Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Recognizing that time is an integral part of an investigation, it was top-of-mind when we began our journey redesigning the PassiveTotal platform, namely the timebar feature.
One of the most critical aspects of any cyber investigation is establishing a timeline of events. How long have the attackers been inside of the organization? When did the first compromise occur? When was data seen leaving the network? How often were infected machines speaking with the malicious command and control? As an analyst, your job is sifting through various indicators or artifacts in order to build out this timeline of events and surface more.
Prior to our redesign, users conducting analysis on domains or IP addresses would be presented with an interactive heatmap that visualized the last six-months of resolution history. This was an excellent feature, but left users wanting more—they couldn’t adjust the heatmap or see deeper into the past. Additionally, interacting with the heatmap would not refine any of the additional data sets, so users were left having to scroll through hundreds of data points in order to find exactly what they wanted.
Fig-1 The timebar feature inside PassiveTotal
When thinking of ways to make the platform more intuitive, we realized that the heatmap was already the solution, we just needed to expand the concept of visualizing the data beyond the last six months. This way, users can gain insight into any time period and filter out our existing data sets. The result was the timebar, a miniature version of the heatmap that spans the entire data collection period.
Fig-2 A “miniature heatmap” spanning a certain period within the timebar
Located directly under the heatmap, users can now see a high-level visual of a query’s entire time history. Hovering over a specific period of time will reveal a six month viewfinder with exact dates for the range. Clicking on a specific part of the timebar forces the heatmap to re-render and constrains the below table data to only include that of which doesn’t exceed the time selection.
Fig-3 the timebar constrained even further
After constraining the time period, users can then refine further by clicking on individual days or date ranges within the heatmap. Performing this action will refine the table of data even further to only include those specific days. Users can then use the facet filters on the left-hand side of the table to include or exclude specific values from the constrained period.
When we first introduced the heatmap, one of the biggest benefits we noticed was how certain periods of activity could stick out based on various colors or properties. After a couple of weeks, we found that the way we did analysis had actually changed because of the heatmap, and other analysts reported the same:
During our tests with the timebar, we began to notice a similar transformation in the way we perform our investigations. Being able to see a visual for the entire lifespan for a piece of infrastructure proved incredibly valuable. If something sticks out on the timebar, we can click into the time period and quickly see which data remains within the results table. This capability provides a new perspective into our data, and we think you’ll find it to be the one of the greatest enhancements to your investigation workflow since we introduced the original heatmap.
Sign up for a free PassiveTotal account to check out the new features, and see what else is new in the platform here. If you’re already a user, click here to login and experience our new timebar and heatmap features now.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
Cybersecurity company @RiskIQ has identified at least 400 domains tied to the @Twitter scam.
@CoinDesk's @BradyDale and @benjaminopowers report:
“(...) RiskIQ has been able to track much more of the bad guy’s infrastructure used in their scam operations. We’ve identified around 400 domains so far that are all tied to these scams.” - @ydklijnsma
WHAT JUST HAPPENED? Security pros offered a range of opinions about the breach. All agreed the fault did not lie with each hacked account's owner. Some say it may have come from inside @Twitter.
@BradyDale and @benjaminopowers report
Targeted #cyberthreats are spiking during #COVID19. We provide one source for information to simplify and accelerate your investigation process #ThreatHunting https://bit.ly/3c9xKoq
RiskIQ researchers just doubled the number of IoCs in the Pastebin. Please continue to monitor it for updates as this situation evolves https://pastebin.com/h64CK3CG #twitterhack #twitterhacks #ThreatIntel #IOCs
Just in case my last tweet got lost in the thread storm, @RiskIQ's list of domains apparently tied to this scam gives us a pretty good idea of who was targeted here. https://pastebin.com/h64CK3CG
This is developing very quickly, but seems to have been staged well in advance. Take a look at some these domains set up to support this scam. H/T @RiskIQ https://twitter.com/ydklijnsma/status/1283508384335925248
Leveraging @RiskIQ's datasets we have identified more infrastructure tied to the current cryptocurrency scammers impacting @elonmusk , @billgates, etc. This is research data, validate before taking action, it might identify new targets also.