Learn what spoofing attacks are, who they target, how they differ from other types of attacks.
2023年中威胁报告欺骗是一种伪装通信或身份的行为,使其看起来与受信任的对象相关联, 授权的来源. 欺骗攻击有多种形式, 从网络钓鱼活动中部署的常见电子邮件欺骗攻击到经常用于实施欺诈的来电显示欺骗攻击. Attackers may also target more technical elements of an organization’s network, 例如IP地址, DNS服务器, 或ARP (Address Resolution Protocol)服务, 作为欺骗攻击的一部分.
欺骗攻击通常通过冒充受害者认识的人或组织来利用信任关系. 在某些情况下——比如 鲸类网络钓鱼攻击 这是电子邮件欺骗或网站欺骗的特点,这些信息甚至可能是针对受害者的个性化信息,以使该人相信通信是合法的. If the user is unaware that internet communications can be faked, they are especially likely to fall prey to a spoofing attack.
A successful spoofing attack can have serious consequences. An attacker may be able to steal sensitive personal or company information, harvest credentials for use in a future attack or fraud attempt, spread malware through malicious links or attachments, gain unauthorized 网络访问 by taking advantage of trust relationships, or bypass access controls. 他们甚至可能发射 拒绝服务(DoS)攻击 or a 中间人(MITM)攻击.
这在商业术语中意味着什么? 一旦欺骗攻击成功地欺骗了受害者,组织可能会受到 ransomware攻击 or experience a costly and damaging data breach. 商务邮件泄露(BEC), 在这种情况下,攻击者冒充一名经理,欺骗一名员工将钱汇入一个实际上属于黑客的账户, 另一种常见的欺骗攻击是什么.
或者,企业可能会发现其网站正在传播恶意软件或窃取私人信息. Ultimately, 该公司可能面临法律后果, 遭受声誉受损, 失去客户的信任. 出于这些原因, 了解当今正在使用的各种欺骗攻击以及如何检测和预防它们是明智的.
IP欺骗攻击, an attacker will send IP packets from a spoofed IP address to hide their true identity. 攻击者通常在DoS攻击中使用IP地址欺骗攻击,使其目标无法承受网络流量. 在这样的攻击中, a malicious actor will use a spoofed IP address to send packets to multiple network recipients.
The owner of the real IP address is then flooded with all of the responses, potentially experiencing a disruption in network service. 攻击者还可能欺骗计算机或设备的IP地址,试图访问基于IP地址对用户或设备进行身份验证的网络.
Spoofing attacks can also arrive as phone calls. 在来电显示欺骗攻击中, 骗子会让电话看起来像是来自受害者知道并信任的号码, 另外, a number that is associated with a specific geographic location. A 来电显示欺骗器 甚至可能使用一个与受害者电话号码有相同区号和前几位数字的号码, hoping that they will answer the call upon noticing a familiar number. 这种做法被称为邻居欺骗.
If a victim of caller ID spoofing answers the call, 电话另一端的骗子可能冒充信贷员或看似官方的机构的其他代表. 然后,冒名代表通常会试图说服受害者放弃可用于实施欺诈或实施其他攻击的敏感信息.
Email spoofing involves sending emails using false sender addresses. Attackers often use email address spoofing in socially engineered 钓鱼式攻击 通过假装邮件来自可信任的来源,希望欺骗受害者相信邮件是合法的. 如果攻击者能够欺骗他们的受害者点击电子邮件中的恶意链接, 他们可以窃取他们的登录凭证, 财务信息, 或者公司数据. Phishing attacks involving email spoofing may also infect victims’ computers with malware or, in cases like business email compromise (BEC) scams, try to trick the victims into initiating a transfer of funds. 网络钓鱼的变体,如 鱼叉式网络钓鱼 或者,捕鲸可能会根据公司内部的特定个人精心定制,往往成功率更高.
在网站欺骗攻击, 骗子会试图使一个恶意网站看起来完全像一个受害者知道和信任的合法网站. Website spoofing is often associated with 钓鱼式攻击. When a victim clicks on a link in a phishing email, the link may take them to a website that looks just like a site they use—for example, 银行站点的登录页面. From there, 受害者会看到完全一样的标志, branding, 以及他们期望的用户界面. When they provide login credentials or other personal information, however, 被欺骗的网站会悄悄收集这些信息,用于攻击或欺诈企图.
地址解析协议(ARP)将IP地址解析为其物理MAC地址,以便在局域网(LAN)中传输数据。. ARP欺骗攻击, 恶意行为者通过局域网发送欺骗的ARP消息,目的是将自己的MAC地址与合法的IP地址链接起来. 这样,攻击者就可以窃取或修改该IP地址所有者的数据.
希望冒充合法主机的攻击者也可以使用自己的MAC地址响应他们不应该响应的请求. 使用一些精确放置的数据包,攻击者可以嗅探两台主机之间的私有通信. Valuable information can be extracted from the traffic, 例如会话令牌的交换, yielding full access to application accounts that the attacker should not be able to access. ARP spoofing is sometimes employed in MITM attacks, DoS attacks, and session hijacking.
In much the same way ARP resolves IP addresses to MAC addresses on a LAN, the Domain Name System (DNS) resolves domain names to IP addresses. 进行DNS欺骗攻击时, 例如,攻击者试图将损坏的DNS缓存信息引入主机,以冒充该主机的域名, www.网上银行.com. Once that domain name has been successfully spoofed, the attacker can then use it to deceive a victim or gain unauthorized access to another host.
DNS欺骗可用于MITM攻击,在这种攻击中,受害者无意中将敏感信息发送到恶意主机, thinking they are sending that information to a trusted source. Or, the victim may be redirected to a site that contains malware. 已经成功欺骗IP地址的攻击者可以通过将DNS服务器的IP地址解析为攻击者自己的IP地址来更容易地欺骗DNS.
防止欺骗攻击的最好方法, 在用户教育方面, is to keep a lookout for signs that you are being spoofed. For example, a phishing attack that uses email spoofing may feature unusual grammar, 糟糕的拼写, 或者笨拙的语言. 所包含的信息可能是紧急的, designed to provoke panic and telling you to take immediate action.
你可能也注意到了, 经进一步检查, 发件人的电子邮件地址差了一个字母,或者邮件中的URL拼写与应有的拼写略有不同. 一流的事件检测和响应解决方案可以在检测到异常用户活动时主动通知您,从而进一步保护您的组织.
If you suspect that you have received a spoofed message, 是否通过邮件送达, text, 或者另一个频道, do not click on any of the links or attachments in the message. 验证消息是否准确, reach out to the sender using contact information that you have found on your own. Do not use any phone numbers or other addresses that may appear in the message, as they may simply connect you to the attacker. Likewise, if the message is asking you to log into an account, 不要点击所提供的链接,而是在浏览器中打开一个单独的选项卡或窗口,然后像往常一样登录.
Smart security tools can help you prevent spoofing attacks, as well. A spam filter will keep most phishing emails from reaching your inbox, for example. 一些组织甚至一些网络运营商使用类似的软件来阻止垃圾电话到达用户的手机. 欺骗检测软件可以针对上面提到的某些欺骗攻击提供额外的保护, enhancing your ability to detect and halt them before they have a chance to cause any harm.
Certain best practices can also reduce your chances of falling prey to a spoofing attack. Whenever possible, avoid relying on trust relationships for authentication in your network. Otherwise, attackers can leverage those relationships to stage successful spoofing attacks. 包过滤可以防止IP欺骗攻击,因为它能够过滤出并阻止包含冲突源地址信息的数据包. 使用HTTP Secure (HTTPS)和Secure Shell (SSH)等加密网络协议可以为您的环境增加另一层保护.