The Role of
Biometrics
in
Ransomware
Behavioral
Preventing
Throughout the country, we are experiencing an influx of
ransomware attacks that have drastically impacted
organizations and individuals. Credential compromise is a
leading cause of these attacks, accounting for 61% of breaches
in 2020 according to Verizon. While no one solution can stop
these attacks, adopting solutions that enforce zero trust and
continuous authentication can help minimize threats.
Behavioral biometrics is an emerging solution that effectively
addresses credential compromise.
Attacks Caused by Credential Compromise
The Colonial Pipeline is a 2021 ransomware attack that had
drastic implications on entire regions of the USA. The Russian
hacker group, Darkside, stole 100 gigabytes of data from the
Colonial Pipeline, causing the Pipeline to pay a $4.4 Million
Ransom. Still, even with paying the ransom, it caused a
shutdown of the pipeline that carries 2.5 million barrels of fuel
daily to a large region of the US. This region was severely
impacted by higher gas prices and shortages at gas stations.
Experts that have examined the attack have found that it was
likely caused by a password that was leaked onto the dark web
that allowed hackers to gain access to the organization’s VPN.
The account was no longer active and was not protected by MFA.
The hacker wasn’t detected by the security team until data was
already compromised.
The University of Vermont Hospital Network Attack is lesserknown but still had a large impact. The University of Vermont
Health Network was attacked in 2020 affecting 6 hospitals in
Vermont and New York. They have estimated $50 million to
clean up the damage of the attack. Those who analyzed the
attack learned that it was caused by a broad phishing attack. An
employee opened a personal email while on vacation, causing
the hacker to get ahold of their credentials. When they logged
into the VPN when back at work, the whole system was infected
with malware.
Both high-profile attacks were caused by credential
compromise. If strong authentication solutions were
implemented, these attacks could have been prevented, saving
both organizations millions of dollars. Assuring identity is
essential for any organization to provide a baseline of security
and to minimize the threat of ransomware.
Mitigating Credential-Based Attacks
Multi-Factor Authentication is one of the most common ways to
mitigate credential compromise. Upon signing in, the tool will
prompt the user to authenticate their identity on a second
device to assure the user’s identity. This is an effective tool,
however, it only authenticates users at the beginning of the day
or upon initial login. Other ways to prevent credential-based
attacks include password-less authentication, captcha, and
adaptive authentication. Continuous authentication, including
behavioral biometrics, is a leading way to prevent credential
compromise. Behavioral biometrics utilizes unique patterns in
typing and mouse movements to identify a user continuously.
Other forms of authentication such as a password can be
replicated, while behavior is unique to each individual.
DEFEND is a behavioral biometrics solution that works to
authenticate users continuously. DEFEND runs in the
background, invisibly, to authenticate users throughout their
entire session. It will indicate risk levels based on how typing and
mouse movements match typical behavior. If the behavior does
not match typical behavior, it will indicate a high-risk event and
alert security teams to stop an attack from happening.
To learn more about behavioral biometrics solutions and other
ways to minimize the threat of ransomware, visit
https://aurorait.com/defend/.