Brand impersonation happens much more often than people realize. In CSC’s latest Domain Security Report, we found that 75% of domains for the Global 2000 that contained more than six characters from the brand names were not actually owned by the brands themselves. The intent of these fake domain registrations is to leverage the trust placed on the targeted brands to launch phishing attacks, other forms of digital brand abuse, or IP infringement that leads to revenue loss, traffic diversion, and a diminished brand reputation. There are endless domain spoofing tactics and permutations that can be used by phishers and malicious third parties.

Below, we include common homoglyphs, as they are one of the most egregious attack methods used by threat actors today:

Whose job is it to fix?

Last week, Ericka Chickowski published two articles in Dark Reading on brand impersonation. The first—“Why CISOs Should Care About Brand Impersonation Scam Sites”—talked about the problem and how companies “don’t know whose responsibility it is to monitor for spoofed brand sites and scams that steal customers’ trust, money, and personally identifiable information.” Brand impersonation and lookalike domains can certainly be a legal issue in terms of trademarks, and a marketing issue in terms of consumer trust. But it’s also an issue for chief information security officers (CISOs) and cybersecurity incident response teams. As CSC’s Digital Brand Services chief technology officer (CTO), Ihab Shraim, points out in Chickowski’s first article, incident response teams don’t have the specific data feeds needed to manage the problem. CSC encourages its clients to have a digital brand governance cross-functional team to manage concerns about securing the brand within all digital assets.

Challenges for the cybersecurity incident response teams

Incident response teams receive log data from firewalls, network devices, operating systems, endpoints, and applications within their enterprise, residing in data centers or cloud infrastructures. The data is aggregated in a security information event management (SIEM) or security orchestration, automation, and response (SOAR) platform for SOC personnel to process and analyze critical alerts as fast as possible. According to Shraim:

“The main challenge experienced with SOC personnel is alert fatigue due to the sheer volume of alerts, duplication, and unfiltered events. Moreover, the external attack surface for brand impersonation, such as phishing and domain hijacking attacks, are entirely built and launched by bad actors on the internet. Therefore, the SOC security teams don’t have such data feeds, nor are they trained to mitigate such threat vectors by taking down malicious websites or speaking with a registrar to delete a domain name.”

The external attack surface for brand impersonation is the entirety of the internet, and security teams need a multidimensional view of various threat vectors outside their firewall targeting specific domains. Additionally, anyone can register an available domain name at any time, at a low cost, making these threats a constant challenge.

How can companies protect themselves?

With corporations owning multiple brands, and hundreds or even thousands of domains within their portfolios, it’s crucial to have a proactive, rapid detection and deactivation solution to manage the threat of domains imitating brands. The second article published in Dark Reading last week—“What CISOs Can Do About Brand Impersonation Scam Sites”—provides a holistic view of how companies should approach this problem. According to Shraim:

“Organizations should not only be watching and monitoring the domains they own, but also their domain ecosystem. This means understanding the types of domains being registered around them, because domains are a multidimensional cyber threat. Companies need to devise policies and procedures to monitor and mitigate threats associated with all their domains as an integral part of their security posture.”

Companies need to use solutions that leverage domain name monitoring and detection via automated machine learning to accurately identify all newly registered, re-registered, and dropped domain names, and mitigate cyber threats. Moreover, the technology should be capable of identifying active threat vectors such as phishing and malware cyberattacks launched against their brands across all key digital channels—because domains are a multidimensional cyber threat.

An ongoing and proactive dynamic brand monitoring program for threats outside the domain portfolio will provide companies with a 360° view of various threat vectors outside the firewall targeting specific domains, so that they can protect and manage core and tactical domain names, and protect all online digital assets.