Man in the Browser Attacks on Online Transactions & Prevention Strategies

This is a great Man In the Browser Attack webinar(15 min), hosted by CISO Platform and briefly points out the Risks and also Recommends Some Fixes. It is presented by the CTO at Iviz. MiTB being particularly important for banking and finance Industry.

What will you learn?

- Learn why MiTB attacks pose a high risk to online banking and why is it hard to detect
- How Man In The Browser' Attack Bypasses Banks' Two-Factor Authentication Systems
- How one can mitigate the risks of MiTB attacks

Watch the 15min Power Webinar:

(Read more:  My Key Learning While Implementing Database Security)

View Presentation/PPT:

(Read more:  Database Security Vendor Evaluation Guide)

Quick Glance:

Attack Scenarios-

  • Classic 'Man In The Middle' -Involves attacker between victim client & server, prevention->Encryption eg.SSL
  • Compromised host to gain full access of client system, prevention->Multi factor Authentication eg.Biometric
  • 'MiTB'- Deadly combination of above two, prevention->Above 2 measures fail here

Reasons of Danger-

  • Can Read- Identity,Bank Password & Balance,Credit & Debit card numbers, Session keys
  • Can Modify- Details of Transaction
  • Can change password- you can get locked out!
  • Bypasses all sort of multi-factor authentication like captcha

How to Protect as End-user-

  • Strong passwords- not effective
  • Basic security awareness, updated OS & browser, separate system for online banking- maybe effective
  • Updated Antivirus/Antimalware- sometimes helps
  • Hardened Browser in USB- Moderate security
  • Use online banking with banks who have countermeasure- High security 

Mitigation Strategy for Bank-

  • Provide hardened browser in USB with authentication mechanism eg. token
  • OTP Token with signature
  • Before transaction, Confirm transaction details with OTP
  • Fraud Detection on basis of client behavior or transaction type & amount( less effective )

(Read more: How effective is your SIEM Implementation?)

Views: 350

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

© 2019   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service