CAPEC-632 Detail

CAPEC-632

Name

Homograph Attack via Homoglyphs

Likihood attacks

Low

Typical Severity

Medium

Status

Draft

Published

2015-11-09
00h00 +00:00

Modified

2023-01-24
00h00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Notifications manage

List of Notifications

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Descriptions CAPEC

An adversary registers a domain name containing a homoglyph, leading the registered domain to appear the same as a trusted domain. A homograph attack leverages the fact that different characters among various character sets look the same to the user. Homograph attacks must generally be combined with other attacks, such as phishing attacks, in order to direct Internet traffic to the adversary-controlled destinations.

Informations CAPEC

Execution Flow

1) Explore

[Determine target website] The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.

Technique

Research popular or high traffic websites.

2) Experiment

[Impersonate trusted domain] In order to impersonate the trusted domain, the adversary needs to register the URL containing the homoglpyh character(s).

Technique

3) Exploit

[Deceive user into visiting domain] Finally, the adversary needs to deceive a user into visiting the Homograph domain.

Technique

Execute a phishing attack and send a user an e-mail convincing the to click on a link leading the user to the malicious domain.

Prerequisites

An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets.

Skills Required

Adversaries must be able to register DNS hostnames/URL’s.

Mitigations

Authenticate all servers and perform redundant checks when using DNS hostnames.
Utilize browsers that can warn users if URLs contain characters from different character sets.

Related Weaknesses

CWE-ID	Weakness Name
CWE-1007	Insufficient Visual Distinction of Homoglyphs Presented to User The product displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar or identical glyphs (homoglyphs), which may cause the user to misinterpret a glyph and perform an unintended, insecure action.

Submission

Name	Organization	Date	Date release
CAPEC Content Team	The MITRE Corporation	2015-11-09 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2018-07-31 +00:00	Updated Attack_Phases
CAPEC Content Team	The MITRE Corporation	2019-04-04 +00:00	Updated Related_Attack_Patterns
CAPEC Content Team	The MITRE Corporation	2020-12-17 +00:00	Updated Related_Attack_Patterns
CAPEC Content Team	The MITRE Corporation	2022-09-29 +00:00	Updated Related_Attack_Patterns
CAPEC Content Team	The MITRE Corporation	2023-01-24 +00:00	Updated Related_Weaknesses

CAPEC-632 Detail

CAPEC-632

Descriptions CAPEC

Informations CAPEC

Execution Flow

Prerequisites

Skills Required

Mitigations

Related Weaknesses

CWE-1007

Submission

Modifications