There are many methods by which they can steal our passwords and put systems at risk. For example, we talk about viruses that arrive when downloading a file, malware when opening a link that we have received in the mail, etc. One of the most dangerous attacks is what is known as Phishing, which aims to steal passwords. In this article we echo a new method to detect Phishing MitM attacks, a variant that we are going to explain.
Kit to detect Phishing MitM attacks
A Phishing attack It basically consists of sending the victim a link that takes him to a fake website where he has to put his data. For example, a website that pretends to be a bank page, a portal to log in to email or any social network such as Facebook. The problem is that when the user logs in, the password is sent to a server controlled by the attackers.
But if we talk about Phishing MitM it is different. In this case, the attacker is not going to create a fake website, but is going to place himself in the middle between the victim and the final server. For example, if someone logs on to Facebook from their computer, that attacker will intercept the keys that they send to the social network in order to enter. This is known as Man in the Middle or MitM. What it does is reflect the content in real time and thus steal the data.
So, how does the method devised by this group of researchers to detect Phishing MitM attacks work? It is based on a classifier of machine learning which uses different network-level functions, such as fingerprints, to be able to detect potential Phishing websites hosted in Phishing MitM Toolkits on reverse proxy servers.
In addition, it also implies the data collection to monitor and track suspicious URLs from open source Phishing databases such as OpenPhish and PhishTank. The main objective is to measure the round-trip delays that arise when a Phishing MitM kit is placed. It basically means that it will take longer for the victim to receive the response after sending the request.
Over 1,000 Phishing MitM Sites
This group of security researchers has analyzed web pages for a year and found that 1,200 sites have been operated with Phishing MitM kits. This is something that has affected many countries in the world and that depended on hosting services from Amazon, Google or Microsoft, among others.
If we talk about which web pages have been the most affected, we can name Instagram, PayPal, Google, Outlook or LinkedIn, among others. They are widely used services and where they have been able to put the security and privacy of many users of all nationalities at risk.
Without a doubt, we are facing a more than important threat that requires taking measures to prevent password theft. Common sense in these cases is essential, as we must avoid browsing unreliable pages or accessing through links that may be compromised.