The Anomali Labs team conducted research to identify suspicious domain registrations and potentially compromised credentials that could be used as part of an attack against the Financial Times Stock Exchange 100 (FTSE 100). Both methods of attack pose a significant threat not only to corporate brands but also to the corporations themselves. As referenced in Global Finance and Banking Review and Infosecurity, the number of stolen credentials for FTSE 100 employees has nearly tripled since last year’s analysis.
With a deceptive domain malicious actors have the potential to:
- Orchestrate phishing schemes to collect customer credentials
- Install malware onto visitor devices
- Coerce the targeted company into paying for the domain
- Redirect traffic to competing or malicious sites
- Embarrass the company by displaying inappropriate messaging
Threat actors with compromised credentials may gain the capability to infiltrate an organization’s defenses. From there they can steal data, damage systems, or orchestrate more complex attacks.
The data from this report spans a three month period within 2017. Below are a few key statistics from the report.
- Eighty-two percent of FTSE 100 companies had at least one potentially suspicious domain registration and thirteen percent had 10 or more suspicious domains.
- The vertical hit hardest with suspicious domain registrations was Banking at 83 registrations, which was more than double of the next industry, Energy, at 41 registrations.
Mass Credential Exposures
- An average of 165.83 exposed credentials were identified across all companies. Of the 77% of companies that had credentials exposed, an average of 218 exposed credentials were found.
- Five companies had more than 1,000 credential exposures.
Source: Honeypot Tech