An adversary exploits the inherent functionalities of a web browser, in order to establish an unnoticed remote desktop connection in the victim's browser to the adversary's system. The adversary must deploy a web client with a remote desktop session that the victim can access.
Description
Attack Execution Flow
3
1
Step 1
Explore[Identify potential targets] The adversary identifies an application or service that the target is likely to use.
The adversary stands up a server to host the transparent browser and entices victims to use it by using a domain name similar to the legitimate application. In addition to the transparent browser, the adversary could also install a web proxy, sniffer, keylogger, and other tools to assist in their goals.
AI Translation
[Identificare potenziali obiettivi] L'avversario identifica un'applicazione o un servizio che il target è probabile utilizzare.
L'avversario configura un server per ospitare il browser trasparente e induce le vittime a utilizzarlo utilizzando un nome di dominio simile all'applicazione legittima. Oltre al browser trasparente, l'avversario potrebbe anche installare un web proxy, sniffer, keylogger e altri strumenti per supportare i propri obiettivi.
Attack Techniques
-
The adversary stands up a server to host the transparent browser and entices victims to use it by using a domain name similar to the legitimate application. In addition to the transparent browser, the adversary could also install a web proxy, sniffer, keylogger, and other tools to assist in their goals.
2
Step 2
Experiment[Lure victims] The adversary crafts a phishing campaign to lure unsuspecting victims into using the transparent browser.
An adversary can create a convincing email with a link to download the web client and interact with the transparent browser.
AI Translation
[Indurre le vittime] L'avversario crea una campagna di phishing per attirare vittime ignare a utilizzare il browser trasparente.
Un avversario può creare un'email convincente con un link per scaricare il client web e interagire con il browser trasparente.
Attack Techniques
-
An adversary can create a convincing email with a link to download the web client and interact with the transparent browser.
3
Step 3
Exploit[Monitor and Manipulate Data] When the victim establishes the connection to the transparent browser, the adversary can view victim activity and make alterations to what the victim sees when browsing the web.
Once a victim has established a connection to the transparent browser, the adversary can use installed tools such as a web proxy, keylogger, or additional malicious browser extensions to gather and manipulate data or impersonate the victim.
AI Translation
[Monitorare e Manipolare Dati] Quando la vittima stabilisce la connessione al browser trasparente, l'avversario può visualizzare l'attività della vittima e apportare modifiche a ciò che la vittima vede durante la navigazione web.
Una volta che una vittima ha stabilito una connessione al browser trasparente, l'avversario può utilizzare strumenti installati come un web proxy, keylogger o estensioni del browser dannose aggiuntive per raccogliere e manipolare dati o impersonare la vittima.
Attack Techniques
-
Once a victim has established a connection to the transparent browser, the adversary can use installed tools such as a web proxy, keylogger, or additional malicious browser extensions to gather and manipulate data or impersonate the victim.
Mitigations
1
Implementation: Use Strong, Mutual Authentication To Fully Authenticate With Both Ends Of Any Communications Channel
Consequences
Security Scopes Affected
Access Control
Authentication
Authorization
Confidentiality
Integrity
Potential Impacts
Gain Privileges
Modify Data
Read Data
Relationships
Parent CAPECs
Resources Required
1
A web application with a client is needed to enable the victim's browser to establish a remote desktop connection to the system of the adversary.