This is a great Man In the Browser Attack webinar(15 min), hosted by CISO Platform and briefly points out the Risks and also Recommends Some Fixes. It is presented by the CTO at Iviz. MiTB being particularly important for banking and finance Industry.
What will you learn?
- Learn why MiTB attacks pose a high risk to online banking and why is it hard to detect
- How Man In The Browser' Attack Bypasses Banks' Two-Factor Authentication Systems
- How one can mitigate the risks of MiTB attacks
Watch the 15min Power Webinar:
(Read more: My Key Learning While Implementing Database Security)
View Presentation/PPT:
(Read more: Database Security Vendor Evaluation Guide)
Quick Glance:
Attack Scenarios-
- Classic 'Man In The Middle' -Involves attacker between victim client & server, prevention->Encryption eg.SSL
- Compromised host to gain full access of client system, prevention->Multi factor Authentication eg.Biometric
- 'MiTB'- Deadly combination of above two, prevention->Above 2 measures fail here
Reasons of Danger-
- Can Read- Identity,Bank Password & Balance,Credit & Debit card numbers, Session keys
- Can Modify- Details of Transaction
- Can change password- you can get locked out!
- Bypasses all sort of multi-factor authentication like captcha
How to Protect as End-user-
- Strong passwords- not effective
- Basic security awareness, updated OS & browser, separate system for online banking- maybe effective
- Updated Antivirus/Antimalware- sometimes helps
- Hardened Browser in USB- Moderate security
- Use online banking with banks who have countermeasure- High security
Mitigation Strategy for Bank-
- Provide hardened browser in USB with authentication mechanism eg. token
- OTP Token with signature
- Before transaction, Confirm transaction details with OTP
- Fraud Detection on basis of client behavior or transaction type & amount( less effective )
(Read more: How effective is your SIEM Implementation?)
Comments