November 30, 2017
-
Anissa Khalid
,

FTSE 100 Report: Targeted Brand Attacks and Mass Credential Exposures

Cyber Threat Intelligence
Research
<p>The Anomali Labs team conducted research to identify <a href="https://www.anomali.com/blog/why-brand-monitoring-is-a-security-issue-typosquatting">suspicious domain registrations</a> and potentially <a href="https://www.anomali.com/blog/why-brand-monitoring-is-a-security-issue-compromised-credentials">compromised credentials</a> that could be used as part of an attack against the Financial Times Stock Exchange 100 (FTSE 100). Both methods of attack pose a significant threat not only to corporate brands but also to the corporations themselves. As referenced in <a href="https://www.globalbankingandfinance.com/stolen-credentials-of-ftse-100-employees-tripled-in-2017/" target="_blank">Global Finance and Banking Review</a> and <a href="https://www.infosecurity-magazine.com/news/ftse-100-corporate-logins-found/" target="_blank">Infosecurity</a>, the number of stolen credentials for FTSE 100 employees has nearly tripled since <a href="https://anomali.cdn.rackfoundry.net/files/FTSE_100_REPORT.pdf">last year's analysis</a>. </p><p>With a deceptive domain malicious actors have the potential to:</p><ul><li>Orchestrate phishing schemes to collect customer credentials</li><li>Install malware onto visitor devices</li><li>Coerce the targeted company into paying for the domain</li><li>Redirect traffic to competing or malicious sites</li><li>Embarrass the company by displaying inappropriate messaging</li></ul><p>Threat actors with compromised credentials may gain the capability to infiltrate an organization’s defenses. From there they can steal data, damage systems, or orchestrate more complex attacks.</p><p>The data from this report spans a three month period within 2017. Below are a few key statistics from the report. </p><p><strong>Malicious Domains</strong></p><ul><li>Eighty-two percent of FTSE 100 companies had at least one potentially suspicious domain registration and thirteen percent had 10 or more suspicious domains.</li><li>The vertical hit hardest with suspicious domain registrations was Banking at 83 registrations, which was more than double of the next industry, Energy, at 41 registrations.</li></ul><p><strong>Mass Credential Exposures</strong></p><ul><li>An average of 165.83 exposed credentials were identified across all companies. Of the 77% of companies that had credentials exposed, an average of 218 exposed credentials were found.</li><li>Five companies had more than 1,000 credential exposures.</li></ul><p><a class="button button-xlarge button-rounded button-blue-grad" href="https://www.anomali.com/resources/whitepapers/the-ftse-100-targeted-brand-attacks-and-mass-credential-exposures">DOWNLOAD THE REPORT</a></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.
Subscribe Today

Explore more topics

Anomali
Anomali Copilot
Anomali Cyber Watch
Anomali Match
Anomali Security Operations Platform
Compliance
Cyber Threat Intelligence
ISAC
Malware
Modern Honey Network
Research
SIEM
SOAR
STAXX
Splunk
Threat Intelligence Platform
ThreatStream
UEBA
Cyber Threat Intelligence
Research