How to Identify and Mitigate Spoofing Attacks to Protect Your Business

Andrew Zola
Andrew Zola on Linkedin

Whether you’re a multinational corporation, a startup, or a small business, no one in the digital age is safe from a cyber attack. This makes it important for everyone to practice extreme vigilance against (sophisticated) spoofing attacks.

2017’s WannaCry ransomware attack affected over 200,000 computers in almost 150 countries. The overall damage caused by this attack is estimated to be as much as $4 billion. According to Cisco, at least 31% of organizations around the planet have also experienced cyber attacks on operational technology infrastructure.

One of the primary reasons why so many organizations are regularly affected by cybersecurity events like WannaCry is because they don’t believe it could happen to them. Another reason is the fact that they lack the necessary skills or training to identify and respond to a potential threat.

Enterprises that boast multiple layers of defense can also open themselves up for a data breach when an employee opens a phishing email. Whenever that happens, you’ll be in the middle of a spoofing attack that can leave your entire IT infrastructure exposed.

Spoofing attacks aren’t limited to emails and computers, it can also be used to mimic social media accounts, mobile phones, and other smart devices (like the Internet of Things). So if you receive a text message that seems suspicious, that’s probably smishing  (or text message phishing) in action.

To better protect your organization, it’s important to have an in-depth understanding of what spoofing is and what you can do to protect your business interests.

What’s a Spoofing Attack?

A spoofing attack can be described as the malicious practice leveraged by hackers to gain entry to your network by disguising their operation to make it seem genuine. For example, by taking advantage of spoofing software available on the dark web, bad actors can change the sender’s email details and source Internet Protocol (IP) address to make the correspondence seem legitimate.

When they manage to mimic an email people are used to receiving from a c-suite executive, it’s highly likely that your employees will be tricked by it (and blindly follow the instruction within the message).

Bad actors can also spoof caller IDs to make it seem like you’re receiving a call from someone known in your contact list. Other methods attempt to spoof the device’s IP to authenticate and gain access to a server or network (without a password).

There are three types of spoofing attacks that all businesses should be aware of:

  • Address Resolution Protocol (ARP) Spoofing
  • Domain Name System (DNS) Spoofing
  • IP Spoofing

ARP Spoofing

Computers communicate via a wireless router over enterprise networks. When bad actors are using ARP spoofing, they’re also on the same system trying to crack the network IP address while remaining undetected. ARP spoofing represents the interception of traffic through the sensibilities of ARP-protocol. Due to the vulnerable authenticity verification of requests and responses, ARP-protocols let the outcoming traffic slip into a malicious server.

Once they crack the IP address, they can quickly intercept, block, and modify information transmitted to and from the computer and router. This approach can also be used to initiate denial-of-service (DoS) attacks that can take down on-premise data centers.

Unfortunately, without the help of real-time ARP detection software (to monitor website traffic, unexpected traffic spikes, and error messages), it’s quite difficult to identify malicious activity on the network.

This is probably why at least one-third of the internet has been affected by DoS attacks over the last couple of years.

DNS Spoofing

Whenever you don’t have to remember domain names, that’s your DNS server’s database (made up of public IP addresses and corresponding hostnames) at work. However, when DNS spoofing or DNS cache poisoning comes into play, you will be redirected to a spoofed domain even though you entered the appropriate URL.

While Google actively removes spoofed domains on a daily basis, it’s always important to stress the importance of keeping an eye out for errors and inconsistencies to identify this common hacking technique. 

IP Spoofing

The most common spoofing technique is IP spoofing where hackers mimic an IP address to disguise their identity and pretend to be another sender (like the c-suite email example above). IP spoofing based on the creation of the fictitious addresses that are programmed to perform a straightforward task with the help of TCP/UDP-protocols, e.g., login in for obtaining your data. However, it can be useful to simulate the DDoS-attacks to estimate the maximum network load. More often than not, when systems believe that the IP address is genuine, bad actors will flood the server with multiple packets of data to initiate a DoS attack.

The common side effect of IP spoofing is slow or unresponsive websites. In this scenario, if your critical data isn’t backed up on a cloud or on another internal server, operations will come to a standstill derailing business continuity.

How Do You Mitigate Spoofing Attacks?

At it’s most basic, protecting against spoofing threats start with ongoing highly interactive and engaging training. For example, enterprises must make it a priority to educate employees about how emails are spoofed (and the importance of always double checking the sender’s name and address).

Whenever appropriate, teach them to look for the mailed-by and signed-by fields (which are secured and signed by SPF and DKIM). Furthermore, if you can implement two-factor authentication, that will also help better secure your digital assets.

Regular staff training can also reaffirm the fact that you shouldn’t ever click on links and attachments in unknown emails, visit websites without SSL certification, or give away sensitive information online (or via email). A great way to protect yourself from spoofing menaces is by using IP filtration, traffic encryption with the help of HTTPS and SSH protocols, VPN.

While keeping your network, firewalls, and cybersecurity protocols (like anti-spoofing software) up to date can help negate a potential attack, you won’t be able to detect vulnerabilities in the system without penetration testing.

To successfully identify and resolve potential weaknesses in enterprise networks, penetration testing needs to be conducted both internally and externally with the help of a trusted third-party partner.

When it comes to spoofing attacks over the phone, it’s a little challenging. In this scenario, it’s best to train employees to not give away information over the phone, double check the phone number on Google, or even call the people back based the information held on-premise. The most common telephone and SMS spoofing techniques are often employed in IRS scams and tech support scams.

While there isn’t any solution in the marketplace that can prevent spoofing attacks, regular staff training, updated software, and penetration testing can go a long way to ensure business continuity.

At Digi117, we know all about cybersecurity and spoofing attacks. To better protect your business interests and infrastructure, get in touch with one of our in-house experts!