By: Ahmed Mohamed
Internet usage is growing dramatically, but the vast majority of Internet users don’t have security backgrounds. Nor do a large majority of companies care about information security and the possible severity of any attack that could harm valuable company assets. They don’t give their employees security awareness sessions, either. For these reasons, humans are the weakest link in the information security chain.
On the other hand, most information security pen-testers focus only on the client and server exploits (how to gain shell in a server by interacting with the server directly). They don’t focus on how to exploit the weakest link in the information security chain—the humans (you could own the shell by luring the victim to run the shell for you on his own machine by using any of social engineering techniques).
Let’s talk about pharming attack definition and techniques that an attacker can use to successfully such an attack.
In a phishing attack, the attacker will try to trick his victim into visiting a fake website (attacker website) by using any phishing techniques that we have discussed before, but anyone can notice that the URL that he surfing is not the original URL for the website, So it’s so easy for a victim to detect that he is facing a phishing attack attempt by verifying the URL. Therefore, the attackers take the phishing attack to the next level with the pharming attack. For a more in depth look into how this type of attack works, check out the CCNA security course offered by Intense School.
What Is a Pharming Attack?
The pharming attack definition, according to Wikipedia: “Pharming is an attacker’s attack intended to redirect a website’s traffic to another, bogus site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses. Compromised DNS servers are sometimes referred to as “poisoned.” Pharming requires unprotected access to target a computer, such as altering a customer’s home computer, rather than a corporate business server.
The term “pharming” is a neologism based on the words “farming” and “phishing.” Phishing is a type of social-engineering attack to obtain access credentials, such as user names and passwords. In recent years, both pharming and phishing have been used to gain information for online identity theft. Pharming has become a major concern to businesses hosting ecommerce and online banking websites. Sophisticated measures known as anti-pharming are required to protect against this serious threat. Antivirus software and spyware removal software cannot protect against pharming.
A pharming attack will redirect the victim to the fake website (an attacker website) even though the victim enters the correct address for the legitimate website. For Example: The victim intends to access www.twitter.com, so he writes the right URL to the browser, the URL will still be www.twitter.com, but he will surf the fake website instead.
Customers expect Online Banking websites to be available 24×7 and to run at peak performance without worrying about security threats. Periods of downtime due to threats and vulnerabilities will cost you customers and increase your risk. It is critical that you be the first to know about changes relating to your website, so you can determine if someone has taken over control.
A pharming attack will help the attackers perform their phishing attack scenarios in a more sophisticated way to make it reliable and harder to discover that you’re under attack.
If your institution offers Online Banking from your website, you want to protect it from hackers, fraud, and downtime. Many institutions think only in-house Online Banking systems pose a risk, but that could not be further from reality. A simple hyperlink change from your institution’s Online Banking provider to a hacker’s pharm site and your customer’s credentials can be harvested to commit all types of fraud. From ACH and Wire fraud, to Corporate Account takeover, all can be committed via most Online Banking systems. Additionally new Multifactor Authentication (MFA) Guidance and Regulation E concerns make matters even more complex.
Website Protect™ allows you to monitor, diagnose, and receive notifications regarding the security and performance of your website. This ensures that your visitors and customers have around-the-clock access to your website and services as intended.
By implementing Website Protect™, you can monitor and diagnose the performance of your website, and receive real-time alerts about issues affecting your site and your customers. Contact us today to talk about your website security.