The Top 5 Digital Threats for Brands

Posted on October 29, 2020 by Ran Geva

read the article

Traditionally, brand monitoring has encompassed media and web monitoring of news, blogs, discussions, and reviews of the open web to gauge customer engagement, customer sentiment, and competitive analysis. 

But today, especially in the wake of COVID-19 and increased threats to organizations, many must move beyond open web brand monitoring to also include dark web monitoring to deliver digital risk, cyber risks, reputation, and crisis management to their customers. 

Here are five of the top digital threats facing brands today:

1. Phishing attacks 

Nearly a third of all breaches in the past year involved phishing, according to the 2019 Verizon Data Breach Investigations Report

Phishing typically involves sending an email disguised as a trustworthy person or organization for the purposes of stealing a victim’s credentials. The email often tries to get the user to download malware through malicious links or attachments. Phishing attacks are successful once a victim is directed to a fake website and enters their personal information. 

More than 1.4 million of these malicious websites are created every month. These types of attacks have become easier to execute as increasing phishing kits and tools are sold on the dark web.

Phishing kits are sold regularly in dark web marketplaces or shared in forums and chats. The example below is taken from a dark web marketplace and shows a phishing kit for Facebook.

Phishing kit for Facebook found in the cyber endpoint

2. Cloud-based attacks

The explosion of cloud-based services like Amazon Web Services (AWS) and Google Cloud has brought with it a common attack point. It’s relatively easy for cybercriminals to breach data stored in the cloud for a number of reasons. First, API keys are often exposed and misconfigurations are common, creating multiple vulnerabilities in the cloud. Second, employees often use weak passwords which are easy to guess. 

Here is an example from August published in a known hacking forum by an actor selling AWS accounts. The accounts can be used either to commit fraud, and use their AWS storage for malicious purposes, or hack them and access confidential information or personal documents.

An actor in a hacking forum selling AWS accounts in the cyber endpoint

3. Ransomware

Ransomware is a software that either encrypts files or locks a victim’s device. Data is decrypted or the device is unlocked after payment is received, often 

only after payment is given in return. The average ransomware payment is now over $100K, a cost that has more than doubled in the last year.

Webhose keeps a close track of official ransomware groups’ websites, collecting any mention of a new company attacked or publicly shared data obtained in ransomware attacks by the group. The below screenshot is the homepage of the MAZE ransomware group website, which is included as part of our coverage.

The Maze ransomware group website in the cyber endpoint

4. Social engineering attacks 

Social engineering is a type of phishing attack, yet far more sophisticated than your average phishing attack. Attackers employing social engineering tactics typically use more creative methods to gain sensitive information from the victim. First, they usually learn a lot about the victim, both the vulnerabilities and possible attack points as well as personal information. Many social engineering attacks are successful after a relationship is developed between attackers and victims and trust is established between the two. They might promise the victim something that they want in exchange for personal information.

Below is an example of a post on the dark web from August advertising a group session for teaching how to execute social engineering (SE) attacks. The ad emphasizes that it includes teaching participants how to find or generate private serials, invoices, and product images.

Example of a social engineering threat found in the cyber endpoint

5. Smart Device attacks

IoT has now spread to almost every industry, including healthcare, public services, and manufacturing industries. It is estimated that 41 billion smart devices will be connected by 2027. While these smart devices bring greater efficiency and cut costs to organizations, it extends the attack surface and increases the number of entrance points for attackers to target. In addition, security breaches related to IoT in healthcare, manufacturing, and public services have the ability to disrupt entire supply chains, endanger patient safety and privacy, and leave people without basic utilities like water and electricity.

This type of post is quite common in hacking and dark web forums. Below is an example of a tutorial for hacking private closed-circuit television (CCTV) cameras. Hackers with access to the closed feed of CCTV cameras can spy on organizations, steal or change passwords, and target other devices connected to that same network.

Smart device attack post in the cyber endpoint

Detecting and Mitigating Digital Threats to Brands  

Cybercriminals often plan these types of attacks in advance, even publicizing them on different dark web marketplaces. That’s why dark web monitoring of hundreds of thousands of marketplaces, files, sites, and discussions from chat applications can be useful in mitigating each of these attacks. In addition, domain monitoring can minimize the cost of a data breach through early detection and notification of a phishing attack.

Once specific digital risks are identified, organizations can then work with employees to beware of specific digital threats and avoid opening suspicious links or attachments. Updating configuration and security settings can also better defend against these threats.

Advanced dark web monitoring can also stay on top of the latest trends for specific threats, like the trends in ransomware that publicize an organization’s data on public websites. It can also continuously search for specific malicious actors known to LEA or security agencies. With relevant and accurate data, greater insights can be delivered for the defense and protection against cybersecurity threats and digital risks. 

Open Web Monitoring Is No Longer Enough 

New threats like data breaches, ransomware attacks, fraud, and account takeover make mitigation more critical than ever. By extending brand monitoring beyond social media and the open web to also include dark web monitoring, organizations can rise to meet these challenges. Here at Webhose, we offer organizations a holistic solution to brand monitoring and protection by collecting content both from the open and dark web networks. This includes the hundreds and thousands of marketplaces, forums, networks, and chat applications groups where cybercriminals are plotting their next attack.

Want to access the dark web with Webhose? Contact one of our data experts to learn more today!