In a homoglyph attack (also sometimes called a homograph attack), the threat actor uses homoglyphs to spoof a URL or obfuscate code.
Homoglyphs are characters that resemble each other, such as the letter O and zero (‘0’), the Latin letter “H” and the Cyrillic letter “H,” or the uppercase “I” (“I”) and the lowercase letter “l” (L), which look identical in a sans serif font (like Calibri). In advanced phishing attacks today, phishing emails may contain homoglyph characters.
For example, the attacker might create a fake URL that spoofs a legitimate URL by using a homoglyph, like “InternationalBank.com,” switching out the letter sans serif letter “I” (“I”) for the lowercase sans serif letter “l” (L). Or the threat actor might use homoglyphs in the malware code to hide nefarious intent by inserting them into code strings that to the naked eye look normal but instead instruct the malware to do something different, like change the code’s perceived intent, such as making an ‘if’ statement always true or redirecting the user to a malicious domain.
How is this different from typosquatting?
Although typosquatting also uses visual tricks to deceive users, it relies heavily on users mistyping a URL in the address bar, hence, the “typo” in its name.
Are all homograph attacks just phishing attacks?
Not necessarily. Although homograph attacks usually involve phishing, threat actors could create fake yet believable websites for other fraudulent purposes or to introduce malware onto user system.
Reports about IDN homograph attacks, have noted that several homographed domains found were either part of a malvertising network, hosting exploit kits and malicious mobile apps, or generated by botnets.
Protection Against Homograph Attacks
Users are suggested to be vigilant when browsing online and maintain cybersecurity hygiene, including:
- Regularly updating your browser (They may be your first line of defense against homograph attacks).
- Confirming that the legitimate site you are on has an EVC (Extended Validation Certificate).
- Avoid clicking links from emails, chat messages, and other publicly available content, most especially social media sites, without ensuring that the visible link is indeed the true destination.
OCD Tech specializes in making sure employees understand the mechanisms of spam, phishing, spear-phishing, malware, and social engineering.
Source: https://www.feroot.com/education-center/what-is-a-homoglyph-attack/
