There are many methods by which they can steal our passwords and put systems at risk. For example, we are talking about viruses that arrive when downloading a file, malware when opening a link that we have received in the mail, etc. One of the most dangerous attacks is what is known as Phishing, which aims to steal passwords. In this article we echo a new method to detect Phishing MitM attacks, a variant that we are going to explain.
Kit to detect Phishing MitM attacks
A Phishing attack basically consists of sending the victim a link that takes him to a fake website where he has to put his data. For example, a website that pretends to be a bank page, a portal to log in to email or any social network such as Facebook. The problem is that when the user logs in, the password is sent to a server controlled by the attackers.
But if we talk about Phishing MitM it is different. In this case the attacker is not going to create a fake website, but is going to place himself in the middle between the victim and the final server. For example, if someone logs in from their computer to Facebook, that attacker will intercept the keys that they send to the social network in order to enter. This is known as Man in the Middle or MitM . What it does is reflect the content in real time and thus steal the data.
So, how does the method devised by this group of researchers to detect Phishing MitM attacks work? It is based on a machine learning classifier that uses different functions at the network level, such as fingerprints, to be able to detect potential Phishing websites hosted in Phishing MitM toolkits on reverse proxy servers.
In addition, it also involves data collection to monitor and track suspicious URLs of open source Phishing databases such as OpenPhish and PhishTank. The main objective is to measure the round-trip delays that arise when placing a Phishing MitM kit. It basically means that it will take longer for the victim to receive the response after sending the request.
Over 1,000 Phishing MitM Sites
This group of security researchers has analyzed web pages for a year and found that 1,200 sites have been operated with Phishing MitM kits . This is something that has affected many countries in the world and that depended on hosting services from Amazon, Google or Microsoft, among others.
If we talk about which web pages have been the most affected, we can name Instagram, PayPal, Google, Outlook or LinkedIn, among others. They are widely used services and where they have been able to put the security and privacy of many users of all nationalities at risk.
Without a doubt we are facing a more than important threat and that requires taking measures to prevent password theft. Common sense in these cases is essential, as we must avoid browsing unreliable pages or accessing through links that may be compromised.
