National Cybersecurity Awareness Month is the perfect time to educate clients about domain and brand impersonation scams, which are on the rise.
by Brian Babineau, Senior Vice President and General Manager, Barracuda MSP
As October has arrived, it’s an excellent time to remind IT solution providers about National Cybersecurity Awareness Month (NCSAM), which is now in its 17th year. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) promote NCSAM to raise awareness about the importance of cybersecurity across our Nation. This year’s theme is “Do Your Part. #BeCyberSmart,” which encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability, and the importance of taking proactive steps to enhance cybersecurity.
One way that MSPs can help keep their clients safe from cyberattacks is by educating them on the latest and most pernicious threats. Two of those — domain impersonation and brand hijacking — are on the rise.
In domain impersonation attacks, hackers impersonate a domain by changing a few letters or using a lookalike domain. For example, hackers might replace the ‘z’ in Amazon.com with an ’s,’ or they could replace the “.com” with another extension that takes victims to malicious sites.
Domain impersonation attacks are often used in conjunction with account takeover and conversation hijacking. When an account takeover takes place, the attacker gains access to internal and external conversations between employees, partners, and customers. Using information from compromised accounts, attackers can craft convincing messages from cleverly impersonated domains to trick their victims for monetary gain. For example, they might impersonate a victim’s bank and send a request to verify the victim’s account details to get access to the victim’s real bank account.
Brand impersonation is related to domain impersonation. It involves hackers sending phishing emails that appear to be from a well-known brand like Microsoft, Amazon, Apple, or FedEx. These emails are often meant to trick the target into clicking on links within the body of the email (e.g., password reset URLs) as an attempt to collect passwords, emails, and usernames. The stolen credentials are then used to break into other digital platforms via a process known as credential stuffing.
According to Barracuda’s research, there has been a sharp rise in domain impersonation. An analysis of about 500,000 monthly email attacks shows a 400 percent increase in domain-impersonation attacks used for conversation hijacking. Additionally, brand impersonation is used in 47 percent of all spear-phishing attacks.
Defeat Domain Impersonation
Domain impersonation is typically a high-impact attack because victims have a hard time spotting the subtle differences between legitimate and fake email domains. That also makes them difficult to defend against, as email gateways must build lists of safe domains used by organizations and their partners over time. Because there are so many domain variations and tracking them can be time-consuming and error-prone, gateways alone are an inadequate defense strategy. Also, there are typically a lot of false positives, while legitimate attacks can slip through undetected.
Using an API-based inbox defense strategy is preferable, as these solutions use past email communications to track domains used by the organization and their partners and customers. Inbox defense can associate conversations, requests and individuals with specific email domains. If there’s an unusual request from an unfamiliar domain, the attack is more easily detected and blocked.
Beat Brand Impersonation
Brand impersonation relies on a slightly different form of psychological manipulation, as victims are tricked into disclosing sensitive information by hackers pretending to be familiar service providers. In brand impersonation attacks, the hackers pretend to be from a well-known company, which enables them to harvest credentials and perform account takeovers.
Microsoft is one of the most commonly impersonated brands because Microsoft and Office 365 credentials allow criminals to launch additional attacks. While standards like DKIM, SPF, and DMARC can make these attacks more difficult to execute, many large companies don’t have DMARC policies in place.
Again, an API-based inbox defense can identify and block these types of attacks by using past email interactions to provide a better view of services used by a company. The data is used in a statistical detection model to help spot the difference between fake and real emails, including the branding and images of the services that are actually used by an organization.
Because gateways rely on predetermined policies, they don’t have visibility into the services used by an organization and can’t recognize authentic branding and images. API-based inbox defenses, on the other hand, give companies visibility into domain impersonation using DMARC authentication to protect against spoofing and brand hijacking.
To learn more about these and other threats, download Barracuda’s latest eBook, 13 Email Threat Types to Know About Right Now.
Make Your Security Awareness Training Consistent (and Measurable)
National Cybersecurity Month is also an excellent time to remind partners about the importance of security awareness training—or, more specifically, ongoing user awareness training. Giving users policies to follow and reminding them of best practices isn’t useful if it only happens quarterly or annually. Users need frequent, regular training and reminders for real changes to occur.
Using a simulated phishing service is an excellent way for MSPs to keep security awareness top of mind, and to show customers measurable results. With these solutions, the MSP sends simulated phishing emails to users, and the MSP is alerted when a user takes the bait and clicks a link or opens an attachment. These programs give MSPs additional visibility into their customers’ security hygiene and help MSPs focus their training on users who need it the most. Plus, MSPs can provide key stakeholders with reports showing critical metrics, such as how many employees received the emails compared to how many responded.
The client should see a decline in the number of employees clicking suspicious emails over time, and the MSP should see an increase in incremental revenue.
Brian Babineau is Senior Vice President and General Manager for Barracuda MSP. In this role, he is responsible for the company’s managed services business, a dedicated team focused on enabling partners to easily deliver affordable IT solutions to customers.