FAQ - frequently asked questions

FAQ

Find answers to frequently asked questions

What should I do if I suspect that my organization has been cyber- attacked?

Do not panic. Follow the rules of conduct below.

If you suspect that you have fallen victim to a cyberattack and your data is encrypted:

  • Inform your organization's Security / IT Department about the incident.
  • Disconnect the infected computer from the Internet and disconnect from removable drives.
  • Do not turn off the power.
  • Do not close running applications and the system because restarting them will be impossible.
  • If the applications and the system have already been closed, do not restart them. This will allow us to increase the chances of data recovery.
  • Put the infected device in hibernation mode.
  • Take a picture of the message or record a video of the notifications displayed on the screen.
  • Format the disk in case you suspect your computer has been infected with a type of malware other than ransomware (which encrypts the disk).
  • In case of a ransomware attack, keep the encrypted drive and the ransom note. A decryption tool may appear in the future.


If you suspect that you are a victim of a cyberattack and your login details have been extorted:

  • Change passwords to systems (social media, e-mail, etc.) through which data theft may have occurred.
  • Let us know via: https://zglosincydent.pl/ or contact PREBYTES directly.

What is phishing and what threat does it pose?

Phishing is a type of fraud where a cybercriminal impersonates another person or institution to obtain personal information (e.g., credit card details,login details) or infect a computer with malware.

Phishing poses a threat to all internet users, both private individuals, and businesses. A phishing attack is dangerous to companies due to the risk of financial losses and a negative impact on their brand image. Cybercriminals use malicious messages to encourage the recipient to click on a link contained in the message. Usually, redirects to a website that is confusingly similar to the actual website of the institution such as bank, court, courier, or telecommunications company. However, the website is already prepared made by scammers. A user is convinced that the website is legit and types in login and password that hackers are actually stealing.

A common practice of hackers is sending fake-mail messages that encourage recipients to download malicious files added as attachments. Cybercriminals can also proliferate spyware, keyloggers (malware that records keystrokes), or Trojan (malware) by using fake messages.

Phishing attacks are the subject of over 50% of all security incidents in Poland.

The consequences of a successful phishing attack are:

  • Identity theft.
  • Loss of savings.
  • Leakage of internal company documentation.
  • Loss of control over the computer or the entire IT system.
  • Loss of customer trust.
  • Loss of company reputation.
  • Financial losses related to incident handling.
  • The necessity to implement preventive solutions for threats.

What is malware and what damage does it cause to the organization?

Malware is malicious software designed to infect a device, computer networks, and corporate networks. There are many types of malware, including viruses, adware, scareware, worms, ransomware, trojans, rootkit, fileless malware, spyware, keyloggers, cryptojacking or even camjacking.

Malware usually reaches devices via e-mail or the Internet (hacked websites, demo versions of programs, games, or other files downloaded to a device with insufficient security. All users are at risk of attacking malware. However, entities with essential files and public or private systems are particularly vulnerable to hacking (government agencies, healthcare institutions, HR departments, manufacturing companies, etc.).

The damage caused by malware attack can be as follows:

  • Blocking access to a computer system or encrypting files stored in it (ransomware).
  • Stealing data from a computer or deleting it (Trojan).
  • Displaying unwanted advertisements (adware).
  • Computer camera takeover (camjacking).
  • Change or hijack device functions (rootkit).
  • Spying on user activities on the device (spyware).
  • Using the infected device to mine cryptocurrencies (cryptojacking).

What is ATO?

ATO (Account Takeover) is a type of identity theft in which a cybercriminal takes over access to credit or debit cards, bank accounts, or other online services accounts of the user.

What is AML?

AML stands for “Anti Money Laundering.” It is a set of actions, procedures, and regulations implemented by institutions providing financial services to counteract and neutralize the event related to money laundering.

What is KYC?

KYC stands for “Know Your Customer.” It is a set of regulations and procedures by which the customer’s identity is authenticated, confirming the credibility of information and verifying its activities and source of funds to carry out the transaction according to the law. The main priority of KYC activities are combating AML money laundering fraud and preventing terrorist financing.

What is SCA?

SCA stands for "Strong Customer Authentication." It is a method of two-factor authentication that verifies the user's identity while performing payment operations. Two-factor authentication means that at least two of the following three categories were used:

  • Knowledge (something that only the user knows) - for example, login password, PIN in the mobile application or debit card
  • Having (something that only the user has) - a phone number (SMS codes), a paired mobile application
  • Customer feature (something that only the user is) - e.g., a fingerprint or a face scan in a mobile application


The strong authentication mechanism is aimed to ensure the security of payment services and resistance to fraud.

What is PREBYTES SIRT?

PREBYTES SIRT stands for Security Incident Response Team. The main duty of the PREBYTES SIRT team is incident analysis and the mitigation of cyber threats.

What is SOC?

SOC stands for "Security Operations Center." It is a separate organizational unit in companies that are accountable for the security of IT infrastructure. SOC deals with network monitoring, detection of cyber threats and their analysis, and responding to crisis situations in cyberspace. The SOC primary duty is to ensure the organization's critical assets and data protection continuity.

Contact us

Need a quote.

We use cookies for the better functioning of this website and statistical purposes. By continuing to the use the website, with no change to your browser setting, you agree to the use of cookies.

OK