What are Browser-in-Browser phishing attacks, why manufacturing is a target, and how can you stop them?
Cyber attackers are always refining their phishing techniques to exploit human and IT weaknesses. One attack method that is becoming more common is browser-in-browser (BiB) phishing. This tricks users by showing fake login windows in their web browsers.
For manufacturers who are reliant on digital platforms for supply chain management and remote monitoring, this is a concern. Even lower skilled adversaries can use BiB to infiltrate networks and steal credentials, sensitive information, and compromise operations.
In this blog, we will look at how BiB phishing works and how it is specifically affecting manufacturing. We will also look at how IT security companies like Morgan Cyber can help stop these attacks.
What Is Browser-in-Browser Phishing?
Browser-in-browser phishing differs from regular phishing attacks, which usually use email to deceive targets. BiB phishing will create a fake login window on a real website. This will look like a genuine popup window, often copying familiar requests from Google, Microsoft, or your companies SSO portal. These fake windows work inside a browser. As a result, they often avoid regular security methods, making them hard to find, even for experts.
How it works:
- The user is tricked into visiting a harmful website. This can happen through a phishing email, fake supplier site or advert.
- A login window will pop up. It will ask for your authentication for a well-known service like Microsoft 365 or an industrial management portal.
- The window will behave like a real popup, even allowing users to drag, resize, or interact with it.
- The user enters their credentials, which are immediately sent to the attacker.
Why Is the Manufacturing Industry A Target?
Manufacturing organisations hold high-value data and intellectual property
Sensitive designs, blueprints, production data, and significant disruption are all lucrative assets that can be ransomed. Attackers will target employees such as engineers, operators, and factory managers to try and gain access to this information.
Manufacturers are being used as gateways to real targets
Manufacturers often sit in the middle of complex supply chains. They will rely on third-party vendors and contractors, and in turn will also supply their customers. All these parties have to connect to each other in some way to function.
This means that the company initially impacted may not even be the primary target. Attackers can use BiB phishing to steal credentials from one supplier, which allows them to move laterally across that infrastructure and initiate ransomware attacks or data breaches against the primary target.
Once impacted, the disruption will likely be significant
With just-in-time supply chains long established in the sector, any disruption an attacker can cause will put them in a strong negotiating position whatever their real motivations may be.
Attackers will follow human nature. Perceived easier targets that have the potential to deliver a high yield in terms of financial gain or disruption caused will always look more attractive. The rise in the number of connected devices that sit within manufacturing networks, and the growing use of cloud-based services being used while large legacy OT systems continue to remain in place are all key indicators an attacker will look for during their research.
Recent Developments in BiB Phishing
AI-Generated Phishing Pages
Attackers are now leveraging AI tools to create dynamic and highly realistic BiB phishing windows. These can even auto-adjust based on the targets region, language, or device. Given the low entry point for both cost and skills required, IT security companies like Morgan Cyber expect this easy and on demand access to convincing designs this to be a key reason why BiB phishing to continue to grow.
Targeted Attacks on Industrial SaaS Platforms
Security researchers have observed BiB phishing attempts specifically targeting manufacturing SaaS applications, including cloud-based CAD (Computer-Aided Design) and MES (Manufacturing Execution Systems). There is no obvious macro driver for this pivot, but attacker behaviour is unpredictable without reason. They will move between different industries and targets looking for weaknesses to exploit, and it may just be that it is UK manufacturing’s turn be to under their microscope for the foreseeable future
Instead of using phishing emails to put malicious links in front of their target, attackers have been seen distributing BiB phishing links via:
- Compromised supplier portals
- Fake online RFQ (Request for Quotation) forms
- Industrial forum and LinkedIn messages
How to Protect Your Manufacturing Business from Browser-in Browser Phishing attacks
Educate Employees and Suppliers
Just as training your teams to spot phishing emails is important, the same applies to training them to identify BiB phishing attacks. Red flags to look out for include
- Login popups appearing inside the same browser tab
- Unusual or variable URL structure or branding
- Look out for lower resolution graphics. This is a sign that someone may have taken it from another site.
- Unusual login prompts from supply chain platforms
Use Password Managers
Deploying password managers like LastPass is one of the most cost effective actions you can take. They help employees create unique and strong passwords and will not auto fill credentials into fake BiB windows. Password managers also make sharing passwords easy, breaking down barriers to collaboration in the process. Stopping employees from reusing familiar passwords or writing them down in easy but unsafe places will help improve security. To find out more about password management solutions from Morgan Cyber please click here
Enforce Strong MFA Policies
BiB phishing can sometimes get past MFA. However, using hardware security keys or number-matching MFA provides extra protection. These options are also low-cost and quick to deploy.
Implement Network Segmentation
Limiting access to key parts of manufacturing systems is important. An effective method is to segment networks. This will help prevent ransomware from spreading and limit the potential damage if someone compromises an account.
Keep software and browsers updated
Modern browsers are adding more security features to detect BiB phishing. However, it is the user’s responsibility to keep their software, cloud platforms, and browsers updated. IT security companies like Morgan Cyber can make sure this is continuously happening through IT Infrastructure Best Practise Assessments
In conclusion: How to Combat Browser-in Browser Phishing
Browser-in-Browser phishing is not going away. It is just too effective and easy to deploy for attackers to walk away from it.
As manufacturing businesses embrace digital transformation, they need to be aware of the real threat BiB poses, and take actions to ensure their IT and OT infrastructure is secure, reliable, scalable, and efficient.
A great way to do that is through an Infrastructure Best Practice Assessment from Morgan Cyber, or a Third Party Risk Assessment from CyberKainos. We often see teams battling to manage infrastructure inefficiencies and vulnerabilities as a result of not ‘securing from the ground up’, and are vastly experienced in identifying and remedying gaps to ‘best practice’ standards. Speak to a member of our team today and book a free consultation.
By taking these proactive steps, manufacturers can safeguard critical infrastructure, protect intellectual property, and maintain operational continuity.
Contact:
Morgan Cyber Solutions
hello@morgancyber.co.uk
www.morgancyber.co.uk
