CAPEC-631: SoundSquatting
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary registers a domain name that sounds the same as a trusted domain, but has a different spelling. A SoundSquatting attack takes advantage of a user's confusion of the two words to direct Internet traffic to adversary-controlled destinations. SoundSquatting does not require an attack against the trusted domain or complicated reverse engineering.
执行流程
步骤 1 Explore
[Determine target website] The adversary first determines which website to impersonate, generally one that is trusted, receives a consistent amount of traffic, and is a homophone.
- Research popular or high traffic websites which are also homophones.
步骤 2 Experiment
[Impersonate trusted domain] In order to impersonate the trusted domain, the adversary needs to register the SoundSquatted URL.
- Register the SoundSquatted domain.
步骤 3 Exploit
[Deceive user into visiting domain] Finally, the adversary needs to deceive a user into visiting the SoundSquatted domain.
- Execute a phishing attack and send a user an e-mail convincing the user to click on a link leading the user to the SoundSquatted domain.
- Assume that a user will unintentionally use the homophone in the URL, leading the user to the SoundSquatted domain.
前提条件
- An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets.
所需技能
后果影响
影响范围: Other
技术影响: Other
说明: Depending on the intention of the adversary, a successful SoundSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials.
缓解措施
Authenticate all servers and perform redundant checks when using DNS hostnames.
Purchase potential SoundSquatted domains and forward to legitimate domain.
示例实例
See also: SoundSquatting vulnerability allows an adversary to impersonate a trusted domain and leverages a user's confusion between the meaning of two words which are pronounced the same into visiting the malicious website to steal user credentials.