Constant pursuit and escape–that’s the cat-and-mouse game. If you’re into cybersecurity, that will sound familiar. Security teams and threat actors continually engage in back-and-forth routines in which the upper hand sways between the two. But do you have the resources to continue engaging in this pursuit, or is there a better way of doing things?
With larger attack surfaces than ever to target via the web, the advantage in this game increasingly lies with those trying to bypass defenses and infiltrate networks. To take brand impersonation alone, brand fraud in 2021 was 15 times higher than in 2020. It’s time for a more sustainable and intelligent approach to cybersecurity. Read on to find out why infosec must stop playing this game and what the alternative is.
Cat and mouse: understanding the industry’s old struggle to stop cyber attackers
The cat-and-mouse paradigm is not sustainable in cybersecurity because threat actors often find a way to escape security defenses. But why have traditional approaches historically failed to thwart cyber attacks?
Detection-based email and web security challenges
Internet-connected email services and websites vastly expanded the available attack surface for malicious actors to try and compromise. In response, organizations rely on detection-based technologies to keep pace with a barrage of attacks targeting email and web services.
These point-based solutions aim to address distinct threats. Antivirus tools use known signatures of malicious code, while email security tools try to detect and block known malicious URLs or attachments. Unfortunately, there are significant shortfalls that traditional solutions fail to deal with:
- Effectively blocking all malicious URLs requires administrators to know which websites are safe and which to block, an arduous task given there are over 1.8 billion domains on the Internet.
- Websites that were previously safe can become malicious overnight when rogue actors seize control.
- Antivirus and other signature-based tools rely on identifying known threats using databases—unknown threats that aren’t in any database easily bypass these defenses.
- The reports and outputs from tools inundate security desks with false positives and false negatives, so they spend much time and strain handling alerts and sorting the wheat from the chaff to figure out which alerts matter.
- Increased societal reliance on Internet services comes with more brand impersonation attacks, which have grown 360% since 2020 alone.
- Traditional ways to detect and deal with this “brandjacking” are too cumbersome; by the time you find a spoofed domain and request a takedown, the threat actors will likely have effortlessly moved to a new domain from which to exploit your brand name.
Security staff shortages
Security staff shortages continue to plague the cybersecurity industry. The global cybersecurity workforce skills gap widened by 26.1% in 2022 alone. A lack of adequate resources to deal with the influx of attacks leaves companies exposed. Even though technological advancements continue to improve the features and functionality of security tools, they still require skilled teams to get the most out of them.
One significant challenge already alluded to is alert fatigue. Strained security analysts get overwhelmed with high volumes of repetitive alerts due to insufficient staff numbers. In becoming desensitized to the alerts, threats eventually get missed, and opportunistic attackers find a way to achieve their nefarious aims.
Unpredictable end users
While cybersecurity training can increase employee awareness about best practices for secure behavior with email and when using web-facing systems, human fallibility remains a weak link in cybersecurity. Human error manifests in many ways, from end users misconfiguring systems to disclosing passwords or clicking on malicious links.
Threat actors deploy a range of techniques that seek to exploit psychological vulnerabilities in end users rather than technical flaws in systems. It’s inherently hard to predict when social engineering attacks will succeed—even someone who usually is aware of them might get duped by a spoofed email under personal or work stress conditions. The unpredictability of end users is very hard to account for, and it goes some way in explaining why human error plays a primary causal role in 82% of data breaches.
Additionally, although employee training and security awareness can help, they are not the only ones being targeted. Threats such as brand impersonation attacks originate outside the organization’s security perimeter and prey on customers’ trust. Educating customers about this is challenging and can backfire: customers feel like brands are burdening them with the responsibility to stop fraud rather than proactively solving this problem. We’ve talked in another blog about how this damages digital trust and what brands can do about it instead.
Skewed focus on internal targets
Security leaders traditionally focused on defending against attacks that target users inside their organization. This focus left gaps in defending against attacks that target customers or business partners, and threat actors were more than happy to shift their attention to the points of least resistance.
Brand impersonation attacks demonstrate how cyber attackers often hijack this skewed focus on internal targets. By spoofing or impersonating legitimate companies and targeting customers or business partners who already have a high level of trust in a brand’s name, the cat-and-mouse dynamic shifts matters in favor of cyber criminals.
Brand impersonation as the cat and mouse playing field
Brand impersonation is a pertinent example of the cybersecurity cat-and-mouse playing field. These attacks continue to increase in frequency as malicious actors exploit companies’ familiarity, integrity, and reputation to persuade victims into taking desired actions, such as disclosing login credentials or approving fraudulent transactions. The problem has become so widespread that the FTC recently highlighted 3 million reports of impersonation scams in the United States, citing losses of more than $6 billion.
The cat-and-mouse game plays out interestingly on the playing field of brand impersonation: Infosec professionals constantly try to stay one step ahead of threat actors who engage in brand identity theft by creating fake websites and cloning a company’s legitimate site. But these efforts to find and shut down impostors are hampered by the following limitations:
- Unsustainable—given how easy and fast it is to create a domain or social media profile, it’s unsustainable for infosec professionals to spend their time getting these websites and pages offline. As soon as one spoofed domain or page goes down (which can be a lengthy process requiring back-and-forth exchanges with multiple parties), another one pops up.
- Focusing on platforms rather than impact—the usual way of dealing with brand impersonation is by taking down the domain used to launch an attack. Solutions focus on finding and tackling the attack platform rather than the attacker or the attack itself. This focus is a significant limitation as attacks can be launched and cause damage between when a site is up and when it is identified to be taken down. Besides, not all attack domains are discoverable. For example, this won’t work if they use a meaningless URL that can’t be suspected or are registered where take down services can’t be effective.
- Inadequate brand protection—the cat-and-mouse approach also fails to get to the root of the problem. Platforms are taken down and resurfaced again, which is inadequate brand protection for your company’s online presence.
Time to stop playing. Let’s reimagine web security
So, how can you escape the cat-and-mouse game and reimagine web security? Staying with brand impersonation attacks, here are some facets required of a new, more effective approach.
Proactivity shifts focus from what to do after a fake domain has been discovered to everything you do before an attack takes place. This first requires a different attitude from the prevailing approaches that focus on discovering and taking down fake domains and platforms. Instead, we must prevent the intended victim from interacting with the attacker. This can only happen when customers can discern a fake website from an authentic one and identify attempts made by hackers to prepare for a spoofing attack in real time when they are lured into engaging with such sites.
With a proactive mindset, you can source proactive solutions that align with this approach. Ideally, chosen solutions would work at the earliest stages to prevent imposter and phishing scams before they ever reach customers, business partners, or employees, as that’s where the damage occurs.
With tens of thousands of new domains coming online each day, it’s critical for any brand protection approach to include real-time monitoring and detection. Additionally, solutions should guard your online ecosystem by identifying brand impersonation scams as they happen to alert security teams and customers promptly rather than uncovering spoofed domains days or weeks after they are created.
Informing end users
If end users could easily identify the difference between fake and authentic content, we wouldn’t be experiencing the magnitude of impersonation attacks we see today (2021 research suggests that phishing accounts for 90% of data breaches).
Brand protection should extend to end users by empowering them to verify the authenticity of the companies they interact with online. This must work at all contact points with end users, from websites to text messaging and email communications. Equipped with instant, unforgeable, and definite confirmation that your websites and correspondence are authentic, end users become less susceptible to mistakes that skew the cat-and-mouse game in favor of cyber criminals.
Reimagining web security inevitably calls for new solutions and tools that can provide the desired capabilities. But suppose those tools are difficult to integrate into your existing IT ecosystem and challenging to deploy, or require you to sift through endless alert streams. In that case, you risk user pushback and costly implementation. Ideally, you want to procure tools that can be installed quickly with the fewest environment changes possible. Tools should not require installation by end users or interfere with their experience interacting with your company.
Unprecedented point-of-impact brand impersonation prevention
As more cybercriminals enter the fray and cyber attack techniques become more diverse in exploiting technical and psychological weaknesses, playing cat and mouse is no longer viable. Moving on from cat and mouse requires a re-think towards proactive strategies and real-time solutions. You need to prevent modern brand impersonation threats from leading to financial losses and damaging your reputation.
Memcyco’s unique solution provides brand protection at the point of impact between brands and customers (e.g., online shoppers), partners, and employees. Proof of Source Authenticity (PoSA) displays a personal digital watermark, unique to each user, on your authentic website, assuring them that they’re interacting with your legitimate brand. Meanwhile, real-time monitoring of user access to spoofed or cloned sites can provide “Fake site” alerts to users to keep them from entering these scam traps. This feature also provides pre-emptive alerts to your security team so they know that an impersonation attack was attempted and can stop it, even if it was not executed, using cloning techniques before its damaging effects materialize.
Download your free white paper to learn more about our approach to stopping the cat-and-mouse game regarding brand impersonation attacks.
Eyal is head of demand generation at Memcyco