The Week in Breach: It’s Not a Doppelganger – Hackers are Impersonating Big Brands

Make sure to add us or contact us for the latest news

Real-Time Service Alerts





Brand Impersonation is Growing Nastier as Cybercriminals Branch Out with New Attacks


One of the most effective and devastating ways that cybercriminals land their hooks on unsuspecting employees is through brand impersonation. It’s become easy for them to create excellent-looking branded messages that seem genuine, making email spoofing, a critical component of brand impersonation, an especially tricky foe. Businesses are also dealing with an increasing amount of specialty vendors for third-party services as well as a growing number of companies in many supply chain, and the top form of B2B communications remains email. That leaves scores of opportunities every week for cybercriminals to slip a few lures into the sea of branded email that businesses receive.

More Email Gives Cybercriminals More Opportunity

Incoming business email has truly grown into a flood. 660% increase in the volume of phishing email means that your staffers are seeing more suspicious messages and that is a disaster waiting to happen – and the number one cause of that disaster never changes: human error. Whenever a human being comes into contact with a cybersecurity risk like a suspicious email, there’s a chance that they’ll make a mistake that results in a cybersecurity incident. Unfortunately, more than 40% of office workers in a recent survey admitted that they regularly open suspicious messages to avoid missing something important.

Brand impersonation is a very convincing way to cause a worker to make a non-malicious error. An estimated 45% of companies are failing at security awareness training, leaving them open to threats. Some of the biggest brands that employees encounter in the day-to-day of their jobs are constant brand impersonation and spoofing targets. It doesn’t take much effort for a cybercriminal to clone an email from a legitimate sender and alter the details enough to garner an unsuspecting click. It also doesn’t take much for these malicious messages to make it past most organizations’ email security. In a recent study of risk reduction by Osterman Research, an estimated 50% of organizations admit that they need to do better with their email security.

The risk of an incident caused by brand impersonation phishing is very real for every business but very few have taken precautions against it. In that same survey, researchers discovered that a surprisingly high 48% of the businesses that they surveyed did not have effective security in place to ward off-brand impersonation attacks. Whether the blocker to making improvements is money or simply choosing new technology, that number is far too high. It represents a whole world of trouble for cybercriminals to exploit, and more than 50% of IT teams say that they are concerned about having enough personnel or the right tools to mitigate it.

Brand Impersonation Messages Are On Trend

Bad actors don’t spare the creativity when choosing lures either, and they’re quick to capitalize on trends if disaster strikes. Recent events like Amazon Prime Day provide cybercriminals with golden opportunities that they’re making the most of. During holiday periods, cybercriminals are quick to capitalize on their victims’ expectation that they’ll get a lot of routine email from a particular brand or vendor, and they don’t tend to read it carefully. This year for Amazon Prime Day in Q2, more than 2,300 new domains were registered about Amazon, primarily intended to serve as landing pages for phishing scams.

Certain brands are always at the top of the list as the subjects of brand impersonation operations. In research just published that quantifies brand impersonation in Q2 2021, perennial favorite Microsoft continued to remain the most imitated brand for phishing attempts in the April-June quarter. An estimated 45% of all brand impersonation phishing attempts were related to Microsoft in Q2 2021, up six points from Q1 2021. Shipping giant DHL clocked in in the number two position as cybercriminals exploit the online shopping trend that grew during the global pandemic.

This list of the most imitated brands as of Q1 2021 illustrates the brands that cybercriminals love to exploit.

  1. Microsoft (45%)
  2. DHL (18%)
  3. LinkedIn (6%)
  4. Amazon (5%)
  5. Rakuten (4%)
  6. Ikea (3%)
  7. Google (2%)
  8. PayPal (2%)
  9. Chase (2%)
  10. Yahoo (1%)

Why Stop at Email?

Cybercriminals aren’t stopping at email either. Just this week, Microsoft published a new blog post on a new and dangerous type of domain spoofing. An adjunct of brand impersonation, domain spoofing is all about the link. In this scenario, the cybercriminals rely on the use of a “homoglyph” or imposter domain to steal credentials and information from the targets. According to Microsoft “These malicious homoglyphs exploit similarities of alpha-numeric characters to create deceptive domains to unlawfully impersonate legitimate organizations. For example, a homoglyph domain may utilize characters with shapes that appear identical or very similar to the characters of a legitimate domain, such as the capital letter “O” and the number “0”(e.g. MICROSOFT.COM vs. MICR0S0FT.COM) or an uppercase “I” and a lowercase “l” (e.g. MICROSOFT.COM vs. MlCROSOFT.COM).”

This flavor of brand impersonation has become an increasingly dangerous business email compromise (BEC) threat. The goal of cybercriminals who are phishing with this technique is to trick their victims into handing over credentials, data and even cash. Then bad actors use these fraudulent domains, together with stolen customer credentials, to illegally access and monitor accounts, working to gain access to the target’s network. Once they were in, this attack shifted into more of a traditional BEC, a category of cybercrime that grew by more than 14% in 2020. The cybercriminals imitated employees of the business that they just broke into to start the ball rolling. Then they target the trusted networks, vendors, contractors, and agents who had business relationships with the stolen account and use that leverage to deceive them into sending or approving fraudulent payments, netting a handsome profit.

Lower the Risk of Brand Impersonation Disasters with These Easy, Effective Tools.

We’re ready to help you create the perfect menu of security options.

Dark Web ID’s Top Threats This Week


 

Campbell Conroy & O’Neil, P.C. (Campbell)

https://www.bleepingcomputer.com/news/security/ransomware-hits-law-firm-counseling-fortune-500-global-500-companies/

Exploit: Ransomware

Campbell Conroy & O’Neil, P.C. (Campbell): Law Firm

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.201= Extreme

Campbell Conroy & O’Neil, P.C. (Campbell), a law firm that counts dozens of Fortune 500 and Global 500 companies among its clientele, has disclosed a data breach following a February 2021 ransomware attack. The firm’s client list includes high-profile companies from various industry sectors, including automotive, aviation, energy, insurance, pharmaceutical, retail, hospitality, and transportation. At the time, it was unclear if client data had been stolen, but the investigation has since determined that client data was stolen.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.963= Severe

The crooks made off with data about clients including names, dates of birth, driver’s license numbers, state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data. Usernames and passwords were also snatched. and/or online account credentials (i.e. usernames and passwords).” The firm24 months of free access to credit monitoring, fraud consultation, and identity theft restoration services to all individuals whose Social Security numbers or equivalent information was exposed during the attack

Customers Impacted: Unknown

How It Could Affect Your Business: This data about major companies and powerful business executives is cybercriminal gold and quickly saleable in the busy dark web data markets.

IntegraMSP to the Rescue: Building a zero-trust framework is a popular and successful planning choice for a reason. Learn more about how it helps mitigate risks like stolen PII. SEE NOW>>


Forefront Dermatology S.C.

https://www.databreachtoday.com/dermatology-clinic-chain-breach-affects-24-million-a-17074

Exploit: Ransomware

Forefront Dermatology S.C.: Medical Network

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.216 = Severe

Forefront Dermatology S.C, a Wisconsin-based dermatology practice with affiliated offices in 21 states plus Washington, D.C., is notifying 2.4 million patients, employees and clinicians of a ransomware incident it recently experienced. Cuba ransomware is believed to be the culprit. The incident is the third-largest healthcare breach of 2021 so far. Xperts who spotted the data dump on a darknet site said that it was approximately 47 MB, including more than 130 files with information on the entity’s system and network, with security and backup details, and all their logins for vendor sites.

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 2.462 = Severe

The company has announced that potentially compromised patient, clinician and employee information includes name, address, date of birth, patient account number, health insurance plan member ID number, medical record number, dates of service, provider names, and/or medical and clinical treatment information.

Customers Impacted: 2.4 million

How it Could Affect Your Business Medical data is some of the hottest products to sell in dark web markets, earning cybercriminals a substantial profit and this company a substantial HIPAA fine.

IntegraMSP to the Rescue: Are you selling and delivering security awareness training to all of your clients? If not, let us show you how to get started in only 15 minutes! WATCH NOW>>

Guess

https://www.zdnet.com/article/guess-announces-breach-of-employee-ssns-and-financial-data-after-darkside-attack/

Exploit: Ransomware

Guess: Fashion Brand

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.223=Severe

Fashion brand Guess, known for their salacious 90’s advertising campaigns, was hit with a ransomware attack from an unexpected source: Darkside. Sources are mixed as to whether this is a new operation or an old one just coming to light. Guess would not confirm that the incident occurred, but dark web researchers uncovered 200 GB of data from the fashion brand on a leak site. No consumer financial information was reported as stolen.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business Proprietary data about businesses and their products is a hot seller on the dark web, especially if blueprints, formulas or similar information is included.

IntegraMSP to the Rescue:  Learn more about the factors that make it easy for employees to make mistakes and how you can mitigate them for a better staff. SEE THIS WEBINAR>>


Mint Mobile

https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/

Exploit: Hacking

Mint Mobile: Mobile Network Carrier

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.575 = Severe

California-based Mint Mobile has disclosed a data breach. The company says that an unauthorized person gained access to their data including subscribers’ account information. The miscreants also ported phone numbers to another carrier.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.502 = Severe

Exposed client data may include name, address, telephone number, email address, password, bill amount, international call detail information, telephone number, account number and subscription features.

Customers Impacted: 40,000

How it Could Affect Your Business Hackers are always in the market for fresh data, and this kind of proprietary information is a goldmine for them.

IntegraMSP to the Rescue: Building a strong security culture is essential. Learn more about how to do it in a webinar full of tips from team-building experts! WATCH WEBINAR>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.