Speaker: Jason Milletary
Over the past few years, we have seen an evolution of malware that integrates itself into the functionality of the victim's web browser, in what is commonly called a "Man-In-The-Browser" (MITB) attack. The ultimate goal of malware with this capability is to take advantage of the trust boundary between the user and application to perform sophisticated information theft attacks. Traditionally, these attacks were largely focused against the financial sector. However, we have seen indications these types of attacks affecting more diverse targets. In this presentation, we will review several malware families that utilize MITB capabilities and discuss strategies for recognizing and mitigation against these threats from the point of view of a targeted organization.