CAPEC-662: Adversary in the Browser (AiTB)
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
执行流程
步骤 1 Experiment
The adversary tricks the victim into installing the Trojan Horse malware onto their system.
- Conduct phishing attacks, drive-by malware installations, or masquerade malicious browser extensions as being legitimate.
步骤 2 Experiment
The adversary inserts themself into the communication channel initially acting as a routing proxy between the two targeted components.
步骤 3 Exploit
The adversary observes, filters, or alters passed data of their choosing to gain access to sensitive information or to manipulate the actions of the two target components for their own purposes.
前提条件
- The adversary must install or convince a user to install a Trojan.
- There are two components communicating with each other.
- An attacker is able to identify the nature and mechanism of communication between the two target components.
- Strong mutual authentication is not used between the two target components yielding opportunity for adversarial interposition.
- For browser pivoting, the SeDebugPrivilege and a high-integrity process must both exist to execute this attack.
所需技能
后果影响
影响范围: Integrity
技术影响: Modify Data
影响范围: Confidentiality Access Control Authorization
技术影响: Gain Privileges
影响范围: Confidentiality
技术影响: Read Data
缓解措施
Ensure software and applications are only downloaded from legitimate and reputable sources, in addition to conducting integrity checks on the downloaded component.
Leverage anti-malware tools, which can detect Trojan Horse malware.
Use strong, out-of-band mutual authentication to always fully authenticate both ends of any communications channel.
Limit user permissions to prevent browser pivoting.
Ensure browser sessions are regularly terminated and when their effective lifetime ends.
分类映射
| 分类名称 | 条目ID | 条目名称 |
|---|---|---|
| ATTACK | 1185 | Man in the Browser |
| OWASP Attacks | - | Man-in-the-browser attack |