Thursday, September 28 2023

A new intelligence report released by external cybersecurity company ZeroFox revealed a 164% increase in threats targeting brands from the first to second quarter of 2023. Sources were derived from open-source accesses, social media, and proprietary data, among others, prior to July 14. 

Spoofed domains saw a 20% increase in the second quarter of this year compared with the first. About one-third of those incidents were linked to phishing campaigns, with the U.S., U.K., Ireland, and Austria being heavily targeted. Greece, too, was affected, which is explained by March riots and June parliamentary elections in the country. The manufacturing sector topped the list with an 81% observed increase in domain impersonations last quarter, amounting to 16.65% of all incidents reported by ZeroFox. The financial services and technology industries remained the most impacted, though. 

The report highlighted that top level domains (TLDs) present a mounting threat to brand protection, as they broaden the attack scope and provide leverage for threat actors in malware campaigns. One TLD is set to release this quarter. 

Fraudulent activity was also outlined in the report, with a 26% increase since the end of the second quarter. Fake job postings rose by 50% and membership, giveaway, and prizes scam saw a marked growth. Social media money-flipping scams increased by almost 100% in the second quarter as well. These developments negatively impacted costumers since their personal and financial information were stolen, but they also harmed brands when customers blamed them for it.

A full 80% of fraudulent activity was linked to fake gift card schemes aimed at retailers and consumers. With the expansion of AI, threat actors used botnets to test gift card number combinations and steal money. Indeed, botnets have reached targets far beyond brands. As CISA noted in a July joint advisory with the FBI and other organizations, truebots, a type of botnet, were used in malware attacks across the U.S. and Canada, like the Cl0p ransomware cyberattack. 

Looking ahead, organizations will have to double down on efforts to identify fraudulent profiles given the continuing development of deepfakes, according to the report. However, consumer awareness may increase with new laws and make it harder for threat actors to steal personal data. A New York law passed in 2023 mandates that retailers warn customers of possible gift card scams, and other states may follow. 

In addition, the report addressed social media-based threats. More than half of impersonation accounts identified were from the media industry, with consumer goods, retail, and hospitality following at 11.29%, 8.13%, and 6.7%, respectively. This issue will be mitigated with new regulations. For example, the Federal Trade Commission is exploring proposals for laws that would punish the perpetrators of these accounts. 

The report concluded with eight recommendations to secure organizations’ brands, including registering for domains in advance, removing impersonator domains, monitoring brand mentions on the dark web, and using filtered or curated threat intelligence. 


TSA Updates Security Directive on Oil and Natural Gas Pipelines


White House Launches National Cyber Workforce and Education Strategy

Check Also


Don’t Miss

Cyber Executive Moves: Expel, AXA XL

Ellie Buscemi

Expel appoints a new chief product officer, AXA XL announces a new chief executive and DataVisor appoints a new chief revenue officer. Expel, a security operations provider in Herndon, Virginia, appointed Yonni Shelmerdine as the new chief product officer on Aug. 28. Shelmerdine comes to Expel from SentinelOne where he was the vice president of Product Management, endpoint […]

Grip Security Raising $41 Million Series B Led by Third Point Ventures


SaaS security company plans to accelerate growth and extend market leadership SaaS identity risk management platform Grip Security announced a $41 million Series B funding round led by Third Point Ventures, with participation from YL Ventures, Intel Capital and The Syndicate Group. The investment would bring Grip Security’s total funding to $66 million and marks a major milestone for the […]

Partner One Acquires Key Fidelis Cybersecurity Assets


Partner One, one of the fastest growing software conglomerates in the world, has announced its acquisition of Fidelis Cybersecurity software, intellectual property, equipment, inventory and customer and reseller contracts. Fidelis software is a leader in the cybersecurity industry, with innovative eXtended Detection and Response (XDR) and Cloud Native Application Protection Platform (CNAPP). Fidelis solutions protect […]

Healthcare IoT: Risks, Policy, and the Path Forward 

John Powers

When Amazon launched as an online bookstore twenty-eight years ago, few would have imagined that patients could one day go to its website to treat their acid reflux. But times change. Amazon just expanded their virtual healthcare marketplace, Amazon Clinic. Across the U.S., customers can now consult with clinicians through virtual calls and get treatment […]

NIST Updates Cybersecurity Framework in New Draft, Seeks Public Comment

John Powers

The National Institute of Standards and Technology updated their cybersecurity framework for the third time in a new draft. The new framework offers guidance to organizations about reducing cybersecurity risks. It contains a set of outcomes so that any organization can evaluate, prioritize, grasp, and communicate its cybersecurity measures in an effective way. The draft […]

N.Y. Gov. Debuts Premier State Cybersecurity Strategy

John Powers

Governor Kathy Hochul (D-NY) recently introduced New York’s first cybersecurity strategy. The 15-page document lays out a blueprint to expand services to aid under-resourced entities and clarifies agency responsibilities. It provides $500 million to strengthen New York’s healthcare information technology and $7.4 million to expand the New York State Police’s Cyber Analysis Unit, Computer Crimes […]