Thursday, June 13 2024

A new intelligence report released by external cybersecurity company ZeroFox revealed a 164% increase in threats targeting brands from the first to second quarter of 2023. Sources were derived from open-source accesses, social media, and proprietary data, among others, prior to July 14. 

Spoofed domains saw a 20% increase in the second quarter of this year compared with the first. About one-third of those incidents were linked to phishing campaigns, with the U.S., U.K., Ireland, and Austria being heavily targeted. Greece, too, was affected, which is explained by March riots and June parliamentary elections in the country. The manufacturing sector topped the list with an 81% observed increase in domain impersonations last quarter, amounting to 16.65% of all incidents reported by ZeroFox. The financial services and technology industries remained the most impacted, though. 

The report highlighted that top level domains (TLDs) present a mounting threat to brand protection, as they broaden the attack scope and provide leverage for threat actors in malware campaigns. One TLD is set to release this quarter. 

Fraudulent activity was also outlined in the report, with a 26% increase since the end of the second quarter. Fake job postings rose by 50% and membership, giveaway, and prizes scam saw a marked growth. Social media money-flipping scams increased by almost 100% in the second quarter as well. These developments negatively impacted costumers since their personal and financial information were stolen, but they also harmed brands when customers blamed them for it.

A full 80% of fraudulent activity was linked to fake gift card schemes aimed at retailers and consumers. With the expansion of AI, threat actors used botnets to test gift card number combinations and steal money. Indeed, botnets have reached targets far beyond brands. As CISA noted in a July joint advisory with the FBI and other organizations, truebots, a type of botnet, were used in malware attacks across the U.S. and Canada, like the Cl0p ransomware cyberattack. 

Looking ahead, organizations will have to double down on efforts to identify fraudulent profiles given the continuing development of deepfakes, according to the report. However, consumer awareness may increase with new laws and make it harder for threat actors to steal personal data. A New York law passed in 2023 mandates that retailers warn customers of possible gift card scams, and other states may follow. 

In addition, the report addressed social media-based threats. More than half of impersonation accounts identified were from the media industry, with consumer goods, retail, and hospitality following at 11.29%, 8.13%, and 6.7%, respectively. This issue will be mitigated with new regulations. For example, the Federal Trade Commission is exploring proposals for laws that would punish the perpetrators of these accounts. 

The report concluded with eight recommendations to secure organizations’ brands, including registering for domains in advance, removing impersonator domains, monitoring brand mentions on the dark web, and using filtered or curated threat intelligence. 

Previous

TSA Updates Security Directive on Oil and Natural Gas Pipelines

Next

White House Launches National Cyber Workforce and Education Strategy

Check Also

Widget

Don’t Miss

One Cloud

Trend Micro Cloud One: A Comprehensive Review

Ellie Buscemi

What is Cloud One by Trend Micro? The Cloud One platform by Trend Micro is a cloud posture security management (CPSM) product that focuses on providing security in the cloud to businesses. Trend One is designed for businesses whose infrastructure relies on a mix of cloud applications and older device-based programs. Examining the security capabilities […]

Best Security Information and Event Management (SIEM) Solutions

Lara Oporto

A Security Information and Event Management system (SIEM) is typically most needed in larger organizations or those with complex IT infrastructures where there’s a high volume of security events and logs generated from various sources. Companies often invest in SIEM when they require comprehensive visibility into their network activities and want to centralize security monitoring […]

Best Browser Security Products

Ellie Buscemi

What is Browser Security and how does it work? Browser Security is a subcategory of cybersecurity that focuses on minimizing a user’s vulnerability to cyber threats while they use the worldwide web. These cyber threats include phishing web pages, session hijacking and malware, which can be injected onto a device by means of tamped-with web […]

Headshot of BastionZero CEO Sharon Goldberg

Cloudflare Acquires BastionZero to Enhance SASE Offering

Nico Davidoff

Acquisition Aims to Boost Cloudflare One’s Capabilities Amidst Growing SASE Market Competition Cloudflare has acquired BastionZero, a zero trust infrastructure platform, in a move aimed at enhancing its Cloudflare One secure access service edge (SASE) offering. The acquisition underscores Cloudflare’s commitment to expanding its presence in the growing SASE market. Cloudflare reported first-quarter revenue of […]

Best Secure Access Service Edge Platforms

Lara Oporto

What is SASE and how does it work? Secure Access Service Edge (SASE) is an architectural model that combines network connectivity with security functions, all delivered through a unified cloud platform or centralized policy control. In contrast to the traditional approach, where network security relies on a multitude of distinct functionalities like firewalls, Virtual Private […]

Best Data Security Posture Management (DSPM) Products

Ellie Buscemi

What is Data Security Posture Management and how does it work? Data Security Posture Management (DSPM) tools focus on protecting data by continuously tracking where it is located and who has access to it. DSPM refers to a set of methods that cybersecurity professionals use to better understand their sensitive data like what it is, […]