August 23, 2018 MarkOfTheWeb: How a Forgetful Russian Agent Left a Trail of Breadcrumbs MarkOfTheWeb: A Calling Card for Careless Russian Agents Digital interference from the Russian Federation is nothing new. Their virtual trespassing efforts have been outed and heavily discussed in the news—even more so in recent months (as you’ve probably noticed). Russian digital incursion into the United States political climate allows them to adjust the direction of […]
June 29, 2018 Not so Fast – Some Scams Don’t Take No for an Answer Some scams literally don’t take no for an answer. Going beyond tricking users with flashy ads for fake products or prizes or scaring them into trying to download phony software with the goal of redirecting them elsewhere, some scammers go a step further—they don’t even let their victims leave their page. While doing page reviews […]
June 21, 2018 Scammy App That Infects Phones for Ad-clicking and Info-Stealing Controls Over 60,000 Devices Also by Aaron Inness At RiskIQ, we observe thousands of scam web pages in all forms—everything from fake pharmaceutical ads to phony prizes to spurious tech support and label them accordingly. In the mobile ecosystem, popular scams include ‘your device is running low!’, ‘you need to update your device!’ or ‘you need to install this […]
June 5, 2018 Linking Infrastructure from Phishing Data Exfiltrations Phishing is still one of the most relentless and quickly evolving threats facing today’s businesses. At RiskIQ, we process tons of web-related threat data, including phishing incidents. From various sources, we receive URLs which may be indicative of phishing, examine the pages with our web-crawling infrastructure, which experiences them as a real user would, and […]
May 24, 2018 New Attacks on Mew: Phishing MyEtherWallet Via Native Web Views on Android Last week, we published an extensive report on MEWKit, a phishing ATS targeting visitors of MyEtherWallet (MEW) in elaborate ways—including resorting to a BGP hijack. But threats to users of MyEtherWallet aren’t a new thing by any means—phishing pages targeting the cryptocurrency platform, while not as sophisticated as MEWKit, have been going around for a […]
May 2, 2018 SpeedFlash and ScrnSize: Fake Flash Updates with a Side of Domain Shadowing Fake Flash download pages have come to be a marker for all manners of malicious activity. We’ve seen it in conjunction with exploit kits, banking Trojans, watering hole attacks, malvertising, adware, phishing, digital currency miners, and multitudes of other digital threats. Often, there are traffic distribution systems or other means of traffic filtering upstream of […]
April 25, 2018 WHOIS Is Changing: Here’s How It Could Impact Analysts GDPR is now less than 30 days away, and while businesses are scrambling to ensure they are compliant, another discussion is happening within the information security space amongst analysts—what’s going to happen to WHOIS? Greatly celebrated for its ability to form connections and break open cyber threat investigations, it’s not completely clear if WHOIS will […]
December 7, 2017 We’ve Been Busy! Announcing New RiskIQ PassiveTotal Enhancements The RiskIQ PassiveTotal Engineering team has been busy over the past few weeks, and we are excited to announce some product enhancements that should improve the overall user experience and make conducting investigations and accessing RiskIQ intelligence even easier. Show Me The Data! You have hundreds of alerts to get through, and we know every […]
November 8, 2017 Diving into OceanLotus: Web Crawling Data Brings Compromised Infrastructure to the Surface On November 6, 2017, cyber security company Volexity released a blog post highlighting an espionage campaign targeting ASEAN nations via compromised websites and typosquatting infrastructure. The campaign is believed to be linked to the OceanLotus Group, also known as APT 32, which has carried out targeted attacks against foreign governments, private companies, and journalists and […]
