Trapping RATs to Prevent Online Banking Fraud. Frecuently, crime-as-a-service sector analyzes new ways to attack their targets in order to obtain maximum results at the lowest risk.
Thanks to the growing specialization in the cybercriminal value chain, cybercriminals make new developments available to other criminals whitout much experience in the designe of malware, which allow them to overcome barriers that banks raise to avoid the impact of fraud.
The Banking sector continues to be one of the most appealing sectors when it comes to cybercrime due to the sensitive information handled by costumers. This information allows them to quickly monetize their efforts.
One of the most renowned tactics to represent a major threat to online banking sector is the use of Remote Access Trojan (RAT).
These pieces of malware Known as Remote Access Trojans (RATs), are usually downloaded to a user’s computer or smartphone invisibly through a software that the user has requested. They also can be delivered in email attachments.
RATs can run on Windows, Mac OS, Linux, and Android platforms - which makes them broadly useful from an attacker’s perspective.
Once fraudsters compromise the user’s system, they establish a command and control (C&C) connection through which they can control the system, gather data, exfiltrate data, and gain a foothold in the bank’s network for further lateral movement.
When a RAT is active, the cybercriminals can see the user´s screen and do as they please at any time.
Tradicional protection for banking customers is not used for the detection of this type of malware for several reasons:
According to the case studies at Global Trends in Online Banking Fraud (Microsoft), the only cybersecurity feature that consistently demonstrated the ability to stop RAT attacks was behavioral biometrics.
Thanks to the ability to know the customers´use patterns, banks can significantly improve their ability to detect fraud.
In this sense, from buguroo we have designed a protection shield based on Deep Learning and Behavioral Biometric. Thanks to these new techniques and technologies our software buFraud: