Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Security-savvy organizations know that they must understand their entire digital presence to effectively protect their business, brand, and customers.
As the internet becomes increasingly integral to the success of businesses, their digital presence expands. Companies must not only manage the websites, mobile apps, and social media accounts representing their organization in an official capacity, but also establish means to identify third-party impersonation and fraud across web, mobile, and social attack vectors. While the infrastructure needed to execute cyber attacks against an organization or its customers must be detected and mitigated on the open web, dark web monitoring can be highly informative to discovering cyber attacker tactics and methods.
Organizations should monitor both the open internet and the dark web for holistic visibility and a proactive approach to external threats targeting their organization. RiskIQ is excited to announce a partnership with Flashpoint and new product offering of a Deep & Dark Web (DDW) Module within our existing External Threats product that brings Flashpoint’s rich intelligence directly into a customer’s digital risk program.
Through this integration and partnership, data sourced from Flashpoint’s monitoring of deep and dark web forums create events in the RiskIQ platform alongside other types of event alerts. The new module allows customers to set keywords of interest to provide visibility into potential cyber attacks during the planning stages or cyber attacks that may target the organization or employees directly. This capability adds to RiskIQ existing detection of active cyber threats against an organization across the internet.
When used together, these two intelligence sources create a powerful combination that protects an organization’s digital presence. Visibility into the dark web helps organizations understand the full complexity of their cyber security posture, and the additional context provided by both data sources turns previously non-actionable information into something actionable.
Fig 1 – Flashpoint data from a dark web forum about Android Malware
With this partnership, Flashpoint dark web data is integrated into RiskIQ’s platform as a custom event. Figure-1 (above) shows an example event surfacing forum chatter about a strain of Android malware, commonly referred to as Loki-Bot, that is known to steal credentials and other sensitive information.
Fig 2 – Searching RiskIQ Mobile App database for apps which have been related to Loki-Bot
This deep and dark web data will typically relate to the early reconnaissance phases of a cyber threat, whereas RiskIQ’s open web intelligence captures the later phases when malicious actors set up their infrastructure and deploy their cyber attack. Users of the Deep & Dark Web Module can make correlations between these events and open web events found by RiskIQ as they arise. In this case, we have identified discussion about a type of Android malware on the dark web using data gathered by Flashpoint; RiskIQ can then provide data about where that mobile malware is being distributed via both our Mobile App and Global Blacklist indexes.
Fig 3 – Easily create Mobile App events based on the location of apps related to Loki-Bot
In this example, we’ve searched for mentions of “Loki” in our Mobile App database and immediately discover two blacklisted entities. A user can sift through these results based on a wide range of customizable filters to surface the potential cyber threats that are most important to them. A user can then create an event from one of these entities to leverage RiskIQ’s event workflow, allowing External Threats customers to monitor risks of interest and even begin the takedown process.
With the new Deep & Dark Web Module for External Threats, customers can proactively discover new cyber threats to their organizations across multiple channels to ensure that they have a holistic view of their digital presence.
To learn more about how you can use this other External Threats modules to defend your organization from digital threats, get in touch with one of our sales representatives today.
What’s in a #malvertisement? We found more #magecart and a 186% spike in drive-by delivery https://t.co/rsl9GGiRUZ
.@TechCrunch's @zackwhittaker found that thousands of MoviePass customer card numbers were exposed because a critical server was left unsecured. With @ydklijnsma and RiskIQ data in @passivetotal, he discovered the exposure began all the way back in May https://t.co/blde3p21dU
Can you spot the phish? In tomorrow's PassiveTotal Thursday, we’ll take a real-life #phishing page targeting a popular brand and break it down to show how it differs from the genuine. Register today: https://t.co/EP2q6On5vE #ThreatHunting
We're thrilled to welcome Dean Ćoza, who will lead our product and technology teams as RiskIQ Chief Product Officer. Read more about Dean's appointment here:
Check out the brand new @RiskIQ Threat Hunting course on @CybraryIT
Manage Your Attack Surface Management using the "Mark of the Web"
https://t.co/ZGDBGyecJr #cybersecurity #magecart #course #cybrary