Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Are you ready for the EU GDPR?
The EU General Data Protection Regulation (GDPR) takes effect next May and applies not only to organisations with operations in the EU but also to any organisation that targets EU citizens electronically, even if they have no physical presence in the EU. The fines for noncompliance are steep, and as a result, most, if not all, large organisations have active GDPR projects running.
GDPR defines stringent guidelines for the collection, storage, and processing of personally identifiable information. Regarding collection, if your public-facing digital assets collect PII, they are in scope for GDPR.
RiskIQ Digital Footprint mapping gives you the ability to have a full view of what your web assets look like from an end user perspective. As a technical account manager, one of my roles is to help customers operationalise RiskIQ intelligence within their organisation. With the scale and variety of data that RiskIQ captures, an interesting part of my job is to understand how this data is made actionable for different business units.
Some time ago, I was talking to a customer who was looking for a better way to isolate all in-scope websites. With a single click, RiskIQ can isolate websites that contain generic site access attributes in the site page. However, given the global and multilingual nature of their business, the customer wanted more. For example, sites specifically created for a region where English is not used or understood, and, therefore, will not be flagged in the view below:
Fig-1 Sites listed in the RiskIQ tool
Although this use case sounds quite complex, it was relatively easy to deliver. Here’s why:
Our crawler technology is designed to emulate real and random user behaviour, and by doing so, we capture and store each document object model (DOM) for each page we crawl. With input from the customer and the use of our integrated API, we were easily able to identify all their websites that collect PII, regardless of language or layout. This exercise uncovered 300% more Login/PII collection sites then were known previously, many of which were collecting and transmitting data insecurely.
In recent months, many more of our EU customers have worked with us on similar projects to ensure they have a complete view of sites to review. In addition to GDPR compliance, the exercise is helping them improve the protection of their customers and their brand.
Try RiskIQ Community Edition for free and get your organization’s digital footprint today.
Another Magecart group has started to compromise misconfigured S3 buckets! Please secure your buckets.
We detailed how to secure your S3 Buckets in our original reporting: https://t.co/QKrZqWV506
The Columbus, OH #ThreatHunting community is out in full force for today's workshop! Together, we're powering better investigations through data.
Some insights based on reporting by @RiskIQ: Beyond Wipro: Meet the ‘Gift Cardsharks’ Behind the Massive Campaign Targeting Victims with Commercially Available Tools https://t.co/6Vxsnygp1z via @ooda
For today's executives, protecting your organization means protecting yourself—and knowing that personal security sits at the confluence of the physical and digital worlds. https://t.co/HShORi3X6j #ExecutiveProtection #ExecutiveSecurity
Overlap in RiskIQ's unique data sets uncovered a massive threat campaign using popular marketing and analytics tools to target gift card retailers, distributors, and processors. Here's what you need to know https://t.co/GkHsPFwkkd #ThreatIntelligence