Pharming is a type of cyber-attack that hijacks a legitimate website’s traffic and instead directs it to a malicious web server. In many respects, pharming is similar to phishing in that it presents a victim with a page that appears to be 100% legitimate and trusted. But unlike phishing attacks, pharming attacks don’t rely on tricking a user into clicking on a malicious URL. Instead, the user navigates to the proper URL for a website (perhaps even by using the same bookmark as yesterday) and is directed to a bogus server hosted by the attacker. A page is presented that steals the user’s information – at least their account credentials – and is often not detected by a victim until information has already been compromised.
Pharming first gained notoriety and substantial news coverage in the mid-2000s due to its insidious nature as being borderline impossible for an average internet user to detect. Despite a few high-profile attacks and numerous smaller malware-based attacks, it remains relatively obscure compared to phishing due to a variety of factors (perhaps most notably that it requires a lot more work than a simple phishing attack).
Due to the possibility, however, of catching many victims simultaneously – including those who might normally spot a phishing attack before entering their credentials – many security experts still consider pharming a serious threat to businesses and their customers.
Pharming attacks can be launched in a variety of ways, most frequently involving either malware-based modifications of users’ local hosts files or falsification of records on DNS servers. Each method has the effect of directing traffic that would otherwise be destined for a legitimate website to an attacker’s page instead. Fortunately, a number of tactics exist to detect and mitigate pharming attacks, and a vigilant defense posture can make a huge difference in the impact and costs associated for an organization targeted by one.
In an upcoming post, we’ll discuss some of the technical aspects of pharming attacks and how they can be detected and stopped.