Although the name doesn’t imply it, RATs began as a helpful software application, used by help desk personnel to access a remote PC to see what the user was experiencing, find issues, and provide immediate resolution. It didn’t take long for the cybercriminals to exploit this opening.

Today, RATs are used for different purposes, coming in the form of malware, or Remote Access Trojans, that enable a fraudster to take over administrative control of a device. However, through social engineering techniques (such as phone-based vishing or SMS-based smishing), these attacks increasingly involve humans who take over control of a victim’s device via remote access tools like TeamViewer, to gain access to victim accounts, stealing credentials, and intercepting and redirecting online activity.

As discussed at the recent CNP Expo, account takeover and RATs are now considered to be the attack vector of choice, because of the great difficulty in detecting them. Traditional malware detection tools are not capable of recognizing most RAT attacks, because fraudsters remotely take over a bona fide user’s logged-in session, after the user has appropriately and correctly authenticated themselves, with no malware involved. Similarly, because by definition they usurp a user’s login and device credentials, traditional device and geolocation verification tools are not effective in recognizing RATs either.

Behavioral Biometrics to Combat RATs

Given the pace of continued cyberattacks, it is clear that current cybersecurity methods are insufficient. Today’s cybercriminals are extremely savvy and patient, and have developed methods that kick into gear after a user authenticates themselves and is logged in. In working with global customers - who have employed prior fraud prevention solutions - it has become clear to us at BioCatch, that analyzing user behavior is the only way to effectively and consistently identify next-generation threats, such as RATs, without compromising the user’s online experience.

This is how it works:

Create the User Profile: The BioCatch system collects and analyzes over 500 traits including hand-eye coordination, pressure, hand tremors, navigation, scrolling and other finger movements, etc. To create the user profile, the system detects the parameters that are most strongly associated with the user meaning that, for those parameters, the user does not behave like the rest of the population. Each person’s profile is made up of different unique parameters and can be linked across devices.

Generate Invisible Challenges™: Subtle tests are injected into an online session to elicit responses. Since the user is unaware of the challenge, there is no way for a human or bot to mimic or predict the response.

Produce Actionable Risk Score: The system looks for different kinds of fraudulent activity – criminal behavior, malware, bots, RATs, aggregators, etc. – and analyzes the behavior in a session to compare against the user’s behavioral profile. A high risk score generates an alert in real-time.

BioCatch Wins Breakthrough Patent for Remote Access Detection

BioCatch announced earlier this week that it has been awarded a new patent entitled, “Device, Method, and System of Detecting Remote Access Users and Differentiating Among Users.” The U.S. patent 9690915 detects the presence of remote access tools, in order to distinguish between genuine and malicious online behaviors, is the 23rd granted patent in the BioCatch intellectual property portfolio.

To learn more, read the full patent announcement here.

Related Posts