CAPEC-611: BitSquatting
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary registers a domain name one bit different than a trusted domain. A BitSquatting attack leverages random errors in memory to direct Internet traffic to adversary-controlled destinations. BitSquatting requires no exploitation or complicated reverse engineering, and is operating system and architecture agnostic. Experimental observations show that BitSquatting popular websites could redirect non-trivial amounts of Internet traffic to a malicious entity.
执行流程
步骤 1 Explore
[Determine target website] The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.
- Research popular or high traffic websites.
步骤 2 Experiment
[Impersonate trusted domain] In order to impersonate the trusted domain, the adversary needs to register the BitSquatted URL.
- Register the BitSquatted domain.
步骤 3 Exploit
[Wait for a user to visit the domain] Finally, the adversary simply waits for a user to be unintentionally directed to the BitSquatted domain.
- Simply wait for an error in memory to occur, redirecting the user to the malicious domain.
前提条件
- An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets.
所需技能
后果影响
影响范围: Other
技术影响: Other
说明: Depending on the intention of the adversary, a successful BitSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials.
缓解措施
Authenticate all servers and perform redundant checks when using DNS hostnames.
When possible, use error-correcting (ECC) memory in local devices as non-ECC memory is significantly more vulnerable to faults.