When imitation is not the sincerest form of flattery
The huge cost of cybercrime was once again graphically illustrated a few weeks ago by a story on the BBC of a hacker who allegedly used phishing techniques and fake websites to steal over $100m from two major US companies. According to the US Department of Justice, the Lithuanian man allegedly set up a bogus company, which bore the same name as a legitimate Asian-based computer hardware manufacturer, and used the front to siphon off money from two major US companies between 2013 and 2015.
The attacker allegedly registered the bogus company in Latvia and opened various accounts in its name at several banks around the world. He then is reported to have sent fraudulent phishing emails to employees and agents of the victim companies, which regularly conducted multimillion-dollar transactions with the cloned company, and got them to send money to bank accounts set up around the world for goods and services.
If you wanted a graphic illustration of why there is such an active and motivated cybercrime underworld, it’s here - $100million worth of illustration. Malicious actors have a range of motivations, including geopolitical, ideological and espionage purposes. However, it is the financially-motivated cybercriminals we commonly see targeting the organizations we work with. These actors will go wherever the money is. Pure and simple.
It also ably demonstrates the threat posed by fake websites, companies and brands to legitimate businesses around the world. The trouble is it is easy to set up these resources, but it’s not always easy to identify them and act against them quickly and before they can have an impact. Intelligence is critical in these cases; the sooner you know about the threat, the sooner can you do something about it and protect your business.
But knowing the risk posed by your digital footprint is critical in today’s business environment. Companies need to be aware of the risks posed by malicious typo squatting and impersonation in support of targeted attacks. This is where attackers use domain names that are like a legitimate company to launch a wide variety of online fraud including phishing campaigns. Early detection of these domains is critical to helping organizations identify threats specific to their business so that they can quickly act to remove or neutralize them.
In one case, I have worked with a US based global brand was targeted by another company with 50 typo squat domains, which went undiscovered for some time. In a second instance, we detected 30 active phishing sites targeting a client’s brand and detected customer and employees’ details being shared and sold on IRC channels. Early detection and effective intelligence is critical in today’s digital world to mitigate the risks created by today’s connected world. This case yet again shows why this is so important.