<p>The Anomali Labs team conducted research to identify <a href="https://www.anomali.com/blog/why-brand-monitoring-is-a-security-issue-typosquatting">suspicious domain registrations</a> and potentially <a href="https://www.anomali.com/blog/why-brand-monitoring-is-a-security-issue-compromised-credentials">compromised credentials</a> that could be used as part of an attack against the Financial Times Stock Exchange 100 (FTSE 100). Both methods of attack pose a significant threat not only to corporate brands but also to the corporations themselves. As referenced in <a href="https://www.globalbankingandfinance.com/stolen-credentials-of-ftse-100-employees-tripled-in-2017/" target="_blank">Global Finance and Banking Review</a> and <a href="https://www.infosecurity-magazine.com/news/ftse-100-corporate-logins-found/" target="_blank">Infosecurity</a>, the number of stolen credentials for FTSE 100 employees has nearly tripled since <a href="https://anomali.cdn.rackfoundry.net/files/FTSE_100_REPORT.pdf">last year's analysis</a>. </p><p>With a deceptive domain malicious actors have the potential to:</p><ul><li>Orchestrate phishing schemes to collect customer credentials</li><li>Install malware onto visitor devices</li><li>Coerce the targeted company into paying for the domain</li><li>Redirect traffic to competing or malicious sites</li><li>Embarrass the company by displaying inappropriate messaging</li></ul><p>Threat actors with compromised credentials may gain the capability to infiltrate an organization’s defenses. From there they can steal data, damage systems, or orchestrate more complex attacks.</p><p>The data from this report spans a three month period within 2017. Below are a few key statistics from the report. </p><p><strong>Malicious Domains</strong></p><ul><li>Eighty-two percent of FTSE 100 companies had at least one potentially suspicious domain registration and thirteen percent had 10 or more suspicious domains.</li><li>The vertical hit hardest with suspicious domain registrations was Banking at 83 registrations, which was more than double of the next industry, Energy, at 41 registrations.</li></ul><p><strong>Mass Credential Exposures</strong></p><ul><li>An average of 165.83 exposed credentials were identified across all companies. Of the 77% of companies that had credentials exposed, an average of 218 exposed credentials were found.</li><li>Five companies had more than 1,000 credential exposures.</li></ul><p><a class="button button-xlarge button-rounded button-blue-grad" href="https://www.anomali.com/resources/whitepapers/the-ftse-100-targeted-brand-attacks-and-mass-credential-exposures">DOWNLOAD THE REPORT</a></p>