The most valuable UK companies are becoming increasingly exposed to false domain registrations against them, with cyber criminals setting up dummy copies of websites to capture user data.
81 percent of FTSE 100 organisations had potentially malicious domain registrations against them in the last three months, according to a report by Anomali titled ‘The FTSE 100: Targeted Brand Attacks and Mass Credential Exposures’.
Anomali detected 527 registrations in the last three months, with each registration creating a domain name that differs very slightly from the company’s official domain name in an attempt to trick users into clicking it and entering data.
The report said that this data could then either be sold or used to access a company’s network.
Most affected were companies in financial services, with 376 out of the 527, or 71 percent of the registered sites flagged as suspicious. Retail followed with 175 and critical infrastructure with 75.
These domains were registered most commonly to addresses in China, with the US coming second and Panama third.
The report also found that large numbers of the organisations were allowing employees to use their work credentials, such as email and password, for third party websites not related to work. 5275 compromised email and unencrypted password accounts were found to be on the Darkweb, paste sites, hacking forums, or posted through accidental exposure
This meant that 50 employees for each FTSE 100 company have had their email and data credentials exposed due to employees using them on sites that have been hacked by cyber attackers.
Anomali noted that 40 corporate credentials across 23 companies were compromised in April when a UK-based football website had its database dumped and exposed on the Darkweb.
Jamie Stone, VP of EMEA of Anomali, said that "the evidence gathered across our threat intelligence platforms demonstrates that some basic security measures are not being adopted or followed at some of the largest and most prominent companies in the UK. The results of the report should be a wake-up call for these organisations, highlighting just how vulnerable they are in ways they might not even have considered."
The data comes at a time when many cyber threats are escalating; there was a 3500 percent increase in the creation of ransomware domains in the first quarter of 2016 compared to Q4 2015, according to research carried out by Infoblox and released 1 June.