Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
2018 Holiday Shopping Season Threat Activity: A Snapshot
The 2018 holiday shopping season was the largest ever for online retailers, but threat actors filled their pockets, too.
So what did the threat activity around this shopping frenzy look like?
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
Security-savvy organizations know that they must understand their entire digital presence to effectively protect their business, brand, and customers.
As the internet becomes increasingly integral to the success of businesses, their digital presence expands. Companies must not only manage the websites, mobile apps, and social media accounts representing their organization in an official capacity, but also establish means to identify third-party impersonation and fraud across web, mobile, and social attack vectors. While the infrastructure needed to execute attacks against an organization or its customers must be detected and mitigated on the open web, dark web monitoring can be highly informative to discovering attacker tactics and methods.
Organizations should monitor both the open internet and the dark web for holistic visibility and a proactive approach to external threats targeting their organization. RiskIQ is excited to announce a partnership with Flashpoint and new product offering of a Deep & Dark Web (DDW) Module within our existing External Threats product that brings Flashpoint’s rich intelligence directly into a customer’s digital risk program.
Through this integration and partnership, data sourced from Flashpoint’s monitoring of deep and dark web forums create events in the RiskIQ platform alongside other types of event alerts. The new module allows customers to set keywords of interest to provide visibility into potential attacks during the planning stages or attacks that may target the organization or employees directly. This capability adds to RiskIQ existing detection of active threats against an organization across the internet.
When used together, these two intelligence sources create a powerful combination that protects an organization’s digital presence. Visibility into the dark web helps organizations understand the full complexity of their security posture, and the additional context provided by both data sources turns previously non-actionable information into something actionable.
Fig 1 – Flashpoint data from a dark web forum about Android Malware
With this partnership, Flashpoint dark web data is integrated into RiskIQ’s platform as a custom event. Figure-1 (above) shows an example event surfacing forum chatter about a strain of Android malware, commonly referred to as Loki-Bot, that is known to steal credentials and other sensitive information.
Fig 2 – Searching RiskIQ Mobile App database for apps which have been related to Loki-Bot
This deep and dark web data will typically relate to the early reconnaissance phases of a threat, whereas RiskIQ’s open web intelligence captures the later phases when malicious actors set up their infrastructure and deploy their attack. Users of the Deep & Dark Web Module can make correlations between these events and open web events found by RiskIQ as they arise. In this case, we have identified discussion about a type of Android malware on the dark web using data gathered by Flashpoint; RiskIQ can then provide data about where that mobile malware is being distributed via both our Mobile App and Global Blacklist indexes.
Fig 3 – Easily create Mobile App events based on the location of apps related to Loki-Bot
In this example, we’ve searched for mentions of “Loki” in our Mobile App database and immediately discover two blacklisted entities. A user can sift through these results based on a wide range of customizable filters to surface the potential threats that are most important to them. A user can then create an event from one of these entities to leverage RiskIQ’s event workflow, allowing External Threats customers to monitor risks of interest and even begin the takedown process.
With the new Deep & Dark Web Module for External Threats, customers can proactively discover new threats to their organizations across multiple channels to ensure that they have a holistic view of their digital presence.
To learn more about how you can use this other External Threats modules to defend your organization from digital threats, get in touch with one of our sales representatives today.
Cyber-Risks Hiding Inside Mobile App Stores https://t.co/NeXSULKcb5 #mobile #mobileapp #googleplay #risk by @kellymsheridan
If you have a “c” in your title, you're a target both online and in the physical world. Here are 5 things to "know" about modern executive defense https://t.co/Nl3lrvEM7O
#PlayStore winning war on suspect apps https://t.co/Zw1yuLswXF
Blacklisted apps rise, antivirus apps prove more harm than good, and Google Play continues to set the trends. Download our Q1 Mobile Threat Landscape Report and 2018 review for a deep dive into the last 18 months of #MobileThreats: https://t.co/FipDUCA6wA
Check out my latest interview in Forensic Magazine: Cybercrime, Cybertargets, and Cybersecurity https://t.co/TNy7MhoUn2 @LauraMFrench @ForensicMag @RiskIQ #cybercrime #CyberSecurity #threathunting