Pharming Attacks: What You Need to Know to Keep Your Website Safe

Author: Damon Xanthopoulos, DXanthopoulos@profitstars.com

Web fraud attacks that target financial institutions and their online banking users continue to skyrocket – primarily because cyber criminals understand that authentic website validation, a prerequisite for secure online transactions, is often misunderstood or unaddressed entirely. The knowledge gap between the attacker and their target continues to fuel increased identity theft and stolen funds activity through the use of clever phishing and pharming techniques that take advantage of the end user’s assumption that transaction conditions are safe when they are not.

The term “pharming” is taken from the words “farming” and “phishing.” Both phishing and pharming attacks seek to obtain access credentials (such as user names and passwords). But while phishing is a type of social-engineering attack, pharming targets the provider infrastructure and can be detected and prevented.

Pharming attacks are among the most virulent and devastating security breaches a company can suffer because end-users are unaware of the compromise. For this reason, pharming has become a major concern to businesses hosting ecommerce and online banking websites, leading the FDIC to issue guidance on this topic.

In order to protect your customers’ sessions on your website, it is important to be aware of three common pharming techniques:

• Website Defacement refers to an attack that:
  
  1.   Alters your website’s content with potentially offensive or erroneous images and text.
  2. Involves a hacker placing imperceptible code on your site which is activated when a user accesses it. This technique can often trigger a download of malicious code onto the user’s hard drive which may be controlled by a hacker remotely.
• DNS Hijacking technique can take on two forms:
1. Rerouting - This occurs after a hacker gains access to DNS records on a server and modifies them so that requests for the genuine web page are redirected elsewhere–usually to a page that the attacker has created to acquire confidential information from a user.
2. Man in the Middle – This is an extremely dangerous–and often undetectable–form of network security breach in which a hacker imperceptibly takes control of the communication between two computers to gain unauthorized information. This is one of the leading causes of online identity theft.

• SSL Certificate Compromise: An SSL Certificate is a unique fingerprint that identifies a legitimate website and encrypts sensitive data. In the aforementioned “Man in the Middle” attack, an exchange of the SSL Certificate traffic allows the hacker to watch customer sessions headed towards a legitimate website. It is important to make sure that the public key associated with your SSL Certificate remains unaltered at all times.

Whether you have internal security measures in place or a third party monitoring company serving as a 24/7 watchdog, it is of the upmost importance to put up a defense against these ever-growing online threats.