Nous pensons qu'il est impératif de créer un écosystème de partenaires technologiques et d'investir dans celui-ci pour obtenir de meilleurs résultats commerciaux pour nos clients. Le partage de renseignements et d'informations sur les menaces entre les ISAC, les ISAO et d'autres communautés dépend également de cette collaboration.
Nous pensons qu'il est impératif de créer un écosystème de partenaires technologiques et d'investir dans celui-ci pour obtenir de meilleurs résultats commerciaux pour nos clients. Le partage de renseignements et d'informations sur les menaces entre les ISAC, les ISAO et d'autres communautés dépend également de cette collaboration.
Nous pensons qu'il est impératif de créer un écosystème de partenaires technologiques et d'investir dans celui-ci pour obtenir de meilleurs résultats commerciaux pour nos clients. Le partage de renseignements et d'informations sur les menaces entre les ISAC, les ISAO et d'autres communautés dépend également de cette collaboration.
<p>The Anomali Labs team conducted research to identify <a href="https://www.anomali.com/blog/why-brand-monitoring-is-a-security-issue-typosquatting">suspicious domain registrations</a> and potentially <a href="https://www.anomali.com/blog/why-brand-monitoring-is-a-security-issue-compromised-credentials">compromised credentials</a> that could be used as part of an attack against the Financial Times Stock Exchange 100 (FTSE 100). Both methods of attack pose a significant threat not only to corporate brands but also to the corporations themselves. As referenced in <a href="https://www.globalbankingandfinance.com/stolen-credentials-of-ftse-100-employees-tripled-in-2017/" target="_blank">Global Finance and Banking Review</a> and <a href="https://www.infosecurity-magazine.com/news/ftse-100-corporate-logins-found/" target="_blank">Infosecurity</a>, the number of stolen credentials for FTSE 100 employees has nearly tripled since <a href="https://anomali.cdn.rackfoundry.net/files/FTSE_100_REPORT.pdf">last year's analysis</a>. </p><p>With a deceptive domain malicious actors have the potential to:</p><ul><li>Orchestrate phishing schemes to collect customer credentials</li><li>Install malware onto visitor devices</li><li>Coerce the targeted company into paying for the domain</li><li>Redirect traffic to competing or malicious sites</li><li>Embarrass the company by displaying inappropriate messaging</li></ul><p>Threat actors with compromised credentials may gain the capability to infiltrate an organization’s defenses. From there they can steal data, damage systems, or orchestrate more complex attacks.</p><p>The data from this report spans a three month period within 2017. Below are a few key statistics from the report. </p><p><strong>Malicious Domains</strong></p><ul><li>Eighty-two percent of FTSE 100 companies had at least one potentially suspicious domain registration and thirteen percent had 10 or more suspicious domains.</li><li>The vertical hit hardest with suspicious domain registrations was Banking at 83 registrations, which was more than double of the next industry, Energy, at 41 registrations.</li></ul><p><strong>Mass Credential Exposures</strong></p><ul><li>An average of 165.83 exposed credentials were identified across all companies. Of the 77% of companies that had credentials exposed, an average of 218 exposed credentials were found.</li><li>Five companies had more than 1,000 credential exposures.</li></ul><p><a class="button button-xlarge button-rounded button-blue-grad" href="https://www.anomali.com/resources/whitepapers/the-ftse-100-targeted-brand-attacks-and-mass-credential-exposures">DOWNLOAD THE REPORT</a></p>
Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox
Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.