Skip to main content

Some Mitigation Against Phishing and MITM



  • Regular phishing awareness should be done in the organization.
  • Regular 2FA/MFA hacking awareness should be done in the organization.
  • The Phishing campaign should be run internally in the organization to check the employee's awareness.
  • Reward the employees if they successfully pass the phishing internal check. So that all other employees remember it.
  • Reward the employees who tell about the phishing email or any phishing activity. This creates a positive impact in the organization and the team.
  • The common misconception people have with the standard form of MFA (SMS, Touch, Push) is that it prevents social engineering. Although it MFA protects against an attack, it's commonly still vulnerable to a MITM phishing attack. Check the example of Uber Hack 2022 
  • Take a regular quiz related to phishing and reward some of the employees who pass the quiz. This will motivate others.
  • Always check the domain name while entering the username and password. Make this a habit.
  • Block phishing emails and phishing URLs.
  • Always enable MFA in all the online services to make it harder to hack for an attacker.
  • Enable MFA for sensitive/important privilege services. Example: If a valid user already logged into the app and they try to add a new user, the app should again ask for MFA. This practice decreases the overall attack scope.
  • Use certificate-based authentication. It reduces insecure password practices and also bruteforce-related vulnerabilities.
  • Implement continuous monitoring on your digital services. Like location change, machine change, etc.
  • Avoid password reuse and use a strong password.
  • Stop using SMS MFA and start using push notifications like Ping ID, FIDO2, Touch ID, Face ID, etc like this.
  • Don't use untrusted public internet for connecting the VPN for accessing the organization's services.
  • Implement User/Entity Behavior Analytics (UEBA) in your organization.
  • Apply access restrictions like VPN connectivity only done with the compliant device only. (Example: the use of a certificate for login into the VPN service or a certain location is required for login [IP Fence])
  • Use Anti-Phishing solutions
  • Implement Brand monitoring solutions like Brandshield that regularly scan the Internet and try to find anything related to the brand and report that.
  • The best defense is to use U2F (Universal 2nd Factor). It's a hardware device that uses cryptography to prevent MITM phishing and phishing attack. 


How does U2F (Universal 2nd Factor) prevent the MITM and phishing (Simple Explanation)

  • A user generates the public and private keys.
  • A user registers the public key with services like Google if a user wants to implement the U2F on Google.
  • When a user tries to log in to Google, the Google server sends a random challenge to the client browser.
  • The U2F creates the digital signature by using the private key of both the challenge and the domain of the website that the user is actually on. 

So if an attacker uses MITM phishing, the domain that is digitally signed by the private key can't be used by the real domain. 

Example: 

An attacker uses go0le.com the user's browser creates the digital signature for go0le.com. If the attacker uses MITM phishing and forwards the request to the actual google.com. The real goole.com can't validate the signature created for go0le.com. In this way, it protects against phishing and MITM. 



Comments

Popular posts from this blog

Free Cybersecurity Certifications

Introduction to Cybersecurity Cybersecurity Essentials Networking Essentials Android Bug Bounty Hunting: Hunt Like a Rat Ethical Hacking Essentials (EHE) Digital Forensics Essentials (DFE) Network Defense Essentials (NDE) Introduction to Dark Web, Anonymity, and Cryptocurrency AWS Skill Builder Introduction to Cybersecurity Building a Cybersecurity Toolkit Cyber Aces Free Cyber Security Training Course Introduction to Information Security Penetration Testing - Discovering Vulnerabilities

Web Application Security Testing (WAPT) Interview Questions

Let's Contribute All Together For Creating a Questions Dump What are the vulnerabilities you have to test in the Login form, Payment gateway? What is clickjacking? What is the mitigation of clickjacking? What is CSRF? How to mitigate CSRF? Let's take an example, If a developer implements a CSRF token in a cookie, will it mitigate the CSRF issue? Is it possible to mitigate the CSRF by header? If yes why, if No why? If the data is in JSON format, how you will check the CSRF issue and what are the ways of exploitation? Where to implement the CSRF token and why? If the client doesn't want to change the UI or doesn't want to implement the CSRF tokens, and headers then what mitigation you recommended to the client for CSRF? What is the problem with the per-request token? Is login CSRF possible? Explain login CSRF? Have you ever exploited it? What is the mitigation for login CSRF? Suppose, in an application csrf token is implemented in each request and every request, except th

Is your webcam exposed on the internet and everyone enjoying your personal moments? | How to check webcam or security camera is exposed on the internet or not?

Nowadays we start using many technology devices in our homes. Many people are installing CCTV or security cameras in their houses, private rooms, offices, private places, etc for security purposes and monitoring, but many of them don't know how to configure that device securely. So let's talk about CCTV and security cameras only.  What do most CCTV/Security camera users believe? Most users believe that using a strong username and password on a camera administrative page protects them. (Partially true in the case of online cameras) Example: Why it is partially true? It's partially true because you are protecting only the camera administrative page which is also an important part. Still, you are not protecting the protocol used to control streaming media servers (Real-Time Streaming Protocol ( RTSP )). I have seen many online webcams whose administrative page is secured by strong credentials, but they forget to secure the RTSP protocol which gives me access to the streaming