Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
RiskIQ now detects several Magecart breaches hourly and has observed Magecart skimmers in the wild millions of times. Many of these attacks are amateurish, using crude tactics and pre-packaged tools to try to get a skimmer on any site and any webpage possible. However, there are also sophisticated actors pushing the boundaries of what Magecart can do, and these advanced attacks could very well become the new normal.
Rather than hoping one of their skimmers will reach a website, these skilled Magecart operatives will target large retailers specifically, studying the e-commerce platform carefully to understand it’s vulnerabilities and interworkings. Their goal is to custom-build skimmers in line with the site’s appearance and functionality so that it can stealthily intercept not only credit card data but also other types of information users type into parts of the site usually off-limits to skimmers. For example, skimming information typed into online shopping profiles, in which customers save names and shipping addresses, can enable Magecart actors to combine skimmed PII with its corresponding financial data to create “fullz,” packages of data highly valuable on the black market.
There are a variety of ways to attack the functionality of a website, and operatives with the right insight and enough time will find them.
In our “Fullz House” report, we showed how a threat group crossed over from the phishing ecosystem into Magecart. Their objective was to add stolen credit card information to the PII they were already taking in a lucrative bid to produce and sell fullz.
Bringing an entirely new skill set to the online skimming game, this group spun up fake payment pages masquerading as legitimate financial institutions. They then redirected unwitting phishing victims to these skimmer-rigged pages to fill out their payment data. This new skimming-phishing hybrid threat tactic means that even stores that send customers to external payment processors are vulnerable to Magecart.
It doesn’t matter how online transactions are structured nowadays, attackers can and will capture full packages of individuals’ identifying and financial information.
There’s been a recent decline in browser-based cryptojacking, i.e., secretly using someone’s computing power to carry out the cryptomining task without permission. Due to the plummeting price of cryptocurrency, people abandoned their crypto-mining endeavors because the surging cost of mining it made the activity unviable.
In 2017, Cyptojacking affected 500M users, and 2018, RiskIQ detected an average of 495 new hosts running cryptocurrency miners each week, with hundreds in the Alexa top-10,000. That pace can continue in 2020 and beyond.
What are the keys to a Modern Vulnerability Risk Management Program? On Tuesday, @joshuamayfield and @josh_zelonis will examine why defending your organization's digital attack surface starts with being able to discover unknowns and investigate threats: https://t.co/kCxgPW0Ckb
IGNITE is just 10 days away! RSVP now to kick off #RSAC and party with Flashpoint, @elastic, @ThreatQuotient, @Siemplify, and @RiskIQ: https://t.co/hnlh0UhHEo
The largest UK #GDPR fine was £183m in 2018 as B.A. booking website was hit by Magecart ccard skimming code. @RiskIQ worked with https://t.co/E3JRdvCMWA and Shadowserver to take down the malicious domains. https://t.co/iiH69vbKFK
The theme of this year's @cctxcanada 4th annual collaboration event is "Give and Take: Why helping others drives our success." RiskIQ's Geoff Roote explains the modern Internet Attack Surface and why defending the web is a collaborative community effort.
State-sponsored social engineering: how you can protect your business from Iranian #CyberThreats https://t.co/uoI0wG2Pje #ThreatIntelligence