Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

RSA Helps Fight Man-in-the-Browser Attacks

RSA, The Security Division of EMC (NYSE:EMC) this week announced a portfolio of services designed to help defend against the emerging threat of Man-in-the-Browser attacks.Protecting against Man-in-the-Browser Attacks

RSA, The Security Division of EMC (NYSE:EMC) this week announced a portfolio of services designed to help defend against the emerging threat of Man-in-the-Browser attacks.Protecting against Man-in-the-Browser Attacks

Used by hackers to commit financial fraud, Man-in-the-Browser attacks are sophisticated means in which cybercriminals collect and/or modify transaction data through a Web browser. The Man-in-the-Browser attacks are conducted using a trojan such as, Silent Banker, Sinowal or Zeus, that infect a web browser and have the ability to modify pages, transactions or insert additional transactions, all in a way that is invisible to both the user and web application server.

With the launch of RSA Man-in-the-Browser Solutions, organizations more effectively fight against the increase in Man-in-the-Browser (MITB) attacks that lead to Trojan and malware infection within enterprises and personal computing environments.

The RSA Man-in-the-Browser solution includes newly enhanced transaction monitoring as well as risk-based authentication; Trojan detection and attack shut down; and intelligence to identify malware-infected enterprise environments.

“Today cybercriminals are able to leverage online banking sessions in real time, concurrent with the victim,” said Robert Vamosi, Security, Risk & Fraud Analyst for Javelin Strategy & Research. “No stand-alone authentication or other security tool is enough to defend against the more sophisticated Man-in-the-Browser attacks.”

The RSA Man-in-the-Browser Solutions are designed to offer organizations multiple layers of defense against malware including:

RSA Transaction Monitoring

• Transaction-level fraud monitoring and protection

• Invisible analysis of user behavior

• Can be layered non-disruptively onto existing authentication methods

• Out-of-band phone authentication

• Detection of Trojans and HTML injections as well as analysis of mule accounts and user vulnerabilities

RSA Adaptive Authentication

• Risk-based authentication based on identification and analysis of potentially risky behavior by online users

• Out-of-band phone authentication option to verify user identities in cases of possible Trojan infection

• Software-as-a-service (SaaS) and on-premise deployments

RSA FraudAction Solution

• Detection, monitoring, blocking and shut down of phishing and Trojan attacks

• Powered by the RSA Anti-Fraud Command Center and team of fraud analysts

• Managed service minimizes internal resource investment and deploys quickly

RSA CyberCrime Intelligence Service (More)

• Helps identify corporate resources, user devices and data compromised by malware

• Provides access to real-time fraud data via the RSA eFraudNetwork collaborative community of financial services and other organizations

“Online criminals are continually evolving their tools and tactics to work around defenses established by even the most security-conscious organizations,” said Christopher Young, Senior Vice President of Products, Technologies and Markets, at RSA. “In particular, Man-in-the-Browser attacks have presented a significant online threat that defies geographic boundaries and discriminates against no one person or entity. Organizations need to approach this problem with a multi-layered defense strategy reinforcing security measures at login that in isolation can be thwarted. This includes the ability to detect, monitor, shut down and cull intelligence based on transactions, malware and online attacks.”

RSA’s Man-in-the-Browser Solutions are currently available worldwide. http://www.rsa.com/MITB

 

Related Reading: RSA Launches New Cybercrime Intelligence Service

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.