Here are several types of "squatting" attacks that cybercriminals use, which are intended to trick users, infiltrate systems, or carry out malicious activities:
- Typosquatting: Also known as URL hijacking, it relies on users making typos when entering a website URL. The attacker registers domains that are similar to popular websites but include common typos. In the context of software libraries (like Python's PyPI, JavaScript's npm, etc.), attackers can upload malicious packages with names similar to popular ones, banking on users mistyping the name and downloading the wrong package.
- Bitsquatting: This attack involves registering domain names one bit different from a popular domain. It exploits random bit errors to direct some traffic to the incorrect site.
- Combosquatting: Attackers add certain words to a famous domain name, betting on users thinking it's a legitimate subsidiary of the main domain.
- Homograph Squatting: Attackers use characters that look similar to the original ones in the domain name, exploiting the similarity between alphanumeric characters or using Punycode to include non-ASCII characters.
- Soundsquatting: The domain registered sounds phonetically similar to the original one.
- Doppelganger Domain Squatting: Here, attackers register a domain that is identical to a legitimate domain, but without the dot between subdomain and domain (like 'wwwgoogle.com' instead of 'www.google.com').
Geographical Distribution of Parties in WIPO Domain Name Cybersquatting Cases in 2021. Top 25 countries
These attacks highlight the importance of diligence when typing URLs, downloading software libraries, or interacting with websites that seem related to popular ones. Using verified and secure sources, double-checking URLs and package names, and implementing secure software supply chain practices are crucial to mitigating these risks.
