According to a new report from Kaspersky, in the third quarter of 2019, more than a third of the systems that process biometric data were affected by at least one malware infection.
Biometrics is supposed to provide a safer and easier way to protect sensitive data. Using your fingerprint, face or voice to log into an account or retrieve personal information is considered a better and more secure option than juggling a series of passwords. Authentication based on biometrics is used to gain access to government and commercial offices, industrial automation systems, corporate computers, personal laptops and mobile phones.
But what about the computers that collect, process and store biometric data? Are they safe, and if not, how can you better protect those systems? A study released by Kaspersky on Wednesday describes how malware has affected servers and workstations with biometric data and offers advice on how these computers can be protected.
SEE: Special report: a winning strategy for cyber security (free PDF) (TechRepublic)
Looking at the first nine months of 2019, Kaspersky ICS CERT experts investigated cyberheats focused on computers used to collect, process, and store biometric data. In particular, the computers analyzed were those on which Kaspersky security products were running so that the company could fully investigate them.
Only in the third quarter, about 37% of the computers in the study were affected by at least one malware infection, all of which were blocked by Kaspersky software. More specifically, 5.4% of the threats detected and blocked were modern remote access trojans, 5.1% were used for phishing attacks, 1.9% were ransomware and 1.5% were trojan bankers (Figure A).
Figure A
Kaspersky
The internet emerged as the main source for the malware attacks, accounting for 14.4% of the infections analyzed and blocked by Kaspersky. Such attacks included threats on malicious and phishing websites and internet-based e-mail services.
Removable media was then the culprit in 8% of the detected attacks, mostly used to spread worms. After they hit a computer, worms can download spyware, remote Trojan horses and ransomware.
Email threats are in third place, accounting for 6.1% of the attacks in this scenario. In most cases, these were the usual phishing emails with false messages about the delivery of goods and services or the payment of invoices. The messages contain links to malicious websites or attached Microsoft Office documents with malicious code.
“Our research shows that the current situation with biometric data security is crucial and should be brought to the attention of industry and government, the community of information security experts and the general public”, Kirill Kruglov, senior security expert at Kaspersky ICS CERT, said in a press release. “Although we believe that our customers are cautious, we must emphasize that infection caused by the malware that we have detected and prevented may adversely affect the integrity and confidentiality of biometric processing systems. This is particularly the case for databases where biometric data is stored, if those systems were not protected. “
To help organizations better protect computers that process biometric data, Kaspersky offers the following recommendations:
1) Minimize the exposure of biometric systems to the internet and internet-related threats. Ideally, such systems should be part of an air gap infrastructure, which means that there is no connection (wired or wireless) to the internet and no connection to other systems that connect to the internet. Cyber security must have the highest priority when new systems such as these are designed and implemented.
2) Ensure that the highest cyber security requirements are applied to the biometric systems. This recommendation includes the following measures:
- Train operational staff extensively to resist potential cyber attacks.
- Ensure that all necessary cyber security checks are in place.
- Hire a dedicated team of highly skilled security experts to keep track of infrastructure security.
- Perform regular security audits to identify and eliminate potential vulnerabilities.
- Ensure that the current strategic and tactical threat information is constantly provided to the cyber security team.
Cyber Security Insider Newsletter
Strengthen the IT security of your organization by staying up to date with the latest news, solutions and best practices for cyber security.
Delivered on Tuesday and Thursday
Register today
Also see
Image: outline205, Getty Images / iStockphoto