Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Many executives focus their security efforts and budgets solely on physical cyber threats, but attacks targeting an executive’s digital presence can be just as dangerous.
Criminals are looking to exploit the wealth of high-profile and high net-worth individuals—or cause them embarrassment or personal harm—at an unprecedented rate. And, as the most abundant source of company secrets and IP, they’re a primary attack vector of their businesses too.
Attacks on VIPs involve attempts at accessing their sensitive information and span both the real world and the web. Because of their digital and physical vulnerabilities, protecting them requires a 360-degree view of their attack surface, i.e., anything related to their physical or digital presence that can be used against them. But to defend an executive’s attack surface, you first have to define it.
Today, developing a plan to protect an executive, and in turn, their families and businesses, means understanding what information should be considered sensitive and having the tools to monitor the internet for it. References to names and addresses of the individual and their family and associates on forums, malicious rhetoric toward them, and the presence of leaked sensitive data are all crucial intelligence. This internet-wide visibility provides security teams with invaluable information and context not only about potential cyberattacks, but also attacks that may occur in the real world.
The top historic executive threats demonstrate how seemingly insignificant information has enabled completely preventable incidents. These top-five examples of threats to executives illustrate the overlap between the physical and the digital threat landscapes.
Robbing banks is a dangerous and challenging business. However, it becomes a lot easier if a would-be thief can get bank employees to do the robbing for them. This was the technique used by Michael Benanti.
Benanti kidnapped the families of employees at his target banks after performing extensive reconnaissance. Using the victims as leverage, Benanti and his co-conspirators forced the bank employees to perform the robberies for them. Of four attempts, one robbery was successful before the criminals were arrested.
This series of thefts demonstrates the potential danger of leaked personal data. The criminals were able to determine the home addresses of all of their targets, enabling them to kidnap the employees’ families and use them as leverage to convince employees to commit their crimes.
While a home address can be found for almost anyone on the Internet, executives’ digital exposure is much greater. Press releases and other public exposures can reveal patterns of life for executives that can be used for a variety of different purposes. To be effective, a security team needs to be capable of interpreting the same data used by criminals and identifying vulnerabilities that an attacker is most likely to exploit. These vulnerabilities include information such as a spouse, children’s names, location of their school sporting events are all readily available online. They may seem like harmless information but are a valuable source of information for anyone posing a threat.
The use of kidnapping to achieve criminal gains is not limited to Benanti. In 2017, Pavel Lerner, the CEO of a UK Bitcoin exchange, was kidnapped while traveling in Ukraine. The CEO was abducted by six armed individuals wearing balaclavas to conceal their identity. He was only released after the payment of a $1 million ransom in Bitcoin.
The details of this attack demonstrate the amount of data leaked about Lerner’s affairs. He was kidnapped while traveling by individuals who were well-prepared to do so, as evidenced by the use of balaclavas, firearms, and a vehicle with stolen plates. This level of preparation indicates that the attack was planned and demonstrates the potential impacts of data leaks regarding an executive’s travel plans.
Arguably, the most famous example of executive embarrassment occurred in 1998. During a business trip to Brussels, Bill Gates was hit in the face with a cream pie while entering the meeting.
While the impact of this incident was minimal, it could have been much worse. Anyone getting close enough to an executive to hit them with a pie could cause much more damage with equal or less trouble.
This incident was also entirely preventable. The pie was thrown by a known internet prankster who made a habit of filming such events and then trying to sell the footage. There was likely some indication on the internet that he intended to target Gates. A comprehensive search by security staff may have discovered this and been able to prevent the incident from occurring.
According to the BBC, Mohammed Dewji, Tanzania’s only billionaire, was kidnapped by armed men outside of a hotel gym while headed to complete his morning workout routine. After ten days, Dewji was returned safely, but not before his family offered $440,000 reward for information leading to his rescue. The police arrested three people for the incident.
The fact that Dewji’s kidnappers knew precisely where he was staying, familiarized themselves with his routine and could anticipate where he’d be at a particular time show they were actively monitoring him. Information about his schedule may have been available online, as well as discourse amongst Dewji’s attackers and those aiding his attackers regarding his whereabouts. Information like this is crucial for security teams defending high-profile executives to detect, monitor, and, if possible, remove.
Bill Gates isn’t the only one to get a pie to the face during a public engagement. During a speech in Perth in 2017, Qantas chief Alan Joyce was also hit with a pie to the face. His attacker walked up to the stage and interrupted the speech that Joyce was giving at a business breakfast. Joyce took a brief break to clean up and then returned to the stage.
As the attack against Bill Gates, this attack was likely entirely preventable. The attacker was detained by security after the attack, implying that they were on-site and that the attacker passed them and entered an important meeting while carrying a pie. Like the Gates pie event, indications of this attack may also have been present on social media or the wider internet, making it possible to predict and prevent the incident.
Digital security and physical security are not mutually exclusive. In fact, they are intrinsic to one another. These attacks against top executives were enabled by a combination of failures in both digital and physical security. Online discourse and data leaks enabled the attackers to know where and when to stage their attacks, and physical security failures allowed them to happen.
If you want to prevent harm to executives, you need a security program that bridges the digital and physical worlds. It’s critical to have a team and intelligence capable of finding leaked personal data, tracking what potential attackers can discover, and minimizing the likelihood of this information falling into the wrong hands.
Read up on how RiskIQ Executive Guardian® can defend your organization’s c-suite here.
Get your #RSAC 2020 party started by joining RiskIQ at IGNITE, hosted by @FlashpointIntel! Register now: https://t.co/XhmW7kUCY8
Now you can see why we named it Magecart 🙃 it’s where it started in 2014. A group normally skimming data through Mage.php when a cart checkout is done, started pioneering a client-side JS skimmer.
The rest of the story can be read in our 2018 report: https://t.co/aGlU984pTU https://t.co/AwDlwdb36p
Based on data from @riskiq it appears this campaign by the Russian GRU to hack and breach Burisma in Ukraine started around 11-11-2019 (and possibly earlier) with the registration of the domain kub-gas[.]com cc @Ushadrons @file411 @IdeaGov #infosec #phishing #malware #disinfo
RiskIQ is excited to announce that growth expert Christophe Culine has joined our team as Chief Revenue Officer, leading our sales organization to great things in 2020 and beyond https://t.co/DYCAOfYeIa
RiskIQ's @ydklijnsma was on @DarknetDiaries to talk about the global phenomenon of #Magecart. Listen in on how credit card skimming on online purchases is happening—and happening often.