Trapping RATs to Prevent Online Banking Fraud
Frecuently, crime-as-a-service sector analyzes new ways to attack their targets in order to obtain maximum results at the lowest risk.
Thanks to the growing specialization in the cybercriminal value chain, cybercriminals make new developments available to other criminals whitout much experience in the designe of malware, which allow them to overcome barriers that banks raise to avoid the impact of fraud.
The Banking sector continues to be one of the most appealing sectors when it comes to cybercrime due to the sensitive information handled by costumers. This information allows them to quickly monetize their efforts.
One of the most renowned tactics to represent a major threat to online banking sector is the use of Remote Access Trojan (RAT).
These pieces of malware Known as Remote Access Trojans (RATs), are usually downloaded to a user’s computer or smartphone invisibly through a software that the user has requested. They also can be delivered in email attachments. RATs can run on Windows, Mac OS, Linux, and Android platforms - which makes them broadly useful from an attacker’s perspective.
Once fraudsters compromise the user’s system, they establish a command and control (C&C) connection through which they can control the system, gather data, exfiltrate data, and gain a foothold in the bank’s network for further lateral movement.
When a RAT is active, the cybercriminals can see the user´s screen and do as they please at any time.
Tradicional protection for banking customers is not used for the detection of this type of malware for several reasons:
- RAT appears to be legitimate: its behaviour is similar to Remote Access tools used by technical support administrator. In this way it go unnotice.
- From the banks, registered user devices are considered reliable and are verified by fingerprint in addition to robust identity authentication.
- Cybercriminal tactics are dynamic and adaptable to new malware defense technologies, making detection more difficult.
According to the case studies at Global Trends in Online Banking Fraud (Microsoft), the only cybersecurity feature that consistently demonstrated the ability to stop RAT attacks was behavioral biometrics.
Thanks to the ability to know the customers´use patterns, banks can significantly improve their ability to detect fraud.
In this sense, from buguroo we have designed a protection shield based on Deep Learning and Behavioral Biometric. Thanks to these new techniques and technologies our software buFraud:
- Prevents Customer Impersonation: bugFraud dynamically profiles each user, using advanced neural learning algorithms to identify unique biometric characteristics.
- Prevents Malware Content Injections in Users’ Navigation: includes a greybox-based detection engine that identifies attempts to download malware and manipulate content in the user’s browser.
- Enables Real-time Detection: data is collected from the time the customer logs in and throughout the entire sesión.
- Frictionless for Customers: banks do not need to install or maintain agents or other software on users’ devices. For users, bugFraud is completely transparent, and they are protected regardless of the device.
Deep Learning for Online Fraud Prevention