In recent months, hackers with reported links to Russia’s military intelligence service gained access to sensitive information about the U.S. Democratic Congressional Campaign and National Committees via typo domain names. That is, they “phished” sensitive information from unwitting individuals by utilizing slightly misspelled versions of the websites they had been intending to visit.
Although much of the press surrounding these incidents has focused on their potential political ramifications, such as influencing the outcome of the recent U.S. presidential election, we see it as portentous of a broader threat to brands and consumers.
It appears that there is an association between the malicious registration of typo domain names used to target political organizations and the likely-malicious registration of brand-related domains. These include domain names bearing an apparent connection to Intel, Symantec, Facebook, Microsoft, Apple, and others. Such a connection would imply that the same groups that hacked the DCCC and DNC may be positioning themselves for similar attacks on for-profit companies, and it won’t be long before other cybercriminals start to employ similar techniques.
Consumer Data and Brand Revenues At Risk
While the website involved in one of the recent hackings was for fundraising, experts suggest that the intent was to collect data on campaign donors, not necessarily to steal money from them. Given this, it seems evident that similar malicious registration of brand names may be putting customers’ data—and, potentially, brand revenue—at risk.
The authentic fundraising website in question was not breached by the hackers, but the fake one was sufficient to inflict harm. A brand can have a very secure website, but without adequate defenses against malicious actors taking advantage of keystroke error and confusingly similar domains, significant risks remain.
Strategic Responses Are Possible
What can be done? Political authorities and cybersecurity experts are focused on high-level responses to specific groups responsible for the DNC and DCCC hackings; you, as a brand owner or representative, can take immediate efforts to counter the threat:
Identify and take action on the most concerning typo domains of your core websites and brands through an in-depth audit of high-risk names owned and not owned;
- Ensure that those domains you own are properly configured to capture stray traffic;
- For those domains that you don't own, recover the most critical third-party names that could be used against you, such as those that could easily mislead your customers. It’s never cost-effective to get them all, but you can usually solve most of the problem with a limited number of targeted actions; and
- Lastly, continue active monitoring of any names not acquired.
Cybercriminals of this sort are inventive and elusive, but brands can protect themselves and their customers by taking targeted steps informed by this recent pattern of hacking.
