VTA-00410 – New Browser-in-the-Browser (BitB) Attack Steals User Credentials
Recently, there is new way to trick targets into coughing up sensitive information. This new type of attack is found to be using phishing technique that simulates a browser window within the browser to spoof a legitimate domain. This method takes the advantage of third-party single sign-on (SSO) options embedded on websites such as “Sign in with Google” or other social media. When user wants to sign in with third-party single sign-on options, normally a pop-up window will be displayed and ask the user to authenticate. In this case, the BitB attack aims to replicate the entire process using a mix of HTML and CSS code to create an entirely fake pop-up window to ask the user to sign in. However, the target user would still need to land on the attacker website for the pop-up window to be displayed.
Severity:
Medium
Attack Surfaces:
Web Application
Tactics:
Execution, Initial Access
Techniques:
Phishing, User Execution
Active Defense Tactics:
Disrupt
Active Defense Techniques:
Network Monitoring, Security Controls
SuperPRO’s Threat Countermeasures Procedures:
1. To effectively prevent framing attacks, the application should return a response header with the name X-Frame-Options and the value DENY to prevent framing altogether, or the value SAMEORIGIN to allow framing only by pages on the same origin as the response itself
2. Educate employees and conduct training sessions with mock phishing scenarios
3. Users should be trained to recognize common types of Social Engineering tactics
4. Ensure ‘Turn on e-mail scanning’ is set to ‘Enabled’
5. Enable Multi-Factor Authentication (MFA) on every user account
Contributed by: 3h4d0w
Leave a Reply