{"id":50571,"date":"2024-02-13T14:12:22","date_gmt":"2024-02-13T19:12:22","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=50571"},"modified":"2024-02-13T14:25:05","modified_gmt":"2024-02-13T19:25:05","slug":"cyberattacks-on-your-marketing","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/cyberattacks-on-your-marketing\/50571\/","title":{"rendered":"Five cyberattacks on marketing departments"},"content":{"rendered":"

When it comes to attacks on businesses, the focus is usually on four aspects: finance, intellectual property, personal data, and IT infrastructure. However, we mustn\u2019t forget that cybercriminals can also target company assets managed by PR and marketing \u2014 including e-mailouts, advertising platforms, social media channels, and promotional sites. At first glance, these may seem unattractive to the bad guys (\u201cwhere\u2019s the revenue?\u201d), but in practice each can serve cybercriminals in their own \u201cmarketing activities\u201d.<\/p>\n

Malvertising<\/h2>\n

To the great surprise of many (even InfoSec experts), cybercriminals have been making active use of legitimate paid advertising<\/a> for a number of years now. In one way or another they pay for banner ads and search placements, and employ corporate promotion tools. There are many examples of this phenomenon, which goes by the name of malvertising (malicious advertising). Usually, cybercriminals advertise fake pages<\/a> of popular apps, fake promo campaigns of famous brands, and other fraudulent schemes aimed at a wide audience. Sometimes threat actors create an advertising account of their own and pay for advertising, but this method leaves too much of a trail (such as payment details). So a different method is more attractive to them: stealing login credentials and hacking the advertising account of a straight-arrow company, then promoting their sites through it. This has a double payoff for the cybercriminals: they get to spend others\u2019 money without leaving excess traces. But the victim company, besides a gutted advertising account, gets one problem after another \u2014 including potentially being blocked by the advertising platform for distributing malicious content.<\/p>\n

Downvoted and unfollowed<\/h2>\n

A variation of the above scheme is a takeover of social networks\u2019 paid advertising accounts<\/a>. The specifics of social media platforms create additional troubles for the target company.<\/p>\n

First, access to corporate social media accounts is usually tied to employees\u2019 personal accounts<\/a>. It\u2019s often enough for attackers to compromise an advertiser\u2019s personal computer or steal their social network password to gain access not only to likes and cat pics but to the scope of action granted by the company they work for. That includes posting on the company\u2019s social network page, sending emails to customers through the built-in communication mechanism, and placing paid advertising. Revoking these functions from a compromised employee is easy as long as they aren\u2019t the main administrator of the corporate page \u2014 in which case, restoring access will be labor-intensive in the extreme.<\/p>\n

Second, most advertising on social networks takes the form of \u201cpromoted posts\u201d created on behalf of a particular company. If an attacker posts and promotes a fraudulent offer, the audience immediately sees who published it and can voice their complaints directly under the post. In this case, the company will suffer not just financial but visible reputational damage.<\/p>\n

Third, on social networks many companies save \u201ccustom audiences\u201d \u2014 ready-made collections of customers interested in various products and services or who have previously visited the company\u2019s website. Although these usually can\u2019t be pulled (that is, stolen) from a social network, unfortunately it\u2019s possible to create malvertising on their basis that\u2019s adapted to a specific audience and is thus more effective.<\/p>\n

Unscheduled circular<\/h2>\n

Another effective way for cybercriminals to get free advertising is to hijack an account on an email service provider<\/a>. If the attacked company is large enough, it may have millions of subscribers in its mailing list.<\/p>\n

This access can be exploited in a number of ways: by mailing an irresistible fake offer to email addresses in the subscriber database; by covertly substituting links in planned advertising emails; or by simply downloading the subscriber database in order to send them phishing emails in other ways later on.<\/p>\n

Again, the damage suffered is financial, reputational, and technical. By \u201ctechnical\u201d we mean the blocking of future incoming messages by mail servers. In other words, after the malicious mailouts, the victim company will have to resolve matters not only with the mailing platform but also potentially with specific email providers that have blocked you as a source of fraudulent correspondents.<\/p>\n

A very nasty side effect of such an attack is the leakage of customers\u2019 personal data. This is an incident in its own right \u2014 capable of inflicting not only reputational damage but also landing you with a fine from data protection regulators.<\/p>\n

Fifty shades of website<\/h2>\n

A website hack can go unnoticed for a long time \u2014 especially for a small company that does business primarily through social networks or offline. From the cybercriminals\u2019 point of view, the goals of a website hack vary depending on the type of site and the nature of the company\u2019s business<\/a>. Leaving aside cases when website compromise is part of a more sophisticated cyberattack<\/a>, we can generally delineate the following varieties.<\/p>\n

First, threat actors can install a web skimmer<\/a> on an e-commerce site. This is a small, well-disguised piece of JavaScript embedded directly in the website code that steals card details when customers pay for a purchase. The customer doesn\u2019t need to download or run anything \u2014 they simply pay for goods or services on the site, and the attackers skim off the money.<\/p>\n

Second, attackers can create hidden subsections on the site and fill them with malicious content of their choosing. Such pages can be used for a wide variety of criminal activity, be it fake giveaways, fake sales, or distributing Trojanized software. Using a legitimate website for these purposes is ideal, just as long as the owners don\u2019t notice that they have \u201cguests\u201d. There is, in fact, a whole industry centered around this practice<\/a>. Especially popular are unattended sites<\/a> created for some marketing campaign or one-time event and then forgotten about.<\/p>\n

The damage to a company from a website hack is broad-ranging, and includes: increased site-related costs due to malicious traffic; a decrease in the number of real visitors due to a drop in the site\u2019s SEO ranking; potential wrangles with customers or law enforcement over unexpected charges to customers\u2019 cards.<\/p>\n

Hotwired web forms<\/h2>\n

Even without hacking a company\u2019s website, threat actors can use it for their own purposes. All they need is a website function that generates a confirmation email: a feedback form, an appointment form, and so on. Cybercriminals use automated systems to exploit such forms for spamming or phishing.<\/p>\n

The mechanics are straightforward: the target\u2019s address is entered into the form as a contact email, while the text of the fraudulent email itself goes in the Name or Subject field, for example, \u201cYour money transfer is ready for issue (link)\u201d. As a result, the victim receives a malicious email that reads something like: \u201cDear XXX, your money transfer is ready for issue (link). Thank you for contacting us. We\u2019ll be in touch shortly\u201d. Naturally, the anti-spam platforms eventually stop letting such emails through, and the victim company\u2019s form loses some of its functionality. In addition, all recipients of such mail think less of the company, equating it with a spammer.<\/p>\n

How to protect PR and marketing assets from cyberattacks<\/h2>\n

Since the described attacks are quite diverse, in-depth protection is called for. Here are the steps to take:<\/p>\n