Beware of malware bypassing or tricking your business anti-virus software
Published 17 February 2021
Many businesses rely on their anti-virus software for protection against cyber criminals or hackers, but did you know that some malware (malicious software) can still enter your technology and computer systems undetected? Understanding how the threat can slip past security measures helps you know what to look for and how to protect your business.
Why malware poses a considerable cyber risk and can lead to a cyber attack on your business
The term malware can refer to a number of different types of malicious software, including viruses, trojans, worms and ransomware. The goal may be to steal data, especially personal or financial information, or to paralyse your system, forcing you to pay a ransom. Some malware has been engineered to be undetectable to antivirus software, installing itself in a way that turns off any triggers picked up by antivirus software.
The next step is for the malware to disable the antivirus’s detection abilities so it won’t recognise that anything is amiss. Like a virus the malicious software spreads inside the computer system, altering files so it can carry on harvesting information and replicating itself. Similarly also it can infect thousands of victims and related systems through digital contact.
These ‘tools’ are developed by criminals and offered for sale on the dark web, a platform for the cyber black market. Some malware attacks are targeted to particular organisations or industries, others may be dispersed using a ‘scattergun’ approach. Many types of malware are offered as a service so a malicious actor doesn’t have to build it themselves or even, in some cases, send it out. It’s all done for them.
How can you tell you've been infected by malware?
If your systems are infected by malware it’s entirely possible you won’t be able to detect its presence, but there are a few telltale signs to look out for.
problems are shutting down or restarting your computer
your computer feels slow - much slower than it used to be
some files are going missing
your system crashes often or there are a lot of new error messages
new pop-up windows - (keep an eye out for ones asking that you call a help centre)
new installed applications (toolbars, etc.) that you don’t remember installing
overworked hard drive (the cooling fan or hard drive spin up when you aren't doing much)
contacts are receiving emails from your account that you didn’t send
your antivirus programs seem to be throwing up errors.
Common modes of cyber attack to be on the lookout for
Most infections arrive via infected websites or emails and usually need to be installed in some way. Most of the time they require some form of permission to do this, disguised as official looking requests from trusted colleagues, business partners or recognised brand names. In other instances they may simply take advantage of systems security vulnerabilities.
You may have clicked on a hacked website, downloaded infected files or ‘free’ software. Malicious apps like viruses and trojans can hide in seemingly legitimate applications, especially when they are downloaded from websites or messages instead of from a secure app store. Then there’s the ‘drive by’ malware download from a legitimate website that has been hacked and a malicious page or banner ad inserted, infecting unsuspecting visitors to the site.
Recently there has been a significant increase in attacks against systems like the Windows Remote Desktop Protocol (RDP) which enables you to log into your work computer from home. Criminals guess your password or use information from stolen password or phishing sites to log into your computer and install the malware. This effectively bypasses many traditional security measures such as antivirus scanning – and it’s one of the reasons why it’s important to have effective systems security monitoring in place.
Protect your business from cyber attacks and associated costs
If you realise that your business systems have been infected by malware it’s time to call in the experts to address the damage and, more importantly, defend yourself from it happening again. And if you haven’t been attacked it’s still vital to protect yourself.
This calls for a dual approach: having a dedicated security system that monitors your network and delivers alerts of anomalies so that you can act immediately to contain the malware infection, and cyber insurance that covers the costs involved in responding to an incident.
The role of cyber insurance cover
Cyber insurance provides back-up for your security measures and means that you are covered for the cost of engaging professionals and associated expenses involved in the restoration and remediation of your systems, as well as reputational damage control, should you become the victim of a cyber attack.
Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient’s industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers’ control.
Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312