Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
From more federal indictments to adversarial machine learning to serverless computing, the RiskIQ team looked ahead and forecasted what we think will be the most important trends in cybercrime and cybersecurity in 2019. These are our predictions.
Hackers will continue to capitalize on the weakening of the corporate perimeter caused by customer and partner interactions moving online. An organization’s attack surface—everything it needs to worry about defending—begins inside the corporate network and extends all the way to the outer reaches of the internet. As a result, hackers are becoming increasingly sophisticated at collecting external data about their targets, and are using it to discover and exploit assets online that security teams are unaware of, or lack the resources to protect.
I’m expecting to see the same frequency of breaches occur across the market with a slight twist: organizations who are adopting new technologies such as containers and serverless computing will run into problems preserving the necessary information to make an incident response successful. Without key data traversing the network such as the location, time, browser, and domain attributes of a threat, analysts cannot hone in on the crucial information needed to confirm or dismiss the incident. Malicious actors will be able to use this to their advantage to hide in plain sight and cause more destruction.
The ‘attribution game,’ with governments now confirming private industry research and outing state-sponsored operations from other countries with indictments is only going to expand. Espionage operations have always been treated very publicly over the years, but recent indictments of Russian, Chinese, and Iranian actors have brought it to the next level. With heightened tension in Eastern Europe and Asia, expect state-sponsored attacks to increase in intensity and governments to become more aggressive in their response.
Threat actors will increase their adoption of adversarial machine learning to evade detection by infrequently trained machine learning models. The good guys’ machine learning models will need to evolve quickly to keep up with these threats by incorporating instance-based approaches, which use models that can learn incrementally from data scientists providing frequent feedback. The world changes all the time, and it’s important that your model changes with it. If you need your model to keep up with current trends, selecting an instance-based model or a model that can learn incrementally is critical. Just as providing frequent feedback helps an employee learn and grow, your model needs the same kind of feedback.
Adversaries will continue to evolve their tactics to steal personally identifiable information (PII) from individuals and intellectual property (IP) from organizations. During the last 12 months, we’ve seen compromised java scripts skimming credit card data from payment forms. During 2019 we expect the depth and breadth of this approach to expand to target PII and IP data as well.
I’m expecting new variants in web skimming attacks, especially as we observe the different Magecart actors staying active longer and becoming broader and more expansive. While payment data is currently in focus, because web skimming can skim any information entered into a website, Magecart groups will expand to skimming more than just credit card data to login credentials and other sensitive information.
The investments in securing corporate infrastructure have not worked, and companies will continue to be overwhelmed by the scale and tenacity of modern digital threats originating outside the firewall. As these organizations struggle to manage their digital presence, adversaries will grow more sophisticated and leverage data stolen from breaches in precise, finely-targeted attacks. They will also leverage machine-learning and artificial intelligence to drive high-powered attacks against businesses and to penetrate critical infrastructure.
In today’s world of digital engagement, users sit outside the perimeter along with an increasing number of exposed corporate digital assets—and the majority of the malicious actors. As such, companies need to adopt security strategies that encompass this change. With proper investment in a Digital Risk Management strategy—one that provides the tools that help you discover your entire attack surface, and alerts your security team as threats materialize in the wild and provide the proper workflow and relevant data for quick and decisive incident response.
Learn more about how RiskIQ can help prep your security team for 2019 and beyond.
Get your #RSAC 2020 party started by joining RiskIQ at IGNITE, hosted by @FlashpointIntel! Register now: https://t.co/XhmW7kUCY8
Now you can see why we named it Magecart 🙃 it’s where it started in 2014. A group normally skimming data through Mage.php when a cart checkout is done, started pioneering a client-side JS skimmer.
The rest of the story can be read in our 2018 report: https://t.co/aGlU984pTU https://t.co/AwDlwdb36p
Based on data from @riskiq it appears this campaign by the Russian GRU to hack and breach Burisma in Ukraine started around 11-11-2019 (and possibly earlier) with the registration of the domain kub-gas[.]com cc @Ushadrons @file411 @IdeaGov #infosec #phishing #malware #disinfo
RiskIQ is excited to announce that growth expert Christophe Culine has joined our team as Chief Revenue Officer, leading our sales organization to great things in 2020 and beyond https://t.co/DYCAOfYeIa
RiskIQ's @ydklijnsma was on @DarknetDiaries to talk about the global phenomenon of #Magecart. Listen in on how credit card skimming on online purchases is happening—and happening often.