SafeGuard Cyber Provides Security Advice for Defending Against Browser-in-the-Browser (BitB) Attacks

April 11, 2022

3 Min Read


CHARLOTTESVILLE, Va. , April 11, 2022 /PRNewswire/ -- A clever new credential phishing attack known as "Browser-in-the-Browser" (BitB) has recently emerged which could catch many employees off-guard, leading to dangerous account takeover attacks that impact corporations.

The BitB attack, which is now being used by the Ghostwriter hacking group, is nearly invisible to its victims since it deftly exploits the single sign-on (SSO) authentication method common on websites. The attack imitates a legitimate SSO popup window, such as "Sign in with Google" or "Sign in with Facebook," and is even able to spoof a real URL address, which makes it difficult to tell if the login window is fake.

SafeGuard Cyber is warning companies to expect more targeted BitB attacks, since this credential phishing tactic is extremely convincing and easy for criminal hackers to implement. As the world's leading provider of security and compliance solutions for today's communications-based threats, SafeGuard Cyber has created a helpful online explainer of the BitB attack method, along with key security advice for companies to follow.

"BitB is a new social engineering tactic that only recently came to light, but it is likely to become a popular tactic among many criminal and nation-state groups due to its effectiveness and ease of use," said Chris Lehman, CEO of SafeGuard Cyber. "This is part of a larger strategy shift we are seeing among threat actors to target companies through the periphery, such as employees' personal accounts, where there is less security monitoring in place. By attacking an employee's personal email or social media account, the threat actor can more easily harvest a credential that may be reused on a corporate account. But they can also utilize these personal email and social media accounts as a staging ground for secondary social engineering attacks on other employees within the company."

Here are several security tips about BitB:

  • Human detection will be difficult: The credential phishing windows will look nearly identical to real SSO popups, including legitimate URLs, so the targeted employee is unlikely to see any obvious 'red flags.'

  • Technical indicators may not work: BitB attacks are based on simple HTML scripts that are not themselves malicious in nature, so it is hard to create a technical indicator for BitB attacks that won't flood you with false positives.

  • Link detection is also problematic: While up-to-date link/URL detections may work some of the time, the site hosting the BitB attack may be too new to have been added to a detection database.

  • Focus your defense on "the lure": Something has to lure the victim to click on the link and visit the site hosting the BitB attack in the first place. In most phishing attacks, this tends to be an email message, social media post, or direct message in some other application (such as Slack, LinkedIn, or WhatsApp). It is here, with the lure, that companies can add extra layers of protection in the form of employee education and automated language analysis of incoming messages to the enterprise.

  • Automated language analysis is critical: Modern social engineering attacks like BitB evade standard cybersecurity protections, which is why enterprises need to incorporate automated language analysis (using Natural Language Understanding technology) into their security programs. When implemented across all communication channels, automated language analysis can identify any attempt made by an attacker to compromise employees using social engineering tactics, including BitB.

For more information about the BitB attack and how to defend against it, read SafeGuard Cyber's online explainer: "New BitB Attacks Show Credential Phishing Isn't Just an Email Problem."

About SafeGuard Cyber

SafeGuard Cyber provides security and compliance for human connections so enterprises can trust modern communications. With patented Natural Language Understanding technology, our security solutions deliver comprehensive visibility, detection and response to threats across the disparate communication methods used by today's digitally enabled businesses. In addition, cloud-based machine learning provides compliance solutions for governance and policy enforcement that empower customers to communicate through modern apps and social networking. Learn more at

SOURCE SafeGuard Cyber

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights