A pharming attack occurs when the victim is fooled into entering sensitive data into supposedly trusted locations, such as an online bank site or a trading platform. An attacker can impersonate these supposedly trusted sites and have the victim be directed to their site rather than the originally intended one. Pharming does not require script injection or clicking on malicious links for the attack to succeed.
Description
Attack Execution Flow
4
1
Step 1
ExploitAttacker sets up a system mocking the one trusted by the users. This is usually a website that requires or handles sensitive information.
AI Translation
L'attaccante configura un sistema che imita quello di fiducia degli utenti. Si tratta solitamente di un sito web che richiede o gestisce informazioni sensibili.
2
Step 2
ExploitThe attacker then poisons the resolver for the targeted site. This is achieved by poisoning the DNS server, or the local hosts file, that directs the user to the original website
AI Translation
L'attaccante quindi inquina il resolver del sito target. Ciò viene ottenuto inquinando il server DNS, o il file hosts locale, che indirizza l'utente al sito web originale
3
Step 3
ExploitWhen the victim requests the URL for the site, the poisoned records direct the victim to the attackers' system rather than the original one.
AI Translation
Quando la vittima richiede l'URL del sito, i record avvelenati reindirizzano la vittima al sistema degli attaccanti anziché a quello originale.
4
Step 4
ExploitBecause of the identical nature of the original site and the attacker controlled one, and the fact that the URL is still the original one, the victim trusts the website reached and the attacker can now 'farm' sensitive information such as credentials or account numbers.
AI Translation
A causa della natura identica del sito originale e di quello controllato dall'attaccante, e del fatto che l'URL rimane quello originale, la vittima si fida del sito raggiunto e l'attaccante può ora "raccogliere" informazioni sensibili come credenziali o numeri di conto.
Mitigations
3
All Sensitive Information Must Be Handled Over A Secure Connection.
End Users Must Ensure That They Provide Sensitive Information Only To Websites That They Trust, Over A Secure Connection With A Valid Certificate Issued By A Well-Known Certificate Authority.
Known Vulnerabilities In Dns Or Router Software Or In Operating Systems Must Be Patched As Soon As A Fix Has Been Released And Tested.
Consequences
Security Scopes Affected
Confidentiality
Potential Impacts
Read Data
Relationships
Parent CAPECs
Resources Required
1
None: No specialized resources are required to execute this type of attack. Having knowledge of the way the target site has been structured, in order to create a fake version, is required. Poisoning the resolver requires knowledge of a vulnerability that can be exploited.