I've read that attackers have updated man-in-the-browser (MitB) attacks so that they can parse logs for information...
as opposed to receiving unparsed logs at a command & control server. What does this development mean in practical terms? Does it make the attacks more difficult to detect? How should organizations update man-in-the-browser attack prevention strategies to defend against this new style of attack?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
The updated man-in-the-browser (MitB) attacks, referred to as universal man in the browser (uMitB) by Trusteer, allow an attacker to capture any data entered into a Web browser. The new functionality operates much like a general keystroke logger and provides similar data for keystrokes entered into a Web browser.
Once all the keystrokes are captured and processed, the useful data is identified to send back to the attacker, including Social Security numbers, credit card numbers and other identification numbers. Any information about the websites where the data was entered could also be collected, allowing an attacker to gather more data that could be analyzed to identify additional websites that could be targeted with the captured credentials or access.
If an attacker is able to compromise the security of a Web browser to install MitB malware, the attacker will most likely be able to completely compromise the security of the endpoint and install a keylogger. Web browsers with sandboxing capabilities or other protections might prevent a complete compromise, which would make the new MitB attack functionality necessary to capture data on the local system. The MitB attack might be more difficult to detect, but they still most likely need to write to the local file system before injecting the malware into a running process or Web browser. Anti-malware software can look for executables injecting code into unexpected binaries.
As Trusteer states, the best way to protect an enterprise from these new attacks is to protect the endpoint from malware. That's obviously an increasingly difficult task these days, but the best general approach is to implement a defense-in-depth strategy for malware defense.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading
Cloud security providers need to play catch-up with the evolving advancements in cloud technology. Find out what the top CSPs offer today and which ... Continue Reading
Cloud security certifications serve to bolster security professionals' resumes and boost value to employers. Learn about the top certifications ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.