CHARLOTTESVILLE, Virginia. , April 11, 2022 /PRNewswire/ — A clever new credential phishing attack known as “Browser-in-the-Browser” (BitB) has recently emerged that could surprise many employees, leading to dangerous account takeover attacks that would affect the corporations.
The BitB attack, which is now being used by the Ghostwriter hacker group, is almost invisible to its victims as it cleverly exploits the single sign-on (SSO) authentication method common to websites. The attack mimics a legitimate SSO popup, such as “Login with Google” or “Login with Facebook,” and can even spoof a real URL, making it difficult to tell if the login window is fake.
SafeGuard Cyber warns businesses to expect more targeted BitB attacks, as this credential phishing tactic is extremely compelling and easy for hackers to implement. As the world’s leading provider of security and compliance solutions for today’s communications-based threats, SafeGuard Cyber has created a helpful online explanation of BitB attack methodalong with key security tips for businesses to follow.
“BitB is a new social engineering tactic that came to light recently, but is likely to become a popular tactic among many nation-state and criminal groups due to its effectiveness and ease of use,” he said. chris lehmann, CEO of SafeGuard Cyber. “This is part of a larger strategy shift we’re seeing among threat actors to target businesses through the edge, like personal employee accounts, where there is less security monitoring. By attacking personal email or an employee’s social media account, the threat actor can more easily harvest a credential that can be reused in a corporate account, but can also use these personal email and social media accounts as a staging ground for secondary social engineering attacks against other employees within the company.
Here are several BitB security tips:
- Human detection will be difficult: Credential phishing windows will look nearly identical to actual SSO popups, including legitimate URLs, so the targeted employee is unlikely to see any obvious “red flags.”
- Technical indicators may not work: BitB attacks rely on simple HTML scripts that are not malicious in nature, so it’s hard to create a technical indicator for BitB attacks that won’t flood you with false positives.
- Link detection is also problematic: While updated link/URL detections may sometimes work, the site hosting the BitB attack may be too new to have been added to a detection database.
- Focus your defense on “the decoy”: Something has to entice the victim to click the link and visit the site hosting the BitB attack in the first place. In most phishing attacks, this tends to be an email message, a social media post, or a direct message in some other app (such as Slack, LinkedIn, or WhatsApp). It is here, with the lure, that companies can add additional layers of protection in the form of employee education and automated language analysis of incoming messages to the company.
- Automated linguistic analysis is essential: Modern social engineering attacks like BitB evade standard cybersecurity protections, which is why companies should incorporate automated language analysis (using natural language understanding technology) into their security programs. When implemented across all communication channels, automated language analysis can identify any attempts by an attacker to compromise employees through social engineering tactics, including BitB.
To learn more about the BitB attack and how to defend against it, read SafeGuard Cyber’s online explanation: “New BitB Attacks Show Credential Phishing Isn’t Just an Email Problem.”
About SafeGuard Cyber
SafeGuard Cyber provides security and compliance for human connections so businesses can trust modern communications. Using patented natural language understanding technology, our security solutions provide comprehensive visibility, detection, and response to threats across the disparate communication methods used by today’s digitally-enabled businesses. In addition, cloud-based machine learning provides governance and policy enforcement compliance solutions that enable customers to communicate through modern applications and social networks. Learn more at www.safeguardcyber.com.
SOURCE SafeGuard Cyber