As MitM attacks have evolved, attackers have developed new social engineering tactics, using malware to capture and manipulate personal information relayed between two parties. A MitB attack is of this very nature and is designed to intercept data as it passes over a secure communication taking place through the browser between a user and an online application. A Trojan is embedded in a user’s browser application and can be programmed to trigger when a user accesses specific online sites, for example an online banking site. Once activated, a man-in-the-browser Trojan can intercept and manipulate, on-the-fly, any information a user submits online to the banking application. The information being manipulated could be the amount of money being transferred or the accounts between which it is being transferred; all without the knowledge of the end user or banking counterpart, who both see the transaction as mutually approved. This makes this type of attack very pervasive as it proliferates through the Internet, with devastating effects for the end users, as well as the financial institutions.
Find out about the most effective defense against MitB attacks.