Cloud Based Attacks – MitB
The transition to the cloud involves new challenges as well as existing risks but more new risks related only to the cloud, an organization that goes to the cloud must be aware of the above risks because some of them are familiar and come in a different format and some new ones that are not known until now.
I called it Cloud-Based Attacks because its new risks that related to the cloud only and in some situation to the hybrid mode, some of them are application-based attacks, token-based attacks, and hybrid configuration.
In a series of articles, we will briefly understand the new risks and the new risks in the cloud.
What is the Man In The Browser attack
The first one is the Man-in-the-browser attack or Mitb.
The man-in-the-middle attack is where an attacker is able to insert himself into the communications channel between two trusting parties by compromising a Web browser used by one of the parties, for the purpose of eavesdropping, data theft and or session tampering.
Man-in-the-browser is often used by attackers to carry out various forms of financial fraud, typically by manipulating Internet Banking Services.
In order to compromise the browser, adversaries can take advantage of security vulnerabilities and manipulate inherent browser functionality to change content, modify behavior, and intercept information. Various forms of malware, most typically malware referred to as a Trojan, can be used to carry out the attack.
Unlike Man In The Middle Attack, where a third party is situated between two endpoints listening to packets for useful information, the MitB attack is about altering and adding input fields to the website you are visiting.
A malware like a Trojan is situated between your computer and the site server. Using that malware, different input fields are added to the website, asking you for your confidential information.
In some cases, it is not just a page but entire sequence of webpages arranged so that you are sure it is genuine. Since it is based on the malware reading the IP addresses, it looks okay to webmasters.
When in doubt, take a screenshot and send it to the webmasters for confirmation. You may get doubts when suddenly your bank website starts asking verification by means of credit card.
The Man In The Browser attack relies on a malware to know your destination on the Internet. Then it creates code for extra input fields and places them on the website page you visit. You may wonder if your computer is clean where the malware comes in.
The answer lies in browser extensions, patches and DOM objects. That is to say, the browser is compromised using some method or the other and is not caught by the anti-virus you are using. This is what makes it complex to detect MitB attacks.
Protect against Man In The Browser attack
Whilst MITB and web extension attacks are difficult to detect and therefore defend against, users and web providers can work together in the fight against cybercrime as it continues to evolve. Detection and protection policies from both the server-side and client-side can provide a belt and braces style protection against MITB attacks.
Server-side techniques which incorporate content security policies and reporting capabilities can be implemented in all modern browsers and operate in two modes: reporting-only mode and blocking mode. In reporting mode, violations are reported but without blocking the browser. In blocking mode, all violations are blocked by the browser and reported back to the URL.
Obfuscation techniques can be used to protect the script and make it extremely hard to remove without breaking the page functionality. Reports from these techniques collect malicious script sources to enrich a database of safe browsing. Essentially, this shows whether the user is infected and in need of anti-virus software.
On the client-side, users can bolster online security by using browsers with additional security mechanisms and by installing anti-virus software. The most secure browsers come with an in-built blacklist of malicious extensions which can be blocked once the user launches the browser.
These browsers also perform extension integrity checks against trusted extension stores such as Chrome or Opera, which helps to protect users from having their credentials exposed when an extension ID is leaked.
In situations where there are Man-in-the-browser attacks, the recommended way to detect and prevent is at the end-station level rather than the server or service being accessed. Today, EDR-based systems that are integrated with Url Protection can identify malicious links. Moreover, if there is malicious content that is downloaded to the endpoint.
Of course, at the mobile level, there are similar tools that identify and prevent malicious URL and blocking an attack from running on the mobile.
For example, the Windows Defender Exploit Guard with Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
With Lookout you can protect data from compromise, it’s now necessary to prevent employees from tapping malicious URLs that hide inside apps, in addition to SMS, messaging platforms, corporate and personal email.