What is a Masquerade Attack?

A masquerade attack is one where the perpetrator assumes the identity of a fellow network user or co-employee to trick victims into providing user credentials that he/she can then use to gain access to other connected accounts.

Threat actors carry out masquerade attacks by stealing username-and-password combinations via phishing and other means, exploiting security weaknesses or vulnerabilities, or bypassing authentication processes. But the attacker always does so from within the organization.

A masquerade attacker is comparable to a wolf in sheep’s clothing. He/She assumes the identity of someone harmless to gain an unsuspecting victim’s trust.

Other interesting terms…

• What is a Sniffing Attack?
• What is Pharming?

Read More about a “Masquerade Attack”

Poorly protected organizations with weak authentication processes are most vulnerable to masquerade attacks. As soon as an attacker gains “authorized access,” it’s easy for him/her to tinker with the organization’s confidential data, including changing network configurations, turning off antimalware and firewall solutions, and stealing sensitive data.

3 Ways Hackers Employ to Carry Out Masquerade Attacks

1. Creating Fake Servers

Attackers can carry out masquerade attacks by creating a fake server within the network then collecting users’ login credentials when it’s accessed. Once done, the threat actors can use any of the users’ credentials to gain access to password-protected systems and files.

2. Sending Out Phishing Emails

Attackers can also start a masquerade attack by sending phishing emails to target victims from inside the network, asking them for their credentials. Because the threat actors are using the same domain, victims could easily give in to the request and get phished. The attackers then get login credentials to gain access to all of the systems and files that the phishing victims are authorized to get into.

3. Using Data Stealers

In other cases, cybercriminals send data-stealing malware such as a keylogger to victims. The keylogger is often disguised as a work file. Once installed, the malware records all of the users’ keystrokes to obtain their usernames and passwords. When done, the attackers can use the stolen credentials to get into protected systems and files.

How to Stay Protected against Masquerade Attacks

Here are some ways to stay safe from masquerade attacks.

For individuals:

1. Double-check the contents of an email with unusual requests with its sender via a phone call. No one, not even a co-employee, should ask you to share your credentials with him/her.
2. Refrain from saving passwords on your browser. Data-stealing malware can collect them without your knowledge.
3. Log out of any network-connected system when you’re done accessing it.
4. Use a different password for each system or portal. That way, even if attackers get hold of one, they can’t access everything without the others.

For companies:

1. Use multifactor authentication on critical systems and files.
2. Encrypt data stored on critical systems. That way, even if unauthorized users access them, they can’t open files and read their content without the key.

—

Attackers will always try to find ways to get into target networks. Make sure you are protected at all times by following tried-and-tested best practices and using advanced solutions.