The trend of developing automated phishing tools continues as RSA Security discovers a man-in-the-middle attack kit.
The kit, reportedly being offered in demo form on a Web forum, automates the creation of a fraudulent URL, which in turn acts as the man-in-the-middle to communicate with a targeted legitimate Web site. The technique allows criminals to gather sensitive private information from unsuspecting users in real time.
RSA called the kit "universal" because it can be configured to work with any target site. The company added that the kit differs from typical attack methods in that it can allow an intruder to intercept any credentials transmitted between the end user and the target Web site.
"As institutions put additional online security measures in place, inevitably the fraudsters are looking at new ways of duping innocent victims and stealing their information and assets. While these types of attacks are still considered 'next generation,' we expect them to become more widespread over the course of the next 12-18 months," said Marc Gaffan, director of marketing for Consumer Solutions at RSA.
