The Role of Biometrics Ransomwa al in re Behavior Preventi ng Throughout the country, we are experiencing an influx of ransomware attacks that have drastically impacted organizations and individuals. Credential compromise is a leading cause of these attacks, accounting for 61% of breaches in 2020 according to Verizon. While no one solution can stop these attacks, adopting solutions that enforce zero trust and continuous authentication can help minimize threats. Behavioral biometrics is an emerging solution that effectively addresses credential compromise. Attacks Caused by Credential Compromise The Colonial Pipeline is a 2021 ransomware attack that had drastic implications on entire regions of the USA. The Russian hacker group, Darkside, stole 100 gigabytes of data from the Colonial Pipeline, causing the Pipeline to pay a $4.4 Million Ransom. Still, even with paying the ransom, it caused a shutdown of the pipeline that carries 2.5 million barrels of fuel daily to a large region of the US. This region was severely impacted by higher gas prices and shortages at gas stations. Experts that have examined the attack have found that it was likely caused by a password that was leaked onto the dark web that allowed hackers to gain access to the organization’s VPN. The account was no longer active and was not protected by MFA. The hacker wasn’t detected by the security team until data was already compromised. The University of Vermont Hospital Network Attack is lesserknown but still had a large impact. The University of Vermont Health Network was attacked in 2020 affecting 6 hospitals in Vermont and New York. They have estimated $50 million to clean up the damage of the attack. Those who analyzed the attack learned that it was caused by a broad phishing attack. An employee opened a personal email while on vacation, causing the hacker to get ahold of their credentials. When they logged into the VPN when back at work, the whole system was infected with malware. Both high-profile attacks were caused by credential compromise. If strong authentication solutions were implemented, these attacks could have been prevented, saving both organizations millions of dollars. Assuring identity is essential for any organization to provide a baseline of security and to minimize the threat of ransomware. Mitigating Credential-Based Attacks Multi-Factor Authentication is one of the most common ways to mitigate credential compromise. Upon signing in, the tool will prompt the user to authenticate their identity on a second device to assure the user’s identity. This is an effective tool, however, it only authenticates users at the beginning of the day or upon initial login. Other ways to prevent credential-based attacks include password-less authentication, captcha, and adaptive authentication. Continuous authentication, including behavioral biometrics, is a leading way to prevent credential compromise. Behavioral biometrics utilizes unique patterns in typing and mouse movements to identify a user continuously. Other forms of authentication such as a password can be replicated, while behavior is unique to each individual. DEFEND is a behavioral biometrics solution that works to authenticate users continuously. DEFEND runs in the background, invisibly, to authenticate users throughout their entire session. It will indicate risk levels based on how typing and mouse movements match typical behavior. If the behavior does not match typical behavior, it will indicate a high-risk event and alert security teams to stop an attack from happening. To learn more about behavioral biometrics solutions and other ways to minimize the threat of ransomware, visit https://aurorait.com/defend/.