Security Behaviour Database
/

Malware Infection

Malware infections occur when malicious software makes its way on to a device or network.


Behaviours

SB013: Reports known or suspected security incidents

SB013: Reports known or suspected security incidents

Reporting known or suspected security incidents helps protect people as well as their place of work. If the ...

SB014: Asks security professionals for help with security issues

SB014: Asks security professionals for help with security issues

Asking for help can help people learn. Security professionals can advise on how best to approach and resolve ...

SB015: Completes assigned security awareness training successfully

SB015: Completes assigned security awareness training successfully

Security Awareness training is an important part of organisational security. Completing awareness training ensures ...

SB017: Blocks browser pop-ups

SB017: Blocks browser pop-ups

Most web browsers come with a range of security options. One option is to automatically block pop-ups. Enabling ...

SB018: Adds security or privacy extensions to browsers

SB018: Adds security or privacy extensions to browsers

Security or privacy extensions prevent third parties from following you around the web and helps you block ...

SB019: Only uses well-known, reputable and trusted websites to download content

SB019: Only uses well-known, reputable and trusted websites to download content

Downloading content from untrusted sites increases the threat of malware. Only downloading content from verified ...

SB020: Checks the hyperlink's destination before clicking it

SB020: Checks the hyperlink's destination before clicking it

Website links can be hyperlinked to load any website, thus hiding the true destination of the link or a button. By ...

SB021: Closes pop-up windows without using the 'X'

SB021: Closes pop-up windows without using the 'X'

Some malicious pop-up windows display “x” symbols within the window. This is to trick people into clicking the ...

SB022: Installs antivirus on all compatible devices

SB022: Installs antivirus on all compatible devices

Antivirus/Endpoint protection programs provide excellent coverage against known online threats. They should be ...

SB022a: Installs antivirus on all compatible workplace devices

SB022a: Installs antivirus on all compatible workplace devices

Antivirus/Endpoint protection programs provide excellent coverage against known online threats. They should be ...

SB022b: Installs antivirus on all compatible personal (i.e. non workplace) devices

SB022b: Installs antivirus on all compatible personal (i.e. non workplace) devices

Antivirus/Endpoint protection programs provide excellent coverage against known online threats. They should be ...

SB023: Enables firewalls on all compatible devices

SB023: Enables firewalls on all compatible devices

A firewall is a set of virtual rules that help prevent malicious applications from communicating with a device. ...

SB023a: Enables firewalls on all compatible workplace devices

SB023a: Enables firewalls on all compatible workplace devices

A firewall is a set of virtual rules that help prevent malicious applications from communicating with a device. ...

SB023b: Enables firewalls on all compatible personal (i.e. non workplace) devices

SB023b: Enables firewalls on all compatible personal (i.e. non workplace) devices

A firewall is a set of virtual rules that help prevent malicious applications from communicating with a device. ...

SB024: Enables auto-updates for workplace devices (if permitted)

SB024: Enables auto-updates for workplace devices (if permitted)

Software updates reduce exposure to known security vulnerabilities. Most devices can be set to auto-update when ...

SB025: Enables Google Play Protect (Android devices only)

SB025: Enables Google Play Protect (Android devices only)

Google Play Protect should be enabled on all Android devices. With Google Play Protect enabled, apps downloaded ...

SB025a: Enables Google Play Protect on all workplace devices (Android devices only)

SB025a: Enables Google Play Protect on all workplace devices (Android devices only)

Google Play Protect should be enabled on all workplace Android devices. With Google Play Protect enabled, apps ...

SB025b: Enables Google Play Protect on all personal devices (Android devices only)

SB025b: Enables Google Play Protect on all personal devices (Android devices only)

Google Play Protect should be enabled on all personal Android devices. With Google Play Protect enabled, apps ...

SB026: Restricts the number of users with administrator privileges, and uses the administrator accounts only where necessary

SB026: Restricts the number of users with administrator privileges, and uses the administrator accounts only where necessary

User accounts have fewer privileges than administrator accounts. User accounts deny malware escalated permissions. ...

SB017: Only downloads apps from trusted sources (e.g. Google Play or The App Store)

SB017: Only downloads apps from trusted sources (e.g. Google Play or The App Store)

Apps can hide malware. Trusted app stores such as Google Play and The App Store scan apps for malware, helping to ...

SB028: Enables the “show file extensions” setting

SB028: Enables the “show file extensions” setting

Malicious files are often made to look like other file types so that they are more likely to be opened (.pdf, ...

SB030: Follows advice given in security warnings

SB030: Follows advice given in security warnings

Security warning alert to potential harmful activity, like when a malicious website is visited. The advice should ...

SB031: Runs anti-virus scan if a new, unexpected icon or pop-up appears on the desktop

SB031: Runs anti-virus scan if a new, unexpected icon or pop-up appears on the desktop

Unexpected icons or pop-ups on a computer’s desktop can indicate malware. Running an antivirus scan can help ...

SB032: Does not insert unauthorised devices/media into work devices/network

SB032: Does not insert unauthorised devices/media into work devices/network

Malicious USB (or other plug-in) devices can be used in cyber attacks. They can be used to upload malware, steal ...

SB034: Refers suspicious attachments to the security team

SB034: Refers suspicious attachments to the security team

Email attachments can contain malware. A supervisor, the IT team or other relevant person should be made aware of ...

SB057: Checks the URLs to ensure a website is legitimate

SB057: Checks the URLs to ensure a website is legitimate

To trick people, criminals often include well-known organisations or brand names in malicious URLs. Thoroughly ...

SB058: Checks websites for signs of deception

SB058: Checks websites for signs of deception

Websites can be malicious. Checking for malicious characteristics, such as irregularities in the URL, decreases ...

SB059: Uses bookmarks to access frequently used websites

SB059: Uses bookmarks to access frequently used websites

Links can be malicious. Bookmarking frequently used websites provides a safer access path.

SB081: Checks instant messages for signs of deception

SB081: Checks instant messages for signs of deception

Criminals will often use instant messaging (e.g. Whatsapp, Facebook and Slack) as an attack vector. Unexpected ...

SB082: Uses known contact details to verify suspicious messages

SB082: Uses known contact details to verify suspicious messages

Contact details can be spoofed. Receiving a message that breaks any norms should be met with suspicion. Using ...

SB083: Checks before “blindly” forwarding messages to workplace contacts

SB083: Checks before “blindly” forwarding messages to workplace contacts

Messages from workplace contacts are more likely to be trusted than messages from other sources. Forwarding ...

SB087: Reports suspicious messages (e-mails, texts, phone calls)

SB087: Reports suspicious messages (e-mails, texts, phone calls)

Suspicious messages received via email, text or phone should be reported to a single point of contact. This allows ...

SB088: Checks emails for signs of deception

SB088: Checks emails for signs of deception

Criminals will often use emails as an attack vector. Unexpected emails should always be checked for malicious ...

SB154: Does not visit unauthorised websites

SB154: Does not visit unauthorised websites

Certain unauthorised websites can increase up the risk of a malware infection or cyber attack. These websites ...

SB155: Does not download content or material from unauthorised websites

SB155: Does not download content or material from unauthorised websites

Certain unauthorised websites can increase up the risk of a malware infection or cyber attack. These websites ...

SB158: Downloads a file from an unknown source

SB158: Downloads a file from an unknown source

Downloading files from unverified sources could lead to malware infections and cyber attacks. Make sure all ...

SB153: Does not run a file from an unknown source

SB153: Does not run a file from an unknown source

Running files from unknown sources risk viruses and other malicious content being installed on a device. This ...

SB164: Does not open an attachment in a phishing email

SB164: Does not open an attachment in a phishing email

Opening attachments on phishing emails could lead to malware infections and cyberattacks.

SB164a: Does not open an attachment in a simulated phishing email

SB164a: Does not open an attachment in a simulated phishing email

Opening an attachement in a simulated phishing email informs the IT or security team that employees might be at ...

SB169: Does not open an attachment in a message from an unknown source

SB169: Does not open an attachment in a message from an unknown source

Opening message attachments from unknown sources (i.e. sources you don't recognise or aren't familiar with) places ...

SB169a: Does not open an attachment in a Slack message from an unknown source

SB169a: Does not open an attachment in a Slack message from an unknown source

Opening Slack message attachments from unknown sources (i.e. sources you don't recognise or aren't familiar with) ...

SB169b: Does not open an attachment in a MS Teams message from an unknown source

SB169b: Does not open an attachment in a MS Teams message from an unknown source

Opening MS Teams message attachments from unknown sources (i.e. sources you don't recognise or aren't familiar ...

SB174: Does not log in from a device running out of date operating software

SB174: Does not log in from a device running out of date operating software

Devices running out of date operating systems are at increased risk of cyber attack. This is because the operating ...

SB174a: Does not log in from a mobile running out of date operating software

SB174a: Does not log in from a mobile running out of date operating software

Mobile devices running out of date operating systems are at increased risk of cyber attack. This is because the ...

SB174b: Does not log in from a desktop/laptop running out of date operating software

SB174b: Does not log in from a desktop/laptop running out of date operating software

Desktop/laptop devices running out of date operating systems are at increased risk of cyber attack. This is ...

SB175: Does not log in from a rooted mobile device

SB175: Does not log in from a rooted mobile device

Gaining root access ('rooting', also known as 'jailbreaking') on a mobile device is akin to running Windows as an ...

SB189: Does not use unapproved applications on work devices

SB189: Does not use unapproved applications on work devices

Using unapproved applications on devices may be harmful. They could cause your device to run slower, introduce ...

SB190: Does not use third party applications within work domain

SB190: Does not use third party applications within work domain

Using third-party applications within a work domain could increase the risk of malware, ransomware, or data leaks ...

SB196: Doesn't share documents or files containing malicious links

SB196: Doesn't share documents or files containing malicious links

Sharing a file or document containing malicious links poses a threat to anyone who receives it as their devices ...

SB198: Does not use unapproved device for work purposes

SB198: Does not use unapproved device for work purposes

Using unapproved devices for work purposes increases security risks. This could be for a variety of reasons ...

SB198a: Does not use unapproved mobile device for work purposes

SB198a: Does not use unapproved mobile device for work purposes

Using unapproved mobile devices for work purposes increases security risks. This could be for a variety of reasons ...

SB198b: Does not use unapproved desktop or laptop for work purposes

SB198b: Does not use unapproved desktop or laptop for work purposes

Using unapproved desktops or laptops for work purposes increases security risks. This could be for a variety of ...

SB208: Ensures work devices and software are updated regularly

SB208: Ensures work devices and software are updated regularly

Software updates reduce device exposure to known security vulnerabilities.

Case study

Magellan Health

In April 2020, cyber criminals hit Fortune 500 company Magellan Health with a double whammy.

Initially, criminals sent Magellan Health employees an email containing a malicious link. Some employees clicked the link. This gave criminals access to a corporate server. They then stole people’s addresses, employee ID numbers, and social security numbers.

Five days later, the criminals launched a ransomware attack. This stopped Magellan Health from being able to access their data.

In a statement to the employees, Magellan Health announced it would be taking company-level measures to prevent similar future incidents. In particular, it stressed the importance of raising cyber security concerns about suspicious emails and phishing scams.

Lion

In June 2020, Australian Brewing giant Lion fell prey to a series of phishing and ransomware attacks.

Criminals first gained control of Lion’s systems and data. Then they demanded a ransom for revocation. No personal or financial information was stolen, but the ransomware caused a system shutdown. This resulted in stock shortages and other business losses.

Lion worked with IT and security professionals to bring systems back online safely, but it took a long time before they could resume normal business.

When asked about the incident, Australian Prime Minister Scott Morrison advised corporate organisations to keep up to date with the latest cyber threat advice, patch internet-facing devices properly and set up Multi-Factor Authentication systems for work equipment.

Android Users, 2018

In 2018, Android users in South Korea were the targets of a sophisticated malware attack. The malware was hiding in plain sight – in seemingly harmless mobile apps.

The malware intercepted bank texts. It also recorded customer calls to financial organisations. By late 2018, the malwae was even redirecting people’s calls: victims who tried to call their banks were redirected to criminals and tricked into handing over sensitive information.

The malware was found to enter the Android systems through 22 apps downloaded from “alternative” app stores. Downloading one of the infected apps set the malicious chain in motion.

Android users can prevent such attacks by: only downloading apps from the Google Play Store; checking app permissions; and regularly updating their Android software.

SebDB is brought to you byCybSafe| © 2023 CybSafe Ltd