Security report from US cyber security provider Anomali exposes significant potential risks at the 100 largest German companies
- Proactive security concepts are an important part of brand protection and ensure the competitive edge of a company.
- The most widespread threats include suspicious domain registrations and copied brand domains to fraudulently acquire private consumer data. The automotive industry is especially affected by this.
- At 75 DAX 100 companies, unprotected access data, hacked e-mail addresses, exposed user names and passwords opened gateways for cybercriminals to enter the company network.
Munich – 11th October 2016 –Anomali, the leading provider of threat intelligence platforms, has examined the risk potential at DAX 100 companies over the last three months in its latest lab report "The Dax 100: Targeted Brand Attacks and Mass Credential Exposures" https://www.anomali.com/files/anomali-labs-reports/DAX-100.pdf. The results of this study are now available: The greatest threats are represented by suspicious domain registrations and copied brand domains that enable cyber criminals to create dummy websites to gain access to data of unsuspecting consumers. At least one potential malicious domain registration was discovered at 71 of the 100 largest publicly traded companies in Germany. On average, 18 registrations per company were verified. In total, Anomali found 1,241 suspicious domains.
The report also discovered 76,000 email addresses and plain text password combinations for corresponding user accounts of DAX 100 companies on websites, where they could be stolen, published, or sold. This represents an enormous security threat to the largest German companies and puts both important company information as well as personal data at risk.
"Cyber-crime is growing at such a considerable rate that it has become an issue at the management level," is how Jamie Stone, Vice President EMEA of Anomali, explains the results of the study. "Today, security concepts are an important part of brand protection and ensure the competitive edge of a company. However, our analysis shows that many DAX 100 companies have not yet implemented basic security measures. The results of our study should be understood as a wake-up call. We want to make it clear just how vulnerable companies are in a way that no one would have considered possible," Jamie Stone says.
The automotive industry is especially affected by fraudulent domains
Five industrial sectors are particularly susceptible to fraudulent domain registrations and cloned websites, with the automotive industry out in front. 25.1 percent of suspicious domain registrations were discovered in the automotive sector, followed by the chemical industry with 13.3 percent, consumer retail with 12 percent, manufacturing with 8.1 percent, and the telecommunications sector with 7.7 percent. Counterfeit and copied domains throw the gates wide open to attacks on the company's network. Monitoring domain registrations is therefore an important proactive protective measure.
An international comparison of countries shows that 38.4 percent of the suspicious domains are registered under an American address, 24 percent were entered under a Chinese address, followed by Germany with 10.8 percent. Among suspicious registrations of counterfeit websites, Gmail is the most frequently used email domain, at 15.3 percent, followed by China's qq.com address with 12.6 percent. At 24.2 percent of potentially counterfeit websites of DAX 100 companies, the origin of the registration location was deliberately concealed.
Employees as a security risk to companies: Cyber-attacks on the company network using valid access data, email addresses, user names, and passwords
Over and over again, careless treatment of sensitive company data by employees represents a great security risk to companies. This also applies to the use of company email accounts for private purposes, and the frequent practice of always using the same log-in data and passwords. These vulnerabilities make the company network susceptible to attacks.
The Anomali threat intelligence platform was able to identify more than 76,000 e-mail addresses and plain text password combinations for corresponding user accounts of DAX 100 companies. About half of the user information was found on the Darkweb and another five percent was found on Pastebin. All remaining data were offered on hacking forums or unintentionally disclosed by the users themselves. For 75 percent of DAX 100 companies, at least one unprotected email and a password featuring a plain text name were detected. At 48 percent of these companies, at least ten were determined to have exposed access data, while at 16 percent of companies there were even more than 100. Exposed, unprotected access data, hacked email addresses, user names and passwords represent a high security risk to Germany's 100 largest publicly traded companies.
According to the results of the study, five sectors of industry are very severely affected by this attack scenario involving unprotected access data: The telecommunications industry leads the list, followed by other technology sectors, the chemicals industry, the financial sector, and the automotive industry. The reason for this is the fact that these industries employ a disproportionately high number of people. The fact that the highest number of attacks on credentials are recorded for the telecommunications industry is due to its business model: Email accounts are included in the services offered by telecommunications providers.
The study proves that on average, the individual credentials of 76 employees of every DAX100 company were publicly accessible if third-party websites, for which the employees also had an account, were hacked.
Exposed log-in data from email accounts and suspicious domain registrations can be used for cyber-attacks. Therefore, it is important that companies are capable of preparing a risk analysis and to be aware of the potential threat at all times. This is the only way that company networks and sensitive data can be permanently protected. "The prerequisite for this is that company management is constantly informed of copied domains," concludes Jamie Stone, "while on the other hand, employees must be sensitised not to use their business email accounts, credentials and passwords for private purposes. To close these security loopholes, companies need to check more thoroughly how business email accounts are used for private purposes."
Anomali delivers earlier detection and identification of adversaries in your organization’s network by making it possible to correlate tens of millions of threat indicators against your real time network activity logs and up to a year or more of forensic log data. Anomali's approach enables detection at every point along the kill chain, making it possible to mitigate threats before material damage to your organization has occurred. Headquartered in Redwood City, Calif., the company is privately held and has received venture capital backing from General Catalyst Partners, GV, Institutional Venture Partners, and Paladin Capital Group, as well as individual investors. To learn more, visit www.anomali.com and follow us on Twitter: @anomalidetect.
+49 89 411 123 218