Behind the Scenes of a Brand Protection Takedown

August 26, 2020 • Tom Wentworth

As the Chief Marketing Officer at Recorded Future, I care deeply about our brand. It’s the public perception of our organization, and by building an authentic and influential brand, we establish trust and loyalty with our customers.

I’ll be honest: Before joining Recorded Future, I never really thought about the impact of security on brand. But the reality is that while companies work tirelessly over years, decades, and even longer to build a brand, all of that brand equity can be wiped out almost overnight as a result of a security breach.

As a quick background, Recorded Future empowers clients to find and take down typosquat domains, leaked credentials, bank identification numbers, fake social media accounts, code leaks, talk of your brand on dark web markets, and more.

These days, it’s never been easier (or more profitable) to be a cyber-criminal. The stakes for brand protection have never been higher. That’s why I wanted to share the story of how the security team at Recorded Future successfully defended our brand using our own brand intelligence solution.

It started one day when a member of our security team that monitors for cybersecurity issues found what might be a security incident, and asked a question about it in our #marketing Slack channel:

“@here can you please advise if this is a page marketing created?”

They had uncovered that there was a mirror image of the Recorded Future website running on a suspicious domain that was initially registered in China and was currently hosting a few hundred seemingly random US and Chinese sites.

Screenshot

The mirrored site was especially troubling as the login page to the Recorded Future platform was also being served.

Screenshot

Now, the good news was that the login page was not yet accepting logins, but it would have been trivial for someone to turn that page into a phishing campaign.

Yikes!

Once the marketing team confirmed that this site wasn’t some sort of separate project or staging environment for recordedfuture.com, our security team quickly sprung into action. To get this malicious site removed, we simply used Recorded Future’s takedown services — which is available to our clients as a component of our brand intelligence solution. Takedown services work with several providers, including NameSilo, Cloudflare, Hurricane Electric, and Contabo to enact the take-down.

The result? Less than 5 hours later, the malicious site was gone and a potential threat to our brand was eliminated.

So, why would someone mirror our entire site? Perhaps it was to simply use our brand name to gain more traffic to their site? Or maybe it was going to be used in a phishing attack to harvest user credentials?

Regardless, the net result was that we protected our brand from a potential threat, allowing this CMO (and Gavin, our CSO) to sleep better at night.

Download our short e-book, “Protecting Your Brand With Security Intelligence,” today to learn how brand intelligence empowers you to disrupt adversaries and defeat digital threats to your brand.

New call-to-action

Related Posts

Defend Your Physical Assets With Geopolitical Intelligence

Defend Your Physical Assets With Geopolitical Intelligence

September 24, 2020 • The Recorded Future Team

Physical security teams and all-source analysts must continuously monitor for and report on new...

4 Things Nobody Tells You About Security Intelligence

4 Things Nobody Tells You About Security Intelligence

September 23, 2020 • The Recorded Future Team

Threat intelligence has huge potential to help organizations make better security decisions and...

Proactively Reduce Risk With Third-Party Intelligence

Proactively Reduce Risk With Third-Party Intelligence

September 22, 2020 • The Recorded Future Team

Increasingly, companies choose to outsource business functions, meaning the number of third parties...