Understanding and Preventing DNS-related Attacks by Phishers

NGSSoftware Insight Security Research published a paper (requires PDF viewer) focuses upon a recent group of attack vectors used by criminals to target an organization’s customers for identity theft and financial fraud. Closely related to Phishing attacks, this new attack manipulates the ways in which a customer locates and connects to an organization’s named hosts or services through modification of the name lookup process.

The attack vectors, commonly referred to as Pharming, have the ability to bypass many traditional Phishing attack prevention tools and affect larger segments of an organizations customer-base.
Given the apparent complexity of this attack vector, this paper seeks to carefully explain many of the background processes all Internet-based customers use on a daily basis to connect to an organizations commercial service, and examines how frailties in them can be exploited by an attacker to conduct a Pharming attack.

Readers should ensure that they fully understand how traditional Phishing attacks are
conducted and the defensive strategies that have been adopted in the past to protect against them. Ideally the reader should be familiar with the author’s previous paper “The Phishing Guide” as several sections of this paper reference information contained within the earlier whitepaper.

Source: Securiteam

Leave a Reply