In 2017, several European banks updated their mobile apps at once. The reason was a study by the University of Birmingham, whose authors described a common vulnerability to MITM attacks. Later, similar stories happened, including in Russia. However, MITM attacks were rare, and there were few reasons to worry. Now the situation has changed, experts say.
How dangerous can MITM attacks be in banks? How are they protected from them in Russia? And why are such attacks more feared now than they were a few years ago? About everything in order-in this article.
The attacker's goal is to get confidential data. Most often, these are data about the victim's bank account or card, as well as a username and password for accessing Internet banking systems or other information resources. Then the criminals usually commit theft of money or get more valuable information.
A classic MITM attack takes place in two stages. The first one is data interception. The cybercriminal intervenes in the process of transmitting information in which the victim participates. It tries to do this before the data is delivered to the destination. If the attacker successfully copes with the task, then he can continue the attack using spoofing – spoofing IP addresses, ARP messages, domain name servers, etc.
The second stage is decryption. An attacker gains access to the victim's encrypted data. To use them for its own purposes, it uses methods such as HTTPS spoofing and SSL interception. They work without warning the user or notifications inside the attacked application.
The expert believes that the reasons for relevance should be sought in how the Russian market is developing today. Many banks were sanctioned and lost their apps from Google Play and the App Store. Currently, they cannot renew certificates issued by CA (certification authorities), which all users have trust in at the operating system level.
In such conditions, the banking sector began to actively develop online services and mobile versions of Internet banking. And it is quite logical that these resources today turned out to be attractive targets for intruders.
As a rule, during MITM attacks, criminals use open Wi-Fi networks, spoof banking applications, and malicious software on the client's computer. Although they can also compromise the network infrastructure, experts say.
In addition, according to the expert, today they regularly find critical vulnerabilities in popular applications. They allow you to conduct MITM attacks even without active actions on the part of the user-a client of a bank or even a microfinance organization.
MITM attacks do not only result in the theft of funds from customers and financial organizations. They are also dangerous because they damage their reputation. And this is potentially the biggest damage that banks can feel in the future.
A certificate is an analog of a digital passport. It confirms that traffic is coming from the exact site that the user is requesting. The certificate is guaranteed by the CA. It also serves as a passport office that you can trust.
According to experts, the method of protection using certificates is still effective today. However, with an important caveat. The user must trust the CA that issues the certificate that they install on their system to ensure secure access to banking services.
In addition to the method of securing the certificate, banks also use standard methods to protect against MITM attacks. Among them, HTTPS and SSL/TLS protocols are responsible for data encryption and server authentication. In addition, two – factor authentication (2FA) is actively used to strengthen the protection of customer accounts and prevent unauthorized access.
In order to better detect and prevent MITM attacks, banks will have to integrate new technologies in the future. According to Gleb Abramov, this can be a more advanced analysis of user behavior and artificial intelligence. Other Cyber Media interlocutors agree with him.
In any case, new technologies will strengthen the measures that are already used in banks to protect against MTIM attacks. And it is unlikely that they should be changed dramatically, experts say.
Banks are still using all available tools to protect themselves from MITM attacks. And their number is likely to grow. In any case, if we take into account the level of cyber hygiene of customers and the active interest of hackers in Russian companies, the experts conclude.
How dangerous can MITM attacks be in banks? How are they protected from them in Russia? And why are such attacks more feared now than they were a few years ago? About everything in order-in this article.
When the man is in the middle
A MITM attack is a cyberattack in which a criminal intercepts data transmission. To achieve their goal, they "eavesdrop" or present themselves as a legitimate participant in the process (MITM is an abbreviation for man-in-the-middle, or "man in the middle").The attacker's goal is to get confidential data. Most often, these are data about the victim's bank account or card, as well as a username and password for accessing Internet banking systems or other information resources. Then the criminals usually commit theft of money or get more valuable information.
A classic MITM attack takes place in two stages. The first one is data interception. The cybercriminal intervenes in the process of transmitting information in which the victim participates. It tries to do this before the data is delivered to the destination. If the attacker successfully copes with the task, then he can continue the attack using spoofing – spoofing IP addresses, ARP messages, domain name servers, etc.
The second stage is decryption. An attacker gains access to the victim's encrypted data. To use them for its own purposes, it uses methods such as HTTPS spoofing and SSL interception. They work without warning the user or notifications inside the attacked application.
Why and how they are attacked
Recently, MITM attacks have become particularly relevant in the financial sector. Many Russian banks have faced a problem that they almost didn't think about for several years, experts say.The expert believes that the reasons for relevance should be sought in how the Russian market is developing today. Many banks were sanctioned and lost their apps from Google Play and the App Store. Currently, they cannot renew certificates issued by CA (certification authorities), which all users have trust in at the operating system level.
In such conditions, the banking sector began to actively develop online services and mobile versions of Internet banking. And it is quite logical that these resources today turned out to be attractive targets for intruders.
As a rule, during MITM attacks, criminals use open Wi-Fi networks, spoof banking applications, and malicious software on the client's computer. Although they can also compromise the network infrastructure, experts say.
In addition, according to the expert, today they regularly find critical vulnerabilities in popular applications. They allow you to conduct MITM attacks even without active actions on the part of the user-a client of a bank or even a microfinance organization.
MITM attacks do not only result in the theft of funds from customers and financial organizations. They are also dangerous because they damage their reputation. And this is potentially the biggest damage that banks can feel in the future.
MITM Protection: yesterday, today, and tomorrow
Experts remind that to protect against MITM attacks, in 2011 they created a method for securing a certificate (certificate pinning). It allows organizations to use certificates of trusted CA (certification authorities) at the browser and mobile application level.A certificate is an analog of a digital passport. It confirms that traffic is coming from the exact site that the user is requesting. The certificate is guaranteed by the CA. It also serves as a passport office that you can trust.
According to experts, the method of protection using certificates is still effective today. However, with an important caveat. The user must trust the CA that issues the certificate that they install on their system to ensure secure access to banking services.
In addition to the method of securing the certificate, banks also use standard methods to protect against MITM attacks. Among them, HTTPS and SSL/TLS protocols are responsible for data encryption and server authentication. In addition, two – factor authentication (2FA) is actively used to strengthen the protection of customer accounts and prevent unauthorized access.
In order to better detect and prevent MITM attacks, banks will have to integrate new technologies in the future. According to Gleb Abramov, this can be a more advanced analysis of user behavior and artificial intelligence. Other Cyber Media interlocutors agree with him.
In any case, new technologies will strengthen the measures that are already used in banks to protect against MTIM attacks. And it is unlikely that they should be changed dramatically, experts say.
To summarize
A MITM attack is not the most popular, but still an actual problem for banks in Russia. However, for now, difficulties often arise on the client side. Many people can't tell the difference between a real website or mobile app and a fake one, so they continue to lose money from their accounts and blame others for this.Banks are still using all available tools to protect themselves from MITM attacks. And their number is likely to grow. In any case, if we take into account the level of cyber hygiene of customers and the active interest of hackers in Russian companies, the experts conclude.
