News
Report: Thieves Target Online Travel Sites
Research from security vendor MarkMonitor shows digital outlaws hijacking the brands of online travel companies and airplane parts manufacturers.
By Bill Brenner, Senior Editor
He's also not surprised the bad guys are making so much money since, as Danchev noted, they are getting more adept at using cybersquatting and SEO tactics, a trend reflected in a recent special report from CSO magazine (Black Hat SEOs: Is This the Future of Search?).
Danger in the skies?
Though he wasn't surprised to see travel sites targeted so aggressively, Felman said he was shocked by research showing vendors in China, the U.S. and other countries selling questionable aircraft components in bulk online.
"Given all the regulations out there, it's surprising that we found so many bogus parts sites," he said. "There's a growing risk that these parts could end up in standard distribution channels."
Other security experts are far less surprised to see bogus airplane parts proliferating across cyberspace. For them, the China connection in particular is a no-brainer.
"I'm not surprised by anything coming from China," said Petko D. Petkov, a self-described hacker and founder of UK-based think tank GNUCITIZEN. "The cyber laws in China are a bit vague and [hackers] are usually left to do whatever they want without consequences."
Independent security consultant and former Radianz CSO Lloyd Hession noted that there has always been a market for bogus plane parts and that people have been traveling for years in planes fitted with some of the questionable components. It's just that the bad guys have finally taken their business online, he said.
Security options limited
While companies can reduce the threat to their reputations through a layered security program and constant surveillance to see if their brands are being abused, Petkov said defensive options are limited.
"In the case of brandjacking, I don't think there's an easy solution due to the fact that the people who abuse the particular brand may not reside within a country that has sensible regulations" to deal with the practice, he said.
In cases where phising attacks happen via a third-party domain the targeted company has no control of, there is very little to do, he said. One can contact the ISP in charge of the domain or the hosting space with the hope that they will terminate it, or report the malicious URLs to numerous anti-phishing registers.
Unfortunately, he said, "none of these workarounds will be 100 percent effective."
For its report, MarkMonitor analyzed feeds from leading international ISPs, e-mail providers and other alliance partners.
Other stories by Bill Brenner
Brandjacking
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Log Management in a Cyber World
- Implementing Best Practices for Web 2.0 Security
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
