Free Essay

Information Security

In:

Submitted By DEEPS12
Words 5973
Pages 24
Interested in learning more about security?

SANS Institute
InfoSec Reading Room
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.

Analyzing Man-in-the-Browser (MITB) Attacks
The Matrix is real and living inside your browser. How do you ask? In the form of malware that is targeting your financial institutions. Though, the machines creating this malware do not have to target the institution, rather your Internet browser. By changing what you see in the browser, the attackers now have the ability to steal any information that you enter and display whatever they choose. This has become known as the
Man-in-the-Browser (MITB) attack.

AD

Copyright SANS Institute
Author Retains Full Rights

Analyzing Man in the Browser Attacks | 1

Analyzing Man-in-the-Browser (MITB) Attacks
GIAC (GCFA) Gold Certification
Author: Chris Cain, cicain08@gmail.com
Advisor: Dominicus Adriyanto
Accepted: December 22nd 2014

Abstract
The Matrix is real and living inside your browser. How do you ask? In the form of malware that is targeting your financial institutions. Though, the machines creating this malware don’t have to target the institution, rather your Internet browser. By changing what you see in the browser, the attackers now have the ability to steal any information that you enter and display whatever they choose. This has become known as the Man-in-the-Browser (MITB) attack. No one is safe from a MITB once it is installed, which easily bypasses the security mechanisms we all rely on. By infecting the browser and changing what is displayed we now have to wonder what world we are living in? Take the Red Pill and learn how this attack occurs to better allow you to hide from malware that target us every day.

Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 2

1. Introduction
Malware today has become the method of choice to attack financial institutions. With the ease of use and ability for criminals to cover their tracks, this has been the way to rob banks without the need for a getaway car. Attackers are finding new and complex methods in which to carry out attacks. One of these vectors is a Man-in-the-Browser (MITB) attack.
Man-in-the-Browser (MITB) attacks have been around for some time and are utilized through trojan malware that infects an Internet browser. This attack is dangerous because of its ability to hide from anti-virus software and steal information a user types into the browser. MITB is able to see information within the browser. Since no encryption occurs within the browser, security controls used by financial institutions are ineffective. Two-factor authentication may also be ineffective if the malware has access to user account settings. Anti-fraud technologies that banks use to detect malicious activity are ineffective because the transactions occur from the user’s workstation. Many banks have added additional layers of security for wire transfers using notifications such as SMS texts. Though, if an attacker is able to steal users’ credentials then an attacker may have the ability to change notification settings in the user’s bank account.
Due to how MITB attacks work many network level devices such as web application firewalls, IDS and IPS systems have difficulty detecting this attack since it occurs locally on the client side. Decrypting SSL banking sessions may be a solution, but could create a backlash from users and management who require privacy.
What makes Man-in-the-Browser attacks popular is the ease to which it can be deployed to many systems at once via phishing links or through compromising legitimate sites. By clicking a link, trojan malware can be installed with add-ons into a browser that has not been properly secured. More attackers are moving away from the traditional Man-in-the-Middle
(MITM) attack to the Man-in-the-Browser (MITB) attack for these reasons.
The difference between Man-in-the-Browser (MITB) and Man-in-the-Middle (MITM) attacks is in their operation. Man-in-the-Middle (MITM) attacks use a proxy between two systems that perform a transaction. Using a proxy an attacker can fool a user to enter their credentials into the attacker’s site, in turn giving away their sensitive information. Figure 1
Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 3

illustrates a Man-in-the-Middle (MITM) vs. Man-in-the-Browser (MITB) attack. One important difference is that MITM operates at the network layer, while MITB operates at the application layer, i.e. the browser.

Figure 1

The reason Man-in-the-Middle (MITM) attacks have become less popular is due to the ability to mitigate the attack with the use of Session ID’s. If a bank is able to determine the number of session ID’s involved in a transaction, a bank can determine if there was a malicious user involved in the transactions between the systems. This would then give the bank a way to determine if a fraudulent attempt occurred and cancel the transaction. There are methods in which banks can also track user’s transactions by utilizing unique ID’s. By giving the customer’s device a unique ID, the bank can then use algorithms to analyze and link the multiple user sessions from where they typically perform their banking (Eisen, 2012). Man-in-the-Browser attacks go beyond intercepting or piggybacking traffic via a proxy page to fully taking over a user’s websites and controlling the browser in an effort to trick the user into thinking that everything is normal. By slightly altering web views and account balances, attackers can steal money without a user’s knowledge. Once the user logs in they can also redirect any sensitive traffic to an attacker’s system, while keeping the original SSL/TLS protections intact (Trusteer,
2013).

Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 4

2. Man-in-the-Browser
Man-in-the-Browser (MITB) attacks utilize various functions and features within a browser. MITB attacks occur based on information gathered and what can be stolen similar to keylogging, form-grabbing, snapping screenshots, spamming, HTML injection and other various exploit functions. This gives the attackers information on when to use MITB as part of a malware attack. Browser extensions are a browser feature that can be used to exploit the operating system given the privilege given to extensions. Browser extensions are typically used to enhance users’ experience within the browser and while surfing the Internet. Browser extensions can include plugins, Browser Helper Objects (BHO), JavaScript and add-on features.
Many types of malware have been known to use these features as part of a MITB attack; these include Zeus, URLZone, Shylock, Spyeye, Carberp and Sunspot to name a few. Other functions that MITB utilize include AJAX, Browser API Hooking, and DOM Object models.
The functions of MITB can be controlled via a configuration file or a web injection file, which are updated at certain time intervals as part of a botnet. These configuration files may be obfuscated with different types of encoding. The configuration file and web injection file allow an attacker to control sessions and inject custom code into HTTP traffic. They also allow the trojan to run when certain websites are visited such as banking institutions. These connections typically occur over SSL connections. Since browsers have high level privileges on a system, if an attacker is able to execute processes through the browser then those processes can be executed with high level privileges (Alcorn, Frichot, Orru, 2014).

2.1. Browser Helper Objects (BHOs)
Browser Helper Objects (BHO) are DLL (dynamic linked libraries) modules which can access DOM (Document Object Model) within a browser. Browser Helper Objects were created by Microsoft and run in the address space of the browser and embed the main window of the browser (Blunden, 2009). They are installed as add-ons to the browser for added functionality.
The issue with Browser Helper Objects is their ability to run with SYSTEM level privileges on the operating system. Browser Helper Objects have long been a popular method for hackers to abuse due to their ability to hide from anti-virus software. MITB attacks can use browser helper objects to change a site, adding fields or removing fields as an example. Browser helper objects
Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 5

can even add registry entries to the system, which will load at startup when a browser is opened
(Utakrit, 2009).
Add-ons have been known to use MITB attacks, such as JavaScript and ActiveX controls to control the browser. One add-on that is popular with Firefox is Grease Monkey. Grease
Monkey (Monkey-in-the-Browser) for Firefox and Tamper Monkey for Chrome apply the same methodology to a Man-in-the-Browser attack in that their function is to change what is viewed when visiting websites, such as eliminating ads from the screen or changing the appearance of a website. There features are to improve the users experience rather than steal information, but the methodology is the same. This is done with user scripts, which are JavaScript applets that can be shared within the community. User scripts used within add-ons are much more powerful than traditional JavaScript programs, because they can manipulate and retrieve private data in a user’s browser without Same-Origin Policy (SOP) restrictions (Acker, Nikiforaki, Desmet, Piessens,
Joosen, 2011). Malware such as Zeus that utilize MITB features use configuration files to update scripts for the browser to use.

2.2. DOM Module Interface
The main method for MITB to work is through the DOM Module Interface. The steps that occur during this process are as follows. Once the trojan is installed it will install an extension into the browser configuration. This will cause the extension to reload when the browser starts back up. When the extension is loaded it registers a handler for every page load.
So whenever a page is loaded, the URL of the page is searched by the extension against a list of known sites. Once the handler object detects a page it is loaded from the list and it registers an event button handler. Then once a page is submitted, the extension extracts all data from the form fields through the DOM interface in the browser, and remembers the values. The extension then tells the browser to continue to submit the form to the server. The server receives the modified values in the form as a normal request, which the server cannot differentiate between the original value and the modified values. The server performs the transaction and generates a receipt. The browser also receives a receipt of the transaction. The extension then detects the receipt URL, scans the HTML for the receipt fields and replaces the modified data in the receipt with the original data that was remembered in the HTML. The user then thinks that the original transaction was received by the server intact and authorized correctly (OWASP, 2009).
Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 6

2.3. JavaScript & AJAX
One of the goals of an attacker is to maintain persistence. Using the previously described methods, this can be very difficult due to how features within a browser are performed. AJAX or
Asynchronous JavaScript and XML solve these hurdles as it works in the presence of X-FrameOption headers or other Frame-busting logic. JavaScript has the ability to “hook” the browser and perform actions entirely invisible to an end user. Below is an example web injection script used by the famous Zeus malware.
Example script: set_url https://www.yourbank.com/* data_before data_end data_inject data_end data_after data_end

These scripts are implemented within the configuration files that are used in botnets. Zeus was famous for implementing configuration files that would call the Command and Control servers to inject new fields into banking sites to steal additional information beyond just capturing the user’s password.
One feature of JavaScript is the ability to override prototypes of built-in DOM methods.
Overriding built in DOM methods in the browser is the same as extending DOM objects with your own method. Such as creating various form methods or additional fields for a user to fill in.
This allows an attacker to see any sensitive information entered, such as PIN numbers, Mothers
Maiden Name, DOB, etc.

Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 7

2.4. API Hooking
Man-in-the-Browser attacks use API Hooking to infect the browser. Once MITB is activated from the malware, it will attempt to hook the Internet Connect function in Wininet.dll.
This allows the attacker to modify what a user sees in the browser. This is similar to how HTML rewriting works. Using methods of HTML rewriting the malware can change the sites a user browses and make it appear in a certain fashion even presenting information that is not truthful.
Figure 2 demonstrates the method of Browser API Hooking used in MITB attacks.

Figure 2
Wininet, which is a superset to WinHTTP, is an API within Internet Explorer that enables applications to interact with FTP and HTTP protocols to access internet resources. Many wininet functions are targeted by MITB including the httpsendrequest() and navigateto() functions. Some other popular functions that are injected include httpopenrequest(), httpsendrequest(), and the internetreadfile function.
Changes to settings within the browser which allow this attack to be successful will leave artifacts behind in the Registry. To avoid Browser security settings that may prevent a script from properly displaying via an I-Frame or on a trusted site, malware may attempt to change security settings via the registry. Zone elevation within the browser is one of these methods. By lowering browser security settings more add-on controls and scripts will be able to run. A few dll’s that are a popular target of this type of malware include crypt32.dll and wininet.dll.
Wininet.dll provides many functions for communication and is a target for malware since it allows the malware to access to privacy and security settings such as Zone preference settings

Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 8

and Cookie settings. Crypt32.dll implements many messaging functions in the CryptoAPI, such as the CryptSignMessage which also has the ability to digitally sign messages.

2.5. Registry Entries
For MITB maintain high level privileges, browser security settings are changed within the registry during exploitation. These registry changes can be monitored with host based intrusion detection systems, or analyzed after infection. Registry entries used in MITB attacks including the path for browser helper objects include:
-

HKLM\SOFTWARE \Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects.

-

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"NoProtectedModeBanner" = 1- This turns on this function, which would disable
Protected Mode in the Browser

-

HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed – This is used to create randomly seeds for numbers in cryptography, quite possibly to hide malicious files

-

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3\"1406"( Miscellaneous: Access data sources across domains)
= 3- Sets the Zone Level to Low

-

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3\"1609"( Miscellaneous: Display mixed content)
= 3- Sets the Zone Level to Low

-

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3\"2500"(Protected Mode)= 3- Sets the Zone level to low

-

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\"DisableCachingOfSSLPages" = "0" - Turns this function off

-

HKEY_USERS\S-I-D\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Wpad\Random Number\

3. Malware examples of MITB usage
Research into malware that utilize Man-in-the-Browser (MITB) as part of its exploitation was conducted to find the behavior of malware beyond the browser functions. Zeus was analyzed as well as a recent variant of the Shylock Trojan, both known to use MITB. Both
Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 9

exhibit similar behavior since Shylock uses some of the Zeus source code features. Both use web injection files to inject into web fields and pages to steal banking credentials and perform wire transfers. Since many malware have anti-sandboxing techniques a physical test machine was used.
Various tools were used for the analysis, including win32dd and Dump-it as tools to extract a memory image of the system after infection. Volatility was used to examine the memory after it was dumped. Wireshark was used for packet captures and Regshot and Process Monitor were used to take a shot of the system before and after the infection. At one point a method was used to extract samples from remote systems that were live but unreachable via physical methods. To capture the memory remotely Kevin Neely found a method using psexec securely and win32dd/win64dd. The following is a sample of the method used. The account used to connect had appropriate permissions to execute win32dd/win64dd remotely(Neely, 2011).
-

-

run cmd.exe as administrator net use \\hostname\ipc$ - make sure command completes successfully copy c:\pathtowin32dd.* \\hostname\c$ - copies win32dd.exe and the win32dd.sys driver c:\pathtopsexec.exe \\hostname –e –w c:\ c:\win32dd.exe /m 1 /r /a /f hostname-mem.raw
– runs win32dd remotely, command will continue to run and will not give a status of completion. To verify it is complete run the following command and wait for the file size to stop growing. Please be aware of implications using psexec and credential passing that occur in cleartext. c:\dir \\hostname\c$

3.1. Zeus
Zeus is a famous example of malware that utilize Man-in-the-Browser attacks. By use of a web injection file the malware is able to inject fields into designated websites that are entered into a file. So if a user visits www.bankofamerica.com the malware would use the web injection file to update the site and load the additional requested fields that are not legitimate. The following is an example web injection file used by Zeus.
;Build time: 14:15:23 10.04.2009 GMT;Version: 1.2.4.2 entry “StaticConfig” ; botnet “btn1” – Name of the botnet timer_config 60 1 – Interval time for configuration file to be updated by bot in minutes timer_logs 1 1 – Amount of time when bot will send data to the server
Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 10

timer_stats 20 1 – Amount of time when bot wills end statistics to the server url_config “http://localhost/config.bin” – URL to the configuration file url_compip “http://localhost/ip.php” 1024 encryption_key “secret key” – Encrypts network traffic with RC4 and the dynamic configuration file
;blacklist_languages 1049 end entry “DynamicConfig” url_loader “http://localhost/bot.exe” url_server “http://localhost/gate.php” file_webinjects “webinjects.txt” entry “AdvancedConfigs”
;”http://advdomain/cfg1.bin”
end entry “WebFilters”
“!*.microsoft.com/*”
“!http://*myspace.com*”
“https://www.gruposantander.es/*”
“!http://*odnoklassniki.ru/*” “!http://vkontakte.ru/*”
“@*/login.osmp.ru/*”
“@*/atl.osmp.ru/*” end entry “WebDataFilters” ;
”http://mail.rambler.ru/*” “passw;login” end entry “WebFakes” ;
”http://www.google.com” “http://www.yahoo.com” “GP” “” “” end entry “TANGrabber”
“https://banking.*.de/cgi/ueberweisung.cgi/*” “S3R1C6G” “*&tid=*” “*&betrag=*”
“https://internetbanking.gad.de/banking/*” “S3C6” “*” “*” “KktNrTanEnz”
“https://www.citibank.de/*/jba/mp#/SubmitRecap.do” “S3C6R2” “SYNC_TOKEN=*” “*” end entry “DnsMap” ;
127.0.0.1 microsoft.com end end (Failliere, Chien 2009)
The malware also has the ability to clean itself from analysis including cookies and browser history to further hide itself from detection. This is to prevent support individuals being able to replicate the issue and stop it. This is one of the advanced features that show the capability and threat these malware can cause.

3.2. Shylock
Zeus has been a well analyzed over its lifetime and documented thoroughly once the source code was released many years ago. The Shylock Trojan that surfaced recently has caused harm to many organizations and individuals and has similar characteristics to Zeus yet with some
Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 11

differences. Shylock was named after the famous Shakespeare play Merchant of Venice, because a few lines of the Shakespeare play were found in its code. Shylock based some of its source code from the Zeus malware, but added its own modules. Spyeye is another similar piece of malware that was based on the Zeus source code, but added its own modules, including one that would even delete the Zeus malware from a system.
Shylock has been known to run and create online chats when connecting to bank sites via advanced JavaScript. Many of the dropper files are named after chat programs such as Skype,
Googletalk, and Advantage. These files get dropped in the user’s folder under Application Data folder for Windows XP or the Roaming folder in AppData for Windows 7. Other modules that are included with the Trojan include VNC connectivity, spreading via network shares, separate drives or Skype sessions, as well as the ability as act as a proxy (Lennon, 2013).
The Shylock Trojan similarly to Zeus uses encoded web injection files in order to change websites. Several API’s are hooked including crypt32.dll and wininet.dll in the browser. It also uses fake digital certificates and SSL connections when communicating to the Command and
Control servers.
During the analysis, once the system was setup, the malware was downloaded from sites that had testing copies of the Shylock dropper files used by Shylock and Zeus. The files were run on a Windows XP machine with analysis tools capturing the events and artifacts created.
Memory was dumped using the Dump-it utility. Once the memory dump was retrieved
Volatility, Wireshark and Process Monitor were used for analysis.
Process Monitor is a tool that can be overwhelming to use with the amount of data received. In analyzing Shylock several filters were used. These included file attributes, files written, files deleted, noise reduction, registry values set, registry values deleted, registry keys deleted, and registry keys created. The Process Monitor filters that were used were created by
Raymond Hodge and were downloaded from Lenny Zeltser’s blog (Hodge, Zeltser, 2011). These filters created a starting point in which to begin using other tools such as Volatility and
Wireshark.
The Process monitor filters found several possible artifacts including the use of normaliz.dll, which is associated with the Internet Explorer browser. Many registry settings were changed and added as well. Wininet.dll was also used during initial infection.
Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 12

Shylock has many modules beyond MITB that are included, such as propagating via file shares, hiding folders using shortcut links that point to more additional malicious files. In the analysis one of the files that was created during the process was “nKMuLt.exe”. This file had an association with the normaliz.dll, which Process Monitor was able to capture in Figure 3.

Figure 3
Process Monitor found registry keys created during the time the malware was run. A couple keys in particular were related to Internet Settings. This is represented in Figures 3 and 4 below. In Figure 5, wininet.dll appears to be targeted by the process “apwQivQu.exe” which was created during the infection process.

Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 13

Figure 4

Figure 5

Figure 6

Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 14

During analysis many registry keys were noted while using Process Monitor. These registry keys were then used for further analysis with volatility. Using volatility it was possible to determine the value of these registry keys.
The hivelist command in volatility was able to pull the registry hives of the users in the memory dump. Figure 7 shows the results of running this command. User “cjones” was the user profile of interest during testing.
$vol.py –f profile=WinXPSP3x86 shylock.raw hivelist

Figure 7
$vol.py –f shylock.raw profile=WINXPSP3x86 printkey –o 0xe1088a00 –K
‘Software\Microsoft\Windows\CurrentVersion\Run’
This command revealed that an executable RmActivate_isv.exe was set to run at startup, which would be one artifact left behind from the malware. This is shown in Figure 8 below.

Figure 8
The Wireshark captures found connections to soks.cc, pqe.su and doks.cc domains
(Figure 9 & 10). These sites certainly did not sound legitimate so recording their IP addresses
Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 15

was done for further analysis. In Figure 11, IP 208.73.211.70 appeared abnormal in the connections it attempted to make. This IP was not resolvable via a “whois” lookup and was categorized as a parked domain, potentially a former malicious IP.

Figure 9

Figure 10

Figure 11
In Figure 12 volatility was used to show the process that was using this connection.
$vol.py –f shylock.raw profile=WINXPSP3x86 connscan
Volatility revealed a process ID of 1468, which was the explorer.exe process, which would be a suspect process in this case. Figure 13 shows the results.
$vol.py –f shylock.raw profile=WINXPSP3x86 psscan

Figure 12

Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 16

Figure 13
Once explorer.exe was identified as the process in question the mutantscan plugin for volatility was used to check for mutexes within the process. A few mutant entries were found within wininet, which were identified in Process Monitor as well. The results are shown in
Figure 14 below.
$vol.py –f shylock.raw profile=WINXPSP3x86 handles –p 1468 –t Mutant --silent

Figure 14
Figure 15 shows process injections in explorer.exe. The malfind plugin for volatility is able to find a process injection since MZ is found in the header, which is a key that this was a process. $vol.py –f shylock.raw profile=WINXPSP3x86 malfind –p 1468 | less

Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 17

Figure 15
The yarascan plugin was used with volatility to find malicious IPs inside the explorer.exe process. Some links were found that attempted to reach a PHP file with the IP listed. Many Zeus variants have been known to run PHP scripts for updating their botnets. The results are shown in
Figure 16.

Figure 16
From the analysis this malware has many characteristics that allow it to remain hidden from security software, while also having the ability to perform MITB style attacks. Shylock was found to have rootkit capabilities and have the ability to connect to malicious IP’s in an attempt to pull down configuration info from a central command server. The method of attack was to inject itself into the explorer.exe process and hide malicious processes.

Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 18

4. Conclusion
There is no clear method in which to prevent MITB attacks beyond in-depth monitoring and prevention on the endpoint. Endpoint management that involves monitoring and preventing the browser from making changes to the system is one possibility to provide some defense against this attack. Many banks have even offered software that detects MITB type malware.
Though, this is one layer to an attack that is continually evolving.
User education is mentioned as a method to prevent these attacks. In this case though user education isn’t enough. Trained security experts can be fooled just as easily as an end user by a well-crafted MITB script. Aside from not doing banking online there are many options that can be packaged together to lower the risk of this attack succeeding. A few educational topics to consider include configuring accounts with safeguards including secure notification options, checking account balances regularly, and using secure banks to do transactions.
Preventing browser extensions and scripting can also limit these types of attacks, or preventing scripts to run over SSL connections. There are methods in which to restrict browser extensions from running, though certain websites may not operate properly and restricting browsers is difficult in today’s age of multimedia operation. Banks have begun to use custom applications for banking on mobile devices to avoid any browser type intrusions. More of these apps may become popular as these attacks continue. Some banks have even offered to install anti-malware software on end users devices that would detect these types of attacks. This is debatable if this is good idea for banks to do, since attackers could use this as part of a phishing campaigns to install malware on users systems, posing as banks to install anti-malware software.
Transaction verification is also a popular method to counteract a Man-in-the-Browser
(MITB) attack. This is also called Out of Band (OOB) transaction verification. Out of Band transaction verification is an additional method that verifies transactions such as a telephone call or an SMS text. This method has been known to get subverted as well if the verification information is stored in the user’s account online. If a user can change these details online then an attacker could change this information to a destination of their choosing without a user knowing. Many attackers have also begun using VoIP technologies to subvert Transaction verification via caller ID manipulation and cloned /recorded bank message alerts (Ollmann,
2008).
Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 19

Three factor authentication using voice biometrics is another method banks have begun to use to further verify a transaction is valid (Hyderabad Hacker, 2011).
Banks have begun using Behavioral Analysis in their methods of defending against these attacks. Most credit card companies use this security feature to determine when potential fraud occurs in accounts currently. Detecting unusual wire transfers or transfers to international accounts typically throw up a red flag as an example of this type of detection.
Man-in-the-Browser attacks are not going to disappear anytime soon and will grow even more sophisticated. Potentially moving to mobile browsers as their use for banking is increased utilizing Man-in-the-mobile (MitMo) style attacks. Time will tell as the sophistication of these attacks not only target banking sites but other common sites that we have grown to trust.

Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 20

5. References
1. http://www.safenet inc.com/uploadedFiles/About_SafeNet/Resource_Library/Resource_Items/White_Paper s_ _SFDC_Protected_EDP/Man%20in%20the%20Browser%20Security%20Guide.pdf
2. Eisen, Ori, Catching the Fraudulent 'Man in the Middle' and 'Man in the Browser' http://www.the41.com/sites/default/files/MITM%20and%20MITB%20Overview_41st% 20Parameter.pdf
3. (2013) http://www.trusteer.com/glossary/man in the browser mitb
4. Hyderabad Hacker, (2011). Man in the Browser (MITB)Attacks, Retrieved July 2014 from http://hyderabadhack.blogspot.com/2011/01/man in browser mitb attacks.html
5. Shakeel, Irfan (2012). Man in the Browser Attack vs. Two Factor Authentication,
Retrieved July 2014 from http://resources.infosecinstitute.com/two factor authentication/ 6. Davidoff, Sherri (2013). Under the Hood: Banking Malware. Retrieved July 2014 from http://lmgsecurity.com/blog/2013/05/26/videos of blackhole man in the browser attack 7. Tokazowski, Ronnie (2014) Project Dyre: New RAT Slurps Bank Crdentials, Bypasses SSL,
Retrieved July 2014 from http://phishme.com/project dyre new rat slurps bank credentials bypasses ssl/
8. Kruse, Peter (2014). New Banker Trojan in town: Dyreza, Retrieved July 2014 from https://www.csis.dk/en/csis/news/4262/ 9. Salvio, Joie (2014). New Banking Malware Uses Network Sniffing for Data Theft,
Retrieved July 2014 from http://blog.trendmicro.com/trendlabs security intelligence/new banking malware uses network sniffing for data theft/
10. Case, Andrew (2012) Solving the GrrCon Network Forensics Challenge with Volatility,
Retrieved August 2014 from http://volatility labs.blogspot.com/2012/10/solving grrcon network forensics.html
11. Evil3ad, (2011) Volatility Memory Forensics ? Basic Usage for Malware Analysis
Retrieved July 2014 from http://www.evild3ad.com/956/volatility memory forensics basic usage for malware analysis/
12. Parvez (2009). Hiding Browser Helper Objects, Retrieved August 2014 from https://www.greyhathacker.net/?p=106 13. Utakrit, Nattakant (2009). Review of Browser Extensions, a Man in the Browser Phishing
Technique Targeting Bank Customers, Retrieved August 2014 from http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1014&context=ism 14. Acker, Steven, Nikiforaki, Nick, Desmet, Lieven, Piessens, Frank, Joosen, Wouter,
Monkey in the browser: Malware and vulnerabilities in Augmented Browsing Script

Chris Cain, cicain08@gmail.com

Analyzing Man in the Browser Attacks | 21

Markets, Retrieved August 2014 from http://www.securitee.org/files/monkey_asiaccs2014.pdf 15. Ollmann, Gunter (2008). Man in the Browser Attack Vectors, Retrieved from September
2014 from http://www.slideshare.net/guestb1956e/csi2008 gunter ollmann maninthebrowser presentation
16. Abuamhof (2010) Man in the Browser. The Power of Javascript at the example of
Carberp, Retrieved September 2014 from http://www.tidos group.com/blog/2010/12/09/man in the browser the power of javascript at the example of carberp/
17. Alcorn, Frichot, Orru (2014). The Browser Hacker’s Handbook
18. http://www.ioactive.com/pdfs/ZeusSpyEyeBankingTrojanAnalysis.pdf
19. Meekostuff (2009) Overriding DOM Methods, Retrieved October 2014 from http://www.meekostuff.net/blog/Overriding DOM Methods/
20. Falliere, Nicolas & Chien, Eric (2009) Zeus: King of the Bots, Retrieved October 2014 from http://www.symantec.com/content/en/us/enterprise/media/security_response/whitep apers/zeus_king_of_bots.pdf 21. Neely, Kevin (2011), Howto: remotely dump the memory on Windows, Retrieved
Decemeber 2014 from http://rubbernecking.info/howto remotely dump the memory on windows 1
22. Lennon, Mike (2013), Shylock Banking Trojan Upgraded Again: New Modules Boost
Functionality, Retrieved December 2014 from http://www.securityweek.com/shylock banking trojan upgraded again new modules boost functionality
23. Zeltser, Lenny (2011), Process Monitor Filters for Malware Analysis and Forensics,
Retrieved December 2014 from http://blog.zeltser.com/post/9451096125/process monitor filters for malware analysis
24. BAE Systems Detica (2013), Shylock Banking Trojan Evolution or Revolution, Retrieved
December 2014 from http://info.baesystemsdetica.com/rs/baesystems/images/ShylockWhitepaper.pdf 25. OWASP (2009), Retrieved December 2014 from https://www.owasp.org/index.php/Man in the browser_attack

Chris Cain, cicain08@gmail.com

Last Updated: February 14th, 2015

Upcoming SANS Training
Click Here for a full list of all Upcoming SANS Events by Location
10th Annual ICS Security Summit

Orlando, FLUS

Feb 22, 2015 - Mar 02, 2015

Live Event

SANS Munich 2015

Munich, DE

Feb 23, 2015 - Mar 07, 2015

Live Event

SANS DFIR Monterey 2015

Monterey, CAUS

Feb 23, 2015 - Feb 28, 2015

Live Event

SANS Cyber Guardian Baltimore 2015

Baltimore, MDUS

Mar 02, 2015 - Mar 07, 2015

Live Event

SANS Secure Singapore 2015

Singapore, SG

Mar 09, 2015 - Mar 21, 2015

Live Event

SANS Northern Virginia 2015

Reston, VAUS

Mar 09, 2015 - Mar 14, 2015

Live Event

SANS Abu Dhabi 2015

Abu Dhabi, AE

Mar 14, 2015 - Mar 19, 2015

Live Event

SANS Secure Canberra 2015

Canberra, AU

Mar 16, 2015 - Mar 28, 2015

Live Event

SANS Oslo 2015

Oslo, NO

Mar 23, 2015 - Mar 28, 2015

Live Event

SANS Stockholm 2015

Stockholm, SE

Mar 23, 2015 - Mar 28, 2015

Live Event

SANS Houston 2015

Houston, TXUS

Mar 23, 2015 - Mar 28, 2015

Live Event

SANS 2015

Orlando, FLUS

Apr 11, 2015 - Apr 18, 2015

Live Event

RSA Conference 2015

San Francisco, CAUS

Apr 19, 2015 - Apr 22, 2015

Live Event

Security Operations Center Summit & Training

Washington, DCUS

Apr 24, 2015 - May 01, 2015

Live Event

SANS SEC401 London

London, GB

Apr 27, 2015 - May 02, 2015

Live Event

SANS ICS London 2015

London, GB

Apr 27, 2015 - May 02, 2015

Live Event

SANS Bahrain 2015

Manama, BH

May 02, 2015 - May 07, 2015

Live Event

SANS Security West 2015

San Diego, CAUS

May 03, 2015 - May 12, 2015

Live Event

SANS Secure India 2015

Bangalore, IN

May 04, 2015 - May 16, 2015

Live Event

SANS Secure Europe 2015

Amsterdam, NL

May 05, 2015 - May 25, 2015

Live Event

SANS Scottsdale 2015

OnlineAZUS

Feb 16, 2015 - Feb 21, 2015

Live Event

SANS OnDemand

Books & MP3s OnlyUS

Anytime

Self Paced

Similar Documents

Premium Essay

Information Security Technologies

...Research Paper: Information Security Technologies by Benjamin Tomhave November 10, 2004 Prepared for: Professor Dave Carothers EMSE 218 The George Washington University This paper or presentation is my own work. Any assistance I received in its preparation is acknowledged within the paper or presentation, in accordance with academic practice. If I used data, ideas, words, diagrams, pictures, or other information from any source, I have cited the sources fully and completely in footnotes and bibliography entries. This includes sources which I have quoted or paraphrased. Furthermore, I certify that this paper or presentation was prepared by me specifically for this class and has not been submitted, in whole or in part, to any other class in this University or elsewhere, or used for any purpose other than satisfying the requirements of this class, except that I am allowed to submit the paper or presentation to a professional publication, peer reviewed journal, or professional conference. In adding my name following the word 'Signature', I intend that this certification will have the same authority and authenticity as a document executed with my hand-written signature. Signature _____Benjamin L. Tomhave________________________ Benjamin L. Tomhave 12/7/2004 1 Research Paper: Information Security Technologies by Benjamin L. Tomhave Abstract The following research paper provides analysis of thirteen (13) information security technology topics, arranged in ten (10)...

Words: 12903 - Pages: 52

Premium Essay

Information Security

...Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc...)[1] Two major aspects of information security are: • IT security: Sometimes referred to as computer security, Information Technology Security is information security applied to technology (most often some form of computer system). It is worthwhile to note that a computer does not necessarily mean a home desktop. A computer is any device with a processor and some memory (even a calculator). IT security specialists are almost always found in any major enterprise/establishment due to the nature and value of the data within larger businesses. They are responsible for keeping all of the technology within the company secure from malicious cyber attacks that often attempt to breach into critical private information or gain control of the internal systems. • Information assurance: The act of ensuring that data is not lost when critical issues arise. These issues include but are not limited to: natural disasters, computer/server malfunction, physical theft, or any other instance where data has the potential of being lost. Since most information is stored on computers in our modern era, information assurance is typically dealt with by IT security specialists. One of...

Words: 768 - Pages: 4

Premium Essay

Information Security

...The definition of Information Security is defined as “the protection of data itself.” Kim and Solomon (2012) Information Systems can be a combination of information technology and the people that support operations, management, and decision-making. Information Security, is the protection of information and information systems from unauthorized access, disclosure, use, disruption, modification, inspection, recording, or destruction. The terms Information Security, Computer Security, and Information Assurance are frequently used interchangeably. Although these terms are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information, there are some subtle differences between them. The differences lie primarily in the approach to the subject, the methodologies used and the areas of concentration. Information security is focused on the confidentiality, integrity, and availability of data regardless of the form the data may take. While computer security focuses on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer. Governments, military, corporations, financial institutions, hospitals and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across...

Words: 1040 - Pages: 5

Premium Essay

Information Security

...implementing the information security management standards, plus potential metrics for measuring and reporting the status of information security, both referenced against the ISO/IEC standards. Scope This guidance covers all 39 control objectives listed in sections 5 through 15 of ISO/IEC 27002 plus, for completeness, the preceding section 4 on risk assessment and treatment.  Purpose This document is meant to help others who are implementing or planning to implement the ISO/IEC information security management standards.  Like the ISO/IEC standards, it is generic and needs to be tailored to your specific requirements. Copyright This work is copyright © 2010, ISO27k Forum, some rights reserved.  It is licensed under the Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.  You are welcome to reproduce, circulate, use and create derivative works from this provided that (a) it is not sold or incorporated into a commercial product, (b) it is properly attributed to the ISO27k Forum at www.ISO27001security.com, and (c) derivative works are shared under the same terms as this. Ref. | Subject | Implementation tips | Potential metrics | 4. Risk assessment and treatment | 4.1 | Assessing security risks | Can use any information security risk management method, with a preference for documented, structured and generally accepted methods such as OCTAVE, MEHARI, ISO TR 13335 or BS 7799 Part 3. See ISO/IEC 27005 for general advice. | Information security risk management...

Words: 4537 - Pages: 19

Premium Essay

Information Security

...Information Security August 10, 2012 One of the biggest issues in the Information Technology field these days is information security. Today almost anything can be found on the internet. Even like how to videos on how to put in a window, break-into a house, or even hack computers. The digital age has many perks but it also has many down falls to it as well. The perks that we enjoy so much from the internet also leaves us open to identity theft and company information theft. This gives Information Technology professionals a lot to think about when they consider Information Technology. One of the biggest threats facing the IT industries today is the end users non-malicious security violations that leave companies vulnerable to attack. In a recent Computer Security Institute survey, 41 percent of the participating U.S organizations reported security incidents. (Guo, 2012 p. 203-236) Also according to the same survey it was found that 14 percent of the respondents stated that nearly all of their company’s loses and or breaches were do to non-malicious and or careless behavior by the end users. (Guo, 2012 p. 203-236) Some of the end users behaviors that help these threats along were the peer-to-peer file-sharing software installed by the end user that might compromise company computers. Some other examples of security being compromised by end users would be people that use sticky notes to write there passwords down and leave them where other people can see them...

Words: 1422 - Pages: 6

Premium Essay

Information Security

...production from the worm outbreak last month, and they directed us to improve the security of our technology. Gladys says you can help me understand what we need to do about it.” “To start with,” Charlie said, “instead of setting up a computer security solution, we need to develop an information security program. We need a thorough review of our policies and practices, and we need to establish an ongoing risk management program. There are some other things that are part of the process as well, but these would be a good start.” “Sounds expensive,” said Fred. Charlie looked at Gladys, then answered, “Well, there will be some extra expenses for specific controls and software tools, and we may have to slow down our product development projects a bit, but the program will be more of a change in our attitude about security than a spending spree. I don’t have accurate estimates yet, but you can be sure we’ll put cost-benefit worksheets in front of you before we spend any money.” Fred thought about this for a few seconds. “OK. What’s our next step?” Gladys answered, “First, we need to initiate a project plan to develop our new information security program. We’ll use our usual systems development and project management approach. There are a few differences, but we can easily adapt our current models. We’ll need to appoint or hire a person to be responsible for information security.” The Need for Security Our bad neighbor makes us early stirrers, Which is both healthful and good husbandry...

Words: 24411 - Pages: 98

Premium Essay

Information Security

...Information security means protecting information and information systems from unauthorized access, use, disclosure, modification or destruction. Since the early days of writing, heads of state and military commanders understood that it was necessary to provide some mechanism to protect the confidentiality of written correspondence and to have some means of detecting tampering. For over twenty years, information security has held confidentiality, integrity and availability as the core principles of information security. Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose personal information a system holds. In information security, integrity means that data cannot be modified without authorization. When Management chooses to mitigate a risk, they will do so by implementing one or more of three different types of controls. Administrative controls form the framework for running the business and managing people. Logical controls (also called technical controls) use software and data to monitor and control access to information and computing systems. Physical controls monitor and control the environment of the work place and computing facilities. Information security uses cryptography to transform usable information into a form that renders it unusable by anyone other than an authorized user; this process is called encryption ...

Words: 4064 - Pages: 17

Premium Essay

Information Security

...The Importance of Information Systems Security Mario M. Brooks Webster University SECR 5080 – Information Systems Security November 17, 2012 Abstract Information System Security is critical to the protection of vital information against unauthorized disclosure for legal and competitive reasons. All critical information must be protected against accidental and deliberate modification. The establishment and maintenance of documents that have been created, sent, and received will be the cornerstone of all financial establishments in modern society. Poor security practices and weak security policies lead to damages to systems. Criminal or civil proceedings can be the result if the perpetuators are caught and if third parties are harmed via those compromised systems. In this paper, Information System will be defined. The paper will also discuss the lapses, vulnerabilities, and the various ways of improving the system. It is very important that the make-up of Information Systems Security and their capabilities are understood. Information Systems can be a combination of information technology and the people that support operations, management, and decision-making. Information Security, is the protection of information and information systems from unauthorized access, disclosure, use, disruption, modification, inspection, recording, or destruction. The terms Information Security, Computer Security, and Information Assurance are frequently used interchangeably...

Words: 1133 - Pages: 5

Premium Essay

Information Security

...Assessment Information Management Dovile Vebraite B00044098 Department of Business School of Business & Humanities Institute of Technology, Blanchardstown Dublin 15. Higher Certificate of Business Information Management 20/08/2014 Contents What is Information Security? ........................................................................ 3 What are the Goals of Information Systems Security? ….……………………………. 4 How big is the Security Problem? ………………………………………………………………. 5 Information Security Threats ……………………………………………………………………… 6 How to Secure the Information Systems? ………………………………………………….. 7 Conclusion …………………………………………………………………………………………………. 8 Bibliography ………………………………………………………………………………………………. 9 What is information security? ‘’Information security, to protect the confidentiality, integrity and availability of information assets, whether in storage, processing or transmission. It is achieved via the application of policy, education, training and awareness, and technology.’’ (Whitman, Mattord, 2011). Information security is the protection of information and information systems from unauthorised access, modification, disruption, destruction, disclosure, or use. In other words it handles the risk management. The definition of information security is based on the concept that if there is a loss of CIA (confidentiality, integrity and availability) of information, then the person or business will suffer harm. What are the goals of information systems...

Words: 1543 - Pages: 7

Premium Essay

Information Security

...Why Information Security is Hard – An Economic Perspective Ross Anderson University of Cambridge Computer Laboratory, JJ Thomson Avenue, Cambridge CB3 0FD, UK Ross.Anderson@cl.cam.ac.uk Abstract According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved. In this note, I put forward a contrary view: information insecurity is at least as much due to perverse incentives. Many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons. risk of forged signatures from the bank that relies on the signature (and that built the system) to the person alleged to have made the signature. Common Criteria evaluations are not made by the relying party, as Orange Book evaluations were, but by a commercial facility paid by the vendor. In general, where the party who is in a position to protect a system is not the party who would suffer the results of security failure, then problems may be expected. A different kind of incentive failure surfaced in early 2000, with distributed denial of service attacks against a number of high-profile web sites. These exploit a number...

Words: 5786 - Pages: 24

Premium Essay

Information Security

...Human differences Human beings are prone to certain characteristics that tend to affect their relation to information security. Information security refers to the ability of an individual to ensure that information is free from any kind of access by unwarranted individuals. There are several human inadequacies that affect the level of information security. However, this discussion is going to concentrate on three major human characteristics that affect information security. These include: acts of omission, acts of commission and acts of sequence. These three acts are important in to information security because they are not related to distortion of information but they increase the challenges in regard to making information secure. Information security involves the ability of an individual to access certain preserved information with ease. Information security does not involve distortion of information. These reasons make these three acts to be a concern to stakeholders within the information security sector. These three acts have distinct influence on the level of security in regard to information. Parsons et.al (2010) argues that acts of omission involve the inability to execute important activities when dealing with information. There are certain requirements in the field of information that require constant activities. For example, it is recommended that one should change his passwords regularly to reduce cases of illegal access by unwarranted individuals (Parsons et.al...

Words: 974 - Pages: 4

Premium Essay

Information Security

...Attack On Government Computers Computer Security Attack on Government Computers The emergence of computers has augmented information storage in various sectors. Information System (IS) refers to an assembly of computers that aids to collate, stockpile, process, and commune information. The government is one of the principal entities that utilize IS to ensure safety of the country’s information. However, the storage systems normally face attacks by some outer entities. The aim of such hackings ranges from access to confidential information to attacks. Some of the remarkable attackers encompass rival states, revolutionaries, criminals, as well as illegal insiders (Rainer Jr & Cegielski, 2009)The software and information engineers have the required expertise to safeguard the systems thus evading and countering the attacks. The US government has faced myriads of attacks, especially the security information. It is imperative to assert that the notable attacks arise from the terrorists who target the government and other critical points within US. Records show that cyber attacks on federal computer networks increased 40 percent last year, and that figure is likely low as it reflects only the reported attacks. Based on data provided to USA Today by US-CERT, unauthorized access to government computers and installations of hostile programs rose from a combined 3,928 incidents in 2007 to 5,488 in 2008. (Government, 2008) According to Brad Curran, Frost & Sullivan...

Words: 540 - Pages: 3

Premium Essay

Management of Information Security

...Review Questions for Chapter 7 – Security Management Practices Read Chapter 7 in the text, Study the Power Point Presentation and answer these Review Questions 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. What is benchmarking? What is the standard of due care? How does it relate to due diligence? What is a recommended security practice? What is a good source for finding such best practices? What is a gold standard in information security practices? Where can you find published criteria for it? When selecting recommended practices, what criteria should you use? When choosing recommended practices, what limitations should you keep in mind? What is baselining? How does it differ from benchmarking? What are the NIST-recommended documents that support the process of baselining? What is a performance measure in the context of information security management? What types of measures are used for information security management measurement programs? According to Dr. Kovacich, what are the critical questions to be kept in mind when developing a measurements program? What factors are critical to the success of an information security performance program? What is a performance target, and how is it used in establishing a measurement program? Answer: Performance targets are values assigned to specific metrics that indicate acceptable levels of performance. They make it possible to define success in the security program. 14. 15. List and describe the fields found in a properly and fully...

Words: 1387 - Pages: 6

Premium Essay

Information Security Policy

... Information Security Policy Student Name: Brice Washington Axia College IT/244 Intro to IT Security Instructor’s Name: Professor Smith Date: 11/7/2011 Table of Contents 1. Executive Summary 1 2. Introduction 1 3. Disaster Recovery Plan 1 3.1. Key elements of the Disaster Recovery Plan 1 3.2. Disaster Recovery Test Plan 1 4. Physical Security Policy 1 4.1. Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References 3 Executive Summary Due in Week Nine: Write 3 to 4 paragraphs giving a bottom-line summary of the specific measureable goals and objectives of the security plan, which can be implemented to define optimal security architecture for the selected business scenario. With advancements in technology there is a need to constantly protect one’s investments and assets. This is true for any aspect of life. Bloom Design is growing and with that growth we must always be sure to stay on top of protecting ourselves with proper security. For Bloom Design...

Words: 4226 - Pages: 17

Premium Essay

Information Security

...Computer Security Anyone would agree that private information needs to remain private. To keep any information secured takes a lot of time and effort. In order to make sure the information will be kept private the information itself has to satisfy certain properties in order to make sure the information is kept secured. “Confidentiality, integrity and availability have been considered the three core principles of information security for more than two decades. They are commonly referred to as the CIA triad” (Cyber Secure Online, 2013). When designing security controls you will definitely be addressing one or more of these core principles. Even though these principles were considered core security professionals realized that the focus cannot solely be on these three principles alone. The CIA triad was expanded by adding an additional four principles that have enhanced and would now have a more sufficient in protecting confidential information. Listed here are the seven principles of the Expanded CIA triad: Confidentiality, Integrity, Availability, Possession, Authenticity, Utility, and Accuracy. As stated above many of the security professionals did not want all concentration to be on the original three, so it made sense to expand. This will ensure that the information that needs to be protected is protected thoroughly. “Each time an information technology team installs a software application or computer server, analyzes an data transport method, creates a database...

Words: 453 - Pages: 2