Countering the Rising Threat of RAT & Business Email Compromise Attacks

May. 2, 2019 | by BioCatch

Business email compromise (BEC) and remote access trojan (RATs) attacks are two of the top threats for companies to keep an eye on in 2019.

According to the FBI’s just-released 2018 Internet Crime Report, BEC attacks resulted in the highest reported losses out of all cybercrime categories, coming in at a staggering $1.2 billion. That’s nearly half of all cybercrime earnings in 2018, which hit a high of $2.7 billion.

Earlier this year, Proofpoint uncovered similar, shocking stats in their Quarterly Threat Report: Between Q4 of 2017 and Q4 of 2018, BEC attacks increased by 476%. Today, the average enterprise now receives upwards of 120 BEC emails each quarter.

Email attacks are the leading threat, but in an interesting twist, RAT attacks have seen a significant uptick. The number of RATs doubled each quarter of 2018, rising from 0.04% of observed malware in 2017 to over 8% of all malicious payloads in Q4 of 2018, according to Proofpoint.

Both BEC and RATs are tried-and-true-attack methods, but as instances continue to rise, it’s clear that companies need new solutions that enable them to fight back, protect customers, and safeguard business data.

Fighting Back with Behavioral Biometrics

Business email compromise is a sophisticated form of cyberattack where fraudsters spoof the email accounts of top executives to deceive financial departments into making unauthorized payments. Once the payment is deposited into a fraudster’s account, the funds are typically unable to be recovered.

Training and rigid policies for payment authorization are an important step toward preventing BEC attacks. But with such high attack volumes, it’s inevitable that some will be successful. When that’s the case, a dynamic, continuous authentication solution enables organizations to detect BEC attacks in real-time, before funds are lost forever.

Continuous authentication uses behavioral biometric technology to monitor user behavior for signs of manipulation by a fraudster from the point of log in until session close. If a user’s credentials have been compromised, behavioral biometrics pick up on differences from a user’s normal behaviors and flags the transaction as suspicious, blocking it completely or requiring further step-up authentication to verify that the transaction is a legitimate request.

The same goes for RATs. Cybercriminals use RAT attacks to take over a user’s device or deliver malicious payloads that can then be used to commit fraud, most commonly application fraud. RATs behave differently than a human user would, meaning that each type has its own unique behavioral patterns that can be identified and saved as a signature. Behavioral biometrics monitor for these behavioral anomalies in real-time to detect RATs within a user session and shut them down before damage can be done.

As cybercriminals continue to leverage email attacks and RATs — sometimes merging both, as in the case of Emotet, widely recognized as the world’s most dangerous malware — companies may feel stuck and unable to block the enormous threat. However, both attack modes can be stopped with the right security solution in place. Behavioral biometrics provide the new measures needed to eliminate business email compromise and RAT attacks for good.

Learn more about BioCatch’s unique approach to preventing threats, new and old, through behavioral biometrics here.

Topics: Fraud, Authentication, Continuous Authentication