iTWire: Top Australian Firms Vulnerable to Domain Spoofing
Research completed by cyber security firm Agari claims that only 4% of companies on the ASX 100 are protecting the public against domain name spoofing that is used to trick consumers into believing messages come to them from a particular domain.
Vidur Apparao, the chief technology officer of Agari, a founding member of the standard called domain-based message authentication, report and conformance (DMARC), cited a study that examined phishing amid slow adoption of email authentication using DMARC for this claim.
The Australian component of the study was done in collaboration with Sydney-based infosec firm InfoTrust.
He said it had been found that 96% of Australia’s leading companies had left their customers, partners and brand names vulnerable to domain name spoofing, one of the most common vectors of digital deception attack.
“It is unconscionable that only 4% of the ASX 100 organisations are protecting the public against domain name spoofing,” he said.
“Phishing and other forms of digital deception are preventable, and the first step is for our largest companies and government organisations to deploy DMARC, a highly effective open standard.”
DMARC was born in 2007 following a pilot between PayPal and Yahoo! to eliminate phishing emails. Apparao said Agari had worked with AOL, Comcast, Google, Microsoft and Yahoo! to protect the receipt of email since January 2012.
He claimed DMARC more or less eliminated domain name spoofing and associated attacks like phishing, when DMARC policies were set to quarantine or reject unauthenticated email.
Among the ASX 100, another 23% adopted a minimal DMARC policy that monitored, but did not prevent domain spoofing, Apparao said. DMARC adoption was also not high among Fortune 500 and FTSE 100 companies.
“Less than a quarter of ASX 100 companies have DMARC but are only monitoring email traffic and not yet actively rejecting or quarantining suspicious or deceptive emails,” said Dane Meah, chief executive of InfoTrust. “Only 4% are either rejecting or quarantining unauthenticated emails.”
“Equivalent companies in the Fortune 500 and FTSE 100 fared better with adoption rates at one third, and active deployment (rejecting or quarantining) about double the Australian rate.”
Meah said this should be a wake-up call to Australian companies. “Cyber criminals are global operators and will look to regions where targets are most vulnerable and wealthy. As other countries get ahead of us with DMARC protections, we’re likely to become more attractive to attackers,” he added.
To read the original article click here.
see our
Related resources
As InfoTrust approaches its 7th anniversary, we are excited to announce significant changes as we grow our foothold in the cybersecurity market and look ahead to future expansion. Co-founders Dane Meah and Simon McKay will be stepping into Board positions while welcoming a new CEO, Keith Buckley to run the day-to-day operations and fuel the next stage of growth.
Buckley brings with him several decades of experience in the technology sector for companies including Dell, Symantec, McAfee, Riverbed and most recently Citrix, with a strong track record of taking established businesses to the next level.
Faced with a range of challenges from emerging cybersecurity threats to the COVID-19 Pandemic, Not-For-Profit Organisations in particular, are being tested on how they deal with the evolving threat landscape. The Salvation Army’s recent implementation of InfoTrust’s Incident Response Retainer Services prompted Justin Flower, InfoTrust’s Southern Region – General Manager to interview<
Salvation Army has augmented its cybersecurity capabilities by investing in InfoTrust’s Incident Response Retainer Services. This service supports the Salvation Army security team in responding to cyber incidents, reducing the potential risk of damage and breaches. InfoTrust’s consultants assist in finding the root cause of a security incident, provide containment and subsequent remediation advice.
Following on from Australian Prime Minister, Scott Morrison’s announcement the morning of Friday 19th June. InfoTrust has provided advice to media outlets and the general public on what they, and Australian businesses, can be doing to protect themselves against cyber attacks. Although this is not new information to many organisations, who generally have a good understanding of the cyber threats they face. The key message from the announcement was that the increased frequency, and sophistication of these attacks from a state-sponsored actor against the Australian government and businesses is of concern. The advice from the Government is to ensure you remain vigilant and cautious of any digital communication and interaction online.
I’m excited to announce that InfoTrust has been awarded Netskope’s Emerging Partner of the year 2019.
Each year Netskope awards this to partners that deliver not only consistent customer growth but also leverage the breadth of Netskope’s solution to create ground-breaking services.
“InfoTrust has demonstrated significant customer success, solution innovation, speed to market and deployment, and innovative go-to-market strategies. The fluid nature of cloud services and user flexibility in accessing and working with customer data has resulted in massive security challenges for the enterprise. This requires new approaches and best practices — two things core to InfoTrust’s success” – Reno Maglitto, A/NZ Director of Channel & Alliances at Netskope.
We’re excited to announce that last month InfoTrust achieved CREST certified status.
The Council of Registered Ethical Security Testers (CREST) is a non-profit organisation, which assesses and certifies that an individual or business is providing security assurance services of exemplary quality, with deep understanding and knowledge of the latest vulnerabilities and techniques used by real attackers.
Although we have employed CREST certified individuals for some time now, this is an exciting step for InfoTrust as it is an additional certification achieved by utilising best-practice methodologies and the highest standards of test hygiene and conduct.
We're Here To Help