Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
This Thanksgiving weekend, online threat actors are poised to claim a pretty big slice of the e-commerce pie.
Online shoppers filled e-commerce cash registers with more than $19.6 billion in sales over Black Friday and Cyber Monday in 2017, and are poised to spend even more this year. To show how cyber threat actors will target this enormous spike in revenue, RiskIQ released its 2018 Black Friday E-commerce Blacklist, which analyzes the results of a keyword query of our Global Blacklist and mobile app database focusing on the ten most trafficked e-commerce sites during Black Friday 2017 and five of the leading e-tailers in the UK.
By setting up fake mobile apps and landing pages with fraudulent branding, they fool consumers into downloading unsafe apps and visiting pages that redirect them to other fraudulent or malicious sites. Nearly 40 percent of the massive influx of spending caused by Black Friday and Cyber Monday in 2017 took place on mobile devices, making shoppers increasingly at risk of encountering threats in the mobile space.
The threat facing e-commerce this holiday shopping season is even more grave given the rise of Magecart, a collection of digital credit card-skimming groups that have stolen the records from an untold number of consumers across thousands of sites including British Airways and Ticketmaster. One of the leading traffic-getters on Black Friday, Newegg, has already been affected by Magecart earlier this year.
Download the full report here
For shoppers, what starts as an attempt to fulfill their holiday shopping checklist for pennies on the dollar can turn into a financial nightmare. For brands, what begins as an event that significantly boosts sales can turn into a security fiasco that erodes the trust of customers and prospects. Talk about indigestion.
The report provides crucial intel for this year’s Black Friday/Cyber Monday shopping weekend, such as:
– Of Black Friday-specific apps: more than 5 percent of mobile apps out of the 4,331 total that can be found searching “Black Friday” in global app stores is blacklisted as malicious.
– Threat actors have focused on the top five leading brands in e-commerce. These brands have a combined total of 6,600 blacklisted apps that contain their branded terms in the title or description.
– The top-10 most trafficked brands averaged over 17 blacklisted apps containing both the branded terms and “Black Friday,” in the title or description, showing clear intent by threat actors to leverage the shopping holiday.
– RiskIQ has detected an average of 89,837 monthly instances of magecart, the digital credit card-skimmer, between August and October 2018.
The source of RiskIQ’s blacklists is through the collection of internet data, which it gathers by scanning, crawling, and passive-sensing the internet—including web pages, mobile apps and stores, and social websites and apps. RiskIQ’s crawling technology covers more than 300 million mobile devices, 1.8 billion HTTP sessions, hundreds of locations across the world, 40 million mobile apps, and 600 million domain records.
Read the entire 2018 Black Friday E-commerce Blacklist report here.
What’s in a #malvertisement? We found more #magecart and a 186% spike in drive-by delivery https://t.co/rsl9GGiRUZ
.@TechCrunch's @zackwhittaker found that thousands of MoviePass customer card numbers were exposed because a critical server was left unsecured. With @ydklijnsma and RiskIQ data in @passivetotal, he discovered the exposure began all the way back in May https://t.co/blde3p21dU
Can you spot the phish? In tomorrow's PassiveTotal Thursday, we’ll take a real-life #phishing page targeting a popular brand and break it down to show how it differs from the genuine. Register today: https://t.co/EP2q6On5vE #ThreatHunting
We're thrilled to welcome Dean Ćoza, who will lead our product and technology teams as RiskIQ Chief Product Officer. Read more about Dean's appointment here:
Check out the brand new @RiskIQ Threat Hunting course on @CybraryIT
Manage Your Attack Surface Management using the "Mark of the Web"
https://t.co/ZGDBGyecJr #cybersecurity #magecart #course #cybrary