Masquerade attack: A wolf in sheep’s clothing

• Masquerade attack involves impersonating legitimate sources and creating fake identities.
• Attackers leverage masquerade attack to disguise as someone else and gain unauthorized access to victims’ systems or organizations’ network.

Masquerade attack involves impersonating legitimate sources and creating fake identities in order to trick victims into submitting their personal and financial information.

Attackers also leverage masquerade attack to pretend as someone else and gain unauthorized access to victims’ systems or organizations’ network.

• In Masquerade attacks, attackers send phishing emails to targets posing as legitimate organizations and requesting victims to submit their personal information.
• Attackers also steal users’ login credentials and gain unauthorized privileges to access confidential files in an computer by masquerading the user.

Examples of Masquerade attacks

Example 1 - Tax-themed phishing campaign

Researchers observed tax-themed phishing campaigns that impersonated legitimate tax authorities such as the US Internal Revenue Service, Canada Revenue Agency, and the New Zealand Inland Revenue Department.

• These phishing emails included HTML attachments or URLs, which upon clicking opened an online form or redirected victims to a spoofed IRS login page.
• The online form asks for victims’ financial information, while the login page collects victims’ login credentials.
• After which, victims are redirected to the official tax authority websites.

Example 2 - Gaining unauthorized access and stealing data by masquerade attack

In December 2013, the cybersecurity landscape witnessed a massive data breach at Target which comprised personal information of 70 million customers.

• Attackers stole credentials of Target’s HVAC contractor Fazio Mechanical Services.
• They then used the stolen credentials to gain access to Target-hosted web services dedicated to vendors.
• After gaining access to Target’s internal web application, attackers found a web application vulnerability and exploited it.
• They then used a well-known attack technique called "Pass-the-Hash" to gain access to an NT hash token that would allow them to impersonate the Active Directory administrator.
• After which they used the stolen privileges to create a new domain admin account and added it to the Domain Admins group.
• Following which they were able to steal personal information and payment card details of Target’s customers.

How to stay protected?

• Researchers recommend users to never open emails or attachments that come from anonymous senders.
• If the email purports to come from legitimate sources then it is recommended to ensure the sender’s email address and confirm directly with the sender in person or via phone call regarding the email.
• To stay protected from such attacks, it is always recommended to use strong, complex, lengthy, and unique passwords that are difficult to crack.
• It is best to use two-factor authentication while logging in to accounts.
• It is recommended to always log out after the session is complete.
• Experts recommend periodically rotating passwords and never reuse the same password across multiple accounts.