Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
As part of the ongoing battle for eyeballs, marketing departments implement tracking technologies that encroach on customer privacy, while digital assets are cobbled together from third-party technology to accelerate time-to-market.
There are hundreds of companies providing website testing, engagement tracking, social tracking, content creation, etc. Most of them are startups that rely on Amazon Web Services (AWS) for IT, or have outsourced the creation of some, if not all, of their production code. These companies invest heavily in engineering, marketing and sales – and know little about cyber security.
For instance, hundreds of leading online brands use a social engagement tracking service called Gigya, which suffered a breach in 2014 that gave hackers access to their DNS. Instantly, thousands of sites connecting to Gigya, including NHL.com and NBC.com, were temporarily under control of the Syrian Electronic Army (SEA).
The downstream effect of these types of breaches, which can impact tens, hundreds, or even thousands of web properties, can be devastating from both a reputational and liability standpoint if they result in monetary fraud or leaked personal information.
According to a recent Ponemon report, almost 69% of consumers have left a website because of security concerns.
In fact, two-thirds of the time, consumers blamed security when they had a poor experience on a brand’s website. Specifically, 67 percent said they lose trust in a site when pages load slowly, and 3 out of 4 worry about security when site performance is sluggish.
The bottom-line for website operators is clear, consumers measure a brand’s online presence based on the performance and safety they experience, even though third-party providers like Gigya may be the source of problems that affect consumers.
While responsibility for protecting corporate digital assets falls squarely on the shoulders of IT security teams, their control and administration falls in a grey area. Marketing generates digital assets, but is not responsible for the cyber security behind campaigns, lead gen, tracking, etc.
The challenge for IT security is ensuring that digital assets including websites and apps, even those that use third party services, are safe for consumers to visit and download. This is a new and more difficult mission, and one that greatly impacts the bottom line of any business.
What’s in a #malvertisement? We found more #magecart and a 186% spike in drive-by delivery https://t.co/rsl9GGiRUZ
.@TechCrunch's @zackwhittaker found that thousands of MoviePass customer card numbers were exposed because a critical server was left unsecured. With @ydklijnsma and RiskIQ data in @passivetotal, he discovered the exposure began all the way back in May https://t.co/blde3p21dU
Can you spot the phish? In tomorrow's PassiveTotal Thursday, we’ll take a real-life #phishing page targeting a popular brand and break it down to show how it differs from the genuine. Register today: https://t.co/EP2q6On5vE #ThreatHunting
We're thrilled to welcome Dean Ćoza, who will lead our product and technology teams as RiskIQ Chief Product Officer. Read more about Dean's appointment here:
Check out the brand new @RiskIQ Threat Hunting course on @CybraryIT
Manage Your Attack Surface Management using the "Mark of the Web"
https://t.co/ZGDBGyecJr #cybersecurity #magecart #course #cybrary