Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Perhaps no organization is entrusted with more highly sensitive consumer data than the credit bureau Equifax. So when it suffered one of the most massive data breaches in history in 2017, the result was catastrophic for its millions of customers, their trust in Equifax—and consumer trust in credit reporting agencies in general.
The breach, which led to the theft of 147 million people’s personal information, left us asking how something on that scale and with such far-reaching implications could happen. There seemed to be an illusion that because Equifax is so big, so ubiquitous, and holds so much data that they were taking better care than most organizations to protect it. They were invincible, right?
With the recently-released Senate Committee on Homeland Security and Governmental Affairs’ report on its investigation into the breach, the reason is painfully clear. Equifax, like most organizations, was unaware of the scope of its attack surface—especially that which resides outside the firewall—and therefore was unable to maintain an adequate patch-management policy.
It seems to be a terrifying trend, as many of the large-scale breaches that now surface in the news all too regularly are a result of compromised external assets that organizations weren’t aware existed. According to Senators Rob Portman and Tom Carper, who authored the report, that is precisely what happened to Equifax. What’s even more terrifying? The audit report mentioned that Equifax lacked a comprehensive IT asset inventory and did not fully understand the scope of the digital assets it owned.
Equifax was hacked via a consumer complaint web portal with a widely known vulnerability their security team should have patched. Once the attackers moved laterally into their network, they exfiltrated encrypted data for months because Equifax did not renew an encryption certificate on one of their internal security tools–which meant that this encrypted traffic wasn’t being inspected.
“[Equifax] lacked a complete understanding of the assets it owned,” the report states. “This made it difficult, if not impossible, for Equifax to know if vulnerabilities existed on its networks. If a vulnerability cannot be found, it cannot be patched.”
In today’s hyper-digital world, organizations must have a full inventory of digital assets connected to them outside their internal network to determine what may be vulnerable to attacks. In the case of Equifax, this would’ve included assets with known vulnerabilities, such as the customer complaint portal. This visibility would also have surfaced and flagged assets with expired certs, like the one in Equifax’s security tool that allowed the attackers to exfiltrate encrypted data.
For years, vulnerability management was synonymous with vulnerability scanning and pen-testing. These were the keys to understanding which of your organization’s digital assets are susceptible to threats and where those assets’ vulnerabilities lie. However, widespread cloud migration and the explosive growth of online businesses fundamentally changed what security teams need to protect. For vulnerability management, only scanning and pen-testing assets you know about are not nearly sufficient to protect you now. What was once a small area to defend is now an expansive attack surface—a universe of digital assets scattered across the web, cloud, and mobile app stores.
RiskIQ helps uplevel vulnerability management programs and penetration testing teams, allowing them to find digital assets connected to their organization outside their internal network, providing visibility into assets that may be vulnerable to attacks. Just as an attack surface continues to evolve, so does the RiskIQ solution. Our discovery engine continuously scours the Internet to identify new assets, and alerts you to vulnerabilities or suspicious activity.
If a threat is identified, RiskIQ provides security analysts and incident responders with extensive investigative capabilities, powered by petabytes of Internet data. RiskIQ users don’t have to worry about stitching together data sources and can instead focus on making connections, accelerating their response efforts, and getting the most from their existing security investments. Over 85,000 security professionals have placed trust within RiskIQ and joined the community platform to make the Internet a safer place.
If we do not rethink our attack surfaces and how we appear to attackers, breaches like the one that took down Equifax will happen again and again. The modern attack surface expands from the network across the Internet and the cloud, where traditional security controls lack visibility. Unfortunately, the landscape of this new front in the war against data breaches currently favors attackers. With the visibility afforded security teams by the internet data sets collected by RiskIQ, we can turn the tide back into the good guys’ favor.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
RiskIQ's #COVID19 Daily #Cybercrime Update for 3/31:
➡️RiskIQ observed a large Iranian #malware campaign impersonating official #WHO representative
➡️#WHOIS reliability issues fueling COVID-19 cybercrime
➡️Updated #spam stats
Read the full update here: https://bit.ly/2QwfRHS
"As we’re now all isolating ourselves and homebound, it means online purchases will spike and makes it a prime time for criminals." - @ydklijnsma. Read more about the 20% spike in #Magecart due to #COVID19 in @WIRED https://bit.ly/2UVaC5E
RiskIQ's #COVID19 Daily Update for 3/30:
➡️The U.S. confirms cases jumped by 108,302 (+307%)
➡️FBI warns hospitals of supply-chain scams
➡️FDA issues emergency authorization for the use of hydroxychloroquine and chloroquine
Read the full update here: https://bit.ly/2Uv3CMV
According to @campuscodi, @sniko_ was able to use @PassiveTotal to link nine malicious QR code generator sites that have stolen $46,000 to three web servers, which hosted 450+ other websites—all with "shady-looking domains." Read more in @ZDNet https://zd.net/2QRPjkq
RiskIQ's #COVID19 Daily #Cybercrime Update for 3/28:
➡️#Ryuk #Ransomware continues to target hospitals
➡️New bitcoin scam promises “millions” by working from home
➡️Hackers target home delivery food apps
➡️Updated #spam stats
Read the full update here: https://bit.ly/2QwfRHS