Page 10 - Cyber Warnings
P. 10
By analyzing user behaviours, establishing their regular behavioural baseline, and spotting
cases where the user acts in a very abnormal manner, banks are now able to stop remote
access attacks before they result in devastating losses.
Forget about Authentication
One of the likely outcomes of heists on the magnitude of the Bangladesh one, is a race for a
more secure authentication protocol for the international wire transfer network. However, this is
a futile effort: whatever authentication is used, RAT operators have already demonstrated their
ability to break it.
Whether the credentials are static or dynamic, based on physical tokens or using out-of-band
strong authentication, cyber criminals already have social engineering plays that can circumvent
them by tricking the user to complete authentication while the bank gets a remotely controlled
session. So better authentication won’t do the trick.
As with APTs and other advanced attacks, it’s far more important to know what’s going on
inside the account – Does the user behave in a regular manner? Do they act according to their
behavioural baseline? Is their hand-eye coordination normal? If the answer is no, then you
might have just detected an attack.
The next Bank of Bangladesh – type attack is around the corner and will be an even better oiled
machine with no typos. Will the central banks be smarter about detecting it, or will the criminals
have the upper hand?
About the Author
Uri Rivner is Head of Cyber Strategy at BioCatch. Uri is recognized globally
as an industry expert on Cybercrime and advanced threats. He is a regular
speaker in the leading Security and Cyber conferences, and writes a cyber-
security blog read by thousands of professionals. Prior to joining BioCatch
Uri served as Head of New Technologies, Identity Protection at RSA.
Over the years he has worked closely with the world’s largest financial
institutions on developing solutions against online crime, Phishing and
Trojans, and helping other industry verticals establish an effective defense
doctrine against advanced cyber threats.
Uri can be reached by email at [email protected] or you can follow him on twitter,
@UriRivner. He can also be reached on the company website www.biocatch.com.
10 Cyber Warnings E-Magazine – April 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
