Digital Fraud, Threat Intelligence

How Cyber Threat Intelligence mitigates risks to the business digital presence

By Axur Team on

Any consumer or business partner today expects to find information on the web about a company or brand - especially on search engines or social networks, which are spaces outside the direct control of the organization. Even if the activity apparently does not require any digital presence, it is natural that people search for it, and if these spaces are not occupied, there is a risk that the business relationship will start in an inappropriate or even dangerous way.

Fake websites, unofficial profiles, paid advertisements by competitors or scammers, and even malicious applications released with the company's brand are some examples of what third parties can put on the web. If the company has suffered attacks or breaches in the past and there has been no proper handling of the incident, even trade secrets can remain exposed, deteriorating reputation and business relationships.

One tool to respond to this scenario is Cyber Threat Intelligence (CTI) work, which is able to gain a deeper understanding of improper activity linked to the company. Thanks to the "digital footprint" of a brand, CTI has a wide field to operate in.

Digital footprint: your web presence

The "digital footprint" of a business is drawn by the sum of everything that is available about a company on the web, including what has been produced or disseminated by third parties. In addition to the tracks or traces left by the company's activity on and off the web, the footprint records the activity of its employees, executives, consumers, and adversaries.

This concept supports the understanding of digital risks external to the enterprise - risks that are not always intuitive.

Unlike risks associated with the company's own assets, these digital risks are generated by external agents that do not even need to directly attack the corporate environment - all activity can take place in external spaces outside the company's control, with the company's brand or the channels where consumers expect to find it as the only anchor.

Ignoring the channels does not mitigate the risk. There is rarely any impediment for the fraudster to create a fake profile even on networks or platforms where the company has no official presence.

The damage, in turn, usually reaches the company. If a consumer buys a product in a fake store advertised through an illegitimate email marketing, for example, he may end up looking for the service of the real store to solve his problem.

In this situation, both parties will be dissatisfied: the consumer, because he has lost his money buying a product he will never receive, and the company, which has lost the opportunity to gain a customer and still has to deal with a dissatisfied consumer with an unsolvable problem, given that the whole purchase process took place in an improper environment.


Branding through the lens of information security

Faced with some challenges linked to digital threats and risks, consumers' perceptions of a brand may be affected not by legitimate problems, but by systematic attacks carried out by bots or schemes operated by criminals and scammers. 

Reputation can also be damaged when consumers come into contact with a fake website or fake social networking profile, or even an illegitimate advertisement run by a third party without authorization to use the brand.

When viewed through the lens of information security, the "digital footprint" must also include IT assets and infrastructure components that may not be mapped internally.

Likewise, it is not entirely accurate to say that the story that accompanies your brand with its "digital footprint" is only tied to the security incidents caused by these digital risks. What matters is how the business was able to react in the face of these risks.

Those who don't bother to look at that broad consumer experience and the totality of their digital presence, including in external environments, end up becoming a prime target among scammers. On the other hand, the fraudster is likely to look for an easier target if the company's actions prevent the fraud from staying online for a long time.

This is how information security technologies and resources help reduce and mitigate brand presence in incident and fraud contexts.

The Role of Cyber Threat Intelligence

The damage caused by external risk is rarely the product of chance. There are agents and methods, or "name and address," so to speak. After finding that a brand is in the crosshairs of scammers and other third parties, a front office with threat intelligence can answer why the business is under attack and how it is being attacked.

By providing answers to these and other questions, CTI guides effective action and disrupts the pillars of fraud. Whether identifying an insider or mapping how customers are attacked (phishing or social networking, for example), CTI brings tools to build a strong posture against digital risks - one that conveys confidence and trust to customers and partners.

CTI offers visibility in environments previously unknown to the company, such as deep & dark web and groups frequented by threat actors. These spaces act as a "thermometer" of criminal interest and can help predict fraud or attack trends.

This is also where data leaks and stolen credentials circulate. Again, the visibility brought by CTI can even reveal attacks that are taking place on the corporate network - the outsider sometimes has more clarity to see what is happening across all aspects of the business.

At Axur, CTI work is done by the Axur Research Team (ART) in collaboration with our monitoring teams. We produce intelligence reports from the study of actors and procedures observed in attacks and fraud to support customers in their risk analysis and mitigation.


Eduardo Schultze, Coordenador do CSIRT da Axur, formado em Segurança da Informação pela UNISINOS – Universidade do Vale do Rio dos Sinos. Trabalha desde 2010 com fraudes envolvendo o mercado brasileiro, principalmente Phishing e Malware


Axur Team