Business in United Kingdom (UK) is passing through a tough period. This is evident from the developments that are taking place at the Financial Times Stock Exchange (FTSE) 100 index. FTSE 100 index is a share index of the 100 companies listed on the London Stock Exchange with the highest market capitalisation. Their position in the index is decisive in determining how well UK businesses are performing for the companies themselves and the UK economy.
The FTSE 100 closed lower on Wednesday after the Organisation for Economic Co-operation and Development (OECD) predicted a reduction in its earlier UK economic forecasts. The OECD downgraded its forecast for UK growth this year to 1.7%, from the 2.2% that it estimated in February. OECD is hoping that UK would vote in affirmative to remain in the European Union in the 23 June referendum. OECD has warned that a vote to leave the EU would see the UK economy suffer a “large economic shock”. It said by 2020 gross domestic product could be 3% below the level it might be otherwise if it voted to remain in the EU.
If this is not enough problem, a recent threat intelligence report has revealed that 81% of FTSE 100 companies are vulnerable to brand spoofing and malicious domain registrations. These companies are increasingly targeted for malicious domain registrations against them so that cyber criminals can capitalise from the same. Cyber criminals are setting up exact duplicate copies of the websites of these companies and unwary and innocent users are victim of cyber frauds and cyber crimes due to this process.
The story does not ends here. The report has found 5,275 compromised email and unencrypted password accounts in total, on hacking forums, paste sites and deep web. This means on an average 50 employees at each FTSE 100 company have unintentionally exposed their details to cyber criminals.
The modus operandi of cyber criminals is very simple and is already in use all across the world. The cyber criminals register a domain name very identical to the targeted company’s website. When innocent users log in to such fraud websites, they unintentionally part way with the crucial log in and other details. The data could then either be sold or used to access a company’s network. 71% of the targeted companies were companies in financial services. Retail and critical infrastructure were the other targeted companies. The deceptively similar domains were registered most commonly to addresses in China, with the US coming second and Panama third.
The evidence gathered across the threat intelligence platforms demonstrates that some basic security measures are not being adopted or followed at some of the largest and most prominent companies in the UK. The results of the report should be a wake-up call for these organisations, highlighting just how vulnerable they are in ways they might not even have considered.
Please see the report titled The FTSE 100: Targeted Brand Attacks and Mass Credential Exposures (pdf) for more details.