Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
For the past ten years, RiskIQ has been crawling and passive-sensing the internet to help security teams prepare for a digital revolution that would cause their attack surfaces to move beyond the firewall and outpace traditional security. New initiatives would demand migration to the cloud and call for the immediate adoption of web, mobile, and social platforms, demonstrating the limitations of network security controls.
This digital revolution happened quickly, but with the outbreak of COVID-19, it has suddenly gone into hyperdrive. Almost overnight, workforces and business operations decentralized and were flung all over the world, widening the protection gaps. In only the past two weeks, security protocols have completely changed—firewalls, DLP, and network monitoring are no longer valid. Attackers now have far more access points to probe or exploit, with little-to-no security oversight. Meanwhile, IT is feverishly standing up new systems, new access, and new channels and likely succumbing to human error, such as critical misconfigurations.
The COVID-19 pandemic is a grave and challenging situation for enterprises, but RiskIQ and our customers are uniquely prepared.
With a network of globally-placed sensors, proxies, and web crawlers, RiskIQ has been collecting, analyzing, and storing internet data for more than ten years. This data shows us what the internet looks like, its interconnectivity, how each business, organization, government, and threat actor appears on the open web and the cloud. This includes new infrastructure that’s stood up remotely.
The COVID-19 pandemic requires immediate action by security teams. Here’s what you should do to get started.
1. Shadow IT gets a big boost, be prepared
As IT teams and other staff stand up new external assets to enable customers and a remote workforce—websites, web portals, mobile apps, and more—security officers must continuously track it all. Having a running, continually updated inventory of everything connected to the organization outside the firewall will be crucial because attackers will be looking for them, too. Knowing their targets’ defenses are spread thin, they’ll search for unknown, unprotected, and unmonitored digital assets. It just takes one for them to get access and move laterally across an organization’s network.
Learn more >> Extend Vulnerability Control Beyond the Firewall
2. Identify and locate all remote access points
Many employees can get their work done from anywhere due to the increased interconnectedness of modern technology. Yet, while it is possible to work from home, proper network security for remote employees is just as important as a secure network within the office building. Being able to scan for access points across your organization’s network quickly to know who has access and where it’s coming from is essential. The same goes for customers––if you’re an enterprise software platform, customers may have more access than anyone realized.
Learn more >> Secure Cloud Expansion
3. Pinpoint configuration errors
To accommodate a remote workforce with as little loss in productivity as possible, IT teams are standing up new systems quickly. They might make sure all the patches are applied. But, at this pace, they are likely making mistakes. Having a full inventory of systems associated with your organizations so you can scan them for misconfigurations will help build a secure external network that gets business done outside the office.
Learn more >> Forrester Webinar: Keys to Modern Vulnerability Risk Management
4 Find and secure cloud assets and services
Remote workforces will leverage the cloud more than ever. As more things are stood up to the cloud and moved there in the coming weeks, it will be crucial to have a full inventory of cloud assets to determine ownership—as well as what’s potentially accessible to attackers such as orphaned, abandoned, and shadow IT.
Learn more >> Ransomware Attacks the Consequence of the Coronavirus Outbreak
5. Detect malicious, rogue assets
Unfortunately, threat actors are taking full advantage of the global anxiety over COVID-19 and the confusion and challenges it’s causing businesses. Scams, phishing, and malware campaigns that leverage your brand and impersonate your infrastructure to fool customers and employees will run rampant if left unknown. Organizations must have situational awareness of these attacks, and access to internet-wide visibility to detect new infrastructure targeting them so they can neutralize the threat before it causes damage.
6. Prepare the WFH-Force
According to RiskIQ’s i3 threat intelligence group comprised of former U.S. government agency analysts, the FBI announced on March 20th that there had been a significant spike in cybercriminals targeting employees working from home. Here’s what they advise employees should be doing to keep themselves and their company safe.
Without ensuring network and computer system security, employers run the risk of breaches for both their remote employees and their corporate headquarters. A lack of security is especially critical now as we have observed a surge by cybercriminals looking to use this time of uncertainty to launch attacks. Contact us today.
RiskIQ has a daily Covid-19 briefing prepared by our I3 team. In the report, we give you the latest information about Covid019 from around the world. It also gives you the latest information about cyber threats (phishing, malware, ransomware) related to Covid-19.
Discovering Unknowns and Investigating Threats Amid a Global Pandemic
RiskIQ can illuminate your external attack surface and continuously monitor it to give your organization full visibility. This information can be useful in finding assets, misconfigurations, vulnerabilities, or whom to call if the asset has a problem. Your internal systems and vulnerability management systems can use this information to get you accurate risks and exposures in our new ever-expanding digital world we are living in.
RiskIQ Digital Footprint
RiskIQ can also take your internal security information and expand your visibility by enriching it to include external threat intelligence from the internet. EDR systems, for example, can take an IOC and use RiskIQ to understand the full extent of a threat actor or attack, so you have 360° visibility from inside and outside the firewall. This information can then be used to see if any other systems are also compromised but initially not alerted on by your EDR system.
You’re not alone, and we can help. Call us today if you would like to expand or jump-start your visibility to discovery unknowns in your attack surface and investigate threats to you, your organization, and customers. We can help you manage your attack surface and protect your organization from the expanded threats due to remotely doing business due to Covid-19.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
RiskIQ's #COVID19 Daily #Cybercrime Update for 3/31:
➡️RiskIQ observed a large Iranian #malware campaign impersonating official #WHO representative
➡️#WHOIS reliability issues fueling COVID-19 cybercrime
➡️Updated #spam stats
Read the full update here: https://bit.ly/2QwfRHS
"As we’re now all isolating ourselves and homebound, it means online purchases will spike and makes it a prime time for criminals." - @ydklijnsma. Read more about the 20% spike in #Magecart due to #COVID19 in @WIRED https://bit.ly/2UVaC5E
RiskIQ's #COVID19 Daily Update for 3/30:
➡️The U.S. confirms cases jumped by 108,302 (+307%)
➡️FBI warns hospitals of supply-chain scams
➡️FDA issues emergency authorization for the use of hydroxychloroquine and chloroquine
Read the full update here: https://bit.ly/2Uv3CMV
According to @campuscodi, @sniko_ was able to use @PassiveTotal to link nine malicious QR code generator sites that have stolen $46,000 to three web servers, which hosted 450+ other websites—all with "shady-looking domains." Read more in @ZDNet https://zd.net/2QRPjkq
RiskIQ's #COVID19 Daily #Cybercrime Update for 3/28:
➡️#Ryuk #Ransomware continues to target hospitals
➡️New bitcoin scam promises “millions” by working from home
➡️Hackers target home delivery food apps
➡️Updated #spam stats
Read the full update here: https://bit.ly/2QwfRHS