AUSTIN, TX, Dec 9, 2024 – Malware (malicious software) is a worldwide threat to network security for organizations. Individual users within those networks may inadvertently download or interact with malware like viruses and ransomware by browsing unsafe websites, downloading software, or clicking on phishing links in emails.
Cybersecurity researchers from the University of Trento and Vrije Universiteit Amsterdam and the global cybersecurity firm Trend Micro wondered what behaviors bring the greatest risk of malware infection: working at night, browsing adult content, gambling, having a lot of software installed or just visiting strange places?
The team recently completed a large-scale study using global telemetry data to understand how employees' behaviors on a network — from browsing porn to visiting gambling sites — affect the odds of them encountering seven different kinds of malware. Fabio Massacci, coordinator of the European project Sec4AI4Sec on AI and security and member of the Dutch NWO Theseus project on security patching, will present their findings in early December at the annual meeting of the Society for Risk Analysis in Austin, Texas.
Categories of malware included in the analysis are virus, trojan, worm, hacking tools (which remotely control the victim's computer), coinminers (which uses the victim's cpu to mine bitcoins and other cryptocurrencies), ransomware, and other potentially unwanted applications (PUAs).
Gambling sites were found to be a major risk for coinminers, doubling the odds of encountering this software. Adult/porn sites were a major risk for PUA (doubling the risk) and for trojans and hacking tools. Illegal sites that discuss how to perpetrate nonviolent crimes demonstrated a 3-5x increase in the odds of encountering PUAs, trojans, hacktools, and viruses. Visiting a large volume of unknown websites of many different kinds is also a risk factor. Somewhat surprisingly (or reassuringly), browsing mostly at night rather than during the day makes no difference.
The study identifies users' behavioral characteristics that can be used to differentiate an organization's cybersecurity risk profile. Different organizations may be more susceptible to specific malware threats. Governments and defense contractors may consider hacktools, used to gain unauthorized access to networks, their most significant threat. Health care institutions may be more concerned with the existential threat of an employee's encounter with ransomware — which can lock access to critical data.
"A key takeaway of our study is that there is no bulleted list of best practices that will be equally cost effective across the board," says Massacci. "But by knowing which user behaviors are associated with which classes of malware, an organization can proactively reduce its cybersecurity risks in a cost-effective manner for the specific malware threats they consider existential."
Marco Balduzzi, technical research lead at Trend Micro's Forward-Looking Threat Research (FTR) team, adds: "This study serves as a foundation for the proactive detection and anticipation of attacks by leveraging users' behaviors for anticipating threats."
The study was conducted under the EU-funded project SEC4AI4SEC and the Dutch NWO Project THESEUS. SEC4AI4SEC investigates both the potential applications of Artificial Intelligence (AI) in cybersecurity and the unique challenges and threats arising from AI's distinctive characteristics. This dual focus aims to address how AI can enhance cybersecurity measures while mitigating risks inherent to AI technologies. THESEUS's goal is to support enterprises to better quantify risk by better estimating exploit likelihood in a coherent picture.