CAPEC-611

BitSquatting
Bas
Moyen
Draft
2015-11-09
00h00 +00:00
2022-09-29
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des notifications

Descriptions du CAPEC

An adversary registers a domain name one bit different than a trusted domain. A BitSquatting attack leverages random errors in memory to direct Internet traffic to adversary-controlled destinations. BitSquatting requires no exploitation or complicated reverse engineering, and is operating system and architecture agnostic. Experimental observations show that BitSquatting popular websites could redirect non-trivial amounts of Internet traffic to a malicious entity.

Informations du CAPEC

Flux d'exécution

1) Explore

[Determine target website] The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.

Technique
  • Research popular or high traffic websites.
2) Experiment

[Impersonate trusted domain] In order to impersonate the trusted domain, the adversary needs to register the BitSquatted URL.

Technique
  • Register the BitSquatted domain.
3) Exploit

[Wait for a user to visit the domain] Finally, the adversary simply waits for a user to be unintentionally directed to the BitSquatted domain.

Technique
  • Simply wait for an error in memory to occur, redirecting the user to the malicious domain.

Conditions préalables

An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets.

Compétences requises

Adversaries must be able to register DNS hostnames/URL’s.

Atténuations

Authenticate all servers and perform redundant checks when using DNS hostnames.
When possible, use error-correcting (ECC) memory in local devices as non-ECC memory is significantly more vulnerable to faults.

Références

REF-485

Bitsquatting: DNS Hijacking without exploitation
Artem Dinaburg.
http://media.blackhat.com/bh-us-11/Dinaburg/BH_US_11_Dinaburg_Bitsquatting_WP.pdf

Soumission

Nom Organisation Date Date de publication
CAPEC Content Team The MITRE Corporation 2015-11-09 +00:00

Modifications

Nom Organisation Date Commentaire
CAPEC Content Team The MITRE Corporation 2017-08-04 +00:00 Updated Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Description, Description Summary, Methods_of_Attack, Typical_Likelihood_of_Exploit, Typical_Severity
CAPEC Content Team The MITRE Corporation 2018-07-31 +00:00 Updated Attack_Phases
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Related_Attack_Patterns
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.