Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Security-savvy organizations know that they must understand their entire digital presence to effectively protect their business, brand, and customers.
As the internet becomes increasingly integral to the success of businesses, their digital presence expands. Companies must not only manage the websites, mobile apps, and social media accounts representing their organization in an official capacity, but also establish means to identify third-party impersonation and fraud across web, mobile, and social attack vectors. While the infrastructure needed to execute cyber attacks against an organization or its customers must be detected and mitigated on the open web, dark web monitoring can be highly informative to discovering cyber attacker tactics and methods.
Organizations should monitor both the open internet and the dark web for holistic visibility and a proactive approach to external threats targeting their organization. RiskIQ is excited to announce a partnership with Flashpoint and new product offering of a Deep & Dark Web (DDW) Module within our existing External Threats product that brings Flashpoint’s rich intelligence directly into a customer’s digital risk program.
Through this integration and partnership, data sourced from Flashpoint’s monitoring of deep and dark web forums create events in the RiskIQ platform alongside other types of event alerts. The new module allows customers to set keywords of interest to provide visibility into potential cyber attacks during the planning stages or cyber attacks that may target the organization or employees directly. This capability adds to RiskIQ existing detection of active cyber threats against an organization across the internet.
When used together, these two intelligence sources create a powerful combination that protects an organization’s digital presence. Visibility into the dark web helps organizations understand the full complexity of their cyber security posture, and the additional context provided by both data sources turns previously non-actionable information into something actionable.
Fig 1 – Flashpoint data from a dark web forum about Android Malware
With this partnership, Flashpoint dark web data is integrated into RiskIQ’s platform as a custom event. Figure-1 (above) shows an example event surfacing forum chatter about a strain of Android malware, commonly referred to as Loki-Bot, that is known to steal credentials and other sensitive information.
Fig 2 – Searching RiskIQ Mobile App database for apps which have been related to Loki-Bot
This deep and dark web data will typically relate to the early reconnaissance phases of a cyber threat, whereas RiskIQ’s open web intelligence captures the later phases when malicious actors set up their infrastructure and deploy their cyber attack. Users of the Deep & Dark Web Module can make correlations between these events and open web events found by RiskIQ as they arise. In this case, we have identified discussion about a type of Android malware on the dark web using data gathered by Flashpoint; RiskIQ can then provide data about where that mobile malware is being distributed via both our Mobile App and Global Blacklist indexes.
Fig 3 – Easily create Mobile App events based on the location of apps related to Loki-Bot
In this example, we’ve searched for mentions of “Loki” in our Mobile App database and immediately discover two blacklisted entities. A user can sift through these results based on a wide range of customizable filters to surface the potential cyber threats that are most important to them. A user can then create an event from one of these entities to leverage RiskIQ’s event workflow, allowing External Threats customers to monitor risks of interest and even begin the takedown process.
With the new Deep & Dark Web Module for External Threats, customers can proactively discover new cyber threats to their organizations across multiple channels to ensure that they have a holistic view of their digital presence.
To learn more about how you can use this other External Threats modules to defend your organization from digital threats, get in touch with one of our sales representatives today.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
Dream situation for adversaries. Holes open daily in the attack surface to support remote work. Time to adapt! Proud to be helping with free access in @PassiveTotal and via the @RiskIQ Illuminate platform. Purpose built for the #CISO and #cybersecurity teams. https://twitter.com/RiskIQ/status/1266444273207083009
Microsoft Remote Desktop is spiking. Why? Because all work is now remote work and all access is now remote access. RiskIQ scans hundreds of ports and maps exposed services to provide security teams with a picture worth a thousand log lines. https://bit.ly/2xJ1Dgx
RiskIQ's #COVID19 Weekly Update:
➡️Car rental company Hertz filed for bankruptcy protection
➡️For the first time, the Boston Marathon has been canceled
➡️Most of the malicious coronavirus emails are coming from US IP space
Read full update here: http://bit.ly/2Uv3CMV
RiskIQ's #COVID19 Internet Intelligence Gateway will enable the cybersecurity community to fight a surge in pandemic-related cybercrime. Sign up, submit any suspicious COVID-19-related URL, and have RiskIQ's powerful global crawling network at your command http://bit.ly/3eon6ek
Via @InfosecurityMag, @DanRaywood highlights RiskIQ's new #COVID19 Internet Intelligence Gateway. This one-stop cybersecurity resource is the latest weapon in the fight against the surge in pandemic-related cybercrime. Read more here https://bit.ly/36ALU02