We, humans, might not be the weakest link in identifying malware
Let’s admit it: whenever we hear of a successful breach of an organization’s systems, we immediately think that hackers managed to fool a certain human working there. But new research suggests that we Earthlings aren’t so bad.
In case of a breach, look for a worker who never stopped to think and downloaded a malicious attachment. This is the most common assumption of how cyberattacks succeed.
However, after researchers from the University of Waterloo’s Cheriton School of Computer Science teamed up with cybersecurity experts from the University of Guelph to test this particular theory, it turned out that it doesn’t necessarily hold water.
They analyzed how human end-users, ranging from tech newbies to experts, responded to real-time legitimate and malicious software download requests in a simulated office setting.
The study was the first malware research to observe user strategies in real time rather than produce so-called “after-action” reports, investigations into what went wrong after a successful attack.
Around 30 study participants received messages from fake co-workers in a Microsoft Teams-like environment, prompting them to download and install various programs.
Participants had full control over whether to install the software and could research their choices however they liked.
Most relied on online search engines and prior knowledge, while more advanced participants also scanned the executables at VirusTotal or Joe’s Sandbox, the paper explained. The results are actually encouraging.
In the initial trial, users identified malware with 75% accuracy. Novice users were right 68% of the time, while expert users achieved 81% accuracy.
After the researchers provided participants of the study with some help, their malware detection skills immediately improved.
“It was interesting how novice users sometimes flagged legitimate software as malware due to a typo or poor interface design, yet missed real malware when the clue was unusual system behaviour, like high processor usage,” said Brandon Lit, a PhD student in Waterloo’s Cheriton School of Computer Science and the lead author of the study.
What’s especially telling, though, is that after the researchers provided participants with some help, their malware detection skills immediately improved.
After the group was provided with an enhanced task manager and instructions about what red flags to look for, such as software accessing large numbers of files or network connections to other countries, its malware detection rate increased to 80%.
“Just having a bit of information puts beginner users on par with computer scientists. Fostering critical thinking is one of the most important things we can do to increase security,” said Lit.
