Large corporations, federal authorities, entire counties – if you look at who was affected by cyberattacks last year, it quickly becomes clear how perfidious the machinations of hackers and criminal gangs are. Using different approaches and subtypes of malware, the attacks are primarily aimed at capturing sensitive data, selling it expensively on the darknet and extorting high ransom sums from the victimized companies. The latter often have to fear for their economic existence. In the best case, experts are consulted at the latest after an attack is discovered and preventive measures are taken for the future.
According to the BSI, 15,000,000 reports of malware infections were sent to German network operators last year in Germany alone. The dynamics in this criminal market are extremely rapid, so in addition to regular updates of protection programs, employee training and penetration tests that simulate attacks are extremely important. In this article, we explain what spoofing is all about and how companies can best protect themselves from spoofing attacks.
What is spoofing?
Spoofing is often – but not exclusively – one of the so-called social engineering cyber attacks, in which the behavior of people – in this context often employees – is to be influenced. As the name suggests, spoofing often involves contacting victims through supposedly known telephone or e-mail senders in order to obtain sensitive data.
Spoofing methods: How hackers proceed
Spoofing is very perfidious because it plays on people’s trust and fear. Depending on the target group, cybercriminals take different approaches to spoofing. Experts distinguish between IP spoofing, mail spoofing, DNS spoofing, call ID spoofing and other attack patterns. We will briefly discuss some of these below.
IP spoofing is the creation of Internet Protocol (IP) packets – the most central element of Internet-based data communication – with a spoofed source IP address. This allows cybercriminals to seize other people’s identities and impersonate another device. In doing so, they take advantage of the fact that affected systems and networks are often configured in such a way that authentication of certain source addresses classified as “trusted” is not required.
Mail spoofing is another method of faking someone else’s identity by e-mail. E-mail messages are sent from a fake sender address. In the course of this, employees receive e-mails that supposedly come from a superior or colleague, for example – and are thus embarrassed into willingly disclosing data.
DNS spoofing – also known as cache poisoning – abuses the Domain Name System (DNS) for malicious traffic redirection. This way, the victims of the hacker attack are supposed to be redirected to fake or malicious content. The PC establishes a connection to the fake IP address, whereupon the traffic is redirected to a fake server. The victims usually do not notice anything about it.
With telephone call ID spoofing, the displayed telephone number is either known or only slightly changed. This means that the fraud is hardly noticeable at first. If, for example, you try to call back a phone number that has been changed in this way, such as that of a colleague, the correct phone number is dialed instead of the spoofed one – the caller ends up at the phone number that is actually known. The caller knows nothing about the fraud.
How to detect spoofing attacks
Spoofing attacks are not easy to detect. Untrained employees may not even realize that they are not communicating with trusted colleagues, customers or partners, but with cybercriminals. It is true that, especially in the case of calls and e-mails, one should watch out for signals such as many spelling mistakes and strange requests. However, it is safer to have sound specialist knowledge, which is taught in security awareness training courses.
Prevent spoofing: Our experts recommend these protective measures
The BSI strongly recommends not giving in to dubious requests for personal data or money, either by e-mail or phone call, and to end the communication as soon as possible. Companies that fear a spoofing attack are strongly advised to contact the person, authority or company via another communication channel in any case in order to verify the alleged request.
The DGC is also aware of the attack patterns of cybercriminals and knows that they are becoming increasingly perfidious and sophisticated, also due to artificial intelligence. With solutions such as spam and network filters as well as antivirus programs, there are strong technical options to filter and ward off spoofing attacks before they can cause damage. However, they can mainly be used to block ordinary attacks.
The DGC knows that hackers are creative and are constantly trying to find ways to cause damage to their victims’ systems. It is also clear that the best technology is only effective in conjunction with trained employees who know exactly what to look out for in everyday digital life. In addition to 360-degree IT security “made in Germany”, which DGC offers as part of modular cyber security partnerships, DGC also imparts valuable expertise in security awareness training courses.