Wednesday, April 17 2024

A new intelligence report released by external cybersecurity company ZeroFox revealed a 164% increase in threats targeting brands from the first to second quarter of 2023. Sources were derived from open-source accesses, social media, and proprietary data, among others, prior to July 14. 

Spoofed domains saw a 20% increase in the second quarter of this year compared with the first. About one-third of those incidents were linked to phishing campaigns, with the U.S., U.K., Ireland, and Austria being heavily targeted. Greece, too, was affected, which is explained by March riots and June parliamentary elections in the country. The manufacturing sector topped the list with an 81% observed increase in domain impersonations last quarter, amounting to 16.65% of all incidents reported by ZeroFox. The financial services and technology industries remained the most impacted, though. 

The report highlighted that top level domains (TLDs) present a mounting threat to brand protection, as they broaden the attack scope and provide leverage for threat actors in malware campaigns. One TLD is set to release this quarter. 

Fraudulent activity was also outlined in the report, with a 26% increase since the end of the second quarter. Fake job postings rose by 50% and membership, giveaway, and prizes scam saw a marked growth. Social media money-flipping scams increased by almost 100% in the second quarter as well. These developments negatively impacted costumers since their personal and financial information were stolen, but they also harmed brands when customers blamed them for it.

A full 80% of fraudulent activity was linked to fake gift card schemes aimed at retailers and consumers. With the expansion of AI, threat actors used botnets to test gift card number combinations and steal money. Indeed, botnets have reached targets far beyond brands. As CISA noted in a July joint advisory with the FBI and other organizations, truebots, a type of botnet, were used in malware attacks across the U.S. and Canada, like the Cl0p ransomware cyberattack. 

Looking ahead, organizations will have to double down on efforts to identify fraudulent profiles given the continuing development of deepfakes, according to the report. However, consumer awareness may increase with new laws and make it harder for threat actors to steal personal data. A New York law passed in 2023 mandates that retailers warn customers of possible gift card scams, and other states may follow. 

In addition, the report addressed social media-based threats. More than half of impersonation accounts identified were from the media industry, with consumer goods, retail, and hospitality following at 11.29%, 8.13%, and 6.7%, respectively. This issue will be mitigated with new regulations. For example, the Federal Trade Commission is exploring proposals for laws that would punish the perpetrators of these accounts. 

The report concluded with eight recommendations to secure organizations’ brands, including registering for domains in advance, removing impersonator domains, monitoring brand mentions on the dark web, and using filtered or curated threat intelligence. 

Previous

TSA Updates Security Directive on Oil and Natural Gas Pipelines

Next

White House Launches National Cyber Workforce and Education Strategy

Check Also

Widget

Don’t Miss

The words Endpoint Detection and Response (EDR) on a green background with lines on the right side of the image

Best Endpoint Detection & Response Platforms

Lara Oporto

Endpoint Detection & Response platforms continuously monitor endpoints for signs of malicious activities, such as unauthorized access or unusual behavior, enabling rapid detection and response to potential cyber threats to safeguard organizational assets. What is Endpoint Detection and Response and how does it work? Endpoint Detection and Response (EDR) is a cornerstone in modern cybersecurity […]

AT&T AlienVault Products Review: OSSIM vs USM

Ellie Buscemi

AlienVault is now the technological basis for AT&T AlienLabs and provides multiple products for different companies’ cybersecurity needs. What AT&T AlienVault Products are Available? In December 2021, CISOstack reported that AT&T intended to acquire AlienVault to expand its cybersecurity offerings to more businesses. Two years later, AlienVault-based offerings make up a large portion of AT&T’s […]

Photo by Simon Kadula on Unsplash.

Navigating Manufacturing IIoT Cybersecurity Challenges

John Powers

Guarding the Gears: Government policy and industry collaboration to mitigate cyberthreats to manufacturers. The smart factory is on the rise. Production lines equipped with advanced sensors can monitor equipment health in real-time and predict potential issues before they disrupt operations. Temperature and humidity sensors can ensure the optimal environment for delicate manufacturing processes. RFID-enabled asset […]

Best Microsegmentation Software

Ellie Buscemi

Microsegmentation allows a company to divide digital assets into smaller, more secure groups, which makes it harder for cybercriminals to take over a company’s data center. What is Microsegmentation? Microsegmentation refers to cyber professionals building layers of cybersecurity protection between groups of digital assets or individual cyber assets. Adding these layers inside instead of only […]

Best Breach and Attack Simulation Platforms

Ellie Buscemi

Breach and attack simulation (BAS) platforms allow companies to see weaknesses in their cyber infrastructures before a malicious hacker can exploit them. What Is BAS – Breach and Attack Simulation? Breach and attack simulation (BAS) is an approach to cybersecurity that uses advanced tools to imitate the attacks used by cybercriminals on companies’ digital infrastructure. […]

Ofer Ben-Noon and Ohad Bobrov

Palo Alto Networks to Acquire Talon

Ellie Buscemi

On Monday, Palo Alto Networks agreed to acquire Israeli startup Talon Cyber Security, an enterprise browser platform. The deal values Talon at between $600 to $700 million, according to The Information. Palo Alto will integrate Talon’s enterprise browser solution into its Prisma SASE product. The acquisition comes among a wave of acquisitions and releases involving […]