Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
2018 Holiday Shopping Season Threat Activity: A Snapshot
The 2018 holiday shopping season was the largest ever for online retailers, but threat actors filled their pockets, too.
So what did the threat activity around this shopping frenzy look like?
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
As an analyst, how much time can you afford to waste at work?
Do you have eight hours to spend investigating those 203 suspect hosts only to learn a fellow analyst has already determined two weeks ago that they are registered to your company?
Or, what if you had to stop mid-investigation to address a different priority—wouldn’t it be great to come back to an investigation and know how your research had manifested up to that point?
The attack surface of your enterprise is always expanding, and that growth has increased the importance of correlating internal activity with what is happening outside the firewall. This changing threat landscape is why most successful security programs are providing analysts with real-time context to improve the efficiency and outcomes of their investigations so they can discover additional threat infrastructure and block it proactively.
Chefs have a term for the prep work involved in cooking a dish, “mise en place,” or “set in place,” which refers to having all of the spices measured, onions diced, and all the tools they’ll need within reach.
A modern security program should perform a similar task by integrating internal data sets across existing security systems. This integration allows for quicker, more comfortable, and more approachable analysis by the team.
Our goal with PassiveTotal is to help make infrastructure analysis more efficient by bringing a variety of datasets into a single place and providing you with context around the indicators that you query. These data sets can be made even more easily consumable when you provide internally derived tags and classifiers which translate across your teams.
Analysts can add tags to the tag cluster via:
These tags are viewable to all of the users in your PassiveTotal enterprise organization. All data entered into the system is private and not shared with the broader community unless a public project is used.
Classifications inside of PassiveTotal help bring context to IOCs and make your analysis more efficient. Analysts will have a visual indication that the infrastructure they are searching has been determined to have a known classification. Whether malicious, suspicious, or unknown, any added classification will bring instant context to an investigation and can help avoid duplication of work. Save time and enrich your PassiveTotal searches by providing internal context, all in one place.
Here are a few examples to try out:
Questions? Open a chat in PassiveTotal!
Links to documentation:
In the UI: https://help.passivetotal.org/tags_&_classifications.html
Via the API: https://api.passivetotal.org/api/docs/#api-Actions
The #Magecart supply-chain attack frenzy continues with AppLixir, RYVIU, OmniKick, eGain, AdMaxim, CloudCMS, and Picreel falling victim https://t.co/b7UWqL2PzW #BrowserThreats
Regarding Forbes: the skimmer was customized for Forbes, it wasn't an automated attack. Here's the rest of the infrastructure (not just for Forbes) they've been setting it up since January:
Fascinating learning about the cyber attacker's playbook from Yonathan Klijnsma: step 1: gain entry. 2. more reconnaissance 3. Theft, then profit #transportsecurity #TSC
Today at the #TransportSecurityCongress, RiskIQ's
@ydklijnsma spoke about the #Magecart breach of British Airways, which you can read more about here: https://t.co/cPqEqVVllj (Photo credit @SmartRailNews)
Context is everything! Here's how using Tags and Classifications in @RiskIQ PassiveTotal can get your team aligned and supercharge your investigations https://t.co/Wk5OfBZPu2 #ThreatHunting