Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
2018 Holiday Shopping Season Threat Activity: A Snapshot
The 2018 holiday shopping season was the largest ever for online retailers, but threat actors filled their pockets, too.
So what did the threat activity around this shopping frenzy look like?
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
A little tech startup once held the mantra “move fast and break things.” As we’ve witnessed the social media network grow into a giant, the shadow of this philosophy haunts the company, as well as many others that followed in its footsteps.
The community platform updated its mission statement in 2014 to read “move fast with stable infra,” but the genie was already out of the bottle. This business attitude is still alive and well today.
Fueled by pressure from investors, stakeholders, and higher-ups who fear the speed of their competition, businesses are growing more rapidly than their infrastructure can be made secure. This creates major issues when companies are launching creative marketing campaigns, moving to the cloud, and generating highly engaging touchpoints with their customers, but they lack the cybersecurity to protect themselves and their users in the long run.
As businesses race to expand their online presence to enrich products, deepen customer relationships and boost their brand ecosystems, we are seeing disastrous consequences. And once companies get big enough that cybersecurity is a concern, it’s extremely difficult to retrofit protections into systems initially built without them, causing myriad challenges.
For example, web assets that are created outside of corporate controls expand a company’s overall internet presence, and therefore its attack surface, to unmanageable proportions. Even best efforts to guard against external cyber threats are coming up short, as businesses spend up to $171,233 every 60 seconds while attackers continue to proliferate and launch successful threat campaigns online.
Not only are companies realizing these high-profile breaches are expensive and wrought with challenges, but they’re also increasingly aware that they’re responsible for what happens to their customers and their customers’ data in the cloud and across the open internet. In the face of regulations like the EU’s General Data Protection Regulation, businesses get penalized for having such a lack of cybersecurity.
One of the goals with these regulations is to bring cybersecurity to the beginning of the conversation through financial penalty, especially for companies collecting a lot of personally identifiable information (PII). These companies might think they’re secure but will suddenly face million-dollar payouts when criminal groups breach their networks. Needless to say, there’s a lot at stake.
Cybersecurity and innovation aren’t mutually exclusive, and organizations would do well not to treat them as such. IT professionals across sectors need to work together to employ responsible cybersecurity practices as the foundation of innovation. When a creative team develops new assets and applications, it should automatically fall under the visibility and purview of the organization’s cybersecurity team.
Proper quality assurance doesn’t stifle creativity. But when a poorly engineered system is the cause of a major disaster, innovation slows to a crawl because an entire team’s resources are required to repair damages.
As companies evolve online to make more meaningful touchpoints for their customers, partners, and employees, they’re also creating openings for bad actors to sneak through. Hackers prey on organizations that lack visibility into their attack surface because this allows them to access credentials and sensitive data more easily. Businesses must realize they are vulnerable well beyond the firewall, to the far corners of the internet.
At my company, where we build a map of a brand’s entire attack surface to give them the full picture of their internet assets, we understand the importance of helping companies find and understand what they’re responsible for protecting. A company simply cannot have a strong defense if it’s not willing to see (or doesn’t know how to see) the deep corners of its own web presence.
The cybersecurity strategy at most organizations is a defense-in-depth approach, starting at the perimeter and layering back to the assets needing protection. But there are disconnects between that kind of strategy and the attack surface. As companies innovate and expand, so does their attack surface, making it vital to adopt cybersecurity strategies to help executives better understand and defend against vulnerabilities so they do not bring creativity to a halt.
So how do business leaders and CISOs discover all of their internet-facing assets? Many teams do something similar to using Google to search for information, but they’re limited to using terms they’re familiar with in hopes of finding an answer—they can only search for which assets they know may exist. The problem here is a classic, “You don’t know what you don’t know,” scenario.
This is where automation and machine learning come into play. Organizations need an automated approach that includes broad internet data set collection and correlation to identify and respond to targeted external threats. Looking forward to the advancement of IoT devices, for example, this need will multiply. The conversation here isn’t just about a consumer’s bank accounts but goes all the way to preventing GPS vulnerabilities that show where they are.
To close the gap between innovation and cybersecurity, business leaders and CISOs need to be moving fast without breaking things. The mindset has to change. Innovation and cybersecurity are not mutually exclusive, so business leaders need to cultivate a knowledgeable and cyber-aware workforce that recognizes cybersecurity as a culture, not just a product.
“Innovate or die” is in the DNA of startups. Given all of the drastic repercussions businesses are facing, it will become “Innovate securely or die.”
As we’ve seen recent startup sagas unfold, this insecure innovation ghost can come back to haunt companies that favor growth over cybersecurity, instead of growth and cybersecurity. Organizations that collaborate across departments to create a well-guarded attack surface will help to bake cybersecurity into the foundation of innovation, product development, customer touchpoints, and marketing efforts for long-term efficiency and profits.
The #Magecart supply-chain attack frenzy continues with AppLixir, RYVIU, OmniKick, eGain, AdMaxim, CloudCMS, and Picreel falling victim https://t.co/b7UWqL2PzW #BrowserThreats
Regarding Forbes: the skimmer was customized for Forbes, it wasn't an automated attack. Here's the rest of the infrastructure (not just for Forbes) they've been setting it up since January:
Fascinating learning about the cyber attacker's playbook from Yonathan Klijnsma: step 1: gain entry. 2. more reconnaissance 3. Theft, then profit #transportsecurity #TSC
Today at the #TransportSecurityCongress, RiskIQ's
@ydklijnsma spoke about the #Magecart breach of British Airways, which you can read more about here: https://t.co/cPqEqVVllj (Photo credit @SmartRailNews)
Context is everything! Here's how using Tags and Classifications in @RiskIQ PassiveTotal can get your team aligned and supercharge your investigations https://t.co/Wk5OfBZPu2 #ThreatHunting