Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
With Cyber Security Awareness Month coming to a close, lots of the narrative was around network and perimeter defense. However, competition and shifting business strategies hasten the need for digital business initiatives that involve developing and deploying digital assets that bring closer contact with customers and partners, enable collaborations with third-parties, and reduce costs. Meanwhile, as network and perimeter security advance, threat actors continue to shift to this softer perimeter outside the firewall.
A recent RiskIQ study of the 30 largest UK businesses showed that each had an average of 3,315 web properties. The majority of these were outside the corporate firewall. These findings are similar, if not substantially lower, to what one would expect of US businesses.
Digital business initiatives often move quickly, and often without the involvement of the company’s security team. Business units may act on their own volition, and groups may choose to partner with other firms to take advantage of optimal timing. Individual employees may also act on their own to establish external digital assets. Intuitively, business leaders may know that resources would be more secure run from inside the corporate perimeter, but the potential gains and strategic stakes mean “Damn the torpedoes; we’re going in!”
Digital assets may take the form of a traditional website or microsite, but they also may exist as a social media property or a portion of an existing third-party site. Additionally, with the great advantages and expectations for mobile apps, the asset may take the form of a new or modified app.
The first challenge this presents to an organization’s security—and, at the same time, the generous opportunity for threat actors—is simply knowing what digital assets exist at any given moment. Ask any corporate security leader how many of their company’s digital assets exist outside their firewall, and the number is likely a half to a tenth of the real number.
Discovering these assets takes considerable resources. And the number is always changing, with new assets coming online with regular frequency. Mobile apps are also difficult to monitor and manage, with distribution being so varied and complex. In one recent study, RiskIQ performed, based on having continuous knowledge of internet and mobile traffic, 90 percent of the apps from 45 companies we analyzed resided in unofficial, unsanctioned app stores. Only 10 percent were in official stores and fully under the control of the company that owned them. This is a typical ratio. Today, there are more than 500 app stores or distribution portals. Unmonitored and unmanaged apps fall prey to attackers who can modify code or add components to the download package. App delivery has become the new Wild West.
Fig-1 The state of digital threats
Do you know your firm’s true digital footprint, including mobile app and social channels? Threat actors are likely currently examining your real digital footprint, looking for new entry points to the corporate network as well as places to steal credentials and data, redirect and monetize traffic, infect unsuspecting visitors, or hijack interactions.
An unmanaged digital asset is susceptible to malvertising or a phishing ploy. RiskIQ witnessed a 132% increase in malvertising from 2015 to 2016, and in Q2 2017, the quarterly increase was nearly 19%. Some may even usurp visitor’s CPU cycles to mine cryptocurrency and other tasks or enroll victims’ computing devices in a large botnet or army to carry out Distributed Denial of Service (DDoS) attacks.
Threat actors will use your exposed digital assets against your business. It is the new battlefield for cybercrime and a boon to cyber activism, state-sponsored terror, and other significant threats. The same assets that are intended to advance business can lead to its ruin. It is imperative to protect your business and customers by monitoring and managing your true digital footprint.
Signing up for RiskIQ Community Edition now gives you access to one of the most popular RiskIQ products–Digital Footprint. When you sign up or sign in with your organizational email address, you get a glimpse into your organization’s attack surface.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
“(...) RiskIQ has been able to track much more of the bad guy’s infrastructure used in their scam operations. We’ve identified around 400 domains so far that are all tied to these scams.” - @ydklijnsma
WHAT JUST HAPPENED? Security pros offered a range of opinions about the breach. All agreed the fault did not lie with each hacked account's owner. Some say it may have come from inside @Twitter.
@BradyDale and @benjaminopowers report
Targeted #cyberthreats are spiking during #COVID19. We provide one source for information to simplify and accelerate your investigation process #ThreatHunting https://bit.ly/3c9xKoq
RiskIQ researchers just doubled the number of IoCs in the Pastebin. Please continue to monitor it for updates as this situation evolves https://pastebin.com/h64CK3CG #twitterhack #twitterhacks #ThreatIntel #IOCs
Just in case my last tweet got lost in the thread storm, @RiskIQ's list of domains apparently tied to this scam gives us a pretty good idea of who was targeted here. https://pastebin.com/h64CK3CG
This is developing very quickly, but seems to have been staged well in advance. Take a look at some these domains set up to support this scam. H/T @RiskIQ https://twitter.com/ydklijnsma/status/1283508384335925248
Leveraging @RiskIQ's datasets we have identified more infrastructure tied to the current cryptocurrency scammers impacting @elonmusk , @billgates, etc. This is research data, validate before taking action, it might identify new targets also.
At this point we can just assume the entire platform compromised. https://twitter.com/ydklijnsma/status/1283503695796162560
And they've just crossed the cryptocurrency boundary https://twitter.com/ydklijnsma/status/1283501318917611521