Blog

External Threat Management Analyst

Jupyter Notebooks Make RiskIQ Data a Digital ‘Mech Suit’ for Threat Intelligence Analysts 

We're making each investigative pattern repeatable - and massively scalable - by creating a Python library that works with Jupyter notebooks. By automating investigations using different investigative paths and procedures, RiskIQ's data sets become easier to use and scalable, with security teams enjoying the product's maximum benefit.  

Continue Reading
External Threat Management Labs

“Offshore” Shinjiru Provides Bulletproof Services to Cyberattackers

Bulletproof hosting (BPH) is a collection of service offerings catering to internet-based criminal activity. Shinjiru is another example frequently appearing in threat infrastructure. The Malaysian hosting company shields its customers and their web content and servers from takedown requests, acting as a safe harbor for questionable or illicit activity.

Shinjiru's IP space has a history of use for various malicious activities such as malware distribution, scams, phishing, and business email compromise, among others. This ICANN-accredited registrar has been allocated over 20,000 IP addresses by APNIC and maintains its own data centers in Malaysia.

Continue Reading
External Threat Management Labs Magecart

Retailers Using WooCommerce are at Risk of Magecart Attacks

WooCommerce, an open-source WordPress plugin widely used by online retailers, has been the target of Magecart activity in late 2021. RiskIQ researchers have found three unique skimmer types embedded in WooCommerce checkout pages.

Continue Reading
External Threat Management

5 Tips to Stay on the Offensive and Safeguard Your Attack Surface

How well do you know your attack surface? Enterprise digital attack surfaces have dramatically changed in a very short period, going lightyears beyond firewall-protected internal networks. The main challenge is that you may not be monitoring your organization's share in its entirety and may not even know what to look for.

Unfortunately, someone else with malicious intent probably is.

As businesses adopt digital initiatives and innovations that help them grow, they're extending their attack surface in far-reaching and dynamic ways. This transformation, accelerated by the COVID-19 pandemic, can leave organizations vulnerable in ways they don't realize.

Continue Reading
External Threat Management Analyst

New E-Commerce Cybersecurity Guide Helps Brands be Proactive This Holiday Shopping Season

This year, our goal is to help brands fight back by sharing approachable ways for beginners and seasoned cybersecurity professionals alike to keep their organizations safe. Phishing and other malicious sites have distinct characteristics we can use to identify and defeat them. These 'red flags' can help determine which pages, apps, and URLs are legitimate and those spun up by threat actors to target brands and customers.

You don't need a holiday miracle to keep your brand and organization safe this holiday shopping season. We hope this guide will be a force multiplier and empower e-commerce stakeholders to overcome resources shortages or cyber skills gaps to identify cyber threats endemic to the holiday shopping season.

Continue Reading
External Threat Management Labs

New Aggah Campaign Hijacks Clipboards to Replace Cryptocurrency Addresses

Aggah is a threat group known for espionage and information theft worldwide, as well as its deft use of free and open-source infrastructure to conduct its attacks. We've recently reported that the group is linked with the Mana Tools malware distribution and command and control (C2) panel. RiskIQ recently identified a new Aggah campaign via our global monitoring of malicious VBScript code posted on websites. 

In this latest campaign, operators deployed clipboard hijacking code that replaces a victim's cryptocurrency address with an address specified by the actor. This code also deploys several malicious code files. 

Continue Reading
External Threat Management Labs Analyst

The Vagabon Kit Highlights ‘Frankenstein’ Trend in Phishing

In early 2021, RiskIQ first detected a new phishing campaign targeting PayPal. The campaign, authored by an actor calling themself "Vagabon," looks to collect PayPal login credentials and complete credit card information from the victim. 

The kit doesn't display many unique characteristics and is a textbook example of a "Frankenstein" kit. In this increasingly popular trend, threat actors piece together new phish kits from modular, free, or readily available kits and services. 

Continue Reading
External Threat Management

Watch On-Demand: Five Security Intelligence Must-Haves For Next-Gen Attack Surface Management

Relevant, actionable threat intelligence gives security teams line-of-sight to attackers and threat systems and infrastructure. Modern, dynamic security intelligence should have five critical elements fully loaded and operationalized. Recently, RiskIQ released a white paper reviewing these five fundamental tenets of a next-gen security intelligence program that give your organization a distinct advantage over its cyber assailants.

Over the past several months, RiskIQ has led a cyberthreat workshop program that covers each of these tenets. These five sessions have helped hundreds of cybersecurity pros define their organizations’ digital attack surface, risks and dependencies, and those targeting them to stay ahead of adversaries. Below, get the rundown on each of these five tenets and watch the workshops on demand. 

Continue Reading
External Threat Management Labs

Discord CDN Abuse Found to Deliver 27 Unique Malware Types

Discord, a popular VoIP, instant messaging, and digital distribution platform used by 140 million people in 2021, is being abused by cybercriminals to deploy malware files. 

Users can organize Discord servers into topic-based channels in which they can share text or voice files. They can attach any type of file within the text-based channels, including images, document files, and executables. These files are stored on Discord's Content Delivery Network (CDN) servers. 

Continue Reading