The highlighted attack is the latest twist on the MITM attack, which relies on a user being fooled into going to the wrong Web site. What makes this attack different than previous MITM attacks is that the fraudulent site attempts to leverage false visual cues, namely replacing the fraudulent site's favicon with a padlock icon, which has traditionally been recognized as a visual cue to signify an SSL-protected site.
While this scheme is capable of reproducing the padlock, it is not capable of recreating the legitimate HTTPS indicator or the even more noticeable green glow in the address bar of high security Web browsers, where the site is secured with an Extended Validation SSL Certificate.
Tips to protect oneself from a MITM attack
- Look for the "green glow" in the address bar: Man-in-the-middle and phishing attacks in the wild today can be combated through Extended Validation (EV) SSL Certificates and to notice when there is an absence of green. EV SSL Certificates definitively confirm the identity of the organization that owns the Web site. Online criminals do not have access to EV SSL Certificates for the sites they're counterfeiting and therefore cannot spoof the green glow that shows that an authenticated Web site is secure.
- Download the latest version of high security Web browsers such as Internet Explorer 7 or higher, FireFox 3 or higher, Google Chrome, Safari or Opera.
- Take advantage of authentication credentials such as tokens and other forms of two factor authentication for sensitive accounts.
- Treat e-mails from unknown senders with a high degree of skepticism, and don't click links to access secure sites (type in the Web address into the browser).
- Adopt EV SSL and educate customers on what the green glow in the address bar means. Put the EV SSL Certificate on your home page and every other page where a secure transaction takes place.
- Don't offer logins on pages that are not already in an SSL session.
- Offer two factor authentication to customers as an optional way to add another layer of security when accessing accounts.
- Deploy risk-based authentication solutions in the back end to detect anomalies within customer accounts.
- Don't include links in e-mails to customers, and encourage them to download the latest version of their favorite browsers.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.