Cyber Word of the Week: Indicators of Compromise (IoC)

When threat actors launch attacks, there are signs – some more obvious than others – that can indicate an attack is occurring or has already occurred. These signs are known as indicators of compromise (IoCs).

Indicators of Compromise are pieces of forensic evidence that suggest malicious activity within a system or network. Security analysts and threat hunters rely on IoCs to detect, investigate, and respond to potential cyberattacks.

Common Examples of IoCs

Some frequent indicators of compromise include:

File Deletion

Unexpected file deletions may signal malware or ransomware activity. Learn more in our post about what ransomware is.

Data Exfiltration

Some attacks aim to steal sensitive information. Unauthorized transfers are a significant indicator.

High CPU Usage

Malware or cryptojacking can cause CPU usage to skyrocket.

Installation of Unknown Software

Software installed without authorization is a red flag for compromise.

Suspicious Logins

Unusual login attempts, especially from new locations in different countries or devices, may mean attackers have stolen credentials.

Why IoCs Matter in Cybersecurity

Threat hunters and security analysts search for IoCs to prevent attacks, contain damage, and aid in investigations. Recognizing these signs early enables organizations to respond more quickly and minimize risk.

Understanding IoCs is a core skill for cybersecurity professionals. By identifying these warning signs, you can enhance your defenses and improve your ability to detect attacks before they cause lasting harm.