Cybercriminals “Exploited” COVID-19 To Attack Brands: Report

Mimecast’s State of Brand Protection 2021 report has found a worrying increase in cybersecurity attacks jeopardising brand safety.

The State of Brand Protection 2021 report found that last year cybercriminals “exploited the world’s fear and uncertainty about COVID-19 to dramatically escalate email phishing campaigns and other malicious attacks that impersonate brands in order to trade on those brands’ customer trust.”

According to the report, the number of brand impersonation emails sent to Mimecast customers per month rose almost 44 per cent from 2019 to 2020, to an average of almost 27 million.

Big companies, such as those on the BrandZ Top 100 Most Valuable Global Brands list for 2020, had a 381 per cent spike in brand impersonation attacks in May and June 2020 as opposed to January and February, before the pandemic saw global lockdowns.

Throughout the year, too, monthly accidental clicks on dangerous links rose by 84.5 per cent throughout the year.

The report points to core issues: the fact that all brands are at risk of cybersecurity breaches, brands don’t realise the extent of the problem, brands are losing trust – and leads – to cybercriminals. It also offers solutions, such as the importance of marketers and security teams working together, ensuring fast attack takedown, and brand monitoring and protection services.

To create these findings, Mimecast monitored and analysed more than a billion emails per day on behalf of 40,000+ global customer organisations. As well as this, between November 2020 and February 2021, the report’s authors interviewed ten cybersecurity professionals who work in organisations that use brand protection, DMARC or both.

Because digital marking has become so prevalent, brands have unwittingly opened themselves to cyber breaches because email has inherent security flaws.

As the report explains, “until recently, anyone could send email from [a] brand’s domains — and 40 per cent  of consumers don’t hesitate to click on links in emails from their favorite brands.”

The data comes from new European brand trust research which will be released by Mimecast later this year.

47 per cent of respondents in the report saw the volume of spoof emails misusing their brands increase in the past year, while 42 per cent saw an increase in spoofed web domains, impersonating their brand.

There is a range of cyber sceurity attacks a brand may be faced with us. Link manipulation, for example, sees criminals register domains with names that are very close to legitimate brand pages. Those manipulated links can then lead users to websites hosting host malicious content.

Other examples include website spoofing, where criminals create websites that look almost identical to legitimate sites, or supply chain impersonation, where they insert them into the supply chain process (often email) posing as a legitimate brand.

Mimecast is quick to point out that this sort of exploitation can impact brands of any size, and in any industry.

Online banking, the report explains, “was among the most trusted industries in the European brand trust research, but it is paradoxically also one of the most targeted industries for brand impersonation and phishing attacks.”

A CISO at a small bank in the UK told researchers that he had “found — and [taken] down — about 14 fraudulent websites a month for the past year.”

Indeed, for those larger brands, there is particular risk as cybercriminals have access to more potential value.

Mimecast found “approximately 2.9 million…email phishing attempts that impersonated a [Kantar] top 100 brand — in fact, only a small number of the top 100 Kantar brands were not exploited.”

That reflects a monthly average of around 715,600 phishing emails targeting a top 100 brand.

One Brand Exploit Protect customer told the researchers that, “even if we aren’t seeing any money loss from these brand exploitation attacks, our image is one of the main things we want to protect.”

“We’re taking the service on because we want to protect our image. If that helps the customer as well, then it’s good for both of us.”

On the upside, though, according to Mimecast, companies are now growing increasingly concerned about brand impersonation attacks. Now, 91 per cent of respondents “would be concerned if their organization experienced a fraudulent web domain or malicious website spoofing their domain.”

93 per cent would now “be concerned about an email-based attack directly spoofing their email domains.”

The report also calls for less siloing between marketing and cybersecurity, pointing to the need for a “productive, constructive partnership”. It quotes one interviewee, who described the importance of the relationship as: “it’s cybersecurity’s job to ride sidesaddle with marketing.”

Another essential element is good cybersecruity training. Mimecast found that “on average only 6.85 per cent of the clicks on dangerous URLs made by Mimecast customer employees in all of 2020 were made by people who had undergone cybersecurity awareness training.”

“93.15 per cent of the clicks were made by people who did not have training.”

That means that people with no awareness training were 13.6 per cent more likely to click a malicious link.

Educating customers was also essential, with one interviewee saying, “we pride ourselves in working very closely with our customers. We communicate with them extensively and warn them the minute we become aware of a bad actor’s tricks. We like to think we’re a trusted name and a trusted partner.”