Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
For many consumers, after the turkey and football, their Thanksgiving weekend is only just getting started—in 2016, online shoppers filled e-commerce cash registers with more than $5.27 billion in sales through Black Friday. With shoppers set to exceed those numbers this year, cyber threat actors are looking to carve up a nice big slice of the pie for themselves. According to RiskIQ’s Black Friday e-Commerce Blacklist, our look into five leading Black Friday e-tailers (brands you’re very likely to leverage this shopping season), threat actors will do it by leveraging popular eCommerce brands to fool user traffic looking for Black Friday deals, coupons, and information.
For shoppers, what starts out as an attempt to fulfill their holiday shopping checklist for pennies on the dollar can turn into a financial nightmare. For brands, what begins as an event that significantly boosts sales can turn into a security fiasco that erodes the trust between them and their customers and prospects.
Last year, consumers spent $9.36 billion online over the four-day Black Friday weekend, of which $1.2 billion was driven by mobile shopping. Meanwhile, thousand of apps, blacklisted for being dangerous, are hosted by app stores around the world, even the Apple App Store and Google Play. These apps use the branding of well-known retailers to attempt to fool users into entering credit card information, which opens them up to potential financial fraud. Some fake apps contain malware that can steal personal information or lock the device until the user pays a ransom. Others encourage users to log in using their Facebook or Gmail credentials, potentially exposing sensitive personal information.
Fig-1 Blacklisted Black Friday-themed mobile apps inside the RiskIQ Blacklist
But users are susceptible to fraud anywhere on the web—not just mobile. Landing pages that fraudulently use branding to phish for sensitive information or get users to click on links that redirect them to pages that host malware are also prolific.
To analyze the methods threat actors will employ this shopping season and where they’re targeting their malicious efforts, RiskIQ ran a keyword query of our Global Blacklist and mobile app database. In the mobile app space, we looked for instances of the brand names of five of the leading e-tailers in the United States used in malicious and fraudulent mobile apps. In our Global blacklist, we searched for instances of each brand name appearing alongside the term “Black Friday” in the malicious URL or cause page URL (pages that send users to a page hosting something malicious).
The results show that by leveraging e-tail brands by name to create malicious mobile apps and landing pages, Black Friday is a feast for threat actors. The report found:
The source of RiskIQ’s Blacklists is our comprehensive collection of internet data, gathered by our exclusive virtual users by scanning, crawling, and passively sensing the internet—including web pages, mobile apps and stores, and the most popular social networks. RiskIQ’s crawling technology covers more than 2 billion daily HTTP requests, 783 global locations across more than 100 countries, 20 million mobile apps, and 300 million domain records.
Download the full report, Black Friday E-commerce Blacklist, for more findings as well as ways to keep you and your family safe while shopping online this Holiday season.
Get your #RSAC 2020 party started by joining RiskIQ at IGNITE, hosted by @FlashpointIntel! Register now: https://t.co/XhmW7kUCY8
Now you can see why we named it Magecart 🙃 it’s where it started in 2014. A group normally skimming data through Mage.php when a cart checkout is done, started pioneering a client-side JS skimmer.
The rest of the story can be read in our 2018 report: https://t.co/aGlU984pTU https://t.co/AwDlwdb36p
Based on data from @riskiq it appears this campaign by the Russian GRU to hack and breach Burisma in Ukraine started around 11-11-2019 (and possibly earlier) with the registration of the domain kub-gas[.]com cc @Ushadrons @file411 @IdeaGov #infosec #phishing #malware #disinfo
RiskIQ is excited to announce that growth expert Christophe Culine has joined our team as Chief Revenue Officer, leading our sales organization to great things in 2020 and beyond https://t.co/DYCAOfYeIa
RiskIQ's @ydklijnsma was on @DarknetDiaries to talk about the global phenomenon of #Magecart. Listen in on how credit card skimming on online purchases is happening—and happening often.