Understanding Man in the Browser Attacks and Addressing the Problem


Click here to download now

Source: SafeNet
Date: May 2010
Type: White Paper
Rating: (0)

Overview:  The losses attributed to financial fraud are alarming. The financial services industry has become a primary target of cyber attacks on a global scale and, in 2009 alone, suffered losses totaling $54 billion - an increase from $48 billion in 2008. Of equally grave concern to financial services institutions is the damage cybercrime can cause to reputation, along with customer churn, both of which can have a significant impact, and possibly devastating, effect to revenue.

While all types of cybercrime have been on the rise, there has been a sharp increase in financial fraud resulting from computers infected with malware. Malware typically targets desktop computers and relies on social engineering to induce unsuspecting home users to download and install malicious code on their computers.

One of the most dangerous types of malware for online banking and financial services are Man-in-the-Browser attacks. A Man-in-the- Browser attack occurs when malicious code infects an Internet browser. The code modifies actions performed by the computer user and, in some cases, is able to initiate actions independently of the user. When a user logs onto their bank account, using an infected Internet browser is enough to trigger illicit transactions that result in online theft.

This paper reviews Man-in-the-Browser attacks and discusses which security measures should be employed to prevent them.

Not what you're looking for? Search again
Go Advanced »
More From the Privacy Section

View All Categories

Business Intelligence : Analytics, Business Process Management, Content management, Dashboards, Data Mining, Data Quality, Databases, Datamarts/Data Warehouses, Information Management, Knowledge Management, Performance Management

Development : Architecture & Design, C/C++, Database, Development Tools, Embedded Systems, High Performance Computing, Java, Mobility, Security, Web Development, Windows/.NET, Open Source

Government : Cloud/SaaS, Enterprise Applications, Enterprise Architecture, Federal, Information Management, Leadership, Mobile & Wireless, Policy & Regulation, Security, State & Local

Hardware : Blades, Data centers, Desktops/PCs, Grid/Cluster Computing, Handhelds/PDAs, Macintosh, Peripherals, Processors, Supercomputers, Unix/Linux servers, Utility/On-demand Computing, Virtualization Hardware, Windows Servers

Healthcare : Policy & Regulation, Leadership, Security & Privacy, Mobile & Wireless, Electronic medical records, Clinical information systems, Administration systems, Interoperability, The Patient

Infrastructure : ATM, Ethernet/Gigabit Ethernet, Frame relay, IPv6, Traffic Management, Network/Systems Management, PBXs, Printers, Remote Access, Routers, Switches, UPS, VPNs, WAN Optimization/Acceleration, Wide Area File Services

Internet : B2B, B2C, Browsers, E-Business/E-Commerce, E-retail, Google, Internet Policy, Internet Security, Search, Social Networks, Traffic Reporting/Monitoring, Web 2.0, Web Development, Social Business

Management : Career Development, Executive Insights/Interviews, H-1B, Legal, Outsourcing, Personnel Management, Recruiting, Regulation/Compliance, ROI/TCO, Salary/Compensation, Small-Medium Business, Training, Workplace Trends

Mobility : 3G Wireless/Broadband, 802.11x, Fixed Mobile Convergence, Mobile Business, Mobile Messaging, Muni Wireless, RFID, Smartphones, Wi-Fi VOIP, Wi-Fi/WiMax, Wireless Security, WLAN

Personal Tech : Blackberry, Bluetooth, Bluray, Digital Cameras, Digital Music, Digital Rights Management, Global Positioning Systems, iPhone, iPod, Peripherals, Smartphones, TVs/Home Theater, Virtual worlds

Security : Antivirus, Application Security, Attacks/Breaches, Cyberterror, Encryption, End user/Client Security, Intrusion Prevention, NAC, Perimeter Security, Privacy, Security Administration, Storage Security, Vulnerabilities and Threats

Services : Business Process Outsourcing, Business Services, Disaster Recovery, Hosted Applications, Hosted Storage, Internet/Data Services, Outsourcing, Software as a Service, Systems Integration, Telecom/Voice Services

Software : Integration, Application Optimization, Business Systems Management, CRM, Database Applications, Databases, Development Tools, ERP, Hosted Software/Applications, Linux, Open Source, Operating Systems, Productivity Applications, Server Virtualization, Service Oriented Architecture, Web Services

Storage : Data protection, Disaster Recovery, Removable/Portable Storage, Security, Storage Fabrics, Storage Systems, Virtualization

Telecom : VOIP, Unified Communications, Voice services, PBXs, Call Centers, Presence, Collaboration Systems, Business, Regulation, Internet policy

Windows/Microsoft : Applications, Internet Explorer, Microsoft Company News, Office Suite, Open Source, Operating system, Security


More On Security