04 Oct Spoofing Attacks and how you can defend yourself
Threat of spoofing
It is safe to assume that most cyber breaches are motivated by monetary gain since that was the objective for 76 percent of breaches last year. However, that doesn’t mean that smaller companies with lesser revenues are safe. On the contrary, small businesses constitute 58 percent of cyber-attack victims. The disadvantage for small to medium business, of course is that at the core, cyber security is not really a priority. There is a need for a change in mindset since losses loom larger than gains and the losses through cyber attacks can easily be quantified. Instead of firefighting in the case of a cyber attacks, small and medium companies can benefit from a strong, comprehensive security mechanism.
What is spoofing?
Spoofing is the process by which a malicious entity impersonates an authentic user to gain the trust of an intended party in order to induce them to perform an otherwise questionable task.
Scope of spoofing attacks
The objective of these attacks can be to launch attacks against target entities, steal confidential data, distribute malware, penetrate network systems or even control traffic to deploy DoS attacks. These spoofing attacks can across a variety of vectors, including phone calls, emails, websites, IP addresses etc.
Effects of Spoofing Attacks
It’s important to understand that spoofing is a means to an end; the end being a possible cyber-attack of much greater magnitude than a relatively minor impersonation. These attacks can result in infected computer systems, data breaches, negative company image, and consequent loss of revenue due to low shareholder trust. Spoofing may also lead to indirect threats such as the rerouting of legitimate internet users to infected websites that may steal their information or spread malware to the user. There are several types of spoofing attacks, explained below.
This form of spoofing relates to the use of emails to deceive receivers into thinking the email originated from a known sender. This communication may contain links to malicious websites or malware intended to infect the receiver’s system or even network. This is done by imitating a domain or email address with exact or only slight deviations from the original.
Caller ID Spoofing
This form of spoofing is related to attackers disguising their phone numbers to seem authentic when making calls to intended receivers. These usually seem like they originate from a trusted or known source. These spoofing attacks are well disguised, sometimes as bankers or customer support to extract sensitive information such as ATM pins, social security numbers and passwords.
This refers to the use of an imitation website to extract login credentials and personal information from website users.
This involves the masquerade of a computer IP address to keep the identity of the malicious attacker hidden. The objective behind this is to penetrate networks that require user authentication using IP addresses. Attackers often use this vector to launch Denial of Service attacks on unsuspecting entities.
Address Resolution Protocol (ARP) is essentially a protocol that directs IP addresses to Media Access Control (MAC) addresses for transferring data. ARP spoofing connects the hacker’s MAC to an authentic IP address so that hackers can have access to a firm’s sensitive data.
DNS Server Spoofing
Domain Name System (DNS) servers direct URLs and email addresses to their respective email addresses. DNS spoofing reroutes this traffic to a malicious IP address that can steal information or spread malware.
Defense against spoofing
Spoofing can be easier to avoid than other forms of cyber threats, using the following proactive measures:
- Be mindful of minor deviations in email addresses and website names; often they can be signs of a spoofing effort.
- Two factor authentication should not be underestimated since it can prevent the stealing of credentials.
- Keep your systems and devices updated with the latest antivirus software and firewalls.
- Provide Cybersecurity training to employees on web surfing, risks, and protection of information.
- Partner with providers that have Penetration Testing or Vulnerability Scanning services such as Cyber Chasse to identify vulnerabilities and risks early on.