MITRE ATT&CK: Man-in-the-browser

Introduction

Web browsing is a well-known cause of exposure to a variety of nasty pieces of malware and related maladies for web surfers. This is especially true if they are using pre-infected or otherwise compromised systems. 

One lesser-known but dangerous malady is known as the man-in-the-browser attack (MITB). This attack can result in the loss of personal, sensitive information at the very least and could escalate to include major financial theft and more. 

This article will detail the MITB attack which appears in the MITRE ATT&CK matrix, and will explore what MITB is, a little about how it works, the different approaches to MITB, how to mitigate MITB and problems associated with detecting MITB. 

What is MITRE ATT&CK?

MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base — including cybersecurity.

Sponsorships Available

Sponsorships Available

Sponsorships Available

To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based upon real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for the cybersecurity product/service community, the private sector and government use. 

A little about man-in-the-browser

If you are thinking MITB sounds like the infamous man-in-the-middle attack (MITM), you are on the right track. As a matter of fact, MITB takes the same approach to attacks that MITM takes. 

In a MITB attack, attackers take advantage of both existing security vulnerabilities and the browser’s inbuilt functionality to modify behavior, intercept information and change content. The end result of this can range from eavesdropping to full on data theft that causes financial losses. MITB attacks are typically involved with (Read more...)