Abstract
Malware is still a widespread problem, and it is used by malicious actors to routinely compromise the security of computer systems. Consumers typically rely on a single AV product to detect and block possible malware infections, while corporations often install multiple security products, activate several layers of defenses, and establish security policies among employees. However, if a better security posture should lower the risk of malware infections, then the actual extent to which this happens is still under debate by risk analysis experts. Moreover, the difference in risks encountered by consumers and enterprises has never been empirically studied by using real-world data.
In fact, the mere use of third-party software, network services, and the interconnected nature of our society necessarily exposes both classes of users to undiversifiable risks: Independently from how careful users are and how well they manage their cyber hygiene, a portion of that risk would simply exist because of the fact of using a computer, sharing the same networks, and running the same software.
In this work, we shed light on both systemic (i.e., diversifiable and dependent on the security posture) and systematic (i.e., undiversifiable and independent of the cyber hygiene) risk classes. Leveraging the telemetry data of a popular security company, we compare, in the first part of our study, the effects that different security measures have on malware encounter risks in consumer and enterprise environments. In the second part, we conduct exploratory research on systematic risk, investigate the quality of nine different indicators we were able to extract from our telemetry, and provide, for the first time, quantitative indicators of their predictive power.
Our results show that even if consumers have a slightly lower encounter rate than enterprises (9.8% vs. 12.0%), the latter do considerably better when selecting machines with an increasingly higher uptime (89% vs. 53%). The two segments also diverge when we separately consider the presence of Adware and Potentially Unwanted Applications (PUA) and the generic samples detected through behavioral signatures: While consumers have an encounter rate for Adware and PUA that is 6 times higher than enterprise machines, those on average match behavioral signatures 2 times more frequently than the counterpart. We find, instead, similar trends when analyzing the age of encountered signatures, and the prevalence of different classes of traditional malware (such as Ransomware and Cryptominers). Finally, our findings show that the amount of time a host is active, the volume of files generated on the machine, the number and reputation of vendors of the installed applications, the host geographical location, and its recurrent infected state carry useful information as indicators of systematic risk of malware encounters. Activity days and hours have a higher influence in the risk of consumers, increasing the odds of encountering malware of 4.51 and 2.65 times. In addition, we measure that the volume of files generated on the host represents a reliable indicator, especially when considering Adware. We further report that the likelihood of encountering Worms and Adware is much higher (on average 8 times in consumers and enterprises) for those machines that already reported this kind of signature in the past.
- [1] . 2017. RiskTeller: Predicting the risk of cyber incidents. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 1299–1311.Google Scholar
Digital Library
- [2] . 2011. Measuring pay-per-install: The commoditization of malware distribution. In Proceedings of the USENIX Security Symposium. The Advanced Computing Systems Association.Google Scholar
Digital Library
- [3] . 2013. Regression Analysis of Count Data, Vol. 53. Cambridge University Press.Google Scholar
Cross Ref
- [4] . 2014. On the effectiveness of risk prediction based on users browsing behavior. In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. 171–182.Google Scholar
Digital Library
- [5] . 2019. Cisco Annual Cybersecurity Report. Retrieved from https://www.cisco.com/c/dam/m/hu_hu/campaigns/security-hub/pdf/acr-2018.pdf.Google Scholar
- [6] . 2017. Advanced Malware Detection—Signatures vs. Behavior Analysis. Retrieved from https://www.infosecurity-magazine.com/opinions/malware-detection-signatures/.Google Scholar
- [7] . 2019. What the hack: Systematic risk contagion from cyber events. Int. Rev. Finan. Anal. 65 (2019), 101386.Google Scholar
Cross Ref
- [8] Cyber Insurance and Systemic Market Risk 2018. Cyber Insurance and Systemic Market Risk. Retrieved from https:// www.eastwest.ngo/sites/default/files/ideas-files/cyber-insurance-and-systemic-market-risk.pdf.Google Scholar
- [9] . 2020. SoK: Cyber insurance–technical challenges and a system security roadmap. In Proceedings of the IEEE Symposium on Security and Privacy (SP). 293–309.Google Scholar
Cross Ref
- [10] . 2022. When Sally met trackers: Web tracking from the users’ perspective. In Proceedings of the 31st USENIX Security Symposium (USENIX Security’22). 2189–2206.Google Scholar
- [11] Is Cyber Risk Systemic? 2017. Is Cyber Risk Systemic? Retrieved from https://www.aig.ie/latest-insights/is-cyber-risk-systemic.Google Scholar
- [12] ISO 3166-1 1997. ISO 3166-1. Retrieved from https://en.wikipedia.org/wiki/ISO_3166-1.Google Scholar
- [13] . 2018. Kaspersky Security Bulletin 2018. Threat Predictions for 2019. Retrieved from https://bit.ly/2Wq5eIw.Google Scholar
- [14] . 2019. Microsoft Security Intelligence Report. Retrieved from https://www.microsoft.com/security/blog/2019/02/28/microsoft-security-intelligence-report-volume-24-is-now-available.Google Scholar
- [15] . 2016. Measuring PUP prevalence and PUP distribution through pay-per-install services. In Proceedings of the 25th USENIX Security Symposium. 739–756.Google Scholar
Digital Library
- [16] . 2019. Mind your own business: A longitudinal study of threats and vulnerabilities in enterprises. In Proceedings of the Network And Distributed System Security Symposium (NDSS). 739–756.Google Scholar
Cross Ref
- [17] . 2018. McAfee Labs Threats Report. Retrieved from https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-dec-2018.pdf.Google Scholar
- [18] . 2019. 2019 State of Malware. Retrieved from https://resources.malwarebytes.com/files/2019/01/Malwarebytes-Labs-2019-State-of-Malware-Report-2.pdf.Google Scholar
- [19] . 2017. A lustrum of malware network communication: Evolution and insights. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society.Google Scholar
Cross Ref
- [20] . 2014. Risk prediction of malware victimization based on user behavior. In Proceedings of the 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE). IEEE, 128–134.Google Scholar
Cross Ref
- [21] . 2015. Cloudy with a chance of breach: Forecasting cyber security incidents. In Proceedings of the 24th USENIX Security Symposium. 1009–1024.Google Scholar
- [22] . 2015. Predicting cyber security incidents using feature-based characterization of network-level malicious activities. In Proceedings of the ACM International Workshop on International Workshop on Security and Privacy Analytics. 3–9.Google Scholar
Digital Library
- [23] . 2022. Visualization with Python. Retrieved from https://matplotlib.org/.Google Scholar
- [24] . 2015. An empirical study of global malware encounters. In Proceedings of the Symposium and Bootcamp on the Science of Security. 1–11.Google Scholar
- [25] . 2014. Global mapping of cyber attacks. Retrieved from SSRN 2729302 (2014).Google Scholar
- [26] . 2010. Logistic regression: Why we cannot do what we think we can do, and what we can do about it. Eur. Sociol. Rev. 26, 1 (2010), 67–82.Google Scholar
Cross Ref
- [27] . 2006. A crawler-based study of spyware in the web. In Proceedings of the Network and Distributed System Security Symposium (NDSS).Google Scholar
- [28] . 2022. The fundamental package for scientific computing with Python. Retrieved from https://numpy.org/.Google Scholar
- [29] . 2022. Python data analysis library. Retrieved from https://pandas.pydata.org/.Google Scholar
- [30] . 2019. The Ultimate List of Cyber Security Statistics for 2019. Retrieved from https://purplesec.us/resources/cyber-security-statistics/.Google Scholar
- [31] Quantifying Systemic Cyber Risk 2018. Quantifying Systemic Cyber Risk. Retrieved from http://web.stanford.edu/csimoiu/doc/Global_CRQ_Network_Report.pdf.Google Scholar
- [32] . 2017. Content analysis of cyber insurance policies: How do carriers write policies and price cyber risk? Retrieved from SSRN 2929137 (2017).Google Scholar
- [33] . 2015. Prioritizing security spending: A quantitative analysis of risk distributions for different business profiles. In Proceedings of the Workshop on the Economics of Information Security.Google Scholar
- [34] . 2022. Machine Learning in Python. Retrieved from https://scikit-learn.org/stable/.Google Scholar
- [35] . 2018. Predicting impending exposure to malicious content from user behavior. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1487–1501.Google Scholar
Digital Library
- [36] . 2022. Desktop Operating System Market Share Worldwide. Retrieved from https://gs.statcounter.com/os-market-share/desktop/worldwide.Google Scholar
- [37] . 2018. Gartner Forecasts Worldwide Information Security Spending to Exceed $124 Billion in 2019. Retrieved from https://gtnr.it/2zQUueM.Google Scholar
- [38] . 2019. Internet Security Threat Report. Retrieved from https://docs.broadcom.com/doc/istr-24-executive-summary-en.Google Scholar
- [39] . 2015. Are you at risk? Profiling organizations and individuals subject to targeted attacks. In Proceedings of the International Conference on Financial Cryptography and Data Security. Springer, 13–31.Google Scholar
Cross Ref
- [40] . 2019. Cybersecurity: Industry Overview, Market Map, Global Investments. Retrieved from https:// bit.ly/2L52hbn.Google Scholar
- [41] . 2022. Usage statistics of operating systems for websites. Retrieved from https://w3techs.com/technologies/overview/operating_system.Google Scholar
- [42] . 2014. An epidemiological study of malware encounters in a large enterprise. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1117–1130.Google Scholar
Digital Library
Index Terms
A Comparison of Systemic and Systematic Risks of Malware Encounters in Consumer and Enterprise Environments
Recommendations
Malware: from modelling to practical detection
ICDCIT'10: Proceedings of the 6th international conference on Distributed Computing and Internet TechnologyMalicious Software referred to as Malware refers to a software that has infiltrated to a computer without the authorization of the computer (or the owner of the computer). Typical categories of malicious code include Trojan Horses, viruses, worms etc. ...
An Epidemiological Study of Malware Encounters in a Large Enterprise
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications SecurityWe present an epidemiological study of malware encounters in a large, multi-national enterprise. Our data sets allow us to observe or infer not only malware presence on enterprise computers, but also malware entry points, network locations of the ...
Malware classification method via binary content comparison
RACS '12: Proceedings of the 2012 ACM Research in Applied Computation SymposiumWith the wide spread uses of the Internet, the number of Internet attacks keeps increasing, and malware is the main cause of most Internet attacks. Malware is used by attackers to infect normal users' computers and to acquire private information as well ...






Comments