Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Trusteer Identifies Universal Man-in-the-Browser Attack Technique

    By
    Brian Prince
    -
    October 4, 2012
    Share
    Facebook
    Twitter
    Linkedin

      Researchers at security firm Trusteer have observed a new form of man-in-the-browser attack that makes stealing credit cards and other information easier for cyber-criminals.

      The firm has dubbed the attack “universal man-in-the-browser” (uMitB). Its draw is that it enables hackers to collect data submitted to all Websites without the need for post-processing.

      “Traditional MitB attacks typically collect data (log-in credentials, credit card numbers, etc.) entered by the victim in a specific Website,” Amit Klein, CTO of Trusteer, explained in a blog post. “Additionally, MitB malware may collect all data entered by the victim into Websites, but it requires post-processing by the fraudster to parse the logs and extract the valuable data.”

      In contrast, uMitB does not target a specific, predefined Website. Instead, Klein continued, it collects data entered into the browser at all Websites and uses generic real-time logic on the form submissions to perform the equivalent of post-processing. The data stolen by the uMitB malware is then stored in a portal where it is organized and sold in the cyber-underground.

      The ability to cut down on data parsing by attackers is significant for them, according to the company. George Tubin, senior security strategist for Trusteer, noted that MitB attacks often collect all log information from a user’s browser session.

      “The log files have a massive amount of information, including account credentials, credit card information and other payments data,” he told eWEEK. “Criminals have to parse through all the logs to cull out what might be useful for selling on the underground market. This is painstaking, which is why some criminals just sell the raw logs.”

      uMitB attacks, however, recognize form fields on any site visited by an infected user, such as those for names, addresses or credit card information, he said. This eliminates post-processing and collects the data in real time, he explained.

      “As a result, uMitB makes stolen credit card numbers much more valuable on the underground market because they go stale quickly,” Tubin noted. Stolen credit card numbers sell for 40 to 80 cents U.S. each on the black market, according to Symantec researchers.

      The technique could be used to swipe other credentials too. In August, Trusteer uncovered a man-in-the-browser attack targeting the VPN credentials of employees at an airport in order to gain access to internal airport applications.

      Trusteer first spotted the technique in late August, and has been keeping an eye on it since. So far, the attack is in the early stages of propagation, Tubin said. The malware being used in the attacks is being delivered the same way as Zeus and SpyEye configurations are normally delivered–through phishing emails and drive-by download attacks that exploit unpatched browser vulnerabilities, he said.

      “As always,” Klein blogged, “the best protection against financial fraud attacks that use uMitB, MitB, man-in-the-middle, etc., is to secure the endpoint against the root cause of these problems–malware.”

      Brian Prince
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×