Brand-monitoring tool bridges business-IT security divide by ferreting out shadow-IT, phishing knockoffs
- 19 November, 2015 07:59
Australian security consultancy Securus Global is winning converts in both IT-security and marketing organisations on the back of a locally-built managed service designed to sniff out duplicate Web sites built by cybercriminal scammers and brand copyright infringers.
The company's recently launched Scorpion service started out as a bespoke project with a bank client that needed a way to find Web sites that were designed to replicate its own site – for example, by phishing scammers seeking to trick customers into sharing their login or other personal details.
The tool would use search-engine crawling, and a range of other techniques, to find legitimate and potentially problematic sites and monitor changes in their content, structure or even IP address over time. Regular scans would allow delta-based analysis to pinpoint new sites and prioritise a list of candidates for further investigation.
As the bank project evolved, it became clear the service would have broader appeal as a tool helping brand-name organisations to keep tabs on the unauthorised usage of their brand by third parties – particularly those selling counterfeit product knockoffs. The same process would also rapidly surface not only spammers' fake landing pages, highlighting duplicate 'shadow IT' sites that were often set up by departments of large organisations as test sites or to bypass Byzantine internal approval regulations.
“In all big companies, business units often say it's just too hard to go through internal processes” for spinning up new Web sites,” Securus Global CEO Chris Williams told CSO Australia. “They don't do it maliciously, but they don't always realise that it can diminish the overall brand, or potentially open a back door into the network.”
Because the Scorpion platform deals both with brand infringements as well as security issues, the service rapidly became popular both with business and technical types – providing crossover appeal that is often difficult to achieve.
“The marketing guys latched onto it and reckon it was fantastic,” Williams recalled. “We often struggle with the IT and security people speaking IT-speak, but this issue seems to have bridged that gap. There's been this crossover between security and the business, since these issues are important to anyone with brand recognition that values their brand.”
Scorpion is currently available as a managed service after its launch earlier this month, where it is run internally and reports fed to security consultants to go through with customers. Because of the volume of Web sites being scanned, the process can take days – Williams said three days seems to be “the optimum tradeoff”, although customers can extend or shorten the scanning if they want to.
“Analysing the sites through different search engines, including some more obscure ones, gives us good coverage,” he said, noting that filters are used to minimise false-positives in aggregation and other sites.
As an example, one recent scan within the bank – where Scorpion has gone live and has become part of the business-as-usual process – delivered 300 hits after the first scan, but further filtering reduced this to a list of 95 candidates for examination.
“We've got it pretty well automated by now,” Williams said.
Banks are only one of many industry sectors where the tool is piquing interest: shadow-IT remains a daily problem in large complex university networks, for example, and government agencies like the ATO need to keep tabs on potentially harmful copycat sites as they’ve been favoured targets of scammers for many years.
Continued development is expected to turn Scorpion into a set-and-forget Web service that will do the scanning in the background and send clients reports when the analysis is complete. Better analysis of graphics and white-labelled solutions are also on the radar, potentially allowing all manner of consulting agencies to resell an even more-functional service to their customers.
Redirection of customers to deceptive Web sites remains a popular modus operandi for online scammers, with continuing success – particularly in the banking sector. Yet even though phishing attacks siphoned nearly £30m ($A64m) from UK banks in the first half of 2014 alone, a review earlier this year found that banks, along with healthcare organisations, were still falling short on protection from spam and phishing attacks orchestrated by often audacious scammers.
In May, a Russian cyber group was seen preparing to attack banks in the US and elsewhere. Last month, Australian banking apps were said to have been targeted with malware that would bypass transaction protection mechanisms.
Williams previously flagged the development of innovative new security tools as key to building revenue streams that would support staff development and recruitment in the challenging market for skilled IT professionals.