‘Bait & Switch’ is a type of fraud that uses relatively trusted avenues – ads – to trick users into visiting malicious sites. These attacks often occur in the form of advertising space being sold by websites and purchased by shady companies. Once the rogue attackers purchase the ad space, they replace the ad with an innocuous link which could be later used to download malware or browser locking or to compromise targeted systems.
In some cases, the ad may also link to a legitimate website, programmed to redirect you to a far more harmful site.
It works like this:
- The hacker buys advertising on a network or popular website.
- The hacker then submits a ‘safe’ and non-malicious advertisement to the network which is then approved.
- Once approved, the hacker then switches the link or actual advertising content to something malicious.
Then, the damage is done. To avoid detection by the advertising network, the hacker often also redirects the malicious link back to the good link of the link is clicked on by an IP address originating from the advertising network. This makes it very hard for the advertising network to detect this type of hack.
The Bait n Switch attack uses the following steps give you access to the network without tripping port security:
- Disconnect authorized client device from the network
- Set MAC address of the upstream interface to MAC address of authorized client device
- Connect switch using upstream interface
- Authenticate with the switch using stolen credentials
- Give upstream interface static IP address of client device
In essence, the Bait n Switch attack silently swaps the authorized device with the attacker’s rogue device. Since this attack will cause a temporary denial of service for the authorized device, it is best to perform it during off-hours during which the authorized device is not likely to be in use.
For more cybersecurity information contact us at firstname.lastname@example.org