Information Technology crime has become a well-established business where cybercriminals are mainly in for economic benefit.
These malicious actors are increasingly using techniques that target the end-users, who are often the weak link in the cyber security chain.
One of the tactics that attackers have used successfully over the last decade is phishing, a social engineering technique that cybercriminals employ to carry out electronic fraud.
This mechanism involves the illegal acquisition of personal information and financial credentials through technical subterfuge.
A more sophisticated and harmful form of phishing is pharming. Herein is a comprehensive overview of all the aspects of pharming that you need to know.
What is Pharming?
Pharming is a hacking technique that utilizes computer software to acquire sensitive information from a user’s device and deliver it back to the malicious actors behind the attack.
During a pharming attack, a user who is attempting to sign into a legitimate site is unknowingly redirected by the malicious software to a bogus but authentic-looking site.
When the user keys in their personal information, the fraudsters can then access this information. Pharming attackers can use this information for several activities including making online purchases and accessing the user’s accounts.
Pharming can be very difficult to detect since there is no participation on the user’s part. The redirects happen behind the scenes. Historically, cybercriminals mainly use this approach to target online financial services.
How Does Pharming Work?
There are several techniques that cyber-criminals use to carry out pharming attacks, all of which require no user participation.
Host File Modification
Host file modification is one of the less sophisticated ways to carry out this type of cyber attack. Host files allow for the storage of IP addresses and domain names to speed up browsing and avoid DNS server consultation.
For instance, www.example.com will map to a certain address, say 324.11.02.7. As such, every time a user enters the URL into their browser, their computer will consult the host’s files first to locate the IP address.
A pharming attacker can modify host files if they have already compromised a user’s computer. A modified host file will redirect the user to a bogus website whenever they attempt to access the domain name paired with the IP address.
Spoof DNS Response
Cybercriminals use this method if they have not compromised the user’s computer, thus rendering them unable to alter the DNS query process directly.
This attack is possible if the user is on the same Local Area Network (LAN) as the user. When a user types a URL into their browser, it issues a DNS request to the server.
Attackers can eavesdrop on this request and spoof a false DNS response. They send the response back to the user before the actual server does. The user’s computer will accept this fake DNS response if it meets some criteria. Cybercriminals who practice pharming have access to numerous tools to respond.
DNS Server Cache Poisoning
To maintain long-term pharming effects, attackers can target the DNS server rather than the user’s computer. When DNS server X gets a query and the hostname falls outside of its domain, it will ask other servers to resolve the hostname. When server X satisfies the query, it will save the answer in its cache—eliminating the need to ask other servers.
Skilled pharming attackers can spoof the response from other servers. DNS server X will store this fake response in the cache for a certain period. The next time the user’s computer needs to resolve the same hostname, server X will utilize the fake response to reply.
Using this tactic, fraudsters only have to spoof once.
How To Combat Pharming Attacks
Internet and network security experts recommend solutions that can be categorized into two groups. These groups are employee/client education and awareness, and technology. They’re explained in detail below.
Employee/Client Education And Awareness
Preventing pharming attacks will always be better than damage control. For targeted companies, the success of a pharming attack can be curtailed by ensuring employees and clients can recognize attempted fraud.
They can focus on increasing the users’ awareness to do the following:
- Contact the company’s customer care if they doubt the authenticity of the website.
- Always check for the “https” at the beginning of the site URL.
- Carefully read the organization’s online privacy statement.
- Click on the lock icon on web pages to view the certificate details and verify them. This tool is available on nearly every web browser, including Mozilla Firefox, Apple’s Safari and Google Chrome.
- Review account and credit statements as soon as they receive them to check for unauthorized charges.
- Report any suspicious online activity to the respective organizations. This includes possible phishing emails from untrusted sources.
Organizations have to combine technology with user education. Companies can implement the following solutions at the customer and enterprise levels to prevent pharming attacks:
- Implement solid authentication, such as mutual authentication or two-factor authentication, between server and client.
- Implement central input data validation to avoid cross-site scripting vulnerabilities in websites.
- Apply software and system patches as well as relevant upgrades in due time.
- Place certain controls on DNS servers. One such control is host-based intruder detection systems.
- Utilize logging software to search for suspicious events such as DNS traffic spikes.
- Implement two stage passwords on the customer level—a login and transaction password.
Pharming incidents are on the rise and are expected to remain so for years to come. As such, financial institutions, Internet Service Providers, technology vendors and end-users have to form operating groups to share and implement information about tackling pharming threats.
Latest posts by Richard (see all)
- Wide Range of Job Ads Available on the Dark Web - November 5, 2018
- Continuous Exploit of RDP Pushes FBI to Issue Warning to Potential Targets - October 29, 2018
- Ross Ulbricht’s Fifth Year in Jail - October 10, 2018