Top 4 Digital Brand Threats

Posted on May 21, 2021

Threat actors frequently impersonate trusted brands to lend credibility to their attacks. This tactic can surface anywhere online and often makes malicious content appear legitimate at first glance. Because brand abuse is so widespread, security teams must maintain full visibility into the top brand threats targeting their organization and have streamlined workflows to turn potential threats into actionable intelligence.

At their core, digital brand threats are effective because they exploit the trust people place in well-known companies. But beyond that shared tactic, these threats vary widely in form and function. Each type requires a tailored approach to detection, analysis, and mitigation.

In this blog, we break down the four most common types of digital brand threats and share best practices to help minimize their impact.

 

Domains

Threat actors register hundreds of thousands of look-alike domains every year to impersonate digital brands. These domains are designed to mislead, and in order for organizations to gather related intelligence that is timely, they must first identify which domain threats are targeting their brand as well as where they live. 
 
Look-alike domains can be used in a number of ways including:
 
  • Hosting fraudulent websites
  • Hosting malware
  • Distributing phishing emails such as BEC
  • Diverting website traffic from legitimate sites
  • Delivering spam
  • Delivering malware lures
 
Look-alike domains achieve high levels of believability because they incorporate an element of the brand name or asset that may represent the business. 
 
In order to effectively collect domain intelligence related to brand abuse, security teams should collect data from the following sources:
 
  • TLD Zone Files
  • SSL Certificate Transparency Logs
  • DNS Traffic
  • DNS Queries
 
Continuous monitoring of these sources can result in swift detection of look-alike domains that contribute to digital brand abuse. 
 
Following the identification of a domain-related threat, collected data should undergo threat-specific curation that includes a combination of technology and human analysis. Security teams should employ expert analysts who specialize in handling processes defined per threat-type to ensure data is properly prioritized and follows the appropriate workflow for successful mitigation. 
 

Social Media

Digital brand threats on social media are some of the top security concerns to organizations due to the accessibility, simplicity, and global reach that threat actors exploit. Brand threats can take many forms including misuse of an asset, executive impersonations, and pages with unauthorized content or logos. Monitoring for these threats is especially challenging due to the volume of data security teams must sift through, and failure to identify and mitigate an attack may result in reputation damage and financial loss. 
 
Below are two examples of brand threats on social media channels:
 
 
Executive Impersonation
 
 
Fake Twitter Page
 

Successfully collecting brand intelligence on social media means identifying all platforms that apply to your organization. From there, security teams should mine data using algorithms to find relevant threats. This data should be analyzed by using both threat-specific automated logic as well as human analysis. Takeaways from this multi-stage process should include:

  • Threat classification
  • Determining severity
  • Eliminating false positives
  • Adding context
 

Open Web

Open web threats abuse brands through imposter websites that host unauthorized use of intellectual property, create false associations, and promote illicit activity. Overwhelmingly, brand threats present on the open web involve phishing sites that mislead victims into surrendering their credentials. Threat actors accomplish this by abusing an organization's brand to trick victims into believing they are interacting with a trusted, reputable business. 

Sufficiently identifying these sites requires not only extensive visibility across all readily accessible, related content on the web, but also strong anti-evasion detection. Threat actors frequently take steps to prevent automated crawling tools from detecting malicious content. 

Collection sources for open web data should include:

  • Continuous web crawling
  • Search indexes
  • Domain registrations
  • SSL transparency logs
  • Passive and active DNS queries

Because of the massive volume of data available on the open web, security teams should initiate workflows that operate according to specific, relevant threat-types detected. This includes curation particularly designed to increase the speed of mitigation, and overall will result in high-fidelity, actionable intelligence. 

Mobile

Threat actors use official company logos, trademarks, and images to impersonate legitimate brands and convince victims to install clones of popular applications. 

These cloned apps are widely available as well as convincing and can attribute much of their success to abusing the sense of security associated with a trusted brand. Cloned apps are available in both official and unofficial app stores and if downloaded, can result in stolen credentials and SMS authentication codes. Collecting intelligence on unauthorized clones and out-of-date versions of legitimate mobile apps requires continuous monitoring of online app stores for brand references.
 
Mobile banking Trojans also pose a significant threat to brands by impersonating legitimate business apps or games to steal credentials. Triggered when a legitimate banking or commerce app is launched, these Trojans overlay the screen with a fake login page, steal sensitive data, then transition back to the legitimate app so as not to alert the victim. To prevent this fraud, security teams need to gather intelligence on apps and brands targeted by mobile banking Trojans and take steps to disrupt the overlay mechanisms used to impersonate their login screens.  

Learn more about how Fortra Brand Protection helps safeguard your brands from these and other digital threats with our Brand Protection and Digital Risk Protection solutions.
 
Additional Resources:

 

Related Products
Brand Protection Domain Monitoring Mobile App Protection