Brand Intelligence: The First Line of Defense for Threat Intelligence Teams

As digital adversaries ramp up brand abuse and impersonation attacks across multiple attack vectors, a new kind of threat intelligence is giving enterprise security teams the tools and capabilities they need to fight back.

Brand intelligence has emerged as the first line of defense for threat intelligence teams in 2022, with software and AI-driven solutions that safeguard brand-related assets and data across the public attack surface. 

As online adversaries aim to exploit the digital presence of target companies across multiple industries, brand intelligence empowers those organizations to protect their data, people, customers, and reputation against scams and fraudsters in our increasingly digital environment.

In this blog, we’re taking a closer look at brand intelligence and its role as the first line of defense for threat intelligence teams in modern organizations.

Download a copy of our Threat Intelligence Buyers' Guide.

Why is Brand Intelligence and Protection a Security Challenge?

Modern organizations are leveraging a growing number of online platforms to drive brand awareness and engage with their customers. Marketing teams are actively working to expand their organization’s footprint on the internet and social media, striving to boost their brand’s reputation and drive more visibility and sales.

But there’s a potential security downside that comes with continuously expanding your organization’s digital presence. From a security perspective, your brand consists of the digital assets (e.g. website, social media accounts, chat profiles, etc.) and data associated with your organization that customers engage with online. The more digital assets you create and operate across multiple channels, the easier the target for bad actors looking to capitalize on your online presence through impersonations, phishing attacks, and fraud.

To effectively counteract these threats, a brand intelligence solution must encompass the identification and removal of impersonations (both corporate and executives), detecting and thwarting account takeovers, early discovery of breaches and quick remediation, hardening defenses based on early attack warning, and more. 

Brand intelligence provides security teams with actionable intelligence to proactively identify and disrupt cyber attacks that threaten the brand and enterprise.

What is Brand Intelligence?

Brand intelligence is threat intelligence with a specific focus on protecting an organization’s digital presence - including its website, social media profiles, and other online properties or assets.

Brand intelligence solutions collect and analyze data across public and digital platforms, including the surface, Deep and Dark Web, social media, mobile app stores, etc., with a unique focus on identifying risks to the organization’s brand, products, and data in real time.

Brand risks can encompass many different kinds of cyber attacks, such as spoofed domain attacks, typosquatting, account takeovers, phishing and fraud, credential compromise attacks, data leakage, or the impersonation of brands and executives online.

Once a brand risk has been detected, brand intelligence service providers can alert the targeted organization and initiate a takedown of the fraudulent infrastructure, including fake social media accounts, spoofed domains, or fraudulent mobile apps.

Brand Threat Intelligence Trends You Should Know

To effectively anticipate and counteract brand-based cyberattacks, organizations should be aware of the latest trends in brand threat intelligence. Here’s what you need to know about how today’s digital adversaries are weaponizing brand assets to defraud their enterprise targets:

1. Digital Adversaries Increasingly Target the FinSec Industry

Financial services providers are among the most frequent targets for digital adversaries. One common scam is for digital fraudsters to replicate a FinSec company’s login page on a fake website or mobile app, then funnel its customers to the fake page in hopes of harvesting their access credentials and stealing money. 

Digital adversaries have been known to target large national banks with millions of customers, but we’re also seeing attacks against smaller regional institutions that may have weaker security controls in place to detect and prevent brand impersonation and related kinds of fraud.

1. Email Account Takeovers are on the Rise

Email accounts are often used to store passwords or authenticate access to other services, including financial services, banking, or other secured systems. If a digital adversary can gain control of a target’s email account, they may be able to gain access to their banking or other financial accounts.

Email account takeovers and similar attacks are becoming increasingly common, with one source reporting a 300%+ increase between 2019 and 2021.

Adversaries can attempt to steal an email account using a variety of methods. An adversary might try to send the target a malicious file containing a virus that spies on their computer and steals their access credentials. They could also use a spoofed email to impersonate the target organization's IT department and launch phishing attacks against its employees.

1. Logistics and Shipping Companies are Targeted by Impersonators

Recent data has shown that shipping and logistics companies like FedEx and DHL are among the most frequent targets for brand impersonation.

The rise of eCommerce business models means that consumers are ordering things online with a high frequency, such that an email appearing to come from DHL or FedEx doesn’t necessarily raise suspicion. Digital adversaries use spoofed email addresses to impersonate these brands and funnel their targets to fake domains with the intent of stealing their personal data or payment information.

How Brand Intelligence Fits into the Broader Threat Intelligence Strategy

In its Q1 2021 report on external threat intelligence services, Forrester identified three key requirements for a robust threat intelligence strategy: primary source intelligence, brand intelligence, and vulnerability intelligence. 

• Primary Source Intelligence consists of direct observations of threat activity via incident response engagements, as well as access to the sensors that monitor and observe threat activity across the public attack surface.
• Brand Intelligence consists of proactively monitoring the public attack surface to identify, detect, and disrupt digital threats to an organization’s brand, employees, and customer base.
• Vulnerability Intelligence consists of monitoring for new vulnerabilities, passing on vulnerability information, and helping organizations minimize the risk of vulnerability exploitation and resulting application downtime.

While primary source intelligence and vulnerability intelligence are clearly valuable services, only brand intelligence delivers the proactive brand monitoring and specific intelligence that brands need to identify and decisively counteract digital threats.

What Does Brand Intelligence Include?

Brand intelligence service providers deliver on a range of use cases for their enterprise clients. Below are five of the most effective brand protection measures delivered as part of a brand intelligence solution.

1. Listening for Attack Planning Chatter

When digital threat actors are plotting an attack against your organization, they often discuss their plans, purchase illicit assets, or coordinate attacks with other malicious groups on dark web hacker forums. 

An effective approach to brand intelligence uses both software and human operatives to listen for attack planning chatter across the surface, Deep, and Dark Web. This capability helps organizations anticipate and deter attacks before they cause damage.

1. Monitoring the Public Attack Surface for Fraudulent Brand Assets

In preparation for an attack against your brand, digital threat actors will often begin to stand up fraudulent digital assets. These can include things like fraudulent mobile apps, spoofed email addresses, or a replica of your website on a spoofed domain. 

Modern brand intelligence solutions like ZeroFox use AI-driven technology to monitor publicly available platforms (e.g. the surface, Deep and Dark Web, social media, business collaboration tools, etc.) and detect the staging of fake and malicious domains or other assets. 

Early detection of fraudulent assets gives organizations the opportunity to minimize damage by deploying rapid countermeasures against digital fraudsters.

1. Identifying and Alerting on Malicious Brand Attacks

After standing up fraudulent brand assets, the next step for a digital adversary is to start funneling potential victims to those assets.

An adversary might set up a fake website or mobile app to steal payment information or login credentials from the customers of a bank. They might try to funnel your customers to a fraudulent asset by creating a fake social media profile to impersonate an executive at your organization. They might also use email spoofing or social engineering techniques to impersonate your company’s executives and scam your employees/customers.

Brand intelligence software can detect malicious links that adversaries share across social channels to harm your company. Once detected, fraudulent domains can be blacklisted via services like VirusTotal, APWG, and Google Safe Browsing to prevent future attacks.

1. Correlating Attacks Across Multiple Vectors

Digital adversaries use a combination of Tactics, Techniques, and Procedures (TTPs) to launch brand attacks against enterprise targets. Many of these TTPs are well-documented in resources like the MITRE ATT&CK Framework, but adversaries can also deploy novel TTPs that have never been seen before. 

Brand intelligence services have access to huge databases that correlate cyber attack patterns with specific attack vectors and known threat groups. This data allows brand intelligence providers to recognize known attack patterns as they unfold, anticipate what a threat actor could be planning next, and deploy the right countermeasures to disrupt the attack.

1. Dismantling Attacker Infrastructure

The best way to disrupt and frustrate digital adversaries is to proactively detect and dismantle their fraudulent infrastructure before they can launch a successful attack. That often means communicating directly with platform arbiters to report the fake assets and initiate a takedown request.

Brand intelligence service providers like ZeroFox maintain relationships with domain registrars, social media platform compliance teams, and other platform arbiters to facilitate rapidly dismantling attacker infrastructure and stifling cyberattacks.

3 Benefits of ZeroFox Brand Intelligence Software

1. Safeguard Brand Integrity

With consumers increasingly choosing to interact with their preferred brands online, digital experiences play a key role in winning new business and cultivating long-term consumer trust. ZeroFox Brand Protection preserves the integrity of your online presence by detecting and disrupting brand threats in the digital space before they harm your image and drive away customers.

1. Maximize Customer Engagement

When new or existing customers see your brand represented online, you want it to be the real you - every single time. ZeroFox makes this a reality by efficiently dismantling fraudulent digital infrastructure that uses your brand identity without your authorization. 

Eliminating the frauds and impersonators helps you maximize engagement by ensuring that every customer is interacting with authentic accounts and advertisements - not fake ones created by scammers.

1. Leverage AI to Automate Protection

Monitoring the public attack surface in real-time for emerging brand risks, gathering and analyzing data, and extracting insights to protect your organization would be virtually impossible without help from AI. 

At ZeroFox, we’re using artificial intelligence to automate data analysis and content takedowns. As a result, we’re able to minimize the volume of human labor that goes into finding and addressing brand risks, even while enhancing your organization’s overall cybersecurity posture.

AI helps us monitor the public attack surface for brand risks on a scale that would otherwise require hundreds or thousands of human threat analysts.

Watch our Brand Intelligence Webinar and Hear from Forrester

In The Forrester Wave: External Threat Intelligence Services, Q1, 2021 report, ZeroFox was listed as a strong performer and designated best-in-class for brand threat intelligence use cases and takedown services. 

To further explore recent threat trends and the emergence of brand threat intelligence, we hosted a webinar called Brand Threat Intelligence: The First Line of Defense. The webinar featured our own moderator David Stuart, ZeroFox Managing Director and VP Services James Carnall, and Brian Kime, ZeroFox VP of Intelligence Strategy and Advisory. 

To learn more about brand threat intelligence and how ZeroFox can help, you can watch the webinar or download the full report using the links below.

Protect Your Business from Revenue-Damaging Threats with ZeroFox Brand Intelligence

ZeroFox provides enterprises with brand intelligence, protection, and disruption to dismantle external threats to brands, people, assets, and data across the public attack surface in one, comprehensive platform.

The ZeroFox platform uses an AI-driven analysis engine to identify and remediate brand risks that materialize across the social and digital landscape, including on platforms such as LinkedIn, Facebook, Slack, Instagram, Pastebin, YouTube, mobile app stores, domains, and cloud-based email.

With ZeroFox Brand Protection, you can effectively counteract unauthorized usage of your brand assets, and protect your business from revenue-damaging threats.

Ready to learn more?