cancel
Showing results for 
Search instead for 
Did you mean: 

I'm under heavy Cyberattack.

Highlighted
Scholar

I'm under heavy Cyberattack.

I have been under heavy cyberattack for a long time now. I bought F-Secure sense in the hopes it'd be able to stop it, but in the latest attack it shows no sign of seeing it at all. 

 

So in the latest one it could either be a compromised network or a harmless port scan. I got hit 3 times, and in the traffic analysis it reports the XFER Utility was used. Does F-Secure Sense use the XFER Utility during setup, or has my network been compromised already on it's first day?

 

Cyberatks(Edited).pngXFERLogged(Edited).pngaccording to IBM the IPs used in the attack are only scanning at the moment. Last time I ignored them though it turned into a DDoS and Botnet attack. 

 

You can see by the weird graph how much I was trying to stop the attacks.

Original Cyberatk Server continues(Edited).pngI don't know a great deal about networks, or cyberdefence or anything. I'm just a guy at home who works in the IT sector. I don't own a business, this is entirely on my home network. Can you confirm if the XFER Utility was the F-Secure Sense that I now have installed, and if it worked, or if it failed to see this attack and my network might have been compromised again? The app reports zero detections at the moment.

 

edit: Removed some identifying information.

1 ACCEPTED SOLUTION

Accepted Solutions
Community Manager

Re: I'm under heavy Cyberattack.

Hello contrasia,

 

We’re sorry to hear about your experience. XFER Utility is not used by SENSE.


The log from AiProtection shows blocked port scans (and theoretically other exploit events), which is normal for a router connected directly to WAN. Also SENSE is designed to block such incoming traffic, although there is no user-visible reporting of it. If there is malware present on the affected computer, we recommend installing and running Anti-virus software. The SENSE subscription comes with a SENSE desktop app, with installation instructions in https://community.f-secure.com/t5/F-Secure-SENSE/How-to-install-the-SENSE-app-on/ta-p/106381.

 

We might need more information of the following and you can send these to support to troubleshoot further. You can contact our support team via chat or phone here along with the below information.

 

- the network setup, especially where SENSE was in relation to the other router

- the other router model

- service provider

- log from the SENSE router

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
3 REPLIES
Scholar

Re: I'm under heavy Cyberattack.

update: The network was compromised. They used a near zeroday vunerability, the same one that was used against Facebook. Once they broke past the router, and the F-Secure Sense, they had remote access for about 8hrs whilst I was asleep. When I got to my PC in the morning there were several save as and a few open as dialogue boxes open on the desktop.

 

All my credentials had been stolen, and they had free roam overnight so I have no idea what else they could've done.

Community Manager

Re: I'm under heavy Cyberattack.

Hello contrasia,

 

We’re sorry to hear about your experience. XFER Utility is not used by SENSE.


The log from AiProtection shows blocked port scans (and theoretically other exploit events), which is normal for a router connected directly to WAN. Also SENSE is designed to block such incoming traffic, although there is no user-visible reporting of it. If there is malware present on the affected computer, we recommend installing and running Anti-virus software. The SENSE subscription comes with a SENSE desktop app, with installation instructions in https://community.f-secure.com/t5/F-Secure-SENSE/How-to-install-the-SENSE-app-on/ta-p/106381.

 

We might need more information of the following and you can send these to support to troubleshoot further. You can contact our support team via chat or phone here along with the below information.

 

- the network setup, especially where SENSE was in relation to the other router

- the other router model

- service provider

- log from the SENSE router

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
Scholar

Re: I'm under heavy Cyberattack.

Thankyou for responding.

I shall do as mentioned, thankyou for pointing me in the right direction. I hope the issue can be resolved, and that any information exchanged can help even if in some small way, to improve your services further to secure everyones networks.

 

Thankyou again for responding, I really appreciate your advice during this difficult time.