Biometric security software is becoming increasingly popular, whether its fingerprint, voice, or facial recognition tools. As the tech becomes mainstream, attackers are searching ways to exploit biometric security. Kaspersky looked at computers that fall within its telemetry, essentially machines with Kaspersky security software running that also support biometric security. It found 37 percent of these PCs were targeted by malware attacks during the third quarter. Among the attack methods were spyware and remote access trojans (RATs), which attacked 5.4 percent of the machines. Next was phishing attacks with 5.1 percent of computers targeted. Ransomware (1.9 percent) and trojan bankers (1.5 percent) were next. “It should be noted that other types of malware also included malicious programs designed to steal banking data (1.5 percent). It is not likely that these malicious programs were intended for stealing biometric data,” explained Kaspersky’s analysis. “However, it can be expected that mass-distributed malware designed to steal biometric data from banks and financial systems will appear in the near future.”
Attacking Biometric Security
Danger from malware is not the only problem compromising the security of biometrics. Kaspersky found companies are not always storing biometric data securely enough considering the value of the data they access. Researchers points to biometric databases stored on application servers alongside other systems. Kaspersky says it would be more secure for biometric data to be stored on dedicated computers. “In other words, if attackers compromise, say, a mail server or a database used by the website of an organization that has a biometric authentication system, chances are that they will also find the biometric database on the same server,” said the report.