Presentation is loading. Please wait.

Presentation is loading. Please wait.

Millions of Dollars Lost. MAN IN THE BROWSER. TABLE OF CONTENTS Introduction Brief Examples of Man in the middle Defining MitB From Infection to Pay Day.

Published bySherilyn Cameron Modified over 8 years ago

Similar presentations

Presentation on theme: "Millions of Dollars Lost. MAN IN THE BROWSER. TABLE OF CONTENTS Introduction Brief Examples of Man in the middle Defining MitB From Infection to Pay Day."— Presentation transcript:

1 Millions of Dollars Lost. MAN IN THE BROWSER

2 TABLE OF CONTENTS Introduction Brief Examples of Man in the middle Defining MitB From Infection to Pay Day Examples and Effects of MitB Attacks Solutions – What Works vs. What Does Not Conclusion

3 MAN IN THE MIDDLE VS. MAN IN THE BROWSER Man in the Middle - There is a MitM that intercepts a communication between two systems who can then modify information being sent to both parties (client and server). “Solved Problem from a banking perspective but still a problem” - Gunter Ollamn The Man’s Primary Target: Money

4 MAN IN THE MIDDLE

5 MAN IN THE MIDDLE VS. MAN IN THE BROWSER “Man-in-the-Browser is a form of Internet Threat related to Man-in-the-Middle (MitM), it’s a Trojan (sometimes called proxy Trojans) that infects a web browser and has the ability to modify pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host application.” - (OWASP)

6 FROM INFECTION TO PAYDAY Trojan Infects the software, either by Operating system or Application Trojans installs itself into browser configuration User starts the browser The malware waits for a trigger (Browser to load a page in a list of known sites to attack) When triggered the MitB extracts all data from DOM User then starts a transaction to send to the server

7 FROM INFECTION TO PAYDAY Then MitB then modifies the values and tells the browser to submit to server The server then processes the form and generates a receipt The MitB detects the receipt and replaces the modified data with the users original data Browser displays modified receipt with original data that it saved earlier User is fooled.

8 FROM INFECTION TO PAYDAY

9 EXAMPLES AND EFFECTS Assume you’re the consumer and you process a transaction via PayPal and get attacked. Going through the steps shown previously, If the user does not catch the changes to the web page, or the attack occurs behind the scenes as a separate transaction what happens next. Getting your money back? Trojans(MitB): Zues, Zbot, Adrenaline, Sinowal and Silentbanker Purchasing Zeus toolkits: $700 to $4000USD for newest version

10 SECURITY METHODS INEFFECTIVE AGAINST MITB Username password Biometrics Gift Card Mutual Authentication OTP Token Smart card, Digital certificates Anti-Virus or Anti-malware applications ( Maybe ) IP-Geolocation (Passive safeguard) Device Profiling (Passive safeguard)

11 EFFECTIVE SOLUTIONS AGAINST MITB Separate corporate computer solely used for online banking Hardened Browser on a USB drive OTP token with signature utilizing Out of Band (OOB) Fraud detection that monitors user behavior

12 CONCLUSION Briefly explained the Man in the middle Explained Man in the browser Steps from infection to pay day Some Examples and effects Ineffective solutions and passive guards Effective solutions and passive guards

13 REFERENCES http://www.net-security.org/secworld.php?id=10154 http://www.bankinfosecurity.com/articles.php?art_id=3228 http://www2.futureware.at/svn/sourcerer/CAcert/SecureClient.pd f http://www2.futureware.at/svn/sourcerer/CAcert/SecureClient.pd f http://www.owasp.org/index.php/Man-in-the-browser_attack http://docs.bankinfosecurity.com/files/whitepapers/pdf/315_WP_ MITB_March2010.pdf http://docs.bankinfosecurity.com/files/whitepapers/pdf/315_WP_ MITB_March2010.pdf http://www.rsa.com/node.aspx?id=1331

14 REFERENCES http://www.tricipher.com/threats/man_in_the_browser.html http://threatpost.com/en_us/blogs/man-browser-inside-zeus- trojan-021910 http://threatpost.com/en_us/blogs/man-browser-inside-zeus- trojan-021910 http://www.net-security.org/malware_news.php?id=1600 OWASP Gunter Ollamn: http://video.google.com/videoplay?docid=304186109429633154 9&hl=en# http://video.google.com/videoplay?docid=304186109429633154 9&hl=en# http://www.americanbanker.com/btn_issues/23_9/a-man-in-the- browser-shield-for-corporates-1024778-1.html http://www.americanbanker.com/btn_issues/23_9/a-man-in-the- browser-shield-for-corporates-1024778-1.html

15 QUESTIONS?

Download ppt "Millions of Dollars Lost. MAN IN THE BROWSER. TABLE OF CONTENTS Introduction Brief Examples of Man in the middle Defining MitB From Infection to Pay Day."

Similar presentations

The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.

The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.

EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.
Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.

Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
OPSEC Awareness Briefing Man-In-The-Middle Attacks (MITM)

OPSEC Awareness Briefing Man-In-The-Middle Attacks (MITM)
#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.

#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.

1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Similar presentations

Ads by Google