Indicators of Compromise: digital and physical signs to look out for

Over the weekend, the Valkyrie team had a short-notice task where a client purchased a property in central London. Our client, who did some due diligence on the seller, identified the seller was under investigation and was worried that he would ‘inherit’ the issues they were facing. We did a security review, including a TSCM inspection, to ensure nothing was left behind. While conducting the review, we noticed several potential Indicators of Compromise (IoC); this term generally refers to signs that malicious actors may have breached or compromised a computer system/network. However, the term is equally relevant regarding the physical security of a property.

The indicators of compromise we identified included a room where a smoke alarm and several motion sensors had been removed or modified; the paintwork touched up around them. We also looked at the CCTV, which had a built-in network video recorder (NVR) on-premises. When we reviewed the logs, it appeared that multiple devices had credentials to access the system; therefore, this was reset, and we advised the client to get a new company/engineer in to maintain this system and reduce potential compromise.

So, what are some of the compromises that you should look out for?

1. Anything that appears unusual, out of place, missing or unnecessarily modified, e.g. paintwork being touched up, motion sensors out of place, damaged locks/doors
2. Evidence of compromise such as trespass, vandalism, sabotage or disruption to the property
3. Strange network activity – if you have smart devices/home automation system, monitor for unusual network activity, such as devices connecting/disconnecting without your knowledge
4. If you have CCTV and notice it being tampered with or disabled, it indicates that someone might be trying to compromise your security.
5. Disconnect the CCTV system from previous tenants/owners
6. If you see unfamiliar/suspicious individuals around your property
7. Unnecessary number of smoke alarms or other devices within the property
8. Check network points
9. WIFI access points – are they all legitimate?
10. if you notice unexpected changes in your utility bills, it could be a sign that someone has gained access without your knowledge
11. If you receive mail/packages addressed to you but didn’t order, it could be a sign of identity theft or compromise.

If you suspect any compromise or unauthorised access to your house, it’s essential to prioritise your safety and the security of your property. Sometimes the indicators maybe legitimate; however, it is always best to remain vigilant. We see many residential and commercial properties changing hands, and most of our clients are increasingly asking for a security review during or after the process to ensure that nothing compromises them and lowers the risk of a security incident.

Have a great week, all!