Community
As the Coronavirus outbreak spreads globally, users are beginning to change their digital behaviors. One emerging trend, not surprisingly, is an increase in the use of Remote Access.
Criminals consider RATs - Remote Access Tools - as the perfect cloaking device: it allows them to operate from within the user’s trusted device, gain access from the user’s network and regular location, and avoid detection by anti-malware tools. Fortunately, there's a tech that can help financial institutions distinguish between their legitimate customers and criminals at work.
Detecting RATs: Genuine User or Cybercriminal?
Behavioral Biometrics analyzes human interactions with devices and applications and generates highly interesting insights into digital journeys. It can spot an anomalous behavior that doesn’t match historic patterns. For example, a user normally uses the scroll bar, and now they’re using the mouse wheel to navigate. It can also highlight criminal or suspicious patterns, such as a lack of familiarity with personal data or signs of being socially engineered. Behavioral Biometrics is also very good at identifying threats such as bots or remote access attacks.
Behavioral biometrics detect RATs by analyzing user hand-eye coordination patterns: when you operate a device remotely, your hand-eye coordination is skewed and “edgy.” If you’ve ever been assisted by a helpdesk that took over your PC and you saw the mouse cursor jumping on your screen, responding to the remote support team, you’d know what this means.
If you notice Remote Access in use on a PC or mobile device, and especially if you see it for the first time in an account, it can be one of the three things:
Current Global Trends
As many of you know, I'm co-founder of behavioral biometrics company BioCatch. The BioCatch data science team has been tracking the use of remote access since the Covid19 outbreak started, and found some highly interesting trends:
Spain
In the last ten days, Spain has seen a dramatic increase in the number of Coronavirus infections and, unfortunately, casualties. Since March 10th the infection rate reached a sharp exponential curve, as seen in the chart below sourced from Worldometers.info:
As a result, emergency measures directing the population to adopt social distancing and avoid going out into any non-essential business have taken effect.
The following chart shows the level of first-time Remote Access in the online banking application of one of the top banks in Spain:
Social distancing has an immediate effect on digital user behaviors. Many people who normally access their online banking account from a secure computer – located, say, at their office – can’t do it anymore. They have to find another way to operate, and it looks like they’re now using Remote Access. A dramatic threefold increase in first-time remote access is observed in the last few days, and since most of it is not accompanied by any criminal-looking behaviors, this looks like a genuine shift in digital user behaviors rather than a massive fraud campaign. Many people in Spain are simply using remote access for the first time.
Canada
The next chart shows a similar trend in Quebec, one of the main territories of Canada. Users of one of the main regional banks have started accessing their account via Remote Access:
The number of first-time remote access cases (where remote access is observed for the first time in the account) spiked on March 12th when Quebec’s prime minister announced that the province would take more stringent measures to control the spread of the pandemic, including a ban on indoor gatherings of more than 250 people. The next day, a large number of precautionary measures began to emerge - including the cancellation of Montreal’s St. Patrick's Day parade, something that has never happened in its 196-year history. The mayor of Montreal announced the closure of public facilities such as libraries, sports facilities and swimming pools. People started practicing advanced social distancing, and this resulted in a heightened level of Remote Access into digital banking applications normally accessed directly.
United Kingdom
One country that took a different path in terms of responding to the crisis is the United Kingdom. Looking at the number of reported Coronavirus infections (source: worldometers.info), it’s as exponential as it gets:
The UK government’s response to the global outbreak, however, was extremely measured. Restrictions on travel and public gatherings were few and far between, and the country still does not display the same level of lock-down causing other countries to shift to remote work. Following the government advice, the British folk keep calm, carry on, and are far less troubled with social distancing.
Consider the following chart, showing the level of remote access in one of the top 5 UK banks:
As the chart shows, things are close to “business as usual.” There is an increase in first-time remote access over the last few weeks, but it’s linear rather than exponential, and certainly not as sharp as in other geographies. It certainly looks nothing like the chart of reported Covid-19 cases.
To summarize – using behavioral biometrics, it’s possible to monitor emerging patterns in both criminal behavior as well as genuine digital user behaviors. And it looks like in the age of Coronavirus, more and more people are moving to remote access.
So – stay safe, stick to the same battle tested measures our ancestors used for centuries during plague and virus outbreaks, and keep banking online securely!
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Nikunj Gundaniya Product manager at Digipay.guru
14 October
11 October
Priyam Ganguly Data Analyst at Hanwha Q cells America Inc
Fang Yu Co-Founder and Chief Product Officer at DataVisor
09 October
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.