According to Cisco Talos Intelligence, there has been a notable uptick in cybercriminals leveraging the reputations of prominent brands to deceive users and steal sensitive information. Microsoft stands out as the most commonly impersonated company, a trend that significantly jeopardizes online security. Thorsten Rosendahl, technical leader at Cisco Talos, likens these tactics to a “Trojan horse,” playing on the trust that users place in well-known brands.
Techniques Used in Brand Impersonation
Between March 22, 2024, and April 22, 2024, Microsoft topped the list of brands most frequently mimicked in cyber-attacks. DocuSign and Amazon were also commonly targeted, along with PayPal, Adobe, Instagram, Nortonlifelock, Chase, Geek Squad, and Home Depot. Cyber attackers utilize methods like embedding brand-related terms into HTML code and employing base64 encoding techniques to make fraudulent emails appear legitimate, luring users into divulging their login credentials and personal information.
The issue extends beyond just emails, as brand impersonation tactics also emerge on social media, websites, and mobile apps. By abusing familiar brand logos, cybercriminals manipulate unsuspecting users into sharing sensitive data. Rosendahl stresses the necessity for users to maintain a skeptical approach towards the authenticity of emails and other digital communications. He also advocates for organizations to implement continuous security awareness training to mitigate the risk of data breaches caused by such deceptions.
New Detection Features by Cisco
Cisco has responded to the increase in brand impersonation threats by adding a new feature to its Secure Email product. This enhancement aims to better detect when attackers disguise themselves as reputable companies. The new detection component in Cisco Secure Email Threat Defense helps pinpoint these malicious activities, offering crucial insights for both threat analysts and clients.
Cybercriminals employ sophisticated tactics to include brand logos in their emails, such as remotely fetching logos during email delivery or embedding logos within attached images or PDF files. These advanced methods make it challenging to identify fraudulent emails, emphasizing the need for robust detection mechanisms in email security solutions.
Targeted and Indiscriminate Attacks
Impersonation attempts can be targeted towards specific sectors or dispersed indiscriminately. Often, these emails contain phone numbers, directing recipients to call and thus shifting the attack vector from email to voice communication, where they can attempt to deploy malware. Organizations must educate their employees and customers on identifying trustworthy communication channels and the kinds of information their legitimate correspondences would request. Leveraging advanced detection methodologies like machine learning can enhance the effectiveness of threat detection.
It is not a surprise that Microsoft is the most targeted brand considering the company's dominance in enterprise. Last year, CyberSheild revealed Microsoft is the most spoofed company, especially through Microsoft 365 and Office 365. The report reveals that Microsoft was impersonated in nearly 25% of all phishing attacks globally in 2022, up from 19% in 2021.
Back in 2019, Cisco published a report that showed Microsoft Office takes more phishing attacks than any other service. Kaspersky Lab has also said Office 365 is the main target of phishing campaigns. The security firm says 70 percent of all attacks are targeted at Office. In 2020, Check Point reported that Microsoft products faced more phishing attacks during the third quarter of the year than any other company.