‘Man in the middle’ phishing attacks to surge, says RSA

Security supplier RSA has warned of a likely surge in "man in the middle" (MITM) phishing attacks after it discovered free hacking kits are being circulated.

Security supplier RSA has warned of a likely surge in "man in the middle" (MITM) phishing attacks after it discovered free hacking kits are being circulated.

Until recently, the capability to create a bogus web site, which is used to steal confidential and personal finance information, changed hands in the criminal underworld for $500 a time, said Andrew Moloney, director of financial services security for RSA.

However, criminals are now giving away these web kits in a bid to stimulate their channel to market. Instead of a one-off payment, they are receiving a regular revenue stream of stolen funds.

"Instead of selling the software, they get a copy of every set of personal information that the phishers obtain," said Moloney, "so now there are far more criminals out there phishing for personal information."

RSA has traced kits that target more than 10 of the world's leading financial institutions. The RSA 24/7 anti-fraud command centre handles MITM attacks in a similar fashion to the way it deals with standard phishing attacks, by monitoring sites and attempting to block them. But Moloney admitted that proactive action is beyond the company.

Although MITM attacks are considered to be a next-generation attack by many, Moloney said they expect them to become widespread over the course of the next 12 months to 18 months. "Very few of the criminals get caught. And even if they were, they are rarely in the same country as the businesses they target, so it is rare anyone will be prosecuted."

The UK is now the second most popular phishing destination after the US, according to the RSA's research.

Comment on this article: computer.weekly@rbi.co.uk

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close