvedsincethe1990stothepresentday. –ThearticlesintheVulnerabilitiesandHackerssectionisdevotedtothetopicofsoftwarevulnerabilitiesandhowcybercriminalsexploitthem,aswellaslegislationandhackersinthebroadsenseoftheword. MyKaspersky MyDevices MyProducts/Subscriptions MyOrders SmallBusiness(1-50employees) Products KasperskySmallOfficeSecurity KasperskyEndpointSecurityCloud KasperskyEndpointSecurityforBusinessSelect KasperskyEndpointSecurityforBusinessAdvanced Renew Downloads Support ResourceCenter Insights Products&Solutions CustomerStories Awards&Recognition Technology MyKaspersky MyDevices MyProducts/Subscriptions MyOrders MediumBusiness(51-999employees) Products KasperskyEndpointSecurityCloud KasperskyEndpointSecurityforBusinessSelect KasperskyEndpointSecurityforBusinessAdvanced KasperskySecurityforBusinessTotal TARGETEDSECURITYSOLUTIONS MailServer FileServer Mobile InternetGateway Virtualization Collaboration VulnerabilityandPatchManagement Storage ViewMore Services Downloads Support ResourceCenter Insights Products&Solutions CustomerStories Awards&Recognition Technology CompanyAccount Enterprise(1000+employees) Solutions AntiTargetedAttack EndpointSecurity CloudSecurity SecurityOperationsCenter CybersecurityServices FraudPrevention Industries Finance Telecom Healthcare DataCenter Government Industrial Products KasperskyAntiTargetedAttackPlatform KasperskyPrivateSecurityNetwork KasperskyEmbeddedSystemsSecurity Services KasperskySecurityAwareness KasperskyCybersecurityServices KasperskyDDoSProtection KasperskyPremiumSupportandProfessionalServices ResourceCenter CaseStudies WhitePapers Datasheets ContactUs CompanyAccount Partners Partners FindaPartner Affiliate Technology WhitelistProgram AboutUs AboutUs Company Team HowWeWork PressReleases PressCenter Careers Motorsport Support ContactUs Inthefieldofcomputersecurity,anIndicatorofcompromise(IoC)isanobjectoractivitythat,observedonanetworkoronadevice,indicatesahighprobabilityofunauthorizedaccesstothesystem—inotherwords,thatthesystemiscompromised.Suchindicatorsareusedtodetectmaliciousactivityinitsearlystagesaswellastopreventknownthreats. Examplesofindicatorsofcompromise Thefollowingmaybeindicatorsofcompromise: UnusualDNSlookups, Suspiciousfiles,applications,andprocesses, IPaddressesanddomainsbelongingtobotnetsormalwareC&Cservers, Asignificantnumberofaccessestoonefile, Suspiciousactivityonadministratororprivilegeduseraccounts, Anunexpectedsoftwareupdate, Datatransferoverrarelyusedports, Behavioronawebsitethatisatypicalforahumanbeing, Anattacksignatureorafilehashofaknownpieceofmalware, UnusualsizeofHTMLresponses, Unauthorizedmodificationofconfigurationfiles,registers,ordevicesettings, Alargenumberofunsuccessfulloginattempts. Identifyingandutilizingindicatorsofcompromise Thecourseofthreatanalysishelpsrevealwhichfactorstoassociatewithaspecificthreat—whattheIoCsforthethreatare.Forexample,ifcyberintelligencedetectssomenewmalware,itreportsIoCssuchasfilehashes,C&Caddresses,andsoon. Later,thoseindicatorsofcompromisewillbeusedtohuntthreatsinanorganization’sinfrastructure.AnIoCbeingdetectedonasystemindicatesthesystemislikelyundercyberattack,requiringcertaincountermeasures. Indicatorsofcompromisearealsoaddedtothedatabasesofpassivemonitoringtoolsandantivirussoftware,whichcanblockintrusionattempts.Forexample,asecuritysolutioncanusemalwaresignaturestorecognizemalwareandpreventitfromrunningonadevice. IoCsfromthepointofviewoftheaverageuser Althoughtheconceptofindicatorsofcompromiseappearsmostcommonlyinthecontextofprotectingcorporateinfrastructures,ordinaryusersmayalsoencounterthem.Forexample,manyInternetserviceswarnaccountholdersaboutloginattemptsfromanunusualdeviceorfromanIPaddressinanothercountry.Usersshouldtakesuchmessagesseriously,checktheinformationinthem,and,ifanyoftheactionslistedlooksuspicious,promptlychangetheirpassword. RelatedPosts Protectionthroughrestriction:Apple’snewLockdownMode Isolatedsubnetsseemsecure Corporationhunters:Top5ransomwaregroups LofyLife:maliciousnpmpackagesstealDiscordtokensandbankcarddata APTtrendsreportQ22022 CosmicStrand:thediscoveryofasophisticatedUEFIfirmwarerootkit Search 0-9abcdefghijklmnoprstuvwxyzIaaS(InfrastructureasaService)ICO(Initialcoinoffering)IdentitytheftIDS(intrusiondetectionsystem)IEEE802.1xIMAP(InternetMessageAccessProtocol)IncidentmanagementIncidentresponseIndicatorofCompromise(IoC)InfectionchainInitializationVector(IV)InsiderthreatInternationalRevenueShareFraud(IRSF)InternetofthingsInternetserviceprovider(ISP)IPaddressIPv4IPv6IRP(IncidentResponsePlatform)iSCSI ProductstoProtectYouOurinnovativeproductshelptogiveyouthePowertoProtectwhatmattersmosttoyou.Discovermoreaboutouraward-winningsecurity. FREEToolsOurFREEsecuritytoolsandmorecanhelpyoucheckallisasitshouldbe…onyourPC,Macormobiledevice. AboutUsDiscovermoreaboutwhoweare…howwework…andwhywe’resocommittedtomakingtheonline&mobileworldsaferforeveryone. GetYourFreeTrialTryBeforeYouBuy.Injustafewclicks,youcangetaFREEtrialofoneofourproducts–soyoucanputourtechnologiesthroughtheirpaces. ContactOurTeamHelpingyoustaysafeiswhatwe’reabout–ifyouneedtocontactus,getanswerstosomeFAQsoraccessourtechnicalsupportteam. ConnectWithUs BlogList Securelist KasperskyDaily EugenePersonalBlog Threatpost WesternEurope Deutschland&Schweiz España France&Suisse Italia&Svizzera EasternEurope Россия(Russia) Forallothercountries Global