Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
2018 Holiday Shopping Season Threat Activity: A Snapshot
The 2018 holiday shopping season was the largest ever for online retailers, but threat actors filled their pockets, too.
So what did the threat activity around this shopping frenzy look like?
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
A business’s executives, leadership, and board of directors are sources of sensitive, privileged, and confidential information, and that makes them primary attack vectors for hackers. That’s why a robust executive protection program that protects these individuals both online and off is paramount.
According to FBI statistics, CEO fraud is now a $12 billion scam. And when private information about these high-profile, high-net-worth individuals is exposed online, it carries a high degree of risk for both that individual and his or her business—not to mention threats against the physical security of the executives and their families. The threat is so significant that Facebook’s board of directors recently granted Mark Zuckerberg a $10 million yearly allowance to pay for the personnel, equipment, and services needed to keep him and his family safe.
But it’s not just the high-profile executives of the world who need sophisticated protection. In today’s digital world, even those who practice stealth wealth are targets of hackers who practice the utmost due diligence in identifying targets and exploiting their most private details. So even if you don’t flaunt your wealth to the public, anything that exists in the digital world is fair play.
Today C-level executives are twelve times more likely to be the target of social incidents and nine times more likely to be the target of social breaches than in years past. Taking the safety of their business, associates, and family seriously means taking their own safety seriously. It’s now crucial for executives to work together with their physical and cyber security teams alike to understand risks in the physical and digital landscapes and develop a plan that protects against it all.
Here are five things to know about improving an executive’s security posture.
Executives have to travel all over the world to do their jobs, sometimes at a moment’s notice. Their tight schedule usually leaves little time to prepare for anything outside the purpose of the business trip, but a lack of preparation could have devastating consequences. As law-abiding private citizens, it may feel unnatural to consider themselves targets of surveillance or espionage, but business executives of this caliber are closely watched by a host of potential adversaries.
These adversaries include industry competitors, sophisticated hacking groups, and even far-ranging espionage wings of national governments — each of these groups is hot after the IP of global businesses and have executives in their crosshairs, which is why it’s never been more critical that executives traveling abroad lean on counterintelligence and situational awareness.
Executive security teams need to know the criminal and geopolitical environment of the area in which they’re traveling so they can identify all possible threats, whether overt or more inconspicuous and provide a thorough briefing to the executive. Traveling executives have been the target of kidnapping plots in certain parts of the world, and after the arrest of Huawei CFO in Canada, several foreign individuals arrested in China as retaliation. This context may be the difference between a safe, successful trip abroad and being hacked or fooled into giving up sensitive information that could materially harm the company.
Economic espionage is a rampant threat to executives even when they’re at home. It can take the form of state-sponsored actors attempting to bolster a country’s economic position or its state-owned enterprises. Consider when PricewaterhouseCoopers (PWC) reported in 2017 that the China-based APT, known as KeyBoy, was shifting its focus to target Western organizations, most likely for corporate espionage purposes.
But domestic competitors can also perform economic espionage. Seattle-based Zillow Group recently filed two lawsuits against real estate rival Compass, alleging that it stole Zillow’s IP.
Global espionage and insider threats to business are nothing new on their own, but the fact that they are now overlapped represents a burgeoning threat to companies and their executives. Professional spies, usually employed by a nation’s embassy, are plentiful near world capitals. But more covert operations happen in places of business, with undercover agents posing as private citizens to infiltrate an organization’s IP and trade secrets. These spies become trusted employees, but maintain primary allegiance to a foreign government.
Not all insider threats are related to economic or state-sponsored espionage. Sometimes disgruntled employees have a personal vendetta and simply want to inflict as much damage as possible to a business or its executives. According to the Information Security Forum, these insiders, who may have access to sensitive information about an executive, are responsible for 54 percent of data breaches.
Employees themselves could also be targets of competitors practicing economic espionage. In the previously mentioned Compass lawsuit, Zillow alleges the company poached employees who went on to divulge business and technology secrets, violating their non-compete agreements.
With executives now being one of the primary attack vectors for businesses, internet-scale visibility is crucial for protecting companies and the people they consist of. Doxxing (publicly posting someone’s sensitive information) is now a primary weapon for spies, extortionists, and all manners of online criminals to target business executives and other high-profile personas.
In 2013, Romanian hacker Marcel Lazar Lehel, more notoriously known as “Guccifer”, leaked snippets of information on the personal lives of several high profile individuals, including Colin Powell, with the intent of cyberstalking him to the point of causing emotional distress.
In the private sector, this famously happened to Sony executives. The FBI believes the hackers were working for North Korea and breached the company’s networks, stole data which included unreleased movies, financial information, company plans, and personal emails, and published it for the public. The reputational hit was tremendous — investigation and remediation expenses related to the hack cost it $41 million, according to the AP.
Spearphishing attacks are now a preferred method for cyberattackers to infiltrate a business. These actors will pose as an executive or other high-ranking employees, performing months of surveillance to learn their language, habits, and schedules so that their emails are realistic and gain the trust of their targets. These emails, which are often sent when the executive is traveling so that they cannot be verified quickly, try to convince employees to transfer money or provide sensitive information.
For example, the Crelan Bank in Belgium lost $75 million in a business email compromise (BEC) scheme. The hackers who compromised the CEO’s email account managed to impersonate him by creating a convincingly similar email and ordering payment be made to a bank account owned by the criminals.
Cyber attackers will also impersonate high-profile executives on social media, which can confuse customers and tarnish the reputation of the executive and the company they work for. In its 2017 Global Risk Management survey of 1,843 organizations around the world, Aon found that the top-rated risk was damage to their reputations or brands.
Physical security teams are rarely technical enough to detect a cyber threat, and cybersecurity teams usually don’t understand how a cyberthreat can manifest itself into a physical situation if not properly handled. While many companies have both teams in some form, they each have different terminology and tactics. It is critical to introduce physical and digital security teams, establish a standardized language and process to communicate and collaborate effectively, especially in a crisis. The higher the degree of cooperation, the fewer the threats that come to fruition.
Knowing is half the battle, but knowing what to do is the other half. Now that the lines between cyber attacks and physical attacks are blurrier than ever, security teams need to work together to detect risks online and develop clear plans of action to address them in the real world if need be.
For today's executives, protecting your organization means protecting yourself—and knowing that personal security sits at the confluence of the physical and digital worlds. https://t.co/HShORi3X6j #ExecutiveProtection #ExecutiveSecurity
Overlap in RiskIQ's unique data sets uncovered a massive threat campaign using popular marketing and analytics tools to target gift card retailers, distributors, and processors. Here's what you need to know https://t.co/GkHsPFwkkd #ThreatIntelligence
Magecart group compromises 17,000 domains by overwriting Amazon S3 buckets l https://t.co/WeyMpruitk @RiskIQ
You can think of Magecart as the ATM skimmers of the web. Thanks to poor security hygiene, they’ve managed to hit 17,000 domains and counting, including some of the 2,000 biggest sites in the world. https://t.co/Gjf5MbnZMa