November 30, 2017
Anissa Khalid

FTSE 100 Report: Targeted Brand Attacks and Mass Credential Exposures

<p>The Anomali Labs team conducted research to identify <a href="">suspicious domain registrations</a> and potentially <a href="">compromised credentials</a> that could be used as part of an attack against the Financial Times Stock Exchange 100 (FTSE 100). Both methods of attack pose a significant threat not only to corporate brands but also to the corporations themselves. As referenced in <a href="" target="_blank">Global Finance and Banking Review</a> and <a href="" target="_blank">Infosecurity</a>, the number of stolen credentials for FTSE 100 employees has nearly tripled since <a href="">last year's analysis</a>. </p><p>With a deceptive domain malicious actors have the potential to:</p><ul><li>Orchestrate phishing schemes to collect customer credentials</li><li>Install malware onto visitor devices</li><li>Coerce the targeted company into paying for the domain</li><li>Redirect traffic to competing or malicious sites</li><li>Embarrass the company by displaying inappropriate messaging</li></ul><p>Threat actors with compromised credentials may gain the capability to infiltrate an organization’s defenses. From there they can steal data, damage systems, or orchestrate more complex attacks.</p><p>The data from this report spans a three month period within 2017. Below are a few key statistics from the report. </p><p><strong>Malicious Domains</strong></p><ul><li>Eighty-two percent of FTSE 100 companies had at least one potentially suspicious domain registration and thirteen percent had 10 or more suspicious domains.</li><li>The vertical hit hardest with suspicious domain registrations was Banking at 83 registrations, which was more than double of the next industry, Energy, at 41 registrations.</li></ul><p><strong>Mass Credential Exposures</strong></p><ul><li>An average of 165.83 exposed credentials were identified across all companies. Of the 77% of companies that had credentials exposed, an average of 218 exposed credentials were found.</li><li>Five companies had more than 1,000 credential exposures.</li></ul><p><a class="button button-xlarge button-rounded button-blue-grad" href="">DOWNLOAD THE REPORT</a></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.