Understanding the types of poisoning attacks

• Poisoning attacks involve attackers intentionally injecting false data into the network or infrastructure.
• This allows them to steal sensitive data or perform other malicious activities.

We’ll now look at the different types of poisoning attacks.

Web cache poisoning

Caching is a common term that refers to storing commonly requested data to save time and minimize network traffic.

• Web cache poisoning involves adding notorious websites to the cache by making requests from an attacker-controlled system.
• This means that when the victim’s system makes a request, the notorious websites may be served.
• These websites may contain links to other sites that host malicious software. When the victim unknowingly accesses the site, the systems are infected with malicious software.
• This attack was detailed by James Kettle, Head of Research at PortSwigger Web Security.

DNS cache poisoning

This attack aims at exploiting vulnerabilities to direct web traffic to fraudulent servers, instead of the legitimate ones.

• The DNS converts human-readable websites to IP addresses that can be understood and processed by computers.
• Computers, internet service providers, and routers have their own DNS caches to refer to.
• Attackers may poison the DNS servers with incorrect entries to perform a DNS cache poisoning attack.
• This would mean that a legitimate website would be associated with a malicious IP address, causing the computer to redirect the victim to an attacker-controlled site.
• This may also spread to other DNS servers, updating them with the incorrect information.

ARP cache poisoning

When an attacker modifies the Media Access Control (MAC) address to update the system’s ARP cache with false ARP request and response packets, the attack is called ARP poisoning.

• The Address Resolution Protocol (ARP) associates a physical address of a network interface to an IP address.
• Sending false ARP response causes a device to update its cache with it, to be used for transaction routing.
• This attack can cause traffic to be routed to attacker-controlled systems allowing the compromise of sensitive data. Usually, this form of attack remains undetected by the victim.

Model poisoning

This is a type of attack launched on artificial intelligence and machine learning systems.

• Attackers influence the training datasets used to manipulate the results according to their needs.
• With the rise in AI and machine learning globally, notorious actors will find more opportunities to exploit.
• Such vulnerabilities must be considered while designing systems to minimize incidents of model poisoning.