Why MITB attacks surpass normal protection methods

Man in the browser (MITB) attacks targets companies, governments and financial institutions on an everyday basis. The attacks are so dangerous because of its ability to hide from normal protection methods. This article explains the power of the MITB attacks – and how to protect yourself against them.

A spy that sees and manipulates your browser

Man-in-the-browser (MitB) is a malicious cyper-attack technique that involves a Trojan hooking into the browser and manipulating data before it is displayed. The trojan could be planted in any way on the user computer, but typically through fishing where attackers lures users to install malicious files on their system though fake applications and adds anywhere on the web.

When the Trojan is planted, the attacker can view everything in the browser including login information, sensitive information etc.  Further, the attacker can edit everything in the browser meaning that i.e. they can make fake popups, fake login and single-sites to fool the user to give valuable information in the hand of the attacker. These attacks are so sophisticated that a well-crafted MITB attack can fool a security expert just as easily as a an end-user. Since the content of the browser isn’t encrypted, there is nothing that stands in the way of the attacker once the trojan is planted.

The following example goes through a typicall MITB attack:

1) The user attempt to log into website eg. his/her online bank.

2) A fake application pops up and says that it needs more information for the login to succeed.

3) The user submits without clue valuable information to the attacker.

A man-in-the-browser attack happens at the presentation layer. There are no obvious indications of malicious activity; the domain is legitimate and the security certificate has not been tampered with, which all adds credibility to attacker requests and can end up fooling any user

The spy within

The MITB are so dangerous because of its ability to bypass most of the central security systems. They cannot be spotted by any SSL / TSL and other secure-trading software that financial institutes typically uses, and the security certificate is not tampered with so there will be no indication of malicious activity in the presentation layer.

Many financial institutions and companies that holds valuable information in their internal systems, have strong outer protections layers that protects the servers and systems from attacks coming from devices outside the security layer. But that does not protect against MITB that is an internal attack, since it utilize the user-computer (and the user) to steal an manipulate infomation from the the inside system. Since the browser is not encrypted in the endpoints, the attacker can view and edit everything.

Many banks have added additional layers of security for wire transfers using
notifications such as SMS texts. Though, if an attacker is able to steal users’ credentials then an
attacker may have the ability to change notification settings in the user’s bank account.

Read more                    Get in touch