Remote Administration Tools (RATs) have a dual purpose. Their original objective was to allow IT personnel to remotely access computers connected to the network, so they can run troubleshooting or remote maintenance on the PC. Many people use remote access capabilities because it allows them to enter their far-away desktop and control it, just like they were sitting behind the keyboard themselves.
When RATs are used with good intentions they help people solve difficult computer problems but there’s also a darker, far more sinister use of remote access tools: enabling remote attacks.
Nation states have long been using RATs in their advanced persistent threat campaigns against government, military and commercial targets. Financially motivated cyber criminals soon adopted the methodology, and began using VNC back-connect tools enabling remote access as part of their bag of dirty tricks. The first banking Trojans equipped with this capability were Citadel, Ice9, and various Zeus clones. Later the dark industry developed more advanced, stealthy RAT-enabled Trojans such as Dyre, Dridex, Neverquest, and Trickbot.
One of the problems with RATs is that current fraud detection solutions (namely device recognition and malware detection) aren’t designed to detect them. That leaves users and banks vulnerable to a growing epidemic of Remote Access Trojan attacks.
BioCatch takes a unique approach to finding RATs. Where most systems used today examine device data, which cannot detect a RAT attack as it comes from the trusted user device, BioCatch monitors and analyzes a user’s cognitive behavior without interfering with the user experience. BioCatch tracks the user’s unique profile throughout the session and can instantly detect and alert the bank when it spots abnormal user behavior consistent with a Remote Access Trojan.
Download the White Paper to find out more!