Impersonation

(OBJ 2.2)

4 main forms of Impersonation

Impersonation

• Attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data
  • Accomplished through pretending to be some likable someone or someone with authority
• Requires the attacker to collect information about the organization so that they can more easily earn the trust of their targeted users
• Attackers provide details to help make the lies and the impersonation more believable to a potential victim
• Consequences
  • Unauthorized access
  • Disruption of services
  • Complete system takeover
• To mitigate against these types of attacks, organizations must provide security awareness training to their employees on a regular basis so that they remain vigilant against future attacks

Brand Impersonation

• More specific form of impersonation where an attacker pretends to represent a legitimate company or brand
• Often seen in phishing attacks
• Attackers use the brand’s logos, language, and information to create deceptive communications or website that seems legitimate
• To protect against brand impersonation, organizations should do the following
  • Educate their users about these types of threats
  • Use secure email gateways to filter out phishing emails
  • Regularly monitor their brand's online presence to detect any fraudulent activities as soon as they occur
• November 2020 - Eli Lilly and Company brand, tweeted that insulin will now be free to all its costumers - This was an attack by an impersonation account
  • Eli Lilly losing billion of dollars

Typosquatting

• Also known as URL hijacking or cybersquatting
• Form of cyber attack where an attacker will register a domain name that is similar to a popular website but contain some kind of common typographical errors
• Goal: victimize users that have accidentally mistyped the URL of a website and instead it redirects them to a fraudulent website owned by the attacker that is now attempting to steal their information ot infect their system with malware
• An attacker might register a domain like "gnail.com" hoping to catch users who misspell "gmail.com"
  • These fraudulent domains are often called Cousins, Lookalikes, or Doubleganger domains
  • It is something hard to see if not looking carefully at the URL
• To combat typosquatting, organizations will often do the following
  • Register common misspellings of their own domain names
  • Use services that monitor for similar domain registrations
  • Conduct user security awareness training to educate users about the risks of typosquatting

Watering Hole Attacks

• Targeted form of cyber attack where attackers compromise a specific website or service that their target is known to use
• The attacker can use it to deliver malware or perform other attacks
• The term "watering hole" is a metaphor for a naturally occurring phenomenon
  • In the world of cybersecurity, the "watering hole" the attacker chooses to utilize will usually be a trusted website or online service
• To mitigate watering hole attacks, organizations should do the following
  • Keep their systems and software updated
  • Use threat intelligence services to stay informed about new threats
  • Employ advanced malware detection and prevention tools