Pharming: A Deceptive Cyber Threat with Real-World Consequences
Pharming is an advanced type of cyber threat that hijacks internet users without victim consent, redirecting them from legitimate websites to rogue sites. As opposed to phishing, which happens through fraudulent emails or messaging, pharming goes down to the very roots of the internet to wreak havoc on unsuspecting victims.
What is Pharming?
It’s a mix of words like “phishing” and “farming,” which allows the method of harvesting information from naive users to mirror it. The attack happens when attackers compromise either DNS settings on the victim’s device or even through a DNS server itself. They could, in fact, redirect traffic from legitimate websites to malicious ones while the user is inserting the correct URL.
Pharming attacks can be very effective in causing disruptions, as evidenced by several high-profile cases recorded over the years.
Analyzing Some of the Attack Incidents
In 2004, Panix was one of the oldest internet service providers in the United States and the first known victim of pharming attacks. Hackers hijacked the company’s DNS records and led customers to a fraudulent website for several days till weaknesses in DNS security were exposed. A decade later, major pharming attacks on some Brazilian banks in 2015 highlighted the risks involved with weaknesses in DNS infrastructure. There, cybercriminals polluted DNS records to send users to phishing sites, and as a result of this massive attack, thousands of login credentials were stolen. In 2017, giant tech companies like Google and Facebook were also breached; the attack was not mass but demonstrated how pharming could even affect the most trusted web pages. Recently, in 2019, Venezuela witnessed a large-scale pharming attack targeting its banking sector. Cybercriminals hijacked some of the DNS servers, redirecting users to their fake counterparts when attempting to access legitimate banking websites, which was the cause for such a colossal mess and clearly indicated the pressing need to increase cyber security measures within the country. These attacks reveal how important having solid DNS security is in preventing advanced attacks.
How does pharming work?
There are two primary methods used in pharming attacks :
Manipulation of Local Host Files: The attacker can also modify a victim’s host files. These files contain mappings between domain names and their assigned IP addresses. Modifying the mappings allows attackers to redirect the victims to phony websites that mimic real ones.
DNS Poisoning: This is a more advanced DNS attack. Hackers introduce wrong data to the DNS cache that replaces the IP address associated with a legitimate domain name. This makes visitors to the legitimate website unintentionally land on a rogue website.
Phishing vs Pharming
Phishing:
- Delivery: It depends mostly on emails, messages, or other social media
- Motive: Lures people to provide their data knowingly.
- Detection: It gets easier if one is more alert, as odd-looking links or typos can be noticed.
Pharming:
- Delivery: Alteration in the host DNS settings or the DNS servers poisoned.
- Motive: Sending users to some fake website without their knowledge..
- Detection: This is tough to detect as users are redirected to false sites with the original URL.
How to Protect Against Pharming?
- Make Use of Secure DNS: Use DNS services with the highest security measures so that DNS poisoning is offset by DNSSEC.
- Installation of Anti-Malware and Anti-Virus Software: Set security software that is installed and updated constantly to enable detection and prevention by local host file manipulation.
- Make use of HTTPS: Ensure all websites accessed are under HTTPS. With a secure connection from the browser, the website address will appear with a ‘closed lock’ symbol on the address bar.
- Knowledge is Power: Knowledge of the latest threats and prudent security practices for users and organizations protects them from cybercrimes.
- Monitor DNS Configurations and Implementation Authentication: Regular audits of DNS configurations and requirements for strong authentication when managing DNS ensure that only intended changes are implemented.
Conclusion
Pharming is considered a grave threat in the cyber world, which can easily harm individuals and businesses. Being aware of how it works and taking pre-emptive measures to protect against pharming significantly reduces the risk of a pharming attack. Vigilance, secure best practices, and education regarding potential threats are imperative for safeguarding our lives in this digital age against such pharming attacks.
And so, in the land of cybersecurity, awareness and caution are two of our most trusted friends.
