Embedded System Security Topic Spoofing Attack.pdf

FACULTY OF ELECTRONICS TELECOMMUNICATIONS

- -

EMBEDDED SYSTEM SECURITY

Topic: “Spoofing attack”

Instructor guide: Master.Duong Phuc Phan

CHAPTER 3: HOW DOES SPOOFING WORK? 8

CHAPTER 4: THE HARMFUL OF SPOOFING ATTACK 10

CHAPTER 5: PROTECTION SOLUTIONS 11

5.1 How do I detect spoofing? 11

5.1.1 Website spoofing 11

5.1.2 Email spoofing 11

5.1.3 Caller ID spoofing 11

5.2 How can I protect against spoofing? 12

5.3 How to prevent spoofing 12

CONCLUSION 14

REFERENCES 15

PREAMBLE

Spoofing attacks are becoming increasingly common in the digital age, and they pose a significant threat to individuals, businesses, and governments alike A spoofing attack is a type of cyberattack in which an attacker attempts to gain unauthorized access to a system or network by pretending to be a trusted entity This can involve the use of fraudulent emails, websites, or even phone calls that are designed to deceive the victim into providing sensitive information or downloading malicious software In this era of heightened connectivity and reliance on technology, it is essential to understand the nature of spoofing attacks and how to protect oneself from them

In this topic, we will explore the various types of spoofing attacks, the methods used by attackers, and the measures that individuals and organizations can take to protect themselves against them We will also examine real-world examples of spoofing attacks and their impact on businesses and individuals By understanding the nature of spoofing attacks and how to mitigate them, we can help ensure that our digital lives remain secure and protected

CHAPTER 1: SPOOFING ATTACK OVERVIEW 1.1 Definition

A spoofing attack is a type of cyber attack where an attacker disguises their identity or alters their communication in order to deceive the victim into believing they are someone or something they are not This can include spoofing a website, email address, IP address, or phone number

1.2 History of spoofing

There's nothing new about spoofing The word "spoof" as a form of trickery goes back over a century According to the Merriam-Webster online dictionary, the word "spoof" is attributed to 19th century English comedian Arthur Roberts about a game of trickery and deception of Robert's creation The rules of the game have been lost to time We can only guess the game wasn't very fun or the Brits of the time didn't like being goofed on Whatever the case may be, the name stuck though the game didn't

It wasn't until the early 20th century, spoof became synonymous with parody For several decades whenever someone mentioned "spoof" or "spoofing" it was in reference to something funny and positive—like the latest film spoof from Mel Brooks or a comedy album from "Weird Al" Yankovic

Today, spoofing is most often used when talking about cybercrime Whenever a scammer or cyber threat pretends to be someone or something they're not, it's spoofing

Spoofing attacks can be prevented by implementing security measures such as two-factor authentication, encryption, and digital certificates It is also important for users to be vigilant and cautious when receiving unsolicited emails or phone calls, and to verify the identity of the sender before disclosing any sensitive information

CHAPTER 2: TYPES OF SPOOFING ATTACK 2.1 IP spoofing

IP spoofing is a type of cyber attack where an attacker sends network packets with a false source IP address to hide their true identity or to impersonate a legitimate user This is done by modifying the source address of the packets so that they appear to be coming from a different IP address

The purpose of IP spoofing can vary, but it is often used to launch distributed denial-of-service (DDoS) attacks or to bypass authentication mechanisms In a DDoS attack, the attacker sends a large volume of traffic with spoofed IP addresses to overwhelm the targeted network or website By using spoofed IP addresses, the attacker can make it more difficult for the victim to trace the source of the attack

IP spoofing can also be used to bypass authentication mechanisms that rely on IP addresses for access control For example, if a system is configured to only allow access from certain IP addresses, an attacker can use IP spoofing to impersonate a trusted IP address and gain access to the system

There are several techniques for detecting and preventing IP spoofing, including filtering traffic based on source IP addresses, using cryptographic authentication mechanisms, and implementing network ingress filtering Network administrators can also monitor their networks for unusual traffic patterns that may indicate an IP spoofing attack

2.2 Email spoofing

Email spoofing is a type of cyber attack where an attacker sends an email that appears to be from a legitimate source but is actually from a fake email address This can be done by modifying the "From" address in the email header to make it look like the email is coming from a trusted source

The purpose of email spoofing can vary, but it is often used in phishing attacks to trick the victim into disclosing sensitive information or spreading malware For example, an attacker might send an email that appears to be from a bank or other financial institution, asking the victim to update their account information or click on a link to reset their password If the victim falls for the scam and enters their login credentials, the attacker can use this information to steal money or access other sensitive data

Email spoofing can be prevented by implementing email authentication mechanisms such as Sender Policy Framework (SPF), DomainKeys Identified

Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) These mechanisms use digital signatures to verify that the email is coming from a legitimate source and not from a spoofed email address

It is also important for users to be vigilant when receiving unsolicited emails, especially those that ask for personal information or contain suspicious links or attachments Before clicking on any links or entering any sensitive information, users should verify the identity of the sender by checking the email address and any digital signatures

2.3 DNS spoofing

DNS spoofing, also known as DNS cache poisoning, is a type of cyber attack where an attacker alters the domain name system (DNS) records to redirect users to a fake website that appears to be legitimate This can be done by compromising the DNS server or by intercepting DNS queries and sending back false responses

The purpose of DNS spoofing can vary, but it is often used in phishing attacks to steal sensitive information such as login credentials, credit card numbers, or other personal data For example, an attacker might spoof the DNS record for a popular social media site and redirect users to a fake login page where they are prompted to enter their username and password If the victim falls for the scam and enters their login credentials, the attacker can use this information to access their account and steal personal information

DNS spoofing can be prevented by implementing security measures such as DNSSEC (Domain Name System Security Extensions) and DNS over HTTPS (DoH) DNSSEC uses digital signatures to verify the authenticity of DNS records, while DoH encrypts DNS queries and responses to prevent interception and modification

It is also important for users to be vigilant when browsing the web and to verify the legitimacy of websites before entering any sensitive information This can be done by checking the website address and digital certificates, and by using anti-phishing software to detect and block suspicious websites

2.4 Caller ID spoofing

Caller ID spoofing is a type of cyber attack where an attacker manipulates the caller ID information to make it appear as if the call is coming from a legitimate source This can be done using software or online services that allow the caller to change their caller ID information to any desired number or name

The purpose of caller ID spoofing can vary, but it is often used in phishing scams to trick victims into revealing personal information such as bank account numbers or passwords For example, an attacker might spoof the caller ID of a bank and call a victim, claiming that their account has been compromised and asking for their account information If the victim falls for the scam and provides their account information, the attacker can use this information to steal money or access other sensitive data

Caller ID spoofing can be prevented by implementing anti-spoofing measures such as the STIR/SHAKEN (Secure Telephone Identity Revisited/Signature-based Handling of Asserted information using toKENs) protocol, which is a framework for authenticating phone calls and preventing spoofed calls This protocol uses digital signatures to verify that the caller ID information is legitimate and that the call has not been spoofed

It is also important for users to be cautious when receiving unsolicited calls, especially those that ask for personal information or contain suspicious requests Before providing any sensitive information, users should verify the identity of the caller by asking for their name, company, and phone number, and by using call-blocking or call-screening software to detect and block suspicious calls

2.5 Website spoofing

Website spoofing is all about making a malicious website look like a legitimate one The spoofed site will look like the login page for a website you frequent—down to the branding, user interface, and even a spoofed domain name that looks the same at first glance Cybercriminals use spoofed websites to capture your username and password (aka login spoofing) or drop malware onto your computer (a drive-by download) A spoofed website will generally be used in conjunction with an email spoof, in which the email will link to the website

It's also worth noting that a spoofed website isn't the same as a hacked website In the case of website hacking, the real website has been compromised and taken over by cybercriminals—no spoofing or faking involved Likewise, malvertising is its own brand of malware In this case, cybercriminals have taken advantage of legitimate advertising channels to display malicious ads on trusted websites These ads secretly load malware onto the victim's computer

2.6 GPS spoofing

GPS spoofing occurs when you trick your device's GPS into thinking you're in one location, when you're actually in another location Why on Earth would anyone want to GPS spoof? Two words: Pokémon GO Using GPS spoofing,

Pokémon GO cheaters can make the popular mobile game think they're in proximity to an in-game gym and take over that gym (winning in-game currency) In fact, the cheaters are actually in a completely different location—or country Similarly, videos can be found on YouTube showing Pokémon GO players catching various Pokémon without ever leaving their house While GPS spoofing may seem like child's play, it's not difficult to imagine that threat actors could use the trick for more nefarious acts than gaining mobile game currency

GPS spoofing is a technique used to deceive GPS receivers by broadcasting false GPS signals that appear to be genuine signals from GPS satellites This technique involves transmitting radio signals that mimic the signals sent by GPS satellites, with the goal of tricking GPS receivers into providing inaccurate location or time data

The spoofing of GPS signals can be carried out for various reasons, including malicious activities such as cyber attacks or theft, or for privacy reasons For example, GPS spoofing can be used by criminals to redirect ships or aircraft to a different location, or by individuals to fake their location to access location-based services or hide their real location from others

GPS spoofing can be a serious threat to various industries and sectors, including transportation, military, and navigation To prevent GPS spoofing, various techniques and technologies have been developed, such as signal encryption, multi-constellation receivers, and signal authentication

CHAPTER 3: HOW DOES SPOOFING WORK?

We've explored the various forms of spoofing and glossed over the mechanics of each In the case of email spoofing, however, there's a bit more worth going over There are a few ways cybercriminals are able to hide their true identity in an email spoof The most foolproof option is to hack an unsecure mail server In this case the email is, from a technical standpoint, coming from the purported sender

The low-tech option is to simply put whatever address in the "From" field The only problem is if the victim replies or the email cannot be sent for some reason, the response will go to whoever is listed in the "From" field—not the attacker This technique is commonly used by spammers to use legitimate emails to get past spam filters If you've ever received responses to emails you've never sent this is one possible reason why, other than your email account being hacked This is called backscatter or collateral spam

Another common way attackers spoof emails is by registering a domain name similar to the one they're trying to spoof in what's called a homograph attack or visual spoofing For example, "rna1warebytes.com" Note the use of the number "1" instead of the letter "l" Also note the use of the letters "r" and "n" used to fake the letter "m" This has the added benefit of giving the attacker a domain they can use for a creating a spoofed website

Whatever the spoof may be, it's not always enough to just throw a fake website or email out into the world and hope for the best Successful spoofing requires a combination of the spoof itself and social engineering Social engineering refers to the methods cybercriminals use to trick us into giving up personal information, clicking a malicious link, or opening a malware-laden attachment There are many plays in the social engineering playbook Cybercriminals are counting on the vulnerabilities we all carry as human beings, such as fear, naiveté, greed, and vanity, to convince us to do something we really shouldn't be doing In the case of a sextortion scam, for instance, you might send the scammer Bitcoin because you fear your proverbial dirty laundry being aired out for everyone to see

Human vulnerabilities aren't always bad either Curiosity and empathy are generally good qualities to have, but criminals love to target people who exhibit them Case in point, the stranded grandchildren scam, in which a loved one is allegedly in jail or in the hospital in a foreign country and needs money fast An email or text might read, "Grandpa Joe, I've been arrested for smuggling drugs in

[insert name of country] Please send funds, oh and btw, don't tell mom and dad You're the best [three happy face winking emojis]!" Here the scammers are counting on the grandparent's general lack of knowledge about where his grandson is at any given time

Spoofing works by mimicking or falsifying information to deceive a recipient into thinking that the information is genuine The specifics of how spoofing works can vary depending on the type of spoofing being used

Using various high-tech and low-tech tactics to convince the end-user to divulge sensitive information or take a particular action (like clicking a link or downloading a file) that enables the cybercriminal to damage systems or steal information While not an advanced persistent threat (APT), various types of spoofing may be employed as a part of more coordinated, ongoing attacks