Malware Infection
Malware infections occur when malicious software makes its way on to a device or network.
Behaviours

SB013: Reports known or suspected security incidents
Reporting known or suspected security incidents helps protect people as well as their place of work. If the ...

SB014: Asks security professionals for help with security issues
Asking for help can help people learn. Security professionals can advise on how best to approach and resolve ...

SB015: Completes assigned security awareness training successfully
Security Awareness training is an important part of organisational security. Completing awareness training ensures ...

SB017: Blocks browser pop-ups
Most web browsers come with a range of security options. One option is to automatically block pop-ups. Enabling ...

SB018: Adds security or privacy extensions to browsers
Security or privacy extensions prevent third parties from following you around the web and helps you block ...

SB019: Only uses well-known, reputable and trusted websites to download content
Downloading content from untrusted sites increases the threat of malware. Only downloading content from verified ...

SB020: Checks the hyperlink's destination before clicking it
Website links can be hyperlinked to load any website, thus hiding the true destination of the link or a button. By ...

SB021: Closes pop-up windows without using the 'X'
Some malicious pop-up windows display “x” symbols within the window. This is to trick people into clicking the ...

SB022: Installs antivirus on all compatible devices
Antivirus/Endpoint protection programs provide excellent coverage against known online threats. They should be ...

SB022a: Installs antivirus on all compatible workplace devices
Antivirus/Endpoint protection programs provide excellent coverage against known online threats. They should be ...

SB022b: Installs antivirus on all compatible personal (i.e. non workplace) devices
Antivirus/Endpoint protection programs provide excellent coverage against known online threats. They should be ...

SB023: Enables firewalls on all compatible devices
A firewall is a set of virtual rules that help prevent malicious applications from communicating with a device. ...

SB023a: Enables firewalls on all compatible workplace devices
A firewall is a set of virtual rules that help prevent malicious applications from communicating with a device. ...

SB023b: Enables firewalls on all compatible personal (i.e. non workplace) devices
A firewall is a set of virtual rules that help prevent malicious applications from communicating with a device. ...

SB024: Enables auto-updates for workplace devices (if permitted)
Software updates reduce exposure to known security vulnerabilities. Most devices can be set to auto-update when ...

SB025: Enables Google Play Protect (Android devices only)
Google Play Protect should be enabled on all Android devices. With Google Play Protect enabled, apps downloaded ...

SB025a: Enables Google Play Protect on all workplace devices (Android devices only)
Google Play Protect should be enabled on all workplace Android devices. With Google Play Protect enabled, apps ...

SB025b: Enables Google Play Protect on all personal devices (Android devices only)
Google Play Protect should be enabled on all personal Android devices. With Google Play Protect enabled, apps ...

SB026: Restricts the number of users with administrator privileges, and uses the administrator accounts only where necessary
User accounts have fewer privileges than administrator accounts. User accounts deny malware escalated permissions. ...

SB017: Only downloads apps from trusted sources (e.g. Google Play or The App Store)
Apps can hide malware. Trusted app stores such as Google Play and The App Store scan apps for malware, helping to ...

SB028: Enables the “show file extensions” setting
Malicious files are often made to look like other file types so that they are more likely to be opened (.pdf, ...

SB030: Follows advice given in security warnings
Security warning alert to potential harmful activity, like when a malicious website is visited. The advice should ...

SB031: Runs anti-virus scan if a new, unexpected icon or pop-up appears on the desktop
Unexpected icons or pop-ups on a computer’s desktop can indicate malware. Running an antivirus scan can help ...

SB032: Does not insert unauthorised devices/media into work devices/network
Malicious USB (or other plug-in) devices can be used in cyber attacks. They can be used to upload malware, steal ...

SB034: Refers suspicious attachments to the security team
Email attachments can contain malware. A supervisor, the IT team or other relevant person should be made aware of ...

SB057: Checks the URLs to ensure a website is legitimate
To trick people, criminals often include well-known organisations or brand names in malicious URLs. Thoroughly ...

SB058: Checks websites for signs of deception
Websites can be malicious. Checking for malicious characteristics, such as irregularities in the URL, decreases ...

SB059: Uses bookmarks to access frequently used websites
Links can be malicious. Bookmarking frequently used websites provides a safer access path.

SB081: Checks instant messages for signs of deception
Criminals will often use instant messaging (e.g. Whatsapp, Facebook and Slack) as an attack vector. Unexpected ...

SB082: Uses known contact details to verify suspicious messages
Contact details can be spoofed. Receiving a message that breaks any norms should be met with suspicion. Using ...

SB083: Checks before “blindly” forwarding messages to workplace contacts
Messages from workplace contacts are more likely to be trusted than messages from other sources. Forwarding ...

SB087: Reports suspicious messages (e-mails, texts, phone calls)
Suspicious messages received via email, text or phone should be reported to a single point of contact. This allows ...

SB088: Checks emails for signs of deception
Criminals will often use emails as an attack vector. Unexpected emails should always be checked for malicious ...

SB154: Does not visit unauthorised websites
Certain unauthorised websites can increase up the risk of a malware infection or cyber attack. These websites ...

SB155: Does not download content or material from unauthorised websites
Certain unauthorised websites can increase up the risk of a malware infection or cyber attack. These websites ...

SB158: Downloads a file from an unknown source
Downloading files from unverified sources could lead to malware infections and cyber attacks. Make sure all ...

SB153: Does not run a file from an unknown source
Running files from unknown sources risk viruses and other malicious content being installed on a device. This ...

SB164: Does not open an attachment in a phishing email
Opening attachments on phishing emails could lead to malware infections and cyberattacks.

SB164a: Does not open an attachment in a simulated phishing email
Opening an attachement in a simulated phishing email informs the IT or security team that employees might be at ...

SB169: Does not open an attachment in a message from an unknown source
Opening message attachments from unknown sources (i.e. sources you don't recognise or aren't familiar with) places ...

SB169a: Does not open an attachment in a Slack message from an unknown source
Opening Slack message attachments from unknown sources (i.e. sources you don't recognise or aren't familiar with) ...

SB169b: Does not open an attachment in a MS Teams message from an unknown source
Opening MS Teams message attachments from unknown sources (i.e. sources you don't recognise or aren't familiar ...

SB174: Does not log in from a device running out of date operating software
Devices running out of date operating systems are at increased risk of cyber attack. This is because the operating ...

SB174a: Does not log in from a mobile running out of date operating software
Mobile devices running out of date operating systems are at increased risk of cyber attack. This is because the ...

SB174b: Does not log in from a desktop/laptop running out of date operating software
Desktop/laptop devices running out of date operating systems are at increased risk of cyber attack. This is ...

SB175: Does not log in from a rooted mobile device
Gaining root access ('rooting', also known as 'jailbreaking') on a mobile device is akin to running Windows as an ...

SB189: Does not use unapproved applications on work devices
Using unapproved applications on devices may be harmful. They could cause your device to run slower, introduce ...

SB190: Does not use third party applications within work domain
Using third-party applications within a work domain could increase the risk of malware, ransomware, or data leaks ...

SB196: Doesn't share documents or files containing malicious links
Sharing a file or document containing malicious links poses a threat to anyone who receives it as their devices ...

SB198: Does not use unapproved device for work purposes
Using unapproved devices for work purposes increases security risks. This could be for a variety of reasons ...

SB198a: Does not use unapproved mobile device for work purposes
Using unapproved mobile devices for work purposes increases security risks. This could be for a variety of reasons ...

SB198b: Does not use unapproved desktop or laptop for work purposes
Using unapproved desktops or laptops for work purposes increases security risks. This could be for a variety of ...

SB208: Ensures work devices and software are updated regularly
Software updates reduce device exposure to known security vulnerabilities.
Case study
Magellan Health
In April 2020, cyber criminals hit Fortune 500 company Magellan Health with a double whammy.
Initially, criminals sent Magellan Health employees an email containing a malicious link. Some employees clicked the link. This gave criminals access to a corporate server. They then stole people’s addresses, employee ID numbers, and social security numbers.
Five days later, the criminals launched a ransomware attack. This stopped Magellan Health from being able to access their data.
In a statement to the employees, Magellan Health announced it would be taking company-level measures to prevent similar future incidents. In particular, it stressed the importance of raising cyber security concerns about suspicious emails and phishing scams.
Lion
In June 2020, Australian Brewing giant Lion fell prey to a series of phishing and ransomware attacks.
Criminals first gained control of Lion’s systems and data. Then they demanded a ransom for revocation. No personal or financial information was stolen, but the ransomware caused a system shutdown. This resulted in stock shortages and other business losses.
Lion worked with IT and security professionals to bring systems back online safely, but it took a long time before they could resume normal business.
When asked about the incident, Australian Prime Minister Scott Morrison advised corporate organisations to keep up to date with the latest cyber threat advice, patch internet-facing devices properly and set up Multi-Factor Authentication systems for work equipment.
Android Users, 2018
In 2018, Android users in South Korea were the targets of a sophisticated malware attack. The malware was hiding in plain sight – in seemingly harmless mobile apps.
The malware intercepted bank texts. It also recorded customer calls to financial organisations. By late 2018, the malwae was even redirecting people’s calls: victims who tried to call their banks were redirected to criminals and tricked into handing over sensitive information.
The malware was found to enter the Android systems through 22 apps downloaded from “alternative” app stores. Downloading one of the infected apps set the malicious chain in motion.
Android users can prevent such attacks by: only downloading apps from the Google Play Store; checking app permissions; and regularly updating their Android software.