The 17th annual National Cybersecurity Awareness Month (NCSAM) kicked off in October with the goal of raising cybersecurity awareness. To contribute to this goal, Hikvision senior director of cybersecurity, Chuck Davis, is providing insights on various cyberattacks to help you stay safe.
In today’s blog, Hikvision’s Davis will provide an overview of pharming—a malicious hacking attack—that includes tips to help you identify this scam and avoid becoming a victim to it.
What is Pharming?
Pharming is a type of cyberattack that redirects a website’s traffic to a malicious site that appears to be the real site. Pharming is used frequently in phishing attacks to trick a victim into sharing login credentials, banking information, or other sensitive data with the attacker.
It’s effective because a victim who visits the malicious website can see the valid domain name in their browser. The attacker must trick the victim’s computer into going to the malicious website by either making changes to the victim’s computer or somehow changing the destination IP address for a domain name. That’s typically achieved by altering or “poisoning” the victim’s DNS (domain name system) lookup.
How Does Pharming Work?
When you enter an address into your browser, your computer first checks for an IP address in a file on your computer called the hosts file. If it sees an entry in the hosts file for that website, it will go to that IP address. If your computer does not find an entry for that address in the hosts file, your browser will ask your computer’s default DNS server to look up the IP address of that website.
There are DNS servers all over the Internet and unless you specifically changed your DNS servers, you are probably using servers from your Internet Service Provider (ISP). Once the DNS server comes back with an IP address, your browser can make the request to go to 172.217.11.228 and almost instantly, you will see the Google web page. So essentially, a pharming attack happens when an attacker is able to send the wrong IP address to the victim’s computer when it does a lookup.
How To Stay Safe from Pharming Attacks
Below are several tips that will help you boost cybersecurity and stay safe.
- Enable multi-factor authentication (MFA) wherever it is available. This way if you do get tricked into sharing your credentials, the attacker would not be able to log into your real account.
- Keep your router up to date. If your router doesn’t have automatic updates, consider replacing it with a new router that does update automatically
- Change the DNS settings on your router and devices to an alternate, encrypted DNS such as Cloudflare's 1.1.1.1, IBM's 9.9.9.9, and Google DNS.
- Follow standard anti-phishing recommendations.
Read the Hikvision pharming blog to learn more and view examples of pharming attacks: “Part 2: Hikvision Senior Director of Cybersecurity on Examples of Pharming—A Malicious Hacking Attack—and Tips to Avoid Becoming a Victim.”