Using work computers to browse porn or visit gambling sites significantly increases the risk of malware infections, potentially compromising network security, cybersecurity experts have warned.
Cybersecurity researchers analyzed five risky online habits: working late, browsing adult content, gambling, installing excessive software, and frequenting unknown websites.
They assessed these behaviors against seven types of malware, including viruses, trojans, worms, ransomware, and hacking tools used for remote computer control.
Researchers also examined coinminers, which use the victim’s computer to mine cryptocurrency, and other potentially unwanted applications (PUAs) that pose security risks, slow down systems, or bombard users with ads.
The study, conducted by researchers from the University of Trento in Italy, Vrije Universiteit Amsterdam in the Netherlands, and cybersecurity firm Trend Micro, analyzed global telemetry data to explore how employee online behavior influences malware risks.
Gambling sites significantly increased the risk of coinminers, doubling the odds of encountering such software. Similarly, visiting porn sites doubled the risk of PUAs and posed a major threat of trojans and hacking tools.
Frequent visits to various unknown websites also raised malware risks. For instance, accessing sites discussing nonviolent crimes increased the likelihood of encountering PUAs, trojans, hacking tools, and viruses three to five times.
In contrast, the study found that browsing mostly at night rather than during the day had no impact on the likelihood of encountering malware.
According to researchers, the study identifies users’ behavioral characteristics that can be used to differentiate an organization’s cybersecurity risk profile.
For example, government and defense contractors may consider hacking tools the greatest threat, while healthcare institutions may be more concerned about ransomware that could lock access to critical data.
The study was commissioned by the EU-funded project Sec4AI4Sec and the Dutch Research Council’s project Theseus.
“A key takeaway of our study is that there is no bulleted list of best practices that will be equally cost-effective across the board,” said Fabio Massacci, coordinator at Sec4AI4Sec and member at Theseus.
“But by knowing which user behaviors are associated with which classes of malware, an organization can proactively reduce its cybersecurity risks in a cost-effective manner for the specific malware threats they consider existential,” Massacci said.
Marco Balduzzi, technical research lead at Trend Micro’s Forward-Looking Threat Research team, said: “This study serves as a foundation for the proactive detection and anticipation of attacks by leveraging users’ behaviors for anticipating threats.”
Your email address will not be published. Required fields are markedmarked