Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
The browser has become one of the most vulnerable and frequently targeted attack vectors for businesses.
Browser-based attacks—Web skimming, Cryptocurrency Miners, Fingerprinters, and Waterholing (including exploitation) encounters—are responsible for some of the most high-profile breaches in recent history, such as the hack of British Airways.
Given the frequency by which RiskIQ researchers now encounter these attacks, they should be taken just as seriously by businesses as threat mainstays like phishing and ransomware. When it comes to browser-based attack vectors, RiskIQ researchers encounter them in a variety of flavors.
For the rest of the techniques, download the complete report and infographic below
Browser-based attacks are poised to carve out a significant portion of the threat landscape for years to come, so it’s essential to understand what makes them tick. And the first step to doing so is understanding what they all have in common: malicious injects.
Browser-based threats need malicious injects to execute their code, so that is where all these browser based attacks begin. With RiskIQ telemetry data, we determined the six most common and interesting injection techniques that lead to these browser threats:
3. Supply Chain
4. Executable Scope
5. Function Inlining
6. RFC Edge Cases
For a high-level, illustrated look at these six injection techniques or comprehensive analysis of each, download the infographic or full report here.
Going forward, combating browser threats will be one of the most critical security endeavors organizations undertake. Having visibility into your web-facing assets will be vital to detecting these malicious injects.
A key feature of RiskIQ’s integrated digital threat platform is our worldwide network of web crawlers that continuously crawl the internet, collecting not just rendered pages but also the entire sequence of requests and responses that make up a web page—headers, dependent requests, certificates, and more. These crawls give our customers insight into what’s happening on a web server at any given point in time, and how that server would interact with a real user.
Through these capabilities, RiskIQ allows customers to defend themselves from this whole class of browser-based attacks.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
RiskIQ's #COVID19 Weekly Update:
➡️Car rental company Hertz filed for bankruptcy protection
➡️For the first time, the Boston Marathon has been canceled
➡️Most of the malicious coronavirus emails are coming from US IP space
Read full update here: http://bit.ly/2Uv3CMV
Microsoft Remote Desktop is spiking. Why? Because all work is now remote work and all access is now remote access. RiskIQ scans hundreds of ports and maps exposed services to provide security teams with a picture worth a thousand log lines. https://bit.ly/2xJ1Dgx
RiskIQ's #COVID19 Internet Intelligence Gateway will enable the cybersecurity community to fight a surge in pandemic-related cybercrime. Sign up, submit any suspicious COVID-19-related URL, and have RiskIQ's powerful global crawling network at your command http://bit.ly/3eon6ek
Via @InfosecurityMag, @DanRaywood highlights RiskIQ's new #COVID19 Internet Intelligence Gateway. This one-stop cybersecurity resource is the latest weapon in the fight against the surge in pandemic-related cybercrime. Read more here https://bit.ly/36ALU02