Principles Of Information Security Analysis Essay Example

pertains to the web browser.

Despite the popularity of MITM attacks, attackers are increasingly favoring MITB attacks. This is because banks can use session IDs to identify and detect MITM attacks. Session IDs allow banks to analyze and determine if there has been any malicious activity during a transaction, enabling them to detect fraudulent attempts and cancel them. To achieve this, banks assign a unique ID to the customer's device and use algorithms to analyze and link multiple user sessions where banking activities are typically performed (Eisen, 2012). Unlike MITM attacks, MITB attacks are much more deceptive as they fully take control of the user's website and manipulate the browser while the user remains unaware.

According to Trusteer (2013), in this scenario, the attackers secretly manipulate web views and account balances. They can also divert sensitive traffic to their own system after the user logs in, while maintaining the original SSL/TLS protections.

MITB

MITB attacks often target users due to browser security issues. In these attacks, malware is typically disguised as browser extensions, which exploit vulnerabilities. Browser extensions are commonly seen as useful software that enhances user experience but can actually be malicious code or software - known as Trojans. Browser extensions can take the form of plugins, Browser Helper Objects (BHO), JavaScript, and add-on features.

BHOs, also known as Browser Helper Objects, are typically used to enhance a browser's functionality. These can potentially be created by individuals with programming skills, including attackers. The issue with BHOs lies in their ability to evade detection from antivirus software, rendering them undetectable. During a MITMB (Man-in-the-middle) attack, BHOs are employed to modify websites by adding or removing fields. Additionally, they can insert

registry entries and automatically load during system booting (Utakrit, 2009).

Grease Monkey, a popular Chrome add-on, enables users to modify website appearance and remove ads. Although this JavaScript is not harmful, it shares the same approach as malicious JavaScript applets. The concern with add-ons is that they can effortlessly monitor and access users' information whenever desired. Some security experts have considered SSL as a potential solution against MITB attacks, but its effectiveness has been proven ineffective.

The reason for this is that the attacker injects or gives the user a Trojan which carries out malicious activities directly inside the browser. Therefore, no suspicious activity is detected.

MITM

MITM attacks are less common as security professionals have learned ways to mitigate the attacks that use this method. It is also widely known as session hijacking. In this case, the attacker usually seeks vulnerable hotspots or networks. The attacker would usually direct the victim to a fake login page of a website (perhaps a phished page) and then obtain the credentials as soon as they are authenticated.

The account can be accessed by the attacker effortlessly, enabling them to carry out unauthorized activities like withdrawing funds or conducting transactions. Even security measures such as OTP (One-Time Password) are ineffective in thwarting this attack since the attacker can deceitfully acquire and utilize the temporary password during its designated timeframe. The primary issue with this attack lies in the user's inability to verify the requester's identity, rendering even two-step verification susceptible.

Protective measures

The Security Triad, which is a vital principle for experts in the field, comprises three essential elements: Confidentiality (preventing unauthorized access or viewing of data or systems), Availability (ensuring system or data accessibility

when required), and Integrity (preserving data or system reliability and authenticity). In transaction contexts, maintaining integrity is crucial.

Banks and financial institutions must ensure the maintenance of integrity by implementing controls, also known as countermeasures.

User Protection Strategies and Controls

MITB

To minimize these attacks, both users and banks need to have knowledge of the risks. Users can take precautions such as installing antivirus software, although its effectiveness depends on the detection capability and can only reduce the chances of an attack.

Secondly, a USB drive with a hardened browser can be used for moderate protection. Thirdly, online banking should only be done with banks that are aware of these threats and have implemented countermeasures. Ultimately, there will always be risks and threats involved in any banking procedure unless online banking is completely avoided.

Mitigation for Banks

MITB

As mentioned earlier, attackers have also learned how to compromise two-step authentication, as well as captcha and other security measures. The malware can wait for the user to authenticate themselves and intercept and modify responses when SSL or encryption is used.

Moderate protection may be provided by the bank itself through the provision of Hardened Browsers on USBs. These browsers contain cryptographic smart tokens for authentication, and are more resistant to infection. In addition, an OTP token with a signature could be employed, requiring the user to re-enter transaction details to the OTP device, which generates a signature based on the information. This ensures that any alteration made by a MITB would result in

a mismatch. However, this method can be inconvenient for users. Fraud detection techniques based on transaction type and amount are sometimes effective, and certain banks even contact the client for verification in cases of abnormal transactions. User profiling can also be utilized as a security measure.