Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Extortion, blackmail, data leakage, targeted spearphishing.
Your organization’s leadership are not only prime targets for cyber attackers but also a principal attack vector themselves. Defending your executive team, both online from cyber attacks and physical attacks requires a new approach: acting and thinking like “the bad guys.”
Cybercriminals constantly try to find and distribute sensitive information about these high-profile, high-net-worth individuals. When they’re familiar with someone’s name, likeness and personal web presence, bad actors can sell information about the super-wealthy, or use it against them in digital attacks. These digital invasions can also translate into disturbing real-world attacks: since 2013, 78,617 firms have been scammed out of more than $12 billion. The bad guys only had to exploit the financial executives at these companies to make it happen. So-called spearphishing and whaling attacks are two ways to do it.
A spearphishing cyber attack is a maneuver that targets employees with sensitive information via email. The threat actor pretends to be an executive, and often fools the employee. This is because the hacker has more information about the CEO than anyone should, and can, therefore, impersonate them convincingly.
This makes it easy to fool employees into sending sensitive information to someone who claims to be legit but is actually a malicious actor. In 2016, a Seagate employee emailed income tax data for several employees to a hacker, exposing thousands of people’s personal data to a third party.
Whaling attacks target executives directly and are another successful form of attack. These emails and websites contain information gleaned from a variety of sources. By using information like addresses, titles, family names, and colleagues’ names and titles, these emails can even fool the highest-ranking personnel into giving up company secrets. For the boldest cybercriminals, this information can also be used to target executives for extortion and ransom pay in the real world.
If you want to prevent harm to executives while stopping damaging cyber attacks, you must have a security program that bridges the digital and physical worlds. It should find leaked personal data, track what potential attackers can find, and minimize the likelihood of information falling into the wrong hands.
Internet-scale visibility is crucial to protecting your attack surface.
Just like a website, server, or mobile app, your executives are a key attack vector for hackers. No employee is more central your business operations, nor has access to more sensitive, potentially damaging information. Humans can be data-breached too!
Organizations must combat internet-scale threats with internet-scale visibility. If they have a real-time picture of how their executives appear across the internet, they can understand the massive scope of their cyber attack surface and develop an effective threat management strategy to protect it.
Crossing your fingers for luck is no strategy at all.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
🛡️#CyberSecurityBrief #Alert: @FTC Refunds Victims Of @OfficeDepot Tech Support Scam via @BleepinComputer @AthertonLab #CyberSecurity #InfoSec #Malware #Ransomware #DDoS #DataBreach #ITsecurity #CyberThreats #CloudSecurity #CyberSecurityInsights https://cybersecurityinsights.substack.com/p/your-friday-morning-cybersecurity?r=63k3&utm_campaign=post&utm_medium=web&utm_source=twitter
At #RSAC2020, stop by the @CrowdStrike booth on Tuesday at 11:30 to see the RiskIQ Illuminate app in action! It analyzes CrowdStrike endpoint coverage and compares it to RiskIQ's unmatched external data to provide a 360-degree view of your attack surface: https://bit.ly/2ujagwt
Credit Card Skimmer Found on Nine Sites, Researchers Ignored - by @Ionut_Ilascu
Looking for plans in San Francisco Monday night during #RSAC 2020? You're invited to party with RiskIQ at IGNITE, hosted by @FlashpointIntel! RSVP today: https://bit.ly/2R1SPJe