Part 2: Brand-Targeted vs. Brand-Associated Malware: What’s the Biggest Threat to your Organization?

In Part One of this three-part series about the top threats to be aware of for operating on the internet in 2018 I reviewed the trust issues around verifying secure sites and different aspects of SSL certificates. I’ll now move on to discuss the issues associated with malware and what we expect to see in 2018.

Malicious software has transitioned over the years, from relatively harmless adware to spyware, to keystroke loggers and banking trojans, to the massive ransomware attacks widely reported around the world in 2017 â such as with the Wannacry and Petya attacks. Throughout these developments, there has been an ebb and flow of how malware is focused, either as brand-targeted or generic, as well as how it’s distributed to bypass protection protocols of current AntiMalware and AntiVirus solutions.  

Brand-Targeted Malware

At a very basic level, brand-targeted malware can be defined as a targeted attack, where the malware code itself was written to target a specific list of brands or organizations. This type of malware is specifically created to target an organization (or a set of them) but remains dormant until the user navigates to the websites of the targeted organization(s) and the malware then wakes up and starts tracking keystrokes and stealing information.

Brand-targeted malware was prevalent several years ago. However, as cybercriminals progressed in sophistication, they have also become more efficient in how they target organizations.

Why target one organization when you can use the same structure to target many at once? Indeed, common malware types, like Trickbot, Bankbot, Marcher, etc., include config files written to target multiple brands simultaneously to pull back as much data as possible. In many cases, the malware is targeting hundreds of brands at one time, essentially making the malware generic rather than targeted.

Brand-Associated Malware

In contrast, brand-associated malware is much easier and more direct because the association with the brand occurs via the most common distribution channel: email.

Brand-associated malware is generic in nature and does not target the brand directly in the malware config file, but it misrepresents the brand in the email distribution.

This serves two purposes for a cybercriminal:

  1. An email has the appearance of coming from a trusted brand, so there is a higher likelihood of click-throughs by the consumer recipient;
  2. The distribution list can be highly targeted to specific consumer or customer data sets for an even higher return.

Consumers trust the branded email and are more likely to open any attachment from an organization they do business with than from a generic, unbranded email. The emails use social engineering tactics to convince a recipient of the authenticity. For example, an email impersonating a mobile telecommunications company may indicate that an invoice for a new device is attached, or a software company may ask customers to open an attachment to accept new terms and conditions. This approach is intended to trick as many consumers as possible without the restriction of being tied to specific organization(s) in the malware configuration.

The brand erosion for organizations can be severe with this type of attack, and can be especially damaging to an email marketing channel. MarkMonitor conducted a global consumer survey in 2016 to analyze how consumers respond to cybercrime. In our findings, 78 percent of consumers indicated that cyberattacks on companies affect their perception of those brands, and 74 percent of respondents said brands should protect and educate them more thoroughly on the dangers of online fraud.

What’s the Best Option?

At MarkMonitor we think that a malware distribution channel targeting a specific brand poses a greater risk even if the malware is generic. There is value in monitoring for brand-targeted malware as well, and we can certainly mitigate those too, but it’s important to understand whether it’s truly targeting one specific organization or not. If the malware is targeting multiple brands, then it is necessary to determine how proactively your organization will mitigate malware for these other organizations.

In my next blog post, I’ll revisit the risks associated with upcoming tax season in the United States.