Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
RiskIQ now detects several Magecart breaches hourly and has observed Magecart skimmers in the wild millions of times. Many of these attacks are amateurish, using crude tactics and pre-packaged tools to try to get a skimmer on any site and any webpage possible. However, there are also sophisticated actors pushing the boundaries of what Magecart can do, and these advanced attacks could very well become the new normal.
Rather than hoping one of their skimmers will reach a website, these skilled Magecart operatives will target large retailers specifically, studying the e-commerce platform carefully to understand it’s vulnerabilities and interworkings. Their goal is to custom-build skimmers in line with the site’s appearance and functionality so that it can stealthily intercept not only credit card data but also other types of information users type into parts of the site usually off-limits to skimmers. For example, skimming information typed into online shopping profiles, in which customers save names and shipping addresses, can enable Magecart actors to combine skimmed PII with its corresponding financial data to create “fullz,” packages of data highly valuable on the black market.
There are a variety of ways to attack the functionality of a website, and operatives with the right insight and enough time will find them.
In our “Fullz House” report, we showed how a threat group crossed over from the phishing ecosystem into Magecart. Their objective was to add stolen credit card information to the PII they were already taking in a lucrative bid to produce and sell fullz.
Bringing an entirely new skill set to the online skimming game, this group spun up fake payment pages masquerading as legitimate financial institutions. They then redirected unwitting phishing victims to these skimmer-rigged pages to fill out their payment data. This new skimming-phishing hybrid threat tactic means that even stores that send customers to external payment processors are vulnerable to Magecart.
It doesn’t matter how online transactions are structured nowadays, attackers can and will capture full packages of individuals’ identifying and financial information.
There’s been a recent decline in browser-based cryptojacking, i.e., secretly using someone’s computing power to carry out the cryptomining task without permission. Due to the plummeting price of cryptocurrency, people abandoned their crypto-mining endeavors because the surging cost of mining it made the activity unviable.
In 2017, Cyptojacking affected 500M users, and 2018, RiskIQ detected an average of 495 new hosts running cryptocurrency miners each week, with hundreds in the Alexa top-10,000. That pace can continue in 2020 and beyond.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
.@CrowdStrike Store partner @RiskIQ is offering a free Digital Footprint Snapshot report for businesses transitioning to working remotely. It's a quick, easy way to understand the assets connected to your organization. Learn more: http://ow.ly/R1Mp50z3qnk #remotework #wfh
As RiskIQ finds a spike in potentially malicious infrastructure using #COVID19, the UK’s domain name registrar has suspended 600 suspicious #coronavirus websites. Read more via @daphneleprince, @ZDNet https://zd.net/2XgfOUJ
Register for RiskIQ's latest webinar to learn how #COVID19 changed the threat landscape for both the attacker and defender. RiskIQ's Fabian Libeau will explore this rapid transformation and outline steps security teams must now take: https://bit.ly/2Xi81pq
RiskIQ's #COVID19 Daily #Cybercrime Update for 4/7:
➡️NASA suffers huge increase in #malware attacks
➡️Hackers are spoofing Zoom and other tools to deploy malware
➡️#Interpol issues alert on #ransomware attacks on hospitals
Read the full update here: https://bit.ly/2QwfRHS
Via @WIRED, this week's top security news, including RiskIQ data highlighting how #Magecart are taking advantage of the boom in online shopping https://bit.ly/2xXuT2K