Banking Trojan Emotet Successor
Use behavior-based authentication
Statement by Ingo Deutschmann, SVP Engineering at BehavioSec
Ingo Deutschmann, SVP Engineering at BehavioSec
The banking Trojan Qakbot has been making headlines for weeks according to the motto “King Emotet is dead, long live Qakbot”. Formerly reloaded as part of Emotet’s wider malware range, the former banking Trojan is now the starting point for many other malware. Since 2007, the malware has been haunting the Internet and is constantly evolving to find new victims. Like so many other banking Trojans, it is simply transmitted via phishing e-mail. The subject lines are based on current topics that should attract attention and tempt victims to “click”.
The malware has become increasingly clever over the years, so that it now detects whether it is running in a sandbox-like environment or on a real system. In the latter case, it activates itself and contacts the C&C servers to steal and transmit data. Above all, the banking Trojan should also intercept credentials such as the username and password. And this is exactly where many traditional security mechanisms fail. They usually require these credentials and even with two-factor authentication, scammers might try to intercept the session key and be faster than the duped user.
Instead, the responsible security experts should use modern authentication solutions that do not rely on simple credentials, but on behavior-based authentication. Solutions that detect and evaluate the user’s typing behavior and then allow him access to his desired online banking account cannot be tricked by automated malware. The software would immediately recognize how the password is entered and deny access if it is simply copied in, which is what malware bots do. The typing behavior cannot be imitated and this is precisely where the strength of behavior-based authentication via entering the password lies: The method, which is oriented to the typing behavior, continuously authenticates the user without the user noticing. Due to the currently frequently used second factors such as PIN codes, SMS and Co., the user-friendliness is significantly reduced in many cases, since the user is forced to enter his password, his TAN or his fingerprint in seconds. This often leads to the user canceling a transaction that has started.
When authenticating by typing behavior, no TAN lists or authentication devices need to be carried. The way in which a password is entered individually by a person in each case is inimitable and therefore cannot be imitated. This leads to a high level of security and at the same time ensures an improved user experience. Thanks to behavior-based authentication via entering the password, banking Trojans such as Qakbot have little chance of causing damage outside the bank network in the future.