What is network spoofing and how do you prevent it?
The number of email spoofing attacks has almost doubled month-on-month, a new report from cybersecurity experts at Kaspersky has found. According to the firm, the total number of spoofing attacks rose to 8,204 in May, up from 4,440 the month prior.
A number of different methods fall under the email spoofing category, it seems, as Kaspersky says the attack can be conducted in multiple ways.
Network spoofing defined
Network spoofing is essentially when hackers set up fake access points, connections that look like Wi-Fi networks, but are actually traps, in high-traffic public locations such as coffee shops, libraries and airports. Cybercriminals give the access points common names like 'Free Airport Wi-Fi' or 'Coffeehouse' to encourage users to connect.
In some cases, attackers require users to create an 'account' to access these free services, complete with a password. Because many users employ the same email and password combination for multiple services, hackers are then able to compromise users’ email, e-commerce and other secure information.
Spoofing can be used to gain access to a target’s personal information, spread malware through infected links or attachments, bypass network access controls, or redistribute traffic to conduct a denial-of-service attack. Spoofing is often the way a bad actor gains access in order to execute a larger cyber attack such as an advanced persistent threat or a man-in-the-middle attack.
Successful attacks on organisations can lead to infected computer systems and networks, data breaches, and/or loss of revenue, all liable to affect the organisation’s public reputation. In addition, spoofing that leads to the rerouting of internet traffic can overwhelm networks or lead customers/clients to malicious sites aimed at stealing information or distributing malware.
How to protect against spoofing attacks
According to cybersecurity company Forcepoint, the primary way to protect against spoofing is to be vigilant for the signs of a spoof, whether by email, web, or phone. Forcepoint advises examining communications to determine legitimacy and keeping an eye out for poor spelling, incorrect and inconsistent grammar and unusual sentence structures of turns of phrase. These errors are often indicators that the communications are not from who they claim to be.
Other things to watch out for include the email sender address: sometimes addresses will be spoofed by changing one or two letters in either the local-part (before the @ symbol) or domain name and the URL of a webpage: similar to email addresses, the spelling can be slightly changed to trick a visitor not looking closely.
While spoofing can sometimes be easy to spot, that is not always the case. More and more, malicious actors are carrying out sophisticated spoofing attacks that require vigilance on the part of the user.
Sophisticated spoofing attacks
In 2006, unknown hackers carried out a major DNS spoofing attack – the first of its kind – against three local banks in Florida. The attackers hacked the servers of the internet provider that hosted all three websites and rerouted traffic to fake login pages designed to harvest sensitive data from unsuspecting victims. This allowed them to collect an undisclosed number of credit card numbers and PINs along with other personal information belonging to their owners.
In June 2018, hackers carried out a two-day DDoS spoofing attack against the website of the American health insurance provider, Humana. During the incident that was said to have affected at least 500 people, the hackers managed to steal complete medical records of Humana’s clients, including the details of their health claims, services received, and related expenses.
In 2015, unidentified hackers used DNS spoofing techniques to redirect traffic from the official website of Malaysia Airlines. The new homepage showed an image of a plane with the text “404 – Plane Not Found” imposed over it. Although no data was stolen or compromised during the attack, it blocked access to the website and flight status checks for a few hours.
Being able to prevent a spoofing attack is dependent entirely on the type of attack you experience. There are many different types of attack and each of these exploit different vulnerabilities on your network to take effect. As a universal rule, the only way to protect against spoofing attacks is to stay vigilant and implement company policies that include measures to detect and respond to spoofing attacks when they occur. After all, the best cybersecurity policy in the world is worthless if it isn’t put into practice.