CISOs must operate
on the assumption
that their
organisation has
a far bigger digital
footprint than
they realise.
the Internet, directing employees or
customers to what look like legitimate
assets. From there cybercriminals can
harvest credentials to gain access to
corporate systems or capture personal
information for monetary gain. Examples
of these types of activities include the
registration of domains that look similar
to a brand’s domain (typo-squatting),
driving traffic to phishing pages that
look legitimate, placing fake mobile
64
apps in the app stores and creating
fake social media accounts on the
major social platforms. Millions of new
digital assets appear on the Internet
every day, making it extremely difficult
for an organisation to monitor for
brand infringement and impersonation.
We also see new adversary tactics
appear on a regular basis and,
when successful, they are rapidly
copied by other threat actors, giving
organisations yet another threat vector
to defend against.
Case study – the credit-card
skimming scheme
Consider the recent breaches of
Ticketmaster, British Airways and
Newegg by the credit card-skimming
groups known as Magecart. In the case
of the Ticketmaster breach, RiskIQ
discovered it wasn’t an isolated incident
but a worldwide campaign that affected
tens of thousands of e-commerce sites
executed by hacking widely used third-
party analytics trackers.
The affected brands had no
visibility into the code running on their
website, so they were unaware and
powerless to protect their customers,
many of which had their data stolen
directly from the site as they input their
payment information.
British Airways and Newegg were
similarly vulnerable to web-based
attacks. They were victimised by
targeted attacks using unique skimmers
that integrated with the victim’s
payment system and blended with the
infrastructure, staying there as long as
possible. These attacks showed that
they are not limited to specific geo-
locations or specific industries – any
organisation that processes payments
online is a target. The elements of the
British Airways attacks were all present
in the attack on Newegg. However,
when brands understand what they
look like from the outside in, they
can undertake measures to harden
their attack surface and take down
impersonating assets.
Issue 09
|
www.intelligentciso.com