Johannesburg, 30 Sep 2020
The continued evolution of cyber threats has seen criminals constantly adapting their strategies to target companies and consumers, looking for ways to trick them into giving up confidential information or make fraudulent payments. As end-users have become more cyber aware, so the tactics employed have become ever more sophisticated.
One area of growth is the creation of Web sites that mimic, to an incredibly accurate degree, the domains of legitimate businesses.
Mikey Molfessis, Cybersecurity Expert at Mimecast South Africa, explains that brand impersonation is nothing new, but companies are increasingly concerned about these attacks and the damage they could cause. “In our 2020 State of Email Security Report, 84% of South African organisations surveyed were very concerned about a Web domain or site spoofing attack, and 39% anticipate an increase in Web or e-mail spoofing and brand exploitation in the next 12 months,” he says.
“The methods used in these attacks rely on duplicating, not just the look and feel of a Web site and e-mails of a targeted organisation, but also mimicking, to a remarkably accurate degree, the user journey on the site,” he explains.
Customer data at risk
“The objective here is to lead the consumer just far enough along their accustomed routine to capture the information the criminals are looking for. This information can then be used for a number of purposes, including accessing bank accounts, selling credit card information or gaining access to corporate IT systems.”
He adds that many users still think of cyber criminals as discontented teenagers in their parent’s basement, but nothing could be further from the truth. “Cyber crime is committed by extremely organised syndicates with teams dedicated to each aspect of the operation. This means that there are people out there focused on building Web sites that are almost exact replicas of their genuine counterparts. This makes it very difficult for ordinary users to discern the difference.”
Most users are directed to these fake sites via e-mail, and because of this, companies are rightfully concerned about cyber criminals spoofing their e-mail domains. Molfessis points out the State of Email Security Report indicated that 78% of local companies are concerned about an attack that directly spoofs their e-mail domain.
There are steps that companies can take to ensure they are aware of when their domains are being spoofed. He explains that there are tools that allow organisations to identify when someone is sending an e-mail on their behalf, but not from their infrastructure such as Domain-based Message Authentication, Reporting and Conformance (DMARC). However, he points out that while almost all (96%) local companies surveyed were aware of DMARC, only 30% were actually using it. In addition, 16% of South African organisations weren’t even aware if a Web or e-mail spoofing attack had used their domains or lookalike domains, as opposed to a global average of 7%.
This indicates there is a lot of work to be done to ensure that local companies are adequately protected.
Concrete steps needed
“This is something that needs to be tackled on multiple levels,” he says. “On a technical level, companies need to leverage the services that are available to monitor and alert them to any activity of this nature. Companies, however, don’t have the resources for this kind of monitoring themselves, so they need to find partners who do.”
The second element is ensuring that discussions around this issue, and security more generally, are happening at a board level. “All too often the CISO reports to the CIO, this means that the issue of security is not treated at the level that it needs to be,” he says. “It used to be that you were only worried about securing your own infrastructure, but today organisations will have applications located in a number of environments and so security needs to be treated more strategically.”
The third is an issue of education. While companies need to be aware of the risks posed by brand spoofing, they need to take steps to educate both their employees and their customers of these risks. “Humans are a critical element of the security landscape and with domain spoofing they are the primary target. As a result, it’s essential that they’re given the tools they need to ensure that they don’t become victims.”
“Not only is there the risk of financial losses for customers and partners from this kind of attack, but the reputational damage of the brand being spoofed can be as severe,” he warns. “When cyber criminals target a specific company, it’s often their customer’s information that is at risk. By not taking proactive steps to prevent the emergence of spoofed domains, there is a real danger that customers will hold the company responsible.”