Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-631:SoundSquatting
Attack Pattern ID:631
Version:v3.9
Attack Pattern Name:SoundSquatting
Abstraction:Detailed
Status:Draft
Likelihood of Attack:Low
Typical Severity:Medium
DetailsContent HistoryRelated WeaknessesReports
▼Description
An adversary registers a domain name that sounds the same as a trusted domain, but has a different spelling. A SoundSquatting attack takes advantage of a user's confusion of the two words to direct Internet traffic to adversary-controlled destinations. SoundSquatting does not require an attack against the trusted domain or complicated reverse engineering.
▼Extended Description
▼Alternate Terms
Homophone Attack

▼Relationships
NatureTypeIDName
ChildOfS616Establish Rogue Location
CanFollowS98Phishing
CanPrecedeS89Pharming
CanPrecedeD543Counterfeit Websites
Nature: ChildOf
Type: Standard
ID: 616
Name: Establish Rogue Location
Nature: CanFollow
Type: Standard
ID: 98
Name: Phishing
Nature: CanPrecede
Type: Standard
ID: 89
Name: Pharming
Nature: CanPrecede
Type: Detailed
ID: 543
Name: Counterfeit Websites
▼Execution Flow
Explore
1.

Determine target website

The adversary first determines which website to impersonate, generally one that is trusted, receives a consistent amount of traffic, and is a homophone.

Technique
Research popular or high traffic websites which are also homophones.
Experiment
1.

Impersonate trusted domain

In order to impersonate the trusted domain, the adversary needs to register the SoundSquatted URL.

Technique
Register the SoundSquatted domain.
Exploit
1.

Deceive user into visiting domain

Finally, the adversary needs to deceive a user into visiting the SoundSquatted domain.

Technique
Execute a phishing attack and send a user an e-mail convincing the user to click on a link leading the user to the SoundSquatted domain.
Assume that a user will unintentionally use the homophone in the URL, leading the user to the SoundSquatted domain.
▼Prerequisites
An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets.
▼Skills Required
Low

Adversaries must be able to register DNS hostnames/URL’s.

▼Resources Required
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
OtherN/AOtherDepending on the intention of the adversary, a successful SoundSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials.
Scope: Other
Likelihood: N/A
Impact: Other
Note: Depending on the intention of the adversary, a successful SoundSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials.
▼Mitigations
Authenticate all servers and perform redundant checks when using DNS hostnames.
Purchase potential SoundSquatted domains and forward to legitimate domain.
▼Example Instances
▼Related Weaknesses
IDName
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
▼Notes
▼References
Reference ID: REF-491
Title: Soundsquatting: Uncovering the Use of Homophones in Domain Squatting
Author: Nick Nikiforakis, Marco Balduzzi, Lieven Desmet, Frank Piessens, Wouter Joosen
Publication:
Publisher:Trend Micro
Edition:
URL:https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-soundsquatting.pdf
URL Date:
Day:N/A
Month:N/A
Year:N/A
Details not found