Brand-monitoring tool bridges business-IT security divide by ferreting out shadow-IT, phishing knockoffs

Australian security consultancy Securus Global is winning converts in both IT-security and marketing organisations on the back of a locally-built managed service designed to sniff out duplicate Web sites built by cybercriminal scammers and brand copyright infringers.

The company's recently launched Scorpion service started out as a bespoke project with a bank client that needed a way to find Web sites that were designed to replicate its own site – for example, by phishing scammers seeking to trick customers into sharing their login or other personal details.

The tool would use search-engine crawling, and a range of other techniques, to find legitimate and potentially problematic sites and monitor changes in their content, structure or even IP address over time. Regular scans would allow delta-based analysis to pinpoint new sites and prioritise a list of candidates for further investigation.

As the bank project evolved, it became clear the service would have broader appeal as a tool helping brand-name organisations to keep tabs on the unauthorised usage of their brand by third parties – particularly those selling counterfeit product knockoffs. The same process would also rapidly surface not only spammers' fake landing pages, highlighting duplicate 'shadow IT' sites that were often set up by departments of large organisations as test sites or to bypass Byzantine internal approval regulations.

“In all big companies, business units often say it's just too hard to go through internal processes” for spinning up new Web sites,” Securus Global CEO Chris Williams told CSO Australia. “They don't do it maliciously, but they don't always realise that it can diminish the overall brand, or potentially open a back door into the network.”

Because the Scorpion platform deals both with brand infringements as well as security issues, the service rapidly became popular both with business and technical types – providing crossover appeal that is often difficult to achieve.

“The marketing guys latched onto it and reckon it was fantastic,” Williams recalled. “We often struggle with the IT and security people speaking IT-speak, but this issue seems to have bridged that gap. There's been this crossover between security and the business, since these issues are important to anyone with brand recognition that values their brand.”

Scorpion is currently available as a managed service after its launch earlier this month, where it is run internally and reports fed to security consultants to go through with customers. Because of the volume of Web sites being scanned, the process can take days – Williams said three days seems to be “the optimum tradeoff”, although customers can extend or shorten the scanning if they want to.

“Analysing the sites through different search engines, including some more obscure ones, gives us good coverage,” he said, noting that filters are used to minimise false-positives in aggregation and other sites.

Read more: Cybersecurity careers suffering brand-recognition problems amongst young Australians

As an example, one recent scan within the bank – where Scorpion has gone live and has become part of the business-as-usual process – delivered 300 hits after the first scan, but further filtering reduced this to a list of 95 candidates for examination.

“We've got it pretty well automated by now,” Williams said.

Banks are only one of many industry sectors where the tool is piquing interest: shadow-IT remains a daily problem in large complex university networks, for example, and government agencies like the ATO need to keep tabs on potentially harmful copycat sites as they’ve been favoured targets of scammers for many years.

Continued development is expected to turn Scorpion into a set-and-forget Web service that will do the scanning in the background and send clients reports when the analysis is complete. Better analysis of graphics and white-labelled solutions are also on the radar, potentially allowing all manner of consulting agencies to resell an even more-functional service to their customers.

Redirection of customers to deceptive Web sites remains a popular modus operandi for online scammers, with continuing success – particularly in the banking sector. Yet even though phishing attacks siphoned nearly £30m ($A64m) from UK banks in the first half of 2014 alone, a review earlier this year found that banks, along with healthcare organisations, were still falling short on protection from spam and phishing attacks orchestrated by often audacious scammers.

In May, a Russian cyber group was seen preparing to attack banks in the US and elsewhere. Last month, Australian banking apps were said to have been targeted with malware that would bypass transaction protection mechanisms.

Williams previously flagged the development of innovative new security tools as key to building revenue streams that would support staff development and recruitment in the challenging market for skilled IT professionals.

Join the CSO newsletter!

Error: Please check your email address.

Tags IT-securitybankingfinancephishingSecurus GlobalCSO AustraliaScorpion

More about CSOSecurus Global

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place