Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-630:TypoSquatting
Attack Pattern ID:630
Version:v3.9
Attack Pattern Name:TypoSquatting
Abstraction:Detailed
Status:Draft
Likelihood of Attack:Low
Typical Severity:Medium
DetailsContent HistoryRelated WeaknessesReports
▼Description
An adversary registers a domain name with at least one character different than a trusted domain. A TypoSquatting attack takes advantage of instances where a user mistypes a URL (e.g. www.goggle.com) or not does visually verify a URL before clicking on it (e.g. phishing attack). As a result, the user is directed to an adversary-controlled destination. TypoSquatting does not require an attack against the trusted domain or complicated reverse engineering.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfS616Establish Rogue Location
CanFollowS98Phishing
CanFollowS691Spoof Open-Source Software Metadata
CanPrecedeS89Pharming
CanPrecedeD543Counterfeit Websites
Nature: ChildOf
Type: Standard
ID: 616
Name: Establish Rogue Location
Nature: CanFollow
Type: Standard
ID: 98
Name: Phishing
Nature: CanFollow
Type: Standard
ID: 691
Name: Spoof Open-Source Software Metadata
Nature: CanPrecede
Type: Standard
ID: 89
Name: Pharming
Nature: CanPrecede
Type: Detailed
ID: 543
Name: Counterfeit Websites
▼Execution Flow
Explore
1.

Determine target website

The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.

Technique
Research popular or high traffic websites.
Experiment
1.

Impersonate trusted domain

In order to impersonate the trusted domain, the adversary needs to register the TypoSquatted URL.

Technique
Register the TypoSquatted domain.
Exploit
1.

Deceive user into visiting domain

Finally, the adversary needs to deceive a user into visiting the TypoSquatted domain.

Technique
Execute a phishing attack and send a user an e-mail convincing the user to click on a link leading the user to the TypoSquatted domain.
Assume that a user will incorrectly type the legitimate URL, leading the user to the TypoSquatted domain.
▼Prerequisites
An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets.
▼Skills Required
Low

Adversaries must be able to register DNS hostnames/URL’s.

▼Resources Required
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
OtherN/AOtherDepending on the intention of the adversary, a successful TypoSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials.
Scope: Other
Likelihood: N/A
Impact: Other
Note: Depending on the intention of the adversary, a successful TypoSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials.
▼Mitigations
Authenticate all servers and perform redundant checks when using DNS hostnames.
Purchase potential TypoSquatted domains and forward to legitimate domain.
▼Example Instances
▼Related Weaknesses
IDName
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
▼Notes
▼References
Reference ID: REF-491
Title: Soundsquatting: Uncovering the Use of Homophones in Domain Squatting
Author: Nick Nikiforakis, Marco Balduzzi, Lieven Desmet, Frank Piessens, Wouter Joosen
Publication:
Publisher:Trend Micro
Edition:
URL:https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-soundsquatting.pdf
URL Date:
Day:N/A
Month:N/A
Year:N/A
Details not found