In the October Online Fraud Report released by RSA, the company highlighted the increase of man-in-the-browser (MITB) and brand attacks.
MITB attacks is designed to intercept and manipulate data when it passes over a secure communication between a user and an online application, such as those used in consumer and corporate banking. The MITB Trojan embeds in a user’s browser application and can be programmed to trigger when a user accesses specific sites, such as online banking.
MITB attacks are being conducted using a number of Trojan families including Zeus, Adrenaline, Sinowal and Silent Banker. Because the Trojan is embedded in the browser during the attack, it is extremely difficult for users or the server to detect anything as it seems like a legitimate transaction on both ends.
The attacks are increasing around the globe, especially among banks as they deploy two-factor authentication for their online banking users.
New Zealand also ended up in the top ten country list of brand attacks launched in October.