The Role of Behavioral Biometrics in Preventing Ransomware

1
The Role Biometrics Ransomware
of Behavioral in Preventing
2
Throughout the country, we are experiencing an
influx of ransomware attacks that have
drastically impacted organizations and
individuals. Credential compromise is a leading
cause of these attacks, accounting for 61 of
breaches in 2020 according to Verizon. While no
one solution can stop these attacks, adopting
solutions that enforce zero trust and continuous
authentication can help minimize threats.
Behavioral biometrics is an emerging solution
that effectively addresses credential
compromise. Attacks Caused by Credential
Compromise The Colonial Pipeline is a 2021
ransomware attack that had drastic implications
on entire regions of the USA. The Russian hacker
group, Darkside, stole 100 gigabytes of data from
the Colonial Pipeline, causing the Pipeline to
pay a 4.4 Million Ransom. Still, even with
paying the ransom, it caused a shutdown of the
pipeline that carries 2.5 million barrels of fuel
daily to a large region of the US. This region
was severely impacted by higher gas prices and
shortages at gas stations. Experts that have
examined the attack have found that it was
likely caused by a password that was leaked onto
the dark web that allowed hackers to gain access
to the organizations VPN. The account was no
longer active and was not protected by MFA. The
hacker wasnt detected by the security team until
data was already compromised. The University of
Vermont Hospital Network Attack is lesser- known
but still had a large impact. The University of
Vermont
3
Health Network was attacked in 2020 affecting 6
hospitals in Vermont and New York. They have
estimated 50 million to clean up the damage of
the attack. Those who analyzed the attack
learned that it was caused by a broad phishing
attack. An employee opened a personal email
while on vacation, causing the hacker to get
ahold of their credentials. When they logged
into the VPN when back at work, the whole system
was infected with malware. Both high-profile
attacks were caused by credential compromise. If
strong authentication solutions were
implemented, these attacks could have been
prevented, saving both organizations millions of
dollars. Assuring identity is essential for any
organization to provide a baseline of security
and to minimize the threat of ransomware. Mitigati
ng Credential-Based Attacks Multi-Factor
Authentication is one of the most common ways to
mitigate credential compromise. Upon signing in,
the tool will prompt the user to authenticate
their identity on a second device to assure the
users identity. This is an effective tool,
however, it only authenticates users at the
beginning of the day or upon initial login.
Other ways to prevent credential-based attacks
include password-less authentication, captcha,
and adaptive authentication. Continuous
authentication, including behavioral biometrics,
is a leading way to prevent credential
compromise. Behavioral biometrics utilizes unique
patterns in typing and mouse movements to
identify a user continuously.
4
Other forms of authentication such as a password
can be replicated, while behavior is unique to
each individual. DEFEND is a behavioral
biometrics solution that works to authenticate
users continuously. DEFEND runs in the
background, invisibly, to authenticate users
throughout their entire session. It will
indicate risk levels based on how typing and
mouse movements match typical behavior. If the
behavior does not match typical behavior, it
will indicate a high-risk event and alert
security teams to stop an attack from
happening. To learn more about behavioral
biometrics solutions and other ways to minimize
the threat of ransomware, visit
https//aurorait.com/defend/.