Behind the Scenes of a Brand Protection Takedown
August 26, 2020 • Tom Wentworth
As the Chief Marketing Officer at Recorded Future, I care deeply about our brand. It’s the public perception of our organization, and by building an authentic and influential brand, we establish trust and loyalty with our customers.
I’ll be honest: Before joining Recorded Future, I never really thought about the impact of security on brand. But the reality is that while companies work tirelessly over years, decades, and even longer to build a brand, all of that brand equity can be wiped out almost overnight as a result of a security breach.
As a quick background, Recorded Future empowers clients to find and take down typosquat domains, leaked credentials, bank identification numbers, fake social media accounts, code leaks, talk of your brand on dark web markets, and more.
These days, it’s never been easier (or more profitable) to be a cyber-criminal. The stakes for brand protection have never been higher. That’s why I wanted to share the story of how the security team at Recorded Future successfully defended our brand using our own brand intelligence solution.
It started one day when a member of our security team that monitors for cybersecurity issues found what might be a security incident, and asked a question about it in our #marketing Slack channel:
“@here can you please advise if this is a page marketing created?”
They had uncovered that there was a mirror image of the Recorded Future website running on a suspicious domain that was initially registered in China and was currently hosting a few hundred seemingly random US and Chinese sites.
The mirrored site was especially troubling as the login page to the Recorded Future platform was also being served.
Now, the good news was that the login page was not yet accepting logins, but it would have been trivial for someone to turn that page into a phishing campaign.
Once the marketing team confirmed that this site wasn’t some sort of separate project or staging environment for recordedfuture.com, our security team quickly sprung into action. To get this malicious site removed, we simply used Recorded Future’s takedown services — which is available to our clients as a component of our brand intelligence solution. Takedown services work with several providers, including NameSilo, Cloudflare, Hurricane Electric, and Contabo to enact the take-down.
The result? Less than 5 hours later, the malicious site was gone and a potential threat to our brand was eliminated.
So, why would someone mirror our entire site? Perhaps it was to simply use our brand name to gain more traffic to their site? Or maybe it was going to be used in a phishing attack to harvest user credentials?
Regardless, the net result was that we protected our brand from a potential threat, allowing this CMO (and Gavin, our CSO) to sleep better at night.
Download our short e-book, “Protecting Your Brand With Security Intelligence,” today to learn how brand intelligence empowers you to disrupt adversaries and defeat digital threats to your brand.