{"id":48696,"date":"2022-05-06T10:12:30","date_gmt":"2022-05-06T09:12:30","guid":{"rendered":"https:\/\/www.soitron.com\/?p=48696"},"modified":"2022-06-02T11:58:16","modified_gmt":"2022-06-02T10:58:16","slug":"nova-technika-phishingu-browser","status":"publish","type":"post","link":"https:\/\/new.soitron.com\/cs\/nova-technika-phishingu-browser\/","title":{"rendered":"Tento typ phishingov\u00e9ho \u00fatoku zamot\u00e1 hlavu i zku\u0161en\u00fdm IT expert\u016fm"},"content":{"rendered":"\n<p><strong><a href=\"https:\/\/www.soitron.sk\/slovnik-kybernetickej-bezpecnosti\/\">Phishing<\/a>, tedy forma \u00fatoku, kdy se naru\u0161itel sna\u017e\u00ed z ob\u011bti z\u00edskat citliv\u00e1 data je b\u011b\u017enou hrozbou, kter\u00e1 existuje mnoho let. Vyu\u017e\u00edv\u00e1 r\u016fzn\u00e9 techniky soci\u00e1ln\u00edho in\u017een\u00fdrstv\u00ed, aby p\u0159esv\u011bd\u010dila nic netu\u0161\u00edc\u00edho u\u017eivatele k poskytnut\u00ed p\u0159ihla\u0161ovac\u00edch \u00fadaj\u016f, kter\u00e9 \u00fato\u010dn\u00edk sb\u00edr\u00e1. Nyn\u00ed se objevila zcela nov\u00e1 technika, kterou dost mo\u017en\u00e1 neodhal\u00ed ani IT experti, a tak i oni mohou \u201enalet\u011bt\u201c.<\/strong><\/p>\n\n\n\n<p>I p\u0159es v\u0161echny r\u016fzn\u00e9 ochrann\u00e9 syst\u00e9my by dnes ka\u017ed\u00fd u\u017eivatel vyu\u017e\u00edvaj\u00edc\u00ed internet m\u011bl b\u00fdt ve st\u0159ehu. V p\u0159\u00edpad\u011b surfov\u00e1n\u00ed a dvojn\u00e1sob p\u0159i klik\u00e1n\u00ed na odkazy \u010di p\u0159esm\u011brov\u00e1n\u00ed na jin\u00e9 webov\u00e9 str\u00e1nky, je vhodn\u00e9 si nejprve zkontrolovat spr\u00e1vnost URL adresy \u2013 tedy, zda nap\u0159. m\u00edsto na google.com se neobjevil na googlle.com. \u201ePouze jedno jedin\u00e9 jin\u00e9 p\u00edsmenko m\u016f\u017ee zad\u011blat na velk\u00e9 probl\u00e9my. Ob\u011b str\u00e1nky mohou vypadat zcela stejn\u011b. Ov\u0161em jen jedna je prav\u00e1. Ta druh\u00e1 bude dost mo\u017en\u00e1 podvr\u017een\u00e1 a m\u00e1 za c\u00edl formou phishingu z u\u017eivatele vyl\u00e1kat osobn\u00ed data,\u201c prozrazuje <strong>Martin Lohnert, specialista pro oblast kyberbezpe\u010dnosti v technologick\u00e9 spole\u010dnosti Soitron.<\/strong><\/p>\n\n\n\n<p>Jakmile si je u\u017eivatel jist\u00fd, \u017ee je na spr\u00e1vn\u00e9 adrese, potom by m\u011bl je\u0161t\u011b zkontrolovat, zda se p\u0159ed adresou nach\u00e1z\u00ed ikona z\u00e1mku (URL webu zobrazuje https, co\u017e znamen\u00e1, \u017ee web je zabezpe\u010den TLS\/SSL \u0161ifrov\u00e1n\u00edm). T\u00edm browser u\u017eivateli d\u00e1v\u00e1 na v\u011bdom\u00ed, \u017ee komunikace s webem je zabezpe\u010dena. K t\u011bmto kontroln\u00edm krok\u016fm je od te\u010f nutn\u00e9 p\u0159idat je\u0161t\u011b jeden nov\u00fd.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">T\u00e9m\u011b\u0159 nezjistiteln\u00fd phishing<\/h2>\n\n\n\n<p><br>Nov\u00e1 technika phishingu zvan\u00e1 browser-in-the-browser (BitB) \u00fatok, kterou popsal penetra\u010dn\u00ed tester mr.d0x, vyu\u017e\u00edv\u00e1 k simulaci vyskakovac\u00ed okno internetov\u00e9ho prohl\u00ed\u017ee\u010de v prohl\u00ed\u017ee\u010di. Zejm\u00e9na jde o okna pro jednotn\u00e9 p\u0159ihl\u00e1\u0161en\u00ed t\u0159et\u00edch stran (SSO).<\/p>\n\n\n\n<p>V sou\u010dasn\u00e9 dob\u011b nen\u00ed v\u00fdjimkou, kdy u\u017eivatel k ov\u011b\u0159en\u00ed sv\u00e9 identity na n\u011bjak\u00e9 webov\u00e9 str\u00e1nce, slu\u017eb\u011b \u010di e-shopu, vyu\u017eije sv\u016fj ji\u017e existuj\u00edc\u00ed \u00fa\u010det u Google, Microsoftu, Apple, Facebooku atd. Prost\u0159ednictv\u00edm vyskakovac\u00edho okna \u201eP\u0159ihl\u00e1sit se p\u0159es\u2026\u201c nemus\u00ed st\u00e1le dokola zakl\u00e1dat nov\u00e9 \u00fa\u010dty. Av\u0161ak zfal\u0161ov\u00e1n\u00edm tohoto okna, respektive legitimn\u00ed dom\u00e9ny, je mo\u017en\u00e9 p\u0159ipravit p\u0159esv\u011bd\u010div\u00fd phishingov\u00fd \u00fatok.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Jak snadn\u00e9 je vytvo\u0159it identick\u00e9 okno<\/h2>\n\n\n\n<p><br>Zat\u00edmco v\u00fdchoz\u00edm chov\u00e1n\u00edm webov\u00e9 str\u00e1nky p\u0159i pokusu u\u017eivatele o p\u0159ihl\u00e1\u0161en\u00ed pomoc\u00ed SSO metody k dokon\u010den\u00ed procesu ov\u011b\u0159ov\u00e1n\u00ed je uv\u00edt\u00e1n\u00ed vyskakovac\u00edm oknem, \u00fatok BitB m\u00e1 za c\u00edl replikovat cel\u00fd tento proces pomoc\u00ed kombinace HTML k\u00f3du a CSS stylu, a tak vytvo\u0159it zcela podvr\u017een\u00e9 identick\u00e9 okno prohl\u00ed\u017ee\u010de. \u201eZkombinovan\u00fd design okna s iframe prvkem, kter\u00fd ukazuje na \u0161kodliv\u00fd server hostuj\u00edc\u00ed phishingovou str\u00e1nku, je v podstat\u011b k nerozezn\u00e1n\u00ed od toho prav\u00e9ho,\u201c uv\u00e1d\u00ed mr.d0x.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"554\" height=\"383\" src=\"https:\/\/www.soitron.com\/wp-content\/uploads\/2022\/05\/browser_in_browser_phishing.png\" alt=\"\" class=\"wp-image-48697\" srcset=\"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/05\/browser_in_browser_phishing.png 554w, https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/05\/browser_in_browser_phishing-300x207.png 300w, https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/05\/browser_in_browser_phishing-338x234.png 338w\" sizes=\"(max-width: 554px) 100vw, 554px\" \/><figcaption>Jen velmi m\u00e1lo u\u017eivatel\u016f si v\u0161imne nepatrn\u00fdch rozd\u00edl\u016f mezi t\u011bmito dv\u011bma okny. Zdroj: mr.d0x<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Ochrana p\u0159ed \u0161kodliv\u00fdm vyskakovac\u00edm oknem<\/h2>\n\n\n\n<p><br>Jakmile u\u017eivatel vypln\u00ed p\u0159ihla\u0161ovac\u00ed \u00fadaje \u2013 nej\u010dast\u011bji jm\u00e9no, nebo e-mail, p\u0159\u00edpadn\u011b telefonn\u00ed \u010d\u00edslo a zad\u00e1 heslo \u2013 m\u00e1 zad\u011bl\u00e1no na probl\u00e9m, proto\u017ee je nev\u011bdomky \u201evyzrad\u00ed\u201c. K jejich zneu\u017eit\u00ed nemus\u00ed doj\u00edt okam\u017eit\u011b, ale informace jsou ulo\u017eeny do datab\u00e1ze \u00fato\u010dn\u00edka a ta spolu s jin\u00fdmi obratem nab\u00eddnuta k prodeji. P\u0159ihla\u0161ovac\u00ed \u00fadaje tak zneu\u017eije a\u017e n\u00e1sledn\u00fd kupuj\u00edc\u00ed.<\/p>\n\n\n\n<p>\u201eOchranou proti tomuto typu \u00fatoku je krom\u011b kontroly URL, tedy toho, zda se skute\u010dn\u011b nach\u00e1z\u00edme na spr\u00e1vn\u00e9m webu a zda je komunikace \u0161ifrov\u00e1na to, \u017ee okno pro jednotn\u00e9 p\u0159ihl\u00e1\u0161en\u00ed uchop\u00edme a zkus\u00edme posunout mimo aktu\u00e1ln\u011b na\u010dtenou webovou str\u00e1nku. Pokud se to poda\u0159\u00ed, je v\u0161e v po\u0159\u00e1dku. Pokud nikoliv, jde o JavaScriptov\u00e9 okno, kter\u00e9 je podvr\u017eeno. Do n\u011bj p\u0159ihla\u0161ovac\u00ed \u00fadaje nikdy nevypl\u0148ujte,\u201c dod\u00e1v\u00e1 z\u00e1v\u011brem Martin Lohnert.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Phishing, tedy forma \u00fatoku, kdy se naru\u0161itel sna\u017e\u00ed z ob\u011bti z\u00edskat citliv\u00e1 data je b\u011b\u017enou hrozbou, kter\u00e1 existuje mnoho let. Vyu\u017e\u00edv\u00e1 r\u016fzn\u00e9 techniky soci\u00e1ln\u00edho in\u017een\u00fdrstv\u00ed, aby p\u0159esv\u011bd\u010dila nic netu\u0161\u00edc\u00edho u\u017eivatele k poskytnut\u00ed p\u0159ihla\u0161ovac\u00edch \u00fadaj\u016f, kter\u00e9 \u00fato\u010dn\u00edk sb\u00edr\u00e1. Nyn\u00ed se objevila zcela nov\u00e1 technika, kterou dost mo\u017en\u00e1 neodhal\u00ed ani IT experti, a tak i oni mohou [&hellip;]<\/p>\n","protected":false},"author":34,"featured_media":48700,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[143],"tags":[],"news_categories":[371],"class_list":["post-48696","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized-cs","news_categories-bezpecnost-cs"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Phishingov\u00fd \u00fatok, kter\u00fd zamot\u00e1 hlavu i zku\u0161en\u00fdm IT expert\u016fm<\/title>\n<meta name=\"description\" content=\"Nov\u00e1 technika phishingu zvan\u00e1 browser-in-the-browser (BitB) \u00fatok, vyu\u017e\u00edv\u00e1 k simulaci vyskakovac\u00ed okno internetov\u00e9ho prohl\u00ed\u017ee\u010de v prohl\u00ed\u017ee\u010di.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Phishingov\u00fd \u00fatok, kter\u00fd zamot\u00e1 hlavu i zku\u0161en\u00fdm IT expert\u016fm\" \/>\n<meta property=\"og:description\" content=\"Nov\u00e1 technika phishingu zvan\u00e1 browser-in-the-browser (BitB) \u00fatok, vyu\u017e\u00edv\u00e1 k simulaci vyskakovac\u00ed okno internetov\u00e9ho prohl\u00ed\u017ee\u010de v prohl\u00ed\u017ee\u010di.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/\" \/>\n<meta property=\"og:site_name\" content=\"Soitron\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-06T09:12:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-06-02T10:58:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/05\/Untitled-design-7-1024x1024.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Natalia Jurakova\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Natalia Jurakova\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Phishingov\u00fd \u00fatok, kter\u00fd zamot\u00e1 hlavu i zku\u0161en\u00fdm IT expert\u016fm","description":"Nov\u00e1 technika phishingu zvan\u00e1 browser-in-the-browser (BitB) \u00fatok, vyu\u017e\u00edv\u00e1 k simulaci vyskakovac\u00ed okno internetov\u00e9ho prohl\u00ed\u017ee\u010de v prohl\u00ed\u017ee\u010di.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"cs_CZ","og_type":"article","og_title":"Phishingov\u00fd \u00fatok, kter\u00fd zamot\u00e1 hlavu i zku\u0161en\u00fdm IT expert\u016fm","og_description":"Nov\u00e1 technika phishingu zvan\u00e1 browser-in-the-browser (BitB) \u00fatok, vyu\u017e\u00edv\u00e1 k simulaci vyskakovac\u00ed okno internetov\u00e9ho prohl\u00ed\u017ee\u010de v prohl\u00ed\u017ee\u010di.","og_url":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/","og_site_name":"Soitron","article_published_time":"2022-05-06T09:12:30+00:00","article_modified_time":"2022-06-02T10:58:16+00:00","og_image":[{"width":1024,"height":1024,"url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/05\/Untitled-design-7-1024x1024.png","type":"image\/png"}],"author":"Natalia Jurakova","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Natalia Jurakova","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/#article","isPartOf":{"@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/"},"author":{"name":"Natalia Jurakova","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/da4bfcbfdc7cb1175aef5d403061c986"},"headline":"Tento typ phishingov\u00e9ho \u00fatoku zamot\u00e1 hlavu i zku\u0161en\u00fdm IT expert\u016fm","datePublished":"2022-05-06T09:12:30+00:00","dateModified":"2022-06-02T10:58:16+00:00","mainEntityOfPage":{"@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/"},"wordCount":741,"publisher":{"@id":"https:\/\/new.soitron.com\/#organization"},"image":{"@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/#primaryimage"},"thumbnailUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/05\/Untitled-design-7.png","articleSection":["Uncategorized @cs"],"inLanguage":"cs-CZ"},{"@type":"WebPage","@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/","url":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/","name":"Phishingov\u00fd \u00fatok, kter\u00fd zamot\u00e1 hlavu i zku\u0161en\u00fdm IT expert\u016fm","isPartOf":{"@id":"https:\/\/new.soitron.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/#primaryimage"},"image":{"@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/#primaryimage"},"thumbnailUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/05\/Untitled-design-7.png","datePublished":"2022-05-06T09:12:30+00:00","dateModified":"2022-06-02T10:58:16+00:00","description":"Nov\u00e1 technika phishingu zvan\u00e1 browser-in-the-browser (BitB) \u00fatok, vyu\u017e\u00edv\u00e1 k simulaci vyskakovac\u00ed okno internetov\u00e9ho prohl\u00ed\u017ee\u010de v prohl\u00ed\u017ee\u010di.","breadcrumb":{"@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/#breadcrumb"},"inLanguage":"cs-CZ","potentialAction":[{"@type":"ReadAction","target":["https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/"]}]},{"@type":"ImageObject","inLanguage":"cs-CZ","@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/#primaryimage","url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/05\/Untitled-design-7.png","contentUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2022\/05\/Untitled-design-7.png","width":1200,"height":1200,"caption":"broswer"},{"@type":"BreadcrumbList","@id":"https:\/\/new.soitron.com\/new-type-of-phishing-attack-browser\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/new.soitron.com\/"},{"@type":"ListItem","position":2,"name":"Tento typ phishingov\u00e9ho \u00fatoku zamot\u00e1 hlavu i zku\u0161en\u00fdm IT expert\u016fm"}]},{"@type":"WebSite","@id":"https:\/\/new.soitron.com\/#website","url":"https:\/\/new.soitron.com\/","name":"Soitron","description":"Soitron je IT firma s 30letou tradici.","publisher":{"@id":"https:\/\/new.soitron.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/new.soitron.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"cs-CZ"},{"@type":"Organization","@id":"https:\/\/new.soitron.com\/#organization","name":"Soitron","url":"https:\/\/new.soitron.com\/","logo":{"@type":"ImageObject","inLanguage":"cs-CZ","@id":"https:\/\/new.soitron.com\/#\/schema\/logo\/image\/","url":"https:\/\/new.soitron.com\/wp-content\/uploads\/2016\/10\/Soitron_logo.png","contentUrl":"https:\/\/new.soitron.com\/wp-content\/uploads\/2016\/10\/Soitron_logo.png","width":224,"height":56,"caption":"Soitron"},"image":{"@id":"https:\/\/new.soitron.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/da4bfcbfdc7cb1175aef5d403061c986","name":"Natalia Jurakova","image":{"@type":"ImageObject","inLanguage":"cs-CZ","@id":"https:\/\/new.soitron.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/1acd0f0b322c56059c32d84e222e637666ee594f4a6dde61c2fc4ac19b571a9c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1acd0f0b322c56059c32d84e222e637666ee594f4a6dde61c2fc4ac19b571a9c?s=96&d=mm&r=g","caption":"Natalia Jurakova"},"url":"https:\/\/new.soitron.com\/cs\/author\/naty\/"}]}},"_links":{"self":[{"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/posts\/48696","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/users\/34"}],"replies":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/comments?post=48696"}],"version-history":[{"count":0,"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/posts\/48696\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/media\/48700"}],"wp:attachment":[{"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/media?parent=48696"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/categories?post=48696"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/tags?post=48696"},{"taxonomy":"news_categories","embeddable":true,"href":"https:\/\/new.soitron.com\/cs\/wp-json\/wp\/v2\/news_categories?post=48696"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}