What does brand protection have to do with cybersecurity? A study earlier this year demonstrates the connection.
The study reviewed domain names for 11 major industrial control system (ICS) vendors. ICS vendors provide, among other things, supervisory control and data acquisition (SCADA) systems, used in power plants and oil and gas refining. In other words, these systems are a very important part of our critical infrastructure.
The researchers found over 400 “squatted” domains: most frequently, domains that contained common typographical errors as well as homoglyphs (substituting a “one” for an “l” or capital “I,” for example). Malefactors intentionally purchase these domains to trick users for purposes as benign as viewing advertising or as malicious as downloading malware or stealing credentials. (The researchers did contact the ICS vendors with their results.)
Of the 400+ “squatted” domains, the researchers found:
- More than 200 hosted malicious content, including malware that would hijack the end user’s web browsers;
- Almost half of those domains were able to receive e-mail, and 10% of those accepted e-mail from any user, enabling the “squatted” domain owners to intercept private e-mail intended for the real ICS vendors; and
- Malware on one squatted domain was undetected by 55 different virus checkers (a new 0-day exploit).Homoglyphs are frequently used in phishing exploits, to lure the recipients into performing some action or giving up credentials. For example, if you had a registered account with ICS.com and you received an e-mail from 1CS.com asking you to reset your password due to a recent breach, would you click on the link before noticing that the first letter was not an “I” but a “1”? A different study found that specifically-targeted phishing attacks (so-called “spearphishing”) in the ICS industry soared 160% over the past 12 months.In other words, these “squatted” sites are luring ICS consumers and employees to the “squatted” sites in order to spread malware and possibly to steal credentials, in order to attack the ICS vendors.
What Can You Do?
One way to make us safer is to use the power of your company’s trademarks to determine the common typos and homoglyphs of your marks and brands and then:
- Transfer the “squatted” domains back to your company;
- Complain of trademark infringement to Facebook or Instagram or Twitter to have the account suspended or content removed;
- Because the “squatted” term likely will not be an exact match for your trademark, complain of impersonation to Instagram or Twitter or of an impostor to Facebook to have the account suspended or content removed.
We have previously written on the U.S. government’s Digital Registry and the Canadian government’s list of legitimate domains and social media identities. Both efforts are aimed at helping consumers reach the real agencies. Helping consumers locate and use the authentic IDs can also help your customers avoid the malware and other issues from the “squatted” sites and IDs.
It’s not often that brand protection attorneys get the opportunity to improve your company’s and your customers’ cybersecurity. This is your chance.