A man-in-the-browser attack happens while a fraudster installs a Trojan on a user’s computer that has the capacity of interrupting and interacting with the user’s online transactions in real-time.
In phishing attack, where the user is redirected to a fake website, most of time this happens by clicking on a link in an e-mail. A man-in-the browser attack occurs simply when the user enters a URL into their browser - mainly of being triggered by a prompt such as an e-mail or other notification.
MitB works like session-hijacking, in which the routing out of funds happens in real-time, and is not concentrated only on stealing credentials such as an online banking username/password or credit card number to use later. A man-in-the-browser attack is a sort of man-in-the-middle attack; however it is done in the browser and it is closer to the user not on the traffic stream. A man-in-the-browser attack is very hard to detect and prevent, for the reason that the action is in fact going on in the user’s machine.
For example, if the customer is trying to make a transfer to an account, the malware might alter the end user account number to the fraudsters account number, and then altering the amount. Likewise, once the bank supports that the transfer has happened; the malware has the capability to change what is viewed by the customer, assuming that their preferred transaction has been carried out.
On the whole, malwares are obtained which permits the fraudsters to simply arrange the software to attack specific banks. The attacker gets these configuration files from some website so to quickly update the newly added banks. One such malware package is called SilentBanker, which had the capability of attacking more than 400 bank websites worldwide. It had a special feature to avoid two-factor authentication. It had the capability to perform both MitM attacks and MitB attack.
The MitB attack is even much more difficult to protect against than MitM. Because the network connection is not being interfered with all the way, the website address and certificate will be exact. Fraud detection systems are also in a weak position. From the bank’s point of view, the customer is visiting from their usual computer and by means of their normal Internet connection. As with MitM, as MitB attacks occur in real time, tokens and mutual authentication can be avoided, because the fraudster has full control over the customer’s computer.
No comments:
Post a Comment