I've read that attackers have updated man-in-the-browser (MitB) attacks so that they can parse logs for information...
as opposed to receiving unparsed logs at a command & control server. What does this development mean in practical terms? Does it make the attacks more difficult to detect? How should organizations update man-in-the-browser attack prevention strategies to defend against this new style of attack?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
The updated man-in-the-browser (MitB) attacks, referred to as universal man in the browser (uMitB) by Trusteer, allow an attacker to capture any data entered into a Web browser. The new functionality operates much like a general keystroke logger and provides similar data for keystrokes entered into a Web browser.
Once all the keystrokes are captured and processed, the useful data is identified to send back to the attacker, including Social Security numbers, credit card numbers and other identification numbers. Any information about the websites where the data was entered could also be collected, allowing an attacker to gather more data that could be analyzed to identify additional websites that could be targeted with the captured credentials or access.
If an attacker is able to compromise the security of a Web browser to install MitB malware, the attacker will most likely be able to completely compromise the security of the endpoint and install a keylogger. Web browsers with sandboxing capabilities or other protections might prevent a complete compromise, which would make the new MitB attack functionality necessary to capture data on the local system. The MitB attack might be more difficult to detect, but they still most likely need to write to the local file system before injecting the malware into a running process or Web browser. Anti-malware software can look for executables injecting code into unexpected binaries.
As Trusteer states, the best way to protect an enterprise from these new attacks is to protect the endpoint from malware. That's obviously an increasingly difficult task these days, but the best general approach is to implement a defense-in-depth strategy for malware defense.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Enterprises have many options for email security best practices, ranging from deploying email security protocols to educating end users on the ... Continue Reading
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.