Pharming: Everything You Need to Know

These malicious actors are increasingly using techniques that target the end-users, who are often the weak link in the cyber security chain.

One of the tactics that attackers have used successfully over the last decade is phishing, a social engineering technique that cybercriminals employ to carry out electronic fraud.

This mechanism involves the illegal acquisition of personal information and financial credentials through technical subterfuge.

This tactic is increasingly more common, targeting , , governments and vital institutions everywhere.

A more sophisticated and harmful form of phishing is pharming. Herein is a comprehensive overview of all the aspects of pharming that you need to know.

What is Pharming?

Pharming is a hacking technique that utilizes computer software to acquire sensitive information from a user's device and deliver it back to the malicious actors behind the attack.

During a pharming attack, a user who is attempting to sign into a legitimate site is unknowingly redirected by the malicious software to a bogus but authentic-looking site.

When the user keys in their personal information, the fraudsters can then access this information. Pharming attackers can use this information for several activities including making online purchases and accessing the user's accounts.

Pharming can be very difficult to detect since there is no participation on the user's part. The redirects happen behind the scenes. Historically, cybercriminals mainly use this approach to target online financial services.

How Does Pharming Work?

There are several techniques that cyber-criminals use to carry out pharming attacks, all of which require no user participation.

Host file modification is one of the less sophisticated ways to carry out this type of cyber attack. Host files allow for the storage of IP addresses and domain names to speed up browsing and avoid DNS server consultation.

For instance, www.example.com will map to a certain address, say 324.11.02.7. As such, every time a user enters the URL into their browser, their computer will consult the host's files first to locate the IP address.

A pharming attacker can modify host files if they have already compromised a user's computer. A modified host file will redirect the user to a bogus website whenever they attempt to access the domain name paired with the IP address.

Cybercriminals use this method if they have not compromised the user's computer, thus rendering them unable to alter the DNS query process directly.

This attack is possible if the user is on the same Local Area Network (LAN) as the user. When a user types a URL into their browser, it issues a DNS request to the server.

Attackers can eavesdrop on this request and spoof a false DNS response. They send the response back to the user before the actual server does. The user's computer will accept this fake DNS response if it meets some criteria. Cybercriminals who practice pharming have access to numerous tools to respond.

To maintain long-term pharming effects, attackers can target the DNS server rather than the user's computer. When DNS server X gets a query and the hostname falls outside of its domain, it will ask other servers to resolve the hostname. When server X satisfies the query, it will save the answer in its cache-eliminating the need to ask other servers.

Skilled pharming attackers can spoof the response from other servers. DNS server X will store this fake response in the cache for a certain period. The next time the user's computer needs to resolve the same hostname, server X will utilize the fake response to reply.

Using this tactic, fraudsters only have to spoof once.

How To Combat Pharming Attacks

Internet and network security experts recommend solutions that can be categorized into two groups. These groups are employee/client education and awareness, and technology. They're explained in detail below.

Preventing pharming attacks will always be better than damage control. For targeted companies, the success of a pharming attack can be curtailed by ensuring employees and clients can recognize attempted fraud.

They can focus on increasing the users' awareness to do the following:

• Contact the company's customer care if they doubt the authenticity of the website.
• Always check for the "https" at the beginning of the site URL.
• Carefully read the organization's online privacy statement.
• Click on the lock icon on web pages to view the certificate details and verify them. This tool is available on nearly every web browser, including Mozilla Firefox, Apple's Safari and Google Chrome.
• Review account and credit statements as soon as they receive them to check for unauthorized charges.
• Report any suspicious online activity to the respective organizations. This includes possible phishing emails from untrusted sources.

Organizations have to combine technology with user education. Companies can implement the following solutions at the customer and enterprise levels to prevent pharming attacks:

Pharming incidents are on the rise and are expected to remain so for years to come. As such, financial institutions, Internet Service Providers, technology vendors and end-users have to form operating groups to share and implement information about tackling pharming threats.

Disclaimer:

You need to enable JavaScript to vote