January 10, 2019
How Contextual Fraud Prevention Can Turn Banks into RAT (Remote Access Trojan) Catchers
Posted October 22, 2015
In the never-ending arms race that is cyber security and fraud prevention, criminals have a secret weapon: the Remote Access Trojan (RAT). RATs can enable even fraudsters with minimal technical know-how to take over a victim’s device or machine and transfer money out of their account. This is done under the radar of traditional security measures, so that the transactions appear legitimate to banks. It’s a problem that’s only going to get worse, costing financial institutions significant sums as they are forced to reimburse affected customers and battle with potential reputation damage.
Banks need to seek out more sophisticated contextual fraud prevention products, which monitor device, behavior and identity information to spot those all-important RAT fraud patterns
The problem with RATs
Remote Access Trojans are sneaky. They’re designed specifically to stay hidden on an infected machine for as long as possible, monitoring the browsing behavior of their target and stealing sensitive information. When it comes to online banking they could either allow a remote attacker to access an open session, or create a new one with stolen, but legitimate, credentials. They have no virus signature for traditional AV tools to track and can easily slip under the radar of basic security products searching for automated scripts or BOTs.
What does this mean? It means that banks are flying blind: unable to spot fraudulent transactions made possible by this stealthy new breed of malware. This is bad news for their bottom line, and its bad news for maintaining long-term customer relationships.
The future’s context-based
The way to tackle this modern menace is by taking a more holistic approach to fraud prevention. It requires a four-pronged plan of action:
- Identify contextual patterns relating to RAT attacks by analyzing device and transaction data and transaction context
- Work out what trusted consumer behavior looks like via historical transactions
- Set and refine policies to spot RAT fraud attack patterns, without triggering false positives
- Employ adaptive analytics which learn to future proof fraud prevention
This is exactly what we were able to achieve with a leading European bank recently, spotting and blocking RAT-flavored transactions without causing any additional user friction. The bank was able to leverage the ThreatMetrix Digital Identity Network, which monitors over one billion transactions each month globally in order to more accurately identify fraudulent activity.
Uncovering cross-industry, cross-business, cross-geography attack signatures can help root out Bots, hidden VPNs and proxies- enabling us to uncover the true IP address and geolocation of an attacker. And continuous cataloguing of all the activities relating to a device, account or persona, builds up stunningly accurate behavior profiles.
As a result this European bank was able to:
- Identify the source of disputed fraudulent transactions
- Detect and significantly reduce RAT fraud
- Tackle the fraud without damaging customer experience with additional security checks
- Restore customer trust and reduce customer calls
£20 million online banking heist
It’s not just RATs financial institutions have to worry about today. Banking malware can have a similarly chilling effect on fraud levels – enabling remote, anonymous attackers to masquerade as legitimate users and siphon off their funds. Last week the National Crime Agency claimed one cybercrime group had managed to steal as much as £20 million from UK bank accounts, infecting thousands of customers in the process.
Banks simply can’t rely on their customers being cyber savvy enough to spot the warning signs of a RAT-based attack. Nor can they assume that end users have done the right thing and kept their computers up-to-date with the latest patches and security software. If they want to reduce fraud losses and protect their reputation in what is an increasingly competitive and unforgiving industry, they need to look beyond log-ins to verify customers. It’s time to get proactive and look at advanced context-based authentication.