Network-related
- Bandwidth consumption
- Beaconing
- Irregular peer-to-peer
communication - Rogue devices on the network
- Scans/sweeps
- Unusual traffic spikes
- Activity on unexpected ports
• Host-related - Processor consumption
- Memory consumption
- Drive capacity consumption
- Unauthorized software
- Malicious processes
- Unauthorized changes
- Unauthorized privileges
- Data exfiltration
- Abnormal OS process behavior
- File system changes or
anomalies - Registry changes or anomalies
- Unauthorized scheduled tasks
• Application-related - Anomalous activity
- Introduction of new accounts
- Unexpected output
- Unexpected outbound
communication - Service interruption
- Application logs
• Other - Social engineering attacks
- Obfuscated links