Dark Mode

Settings

Capec-611 Detail

BitSquatting

Detailed Social Engineering Likelihood: Low Typical Severity: Medium

Parents: 616

Description

An adversary registers a domain name one bit different than a trusted domain. A BitSquatting attack leverages random errors in memory to direct Internet traffic to adversary-controlled destinations. BitSquatting requires no exploitation or complicated reverse engineering, and is operating system and architecture agnostic. Experimental observations show that BitSquatting popular websites could redirect non-trivial amounts of Internet traffic to a malicious entity.

Not present

External ID Source Link Description
CAPEC-611 capec https://capec.mitre.org/data/definitions/611.html
REF-485 reference_from_CAPEC http://media.blackhat.com/bh-us-11/Dinaburg/BH_US_11_Dinaburg_Bitsquatting_WP.pdf Artem Dinaburg, Bitsquatting: DNS Hijacking without exploitation, Raytheon
Explore

  1. Determine target website: The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.

    2. Techniques
    Research popular or high traffic websites.
Experiment

  1. Impersonate trusted domain: In order to impersonate the trusted domain, the adversary needs to register the BitSquatted URL.

    2. Techniques
    Register the BitSquatted domain.
Exploit

  1. Wait for a user to visit the domain: Finally, the adversary simply waits for a user to be unintentionally directed to the BitSquatted domain.

    2. Techniques
    Simply wait for an error in memory to occur, redirecting the user to the malicious domain.
  1. An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets.

Not present

Low
Adversaries must be able to register DNS hostnames/URL’s.
Other
Other (Depending on the intention of the adversary, a successful BitSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials.)

Not present

We use cookies to ensure you get the best experience on our website.