As the cyber threatscape expands, malicious actors successfully develop new ways to obtain sensitive information without the need to resort to malware. This results in a new approach to cybersecurity with the assumption that all businesses are compromised by default.
Cybersecurity experts note that there’s a growing number of scam websites involved in phishing attempts that pose as well-known brands to gain trust. While it’s relatively easy to spot malicious programs with a professional security tool, how can one identify thousands of fraudulent pages or counterfeit goods?
According to the CEO of BrandShield, Yoav Keren, equipping an online threat hunting program that uses artificial intelligence and machine learning technologies is one of the most promising solutions.
Tell us a little bit about your history. How did BrandShield originate?
Before founding BrandShield, I was the founder and CEO of Domain The Net Technologies Ltd., which is the largest domain registrar in Israel. More than 20 years spent in the domain space gave me the insight and business acumen required to create BrandShield.
Threat hunting has gained popularity recently – what does the process look like, and what are the benefits?
Online threat hunting is a crucial aspect of best practices for effective digital cybersecurity. As most of these threats reside outside of a company’s own network, CISOs have a difficult time tracking them down and removing them from the internet. These threats are growing exponentially, so it’s extremely difficult to do this without the advantage of a scaling, improving artificial intelligence platform.
Our process includes onboarding a company, deciding on goals, and deploying our artificial intelligence (AI) and machine learning (ML) to scour the internet for online phishing, impersonation, counterfeit sales, trademark infringement, and brand abuse across multiple platforms. We leverage automated tools and human expertise to submit claims about these threats to the relevant service providers (domain registrars, hosting providers, social media platforms, etc.) and to be able to remove threats within 24 hours of detection.
The benefits of equipping a brand-oriented digital risk protection program that includes online threat hunting are immense. We have found that brands that actively combat this type of threat are less frequently targeted. When companies make it harder for cybercriminals to succeed, they can deter them from future attacks.
What types of technology do you use to detect and, eventually, remove threats?
We leverage the latest AI and ML technology at scale to identify, track, and eliminate online threats. This technology saves time by prioritizing threats with greater accuracy as the size of our network grows.
We’re the only end-to-end platform that provides a way for customers to manage all enforcement activities from a comprehensive real-time centralized dashboard. Our highly customizable solution provides customers with high transparency about our efforts.
We have a nearly 99% takedown rate and can investigate and report to the relevant service providers within 24 hours of onboarding.
Did you notice any new threats emerge during the pandemic?
The amount of time that people spend online rose sharply during the pandemic and this created new opportunities for cybercriminals to target consumers, employers, and brands with phishing attacks, online fraud, and other threats to employees’ home networks which typically provide less protection than corporate networks. Marketplaces had a hard time spotting and stopping all the different fraudulent listings, and our reliance on social media to stay connected also increased the prevalence of impersonation attempts and multi-pronged scams that start online and move offline.
Additionally, the worldwide desperation of people to buy COVID-related products, such as at-home tests and medications, and get vaccinated sharply increased fraud revolving around the virus. By working together with the Pharmaceutical Security Institute, we identified a large increase in phishing, social media impersonation, and counterfeit vaccine sale threats, as well as fake products as outlandish as “vaccine hard seltzers.”
Brand protection is receiving more recognition nowadays. However, this term might still be a new concept to some. Which brand assets can be exploited for malicious purposes?
Fraudsters target a company’s most valuable assets, namely its trust among consumers and its reputation. We’ve seen multiple attempts by scammers to dupe people by posing as a brand's website, using fake logos or similar domain names, and even to the extent of impersonating company executives to fool consumers. A brand spends millions building loyalty and trust among audiences, and online attacks pose the biggest threat to companies and their customers.
What actions can lead to one’s brand being compromised?
Organizations are compromised by default. While a company doesn’t need to do anything to become a target, it can take steps to mitigate threats against it.
The only thing companies can do is take action by monitoring websites, social media, and paid ads to proactively remove online threats. Customers that have worked with us for several years have seen that the effort is worth it because they are targeted less and less – forcing bad actors to attack easier targets, thus preventing future threats rather than just remediating.
In your opinion, which types of organizations should be especially concerned with brand protection?
Cybercriminals target businesses at all levels, but oftentimes smaller brands – unlike major ones – don't realize they are a target. As such, they don’t take the necessary steps to protect their online assets and reputation. The consequences of fraud on SMEs can be personally devastating, so I would urge that it's important to be vigilant at all levels.
What new threats should the public be ready to take on in 2022? What security tools should be implemented?
While the public can be vigilant about domain URLs that are misspelled and about people reaching out to them via social media direct messages, ultimately, brands need to take action to protect their customers. If a company or a public persona lets impersonations of their brand run wild without regard for the people being duped, they are contributing to the problem.
As previously mentioned, when a brand actively combats these threats, the number of attacks against it is lessened. Taking steps to protect valued customers helps everyone in the long run.
Share with us, what’s next for BrandShield?
The next step for BrandShield is launching our 3.0 updated version of our platform. It will introduce new analysis, detection, and takedown solutions and features to reveal more fraud networks and attacks – taking brand-oriented digital risk protection and online brand protection to a whole new level. We’ll have more to share on this in the coming months, so stay tuned.