Man-in-the-middle attacks on the rise

Banks and retailers increasingly targeted by fraudsters using this latest spin on a phishing scam.

Users are increasingly aware of the dangers of identity theft inherent in phishing attacks, where the user is duped into inadvertently revealing sensitive personal or financial data about themselves, which can then be used to steal the identity of the victim.

However, authentication experts at online security vendor, TriCipher are claiming that "man-in-the-middle" attacks are increasingly being used to intercept secure communications between an organisation and end user.

Advertisement - Article continues below

These phishing attacks trick the user into clicking on a link to login to an online banking or e-commerce website through a proxy site. Unlike traditional phishing techniques, the user is actually passed through to the authentic website, making it virtually impossible for even savvy users to tell that they are being scammed.

David Franklin, vice president for the Europe, Middle East and Africa told IT PRO that these sites are proliferating because they are actually easier for hackers to set up than traditional 'fake' phishing sites because they don't even have to maintain a fake website. He also said man-in-the-middle attacks defeat weak authentication methods including passwords, internet protocol (IP) geolocation, device fingerprinting, cookies and personal security images and tokens, for example.

"A lot of the attacks you hear about are just the tip of the iceberg. Banks often won't even tell an affected customer that they have been a victim of these man-in-the-middle attacks," said Franklin, adding that kits that guide cybercriminals through setting up a man-in-the-middle attack are now so popular they can be bought for as little as $500 (250) on the black market now.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

He also said "man-in-the-browser" attacks are emerging to compete in popularity with middleman threat. These attacks can even defeat the most stringent two-factor authentication measures by modifying the transaction in the browser after user authentication has taken place. He said this type of attack is set to have a dramatic impact on retailers and large and medium-sized banks in future. "Even charities are being targeted now," added Franklin.

He suggested organisations take steps to strengthen their security provision to assure two-way authentication of internet browser transactions between it and the user. The TriCipher Armored Credential System prevents criminals from stealing the user's credentials, like passwords, session cookies, passcodes. He claimed an attacker attempting to proxy traffic from someone using the system would cause the user's login to fail - and the attacker would have no access to sensitive information.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020