|
|
|
Counter-measures against Man-in-the-Browser attacks: Things to keep in mind while doing Online Bank by Sam White
|
|
|
Counter-measures against Man-in-the-Browser attacks: Things to keep in mind while doing Online Bank by SAM WHITE
|
|
Article Posted: 09/05/2013 |
Article Views: 51 |
Articles Written: 16 - MORE ARTICLES FROM THIS AUTHOR |
Word Count: 516 |
Article Votes: 0 |
|
Counter-measures against Man-in-the-Browser attacks: Things to keep in mind while doing Online Bank |
|
|
|
Science & Technology
|
|
Online banking had been a lucrative target for cyber-criminals since its advent. Nowadays, almost all banks have an online presence and most allow their customers to do online transactions. In the initial days, phishing was a very widely used method to obtain banking credentials from unsuspecting victims. Other methods included incorporating key-loggers in malware to steal banking credential. Though phishing and key-loggers is still widely in use, banks have become aware of these threats and introduced multi-factor authentication including one-time passwords to thwart such attacks. A relatively new attack which defeats such multi-factor authentication is the man-in-the-browser attack. More details of the attack can be found here. Here we will talk about some precautions that one should take while doing online banking including counter-measures against Man-in-the-Browser attacks. Description Effectiveness against MITB Why? Use strong password or passphrase which is easier for you to remember but difficult for other to guess and change them at regular intervals. Not effective MITB malware can intercept the password from Browser directly or simply wait till user is authenticated. Enable and use multi-factor authentication Not effective Ensure SSL certificates are valid and trusted (Green Lock) Not effective Basic Security Awareness, Keep OS, Browser updated. Maybe Chances of getting infected by Malware by Social Engineering attacks or Client-side exploits are lower. Using separate system for and only for Online banking Maybe Chances of getting infected by Malware is lower but it is inconvenient and requires strict discipline which is rare (even among many security experts) Use updated Anti-virus/Anti-malware Sometimes Depends on detection capability of anti-virus. Less likely to protect if the malware is new or is targeted. Hardened Browser in an USB drive Moderately effective MITB Malware has less chance to infect the browser though it is still possible using 0-day exploits. Recently there was news of one such 0-day which was used against hardened Firefox. Also this may be inconvenient for corporates as USB drives are usually disabled for security reasons. Be alert while doing Online banking and always read all transaction details and/or errors that you receive though the offline verification before proceeding with any transaction. Promptly inform your Bank if you notice any discrepancies. Moderately Effective Typically Banks that are aware of MITB attacks would send you details of your transaction though an Out-of-band channel (phone/sms). You should verify the details carefully before proceeding. Recent MITB attacks have become even smarter and suggest the victims to install malicious mobile application for online banking such that the malware can intercept and even change such Out of band messages. In a nutshell, as an end-user, you have very little options to be fully secure against Man-in-the-browser attacks and so it makes sense to do online banking only with those banks that are aware of this threat and have implemented counter-measures. In the worst case, do not use online banking at all if your Bank has not implemented any safeguards against Man-in-the-browser attack. In the next part we will list some of the security strategies that Banks can implement to safeguard their Customers. Read this interesting article that talks about some precautions that one should take while doing online banking including counter-measures against Man-in-the-Browser attacks.
Related Articles -
Man in the Browser, Safe Online Banking,
|
Rate This Article |
|
|
|
Do you Agree or Disagree? Have a Comment? POST IT!
Reader Opinions |
|
|
|
|
|
|
|
|
Author Login |
|
|
Advertiser Login
ADVERTISE HERE NOW!
Limited Time $60 Offer!
90 Days-1.5 Million Views
|
|
TIM FAY
After 60-plus years of living, I am just trying to pass down some of the information that I have lea...more
|
|
|
|
|
LAURA JEEVES
At LeadGenerators, we specialise in content-led Online Marketing Strategies for our clients in the t...more
|
|
|
|
|
ALEX BELSEY
I am the editor of QUAY Magazine, a B2B publication based in the South West of the UK. I am also the...more
|
|
|
|
|
GENE MYERS
Author of four books and two screenplays; frequent magazine contributor. I have four other books "in...more
|
|
|
|
|
SUSAN FRIESEN
Located in the lower mainland of B.C., Susan Friesen is a visionary brand strategist, entrepreneur, ...more
|
|
|
|
|
STEPHEN BYE
Steve Bye is currently a fiction writer, who published his first novel, ‘Looking Forward Through the...more
|
|
|
|
|
SHALINI MITTAL
A postgraduate in Fashion Technology. Shalini is a writer at heart! Writing for her is an expression...more
|
|
|
|
|
ADRIAN JOELE
I have been involved in nutrition and weight management for over 12 years and I like to share my kn...more
|
|
|
|
|
JAMES KENNY
James is a Research Enthusiast that focuses on the understanding of how things work and can be impro...more
|
|
|
|