By Josh Bourne
The Equifax cyber-attack of 2017 highlighted the vulnerability of corporate networks and consumer privacy in the new era of the Internet and cyber threats. In fact, 2017 saw more expansive and more high profile breaches than any other year to date.
Consequently, corporates are urging more awareness and responsiveness to cyber threats at all levels to better protect the security and information of consumers from top to bottom.
Top 2017 Attacks
The most notable attack of 2017 was against consumer credit reporting agency Equifax due to the sheer amount and sensitivity of information stolen.
Though not made public until September, the July attack against Equifax compromised 145 million people and included highly sensitive information such as Social Security numbers. Less than a month later, Yahoo! revealed that every account, over 3 billion in total, was hacked in 2013—three times as many as originally reported in 2016.
Anonymous cyber-crime groups have become more dangerous and more effective by accessing vulnerabilities or tools obtained from prior breaches of government and security organizations. After the controversial Shadow Brokers leak, which made public a suite of hacking tools developed by the NSA, Petya and WannaCry orchestrated attacks using the stolen tools and took advantage of newly revealed weaknesses, wreaking havoc on businesses and hospitals.
NuData Security Inc. reported that 64% of companies experienced web-based attacks in 2016, a figure that grew by about 30% year-over-year from 2015. The attacks, which appear to be endemic, have forced a corporate response.
The Wall Street Journal echoed this sentiment in an article published on January 10, 2018. Fortune 500 corporate boards are re-evaluating, or in some instances evaluating for the first time, the risks, gaps and response times associated with cyber threats.
A survey conducted by the National Association of Corporate Directors revealed that 38% of directors surveyed would select cyber threats as likely to have the biggest impact on their company in 2018. However, when asked if they felt confident that their company was properly secured against cyber attacks, the number of positive responses dropped from 42% in 2016 to 37% in 2017.
Thus, management is aware of the increasing amount hostility of cyber threats but is not confident in their ability to respond.
Mitigating Cyber Threats at the Domain Name Level
Domain names remain a key vulnerability and can easily divert a large user group. While organizational and security infrastructure are being assessed at the higher management levels, there are steps all companies can take at the domain name level to protect employees, customers, and overall brand reputation.
In 2017, Bad Rabbit, a cybercriminal ransomware attack often linked to Petya infected computers all over the world by posing as an Adobe Flash installer to infiltrate and compromise media outlets.
The bogus Adobe Flash update is often seen as the resolution for non-filtered domain parking platforms and other malware campaigns associated with typo-squatted domain registrations. Respectively, FairWinds Partners has seen a noticeable rise in Uniform Domain-Name Dispute-Resolution Policy (UDRP) reclaim filings submitted on behalf of clients.
Russian hackers, Cozy Bear and Fancy Bear, used typo domain names as points of entry to organizations related to the 2016 national election in the United States and continue to use spear-phishing and typo-squatting to infiltrate and spy on government organizations.
On January 8, 2018, NBC Nightly News aired a special on the impact typos can pose to unsuspecting users including online scams to gain access to personal or financial information. Typo-related domain infringement can result in customer diversion, poor customer experience, and damaged brand identity.
Left unaddressed, cyber threats can pose a significant risk to customer and employee personal information, corporate reputation, and online brand identity.
With the privacy and personal data of all Internet users at risk, it is critical for companies to understand and address emerging cybersecurity threats and related domain name vulnerabilities.