A new intelligence report released by external cybersecurity company ZeroFox revealed a 164% increase in threats targeting brands from the first to second quarter of 2023. Sources were derived from open-source accesses, social media, and proprietary data, among others, prior to July 14.
Spoofed domains saw a 20% increase in the second quarter of this year compared with the first. About one-third of those incidents were linked to phishing campaigns, with the U.S., U.K., Ireland, and Austria being heavily targeted. Greece, too, was affected, which is explained by March riots and June parliamentary elections in the country. The manufacturing sector topped the list with an 81% observed increase in domain impersonations last quarter, amounting to 16.65% of all incidents reported by ZeroFox. The financial services and technology industries remained the most impacted, though.
The report highlighted that top level domains (TLDs) present a mounting threat to brand protection, as they broaden the attack scope and provide leverage for threat actors in malware campaigns. One TLD is set to release this quarter.
Fraudulent activity was also outlined in the report, with a 26% increase since the end of the second quarter. Fake job postings rose by 50% and membership, giveaway, and prizes scam saw a marked growth. Social media money-flipping scams increased by almost 100% in the second quarter as well. These developments negatively impacted costumers since their personal and financial information were stolen, but they also harmed brands when customers blamed them for it.
A full 80% of fraudulent activity was linked to fake gift card schemes aimed at retailers and consumers. With the expansion of AI, threat actors used botnets to test gift card number combinations and steal money. Indeed, botnets have reached targets far beyond brands. As CISA noted in a July joint advisory with the FBI and other organizations, truebots, a type of botnet, were used in malware attacks across the U.S. and Canada, like the Cl0p ransomware cyberattack.
Looking ahead, organizations will have to double down on efforts to identify fraudulent profiles given the continuing development of deepfakes, according to the report. However, consumer awareness may increase with new laws and make it harder for threat actors to steal personal data. A New York law passed in 2023 mandates that retailers warn customers of possible gift card scams, and other states may follow.
In addition, the report addressed social media-based threats. More than half of impersonation accounts identified were from the media industry, with consumer goods, retail, and hospitality following at 11.29%, 8.13%, and 6.7%, respectively. This issue will be mitigated with new regulations. For example, the Federal Trade Commission is exploring proposals for laws that would punish the perpetrators of these accounts.
The report concluded with eight recommendations to secure organizations’ brands, including registering for domains in advance, removing impersonator domains, monitoring brand mentions on the dark web, and using filtered or curated threat intelligence.
