silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,210
A new form of cyberattack has been developed by researchers which is able to mimic a user's identity through their keystrokes.
The continual evolution of cyberattacks and their increasing sophistication has led to a situation where signature-based antivirus products are no longer enough.
A multi-layered approach to personal security -- including two-factor authentication (2FA) -- is slowly becoming commonplace in order to reduce our reliance on passwords alone.
The idea of verifying our identity through behavioral patterns, such as through keystrokes or mouse movements, is also being explored, but as Ben-Gurion University of the Negev (BGU) Malware Lab researchers have revealed, no single security solution is foolproof.
On Wednesday, the team said they have developed a new form of attack, dubbed Malboard, which is able to evade detection products "that are intended to continuously verify the user's identity based on personalized keystroke characteristics."
It is not just the speed of keystrokes which can be used to verify a user -- how we respond to typographical errors and whether or not we tend to mistype particular characters are behavioral elements which can be used to verify our identity, too.
In a paper published in the academic journal Computer and Security, available online, BGU showed how a compromised keyboard can be used to generate and send malicious keystrokes which mimic its victim.