Last Word: Behavioural patterns & cloud

Using individual user's behaviour patterns can identify both the individual and Bot activity to thwart RATs says Uri Rivner

Uri Rivner
Uri Rivner

Use of Remote Access Trojans, or ‘RATs,' such as Dyre and Dridex, has become a new way for fraudsters to gain access to users' online bank accounts.  RAT viruses have quickly made the shift from nation state and hacktivist operations to fraud in retail banking, where victims may not discover that their identities were stolen for more than a year after the hack. 

Fraudsters stole US$ 16 billion (£10.4 billion) from 12.7 million US consumers in 2014 according to the Javelin Strategy & Research 2015 Identity Fraud Study while fraud prevention agency Cifas suggests that UK individuals affected by identity theft increased by a third during the first quarter of 2015.

Remote Access technology was originally developed as an efficiency tool to help IT administrators support end users' devices and servers that were spread out geographically. Remote Access Trojans (RATs) were then adapted to carry out sophisticated cyber-attacks by allowing fraudsters to read, write, delete, install or modify any file located on a remote computer. At some phase, all APT attacks leverage remote access technologies to penetrate an enterprise's network and exfiltrate sensitive information.

But until recently, RATs had not been widely used against financial institutions. Most financial malware, such as Zeus, used technologies that did not require any human intervention. 

Consequently fraudsters added a new modus operandi - RAT-in-the-Browser (RitB) so that using standard VNC or RDP remote access capabilities, fraudsters can remotely access a user's browser and log in to their online bank-ing application. With RitB, banks don't suspect a fraudulent session is taking place as all the ‘right' flags have been raised and the session looks normal. 

Unique fraud protection

Behavioural biometrics is a next gen form of biometrics based on the unique activity of a user.  When a user performs a specific task on a website with a mouse, keyboard, touch screen, etc, the interaction is derived from their physiological makeup and cognitive function. Analysis of this interaction and the learning of the cognitive patterns of the user allows construction of a dynamic biometric profile extracted directly from the user's activity on the site. If a fraudster/hacker tries to per-form any kind of action they will be spotted as their online interaction is different from the real user's. 

Behavioural biometrics has been suggested as a solution to the RAT problem. 

The cloud protecting from above

Combining behavioural biometrics with cloud technology enables developers, financial institutions, and individual end-users to share information in real time.  Banks can monitor specific fraudsters and attackers and discern whether they are actively infiltrating other banks by spreading Trojans or carrying out phishing attacks across other regions. Pairing cloud technology with behavioural biometrics also allows any app developer or organisation to integrate biometric technology into their systems granting secure user access from any device and location without inconveniencing the end-user. 

Behavioural biometrics combined with cloud technology adds a critical new layer of security to defend from financial fraud.