Man-in-the-Middle Attacks Getting Bigger
The retailers and bankers are at risk of attacks by fraudsters who use the new phishing scam 'man in the middle'. Security researchers have revealed a phishing scam with two of the rival criminal firms associated to a couple of the developed malware toolkits currently in use.
It appears that cyber crime has existed since always. Further, it is a new trend that banks and retailers interact frequently to adjust their tactics in order to escape hacking.
Moreover, the users are quite familiar about the risks involved in phishing attacks, where the user is cheated and discloses confidential data, which is ultimately used for identity theft.
However, authentication expert at online security vendor, Tricipher says that "man-in-the-middle' attacks are increasingly used to authenticate the communications between an organization and end user.
According to the news by IT.pro.co.uk on July 6, 2007, vice president for Europe, Middle East and Asia, David Franklin said that such sites were rapidly increasing. Mainly, because unlike the traditional 'fake' phishing sites they were comparatively easier to create, as they there's no need to develop an illegal website.
Franklin added that man-in-the-middle attacks defeat weak authentication devices comprising of Internet Protocol (IP) geolocation, passwords, device fingerprinting, personal security images and token, cookies, and other developed techniques.
As per the news reported by IT.pro.co.uk on July 6, 2007, Franklin sees these attacks only as the tip of the iceberg because most of the banks don't even notify the infected users that they have been victimized by these man-in-the-middle attacks.
These rival assault kits are called the instances of strides that the criminals have been making in making high-end software, which make detection further difficult.
It also logs comprehensive information regarding the PCs it attacks, comprising of the attacked machines' IP addresses.
According to Franklin, "man-in-the-browser" attacks are competing with middleman threat. This attack can defeat the two-factor measures of authentication by changing the transaction in the browser after user authentication has taken place.
Related article: Man Sues and Wins against ISP for Spamming Mail
» SPAMfighter News - 18-07-2007