This article has been indexed from CircleID: Cybercrime
A recent report “Domain Security: A Critical Component of Enterprise Risk Management” published by the Interisle Consulting Group highlights why domain security should be a critical component of enterprise risk management, a proposal that resonates closely with what we at CSC advocate.
The report describes the current threat landscape characterized by cyberattacks that use domain names as a resource for spammers or cybercriminals to conduct phishing, fraud, malware, ransomware, distributed denial of service (DDoS) attacks, and data breaches. They either register confusingly similar domains to existing brands or exploit legitimate domains by compromising web servers or domain registration accounts to seize control of the domains and domain name system (DNS), then manipulate them for malicious purposes.
Every minute a website is unable to process transactions — or the days an organization is unable to operate while their systems are held at ransom — equates to costly revenue loss and reputation damage that organizations cannot afford. As a result, there have been increasing cyber insurance claims and the need for companies to have higher levels of risk assessment and compliance. Yet cyber threats continue to occur at increasing frequency, even among large enterprises and governments.
“Because incidents and responses attract public attention, there is an overemphasis on attack response and underemphasis on pro-active, preventative measures to detect, identify, and mitigate threats before an attack can occur.”
At CSC, we have isolated the common phishing tactics that we see cybercriminals and fraudsters using by taking advantage of already established brand trust:
Common Tactics | Outcome |
---|---|
Domain spoofing and look-alike domains | Rogue domains and connected web services look authentic |
Spoofing email headers | Email messages appear to be coming from someone else |
Email account take over (ATO) | Legitimate email addresses are weaponized via email account breaches |
Domain account take over (ATO) | Legitimate domains and connected web services are weaponized via domain registrar and dns/cloud account breaches |
Website, app and social media profile spoofing | F […] Content was cut in order to protect the source.Please visit the source for the rest of the article. Read the original article: Domains Are a Critical Component of Your Enterprise Risk Management
Post navigation |