The Role of
Biometrics
Ransomwa al
in
re
Behavior
Preventi
ng
Throughout the country, we are experiencing an influx of
ransomware attacks that have drastically impacted
organizations and individuals. Credential compromise is a
leading cause of these attacks, accounting for 61% of
breaches in 2020 according to Verizon. While no one
solution can stop these attacks, adopting solutions that
enforce zero trust and continuous authentication can help
minimize threats. Behavioral biometrics is an emerging
solution that effectively addresses credential compromise.
Attacks Caused by Credential Compromise
The Colonial Pipeline is a 2021 ransomware attack that
had drastic implications on entire regions of the USA. The
Russian hacker group, Darkside, stole 100 gigabytes of
data from the Colonial Pipeline, causing the Pipeline to
pay a $4.4 Million Ransom. Still, even with paying the
ransom, it caused a shutdown of the pipeline that carries
2.5 million barrels of fuel daily to a large region of the US.
This region was severely impacted by higher gas prices
and shortages at gas stations.
Experts that have
examined the attack have found that it was likely caused
by a password that was leaked onto the dark web that
allowed hackers to gain access to the organization’s VPN.
The account was no longer active and was not protected by
MFA. The hacker wasn’t detected by the security team
until data was already compromised.
The University of Vermont Hospital Network Attack is
lesserknown but still had a large impact. The
University of Vermont
Health Network was attacked in 2020 affecting 6 hospitals
in Vermont and New York. They have estimated $50
million to clean up the damage of the attack. Those who
analyzed the attack learned that it was caused by a broad
phishing attack. An employee opened a personal email
while on vacation, causing the hacker to get ahold of their
credentials. When they logged into the VPN when back at
work, the whole system was infected with malware.
Both high-profile attacks were caused by credential
compromise. If strong authentication solutions were
implemented, these attacks could have been prevented,
saving both organizations millions of dollars. Assuring
identity is essential for any organization to provide a
baseline of security
and to minimize the threat of
ransomware.
Mitigating Credential-Based Attacks
Multi-Factor Authentication is one of the most common
ways to mitigate credential compromise. Upon signing in,
the tool will prompt the user to authenticate their identity
on a second device to assure the user’s identity. This is an
effective tool, however, it only authenticates users at the
beginning of the day or upon initial login. Other ways to
prevent credential-based attacks include password-less
authentication, captcha, and
adaptive authentication.
Continuous
authentication,
including
behavioral
biometrics, is a leading way to prevent credential
compromise. Behavioral biometrics utilizes unique patterns
in typing and mouse movements to identify a user
continuously.
Other forms of authentication such as a password can be
replicated, while behavior is unique to each individual.
DEFEND is a behavioral biometrics solution that works to
authenticate users continuously. DEFEND runs in the
background, invisibly, to authenticate users throughout
their entire session. It will indicate risk levels based on how
typing and mouse movements match typical behavior. If
the behavior does not match typical behavior, it will
indicate a high-risk event and alert security teams to stop
an attack from happening.
To learn more about behavioral biometrics solutions and
other ways to minimize the threat of ransomware, visit
https://aurorait.com/defend/.