An adversary registers a domain name containing a homoglyph, leading the registered domain to appear the same as a trusted domain. A homograph attack leverages the fact that different characters among various character sets look the same to the user. Homograph attacks must generally be combined with other attacks, such as phishing attacks, in order to direct Internet traffic to the adversary-controlled destinations.
Description
Attack Execution Flow
3
1
Step 1
Explore[Determine target website] The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.
Research popular or high traffic websites.
AI Translation
[Determina il sito web target] L'attore malevolo innanzitutto individua quale sito web impersonare, generalmente uno di fiducia e che riceve un traffico costante.
Ricerca sui siti web popolari o ad alto traffico.
Attack Techniques
-
Research popular or high traffic websites.
2
Step 2
Experiment[Impersonate trusted domain] In order to impersonate the trusted domain, the adversary needs to register the URL containing the homoglpyh character(s).
Register the Homograph domain.
AI Translation
[Impersonare il dominio di fiducia] Per impersonare il dominio di fiducia, l'attaccante deve registrare l'URL contenente il/i carattere(i) omografico(i).
Registra il dominio Homograph.
Attack Techniques
-
Register the Homograph domain.
3
Step 3
Exploit[Deceive user into visiting domain] Finally, the adversary needs to deceive a user into visiting the Homograph domain.
Execute a phishing attack and send a user an e-mail convincing the to click on a link leading the user to the malicious domain.
AI Translation
[Inganna l'utente facendogli visitare un dominio] Infine, l'attaccante deve ingannare un utente facendogli visitare il dominio Homograph.
Esegui un attacco di phishing e invia un'e-mail all'utente convincendolo a cliccare su un link che lo indirizzi al dominio malevolo.
Attack Techniques
-
Execute a phishing attack and send a user an e-mail convincing the to click on a link leading the user to the malicious domain.
Mitigations
2
Authenticate All Servers And Perform Redundant Checks When Using Dns Hostnames.
Utilize Browsers That Can Warn Users If Urls Contain Characters From Different Character Sets.
Consequences
Security Scopes Affected
Other
Potential Impacts
Other