Brand threats have accounted for 68% of fraud attacks so far this year. Contrary to traditional cyber attacks, which are designed to compromise the infrastructure or circumvent controls, brand threats live outside of the organization’s control and compromise the reputation of your brand. Common types of brand misrepresentation include spoofed emails, social media scams, and fake mobile apps.
The broad spectrum and external nature of brand threats make it challenging to efficiently address incidents. Cybercriminals are constantly shifting tactics and coming up with new ways to abuse brands. In order to protect their organizations, security teams should prioritize efforts to proactively detect brand abuse. In this piece, we discuss three techniques organizations should follow that will enhance awareness and identification of brand threats targeting enterprises:
- Adopt an intelligence-driven approach
- Partner with external organizations
- Engage in proactive operations
Brand Threat
A brand threat is defined as an attack that leverages an organization’s good will and leads to financial loss and reputational damage. Brand abuse can take many forms, with threat actors often targeting organizations through look-alike domains, social media, the open web, and mobile.
Adopt an Intelligence-Driven Approach
Phishing content creators are constantly latching onto new trends to enhance believability and improve their odds of success. As attack tactics prove lucrative in one market, they will eventually seep to new or untouched spaces. Being knowledgeable of attacks targeting all industries will aid in your enterprise’s ability to detect and action similar threats as they transition to your space.
Broad visibility into new and trending threats that are targeting, or may target, your brand is best achieved through automated and human data collection across a wide-range of digital channels. These channels include surface web, deep web, dark web, and social media.
Security teams should be knowledgeable of industry terms and include adjacent industry keywords as well as variations when searching for threats. For example, a financial institution should prioritize key terms such as banking, checking account, and savings. References to your organization may not always be clear, as key terms may vary to include unrelated numbers and letters. Brand mentions and variations should be filtered, analyzed, and prioritized to validate actual threats. Best practices for curation include using a combination of technology and expert human analysis.
Partner with External Organizations
Having relationships with multiple providers is a powerful asset to combating brand threats as the volume of potential abuse can be overwhelming for security teams. Many do not have the bandwidth to continuously detect and pursue mitigation of brand threats.
Criminals use a wide-range of hosting providers and social platforms to launch attacks. Partnerships with external organizations provide the avenues of communication needed to report when brand abuse is detected, collect relevant brand abuse data, and supply the proof required by providers to pursue mitigation.
Security teams should build relationships with the following:
- Registrars
- Hosting providers
- Site operators
- App stores
- Social platforms
- NSPs
- CERTs
- Telcos
- Law enforcement
In addition to using external relationships to have malicious content removed, enterprises can leverage those relationships to likewise dismantle threat actors and their infrastructure. Similar to your organization, many service providers do not want malicious content occupying their environment and are willing to work with enterprises to have it removed.
Proactive Operations
Increased digital presence makes organizations ripe for online brand abuse. Your brand’s logos, trademarked content, and other information can be easily copied with malicious intent. Streamlined workflows, processes, and beaconing technology are critical to effective identification of attacks.
Types of brand abuse on third-party sites may include:
- Illicit activity using your brand
- Abuse of Intellectual Property
- Unauthorized association
- Prohibited channel activity
- Traffic diversion using your brand name
Threat validation should be a combination of automated collection of brand-related data and analyst curation. By moving potential threats through a well-documented pipeline, organizations can devote more time pursuing mitigation of the threat and its infrastructure instead of triaging cases.
Monitoring and analysis for brand abuse should include:
- Continuous review of content indexed by search engines containing key terms
- Scoring of each flagged item
- Scored results should be reviewed for legitimacy
- Categorize and address each item
As brands rely on an online presence to grow, the opportunities for abuse continue to increase. Brand impersonation can occur anywhere and can cause irreversible harm to an organization. In order to effectively protect your organization from brand misrepresentation, security teams should adopt broad intelligence gathering, invest in critical partnerships, and engage in proactive operations.
Additional Resources:
