Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Sophisticated, well-funded, and highly targeted cyber threat campaigns, many backed by adversarial foreign national governments, are targeting U.S businesses like never before. RiskIQ researchers have just uncovered another such campaign, and it’s a big one.
Widespread and well-orchestrated, this latest campaign uses commercially available marketing tools to launch phishing attacks against potentially hundreds of organizations, many of which deal with gift cards. This cyber threat group’s activities initially surfaced when investigative journalist Brian Krebs reported on the breach of IT supplier Wipro on his website Krebs on Security, explaining how Wipro’s IT systems were compromised and used to attack the company’s customers. However, RiskIQ data pointed to this cyber attack being far from an isolated incident.
In our latest Intelligence report named “Gift Cardsharks,” RiskIQ shows how the campaign is, in reality, a far-ranging assault that exceeds the compromised infrastructure of Wipro and involves a long list of targets dating back to 2016. Although attribution cannot be confirmed, the group’s numerous concurrent cyber attacks display hallmarks of some state-sponsored activity including specific infrastructure, impressive organization, and, likely, a financial motive.
Using our vast collection grid and unique external view of cyber threat actor operations, RiskIQ can piece together a more complete picture of this actor group and their cyber attack campaigns, tools, and possible motives. This report is by no means a comprehensive analysis but builds a detailed narrative of widely-reported events.
Infrastructure overlap in PDNS, WHOIS, and SSL certificate data sets allowed RiskIQ to build out a more comprehensive understanding of actor-owned infrastructure, possible targets, and a timeline of the cyber attack campaigns. This report is an analysis of these campaigns, their operators, and their targets.
Report highlights include:
Download the report today for a full analysis, as well as a list of historical IOCs.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
Wondering where to spend your Monday night at #RSAC 2020? Look no further! RSVP now to come celebrate with Flashpoint, @elastic, @ThreatQuotient, @Siemplify, and @RiskIQ at IGNITE! http://bit.ly/2VrsOpJ
Tomorrow: Stop by the @CrowdStrike booth at 11:30 to see the RiskIQ Illuminate app in action! It analyzes CrowdStrike endpoint coverage and compares it to RiskIQ's unmatched external data to provide a 360-degree view of your attack surface: https://bit.ly/2ujagwt #RSAC2020
The RiskIQ Illuminate app for @CrowdStrike shows your organization's security visibility gaps by analyzing CrowdStrike endpoint coverage and comparing it to @RiskIQ's view of your digital attack surface https://bit.ly/2HFXStG
🛡️#CyberSecurityBrief #Alert: @FTC Refunds Victims Of @OfficeDepot Tech Support Scam via @BleepinComputer @AthertonLab #CyberSecurity #InfoSec #Malware #Ransomware #DDoS #DataBreach #ITsecurity #CyberThreats #CloudSecurity #CyberSecurityInsights https://cybersecurityinsights.substack.com/p/your-friday-morning-cybersecurity?r=63k3&utm_campaign=post&utm_medium=web&utm_source=twitter