Executive Guardian
Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
2020 will see organizations continue to shift digital interactions closer to customers and launch innovative methods for marketing, advertising, and selling their products online. While this will continue to bring great rewards for businesses, it will also increase risk over the coming year.
Cybercriminals always move to where the money is, whether it’s mass cloud migrations, booming e-commerce, or a hot cryptocurrency market. The cybersecurity industry must respond to this development by working closely with businesses to develop new ways to keep the data of both organizations and consumers secure.
As the cybersecurity industry heads into a new year and a new decade, many of the threats we’ll see will be an acceleration of the developments of previous years. Welcome to Infosec 2020, RiskIQ’s predictions for the year ahead and beyond.
Security is now a business input, and CEOs want to know how their organization’s security posture affects the business as a whole. With breaches and other security incidents causing multi-million dollar losses, the c-suite is asking their security teams for context around incidents. CISOs must invest in the talent and technology to answer questions like, How did we get targeted? Why are we an attractive target, and by whom? What other organizations did these attackers hit, and what about our business made us a target? What can we do to respond?
In 2020, simply saying you’re preventing threats won’t be enough. Investigations that reveal the cause and nature of attacks—and the actors behind them— will be critical. CISOs who can’t provide this key context won’t survive.
– Lou Manousos, CEO
Business Email Compromises and ransomware will continue to plague smaller organizations who have transitioned online but have limited resources for security. These organizations often lack visibility into their digital presence and are all too susceptible to these types of potentially ruinous attacks. For big and small organizations alike, keeping track of your attack surface and training employees on best practices for cybersecurity will be critical.
– Brandon Dixon, VP of Strategy
Already, we’re seeing skilled and experienced threat actors who have made a living in other areas of the threat landscape, such as phishing, incorporate web-skimming into their attacks. For example, by phishing for the payment credentials in the form of a payment processor phishing page then sending victims back to the real checkout page to continue the e-commerce flow, nothing is interrupted.
It doesn’t matter how online transactions are structured nowadays, attackers can and will capture full packages of individuals’ identifying and financial information. We’ve already seen this happen in our ‘Fullz House’ research, and expect activity like it to continue into 2020.
– Yonathan Klijnsma, Head Threat Researcher
Magecart has been threatening the ability of consumers worldwide to shop safely online for years by stealthily intercepting their credit card data via their browsers. In 2020, its credit card skimming tactics will continue to evolve and remain a headline issue worldwide.
Unless businesses radically change their management of third-party web services embedded in their web applications, they will continue to be massive targets. Keep an eye out for lateral moves by Magecart actors from card skimming to general form-skimming as this would be a natural step for Magecart threat actors to make. While payment data is currently in focus, because web skimming can skim any information entered into a website, Magecart groups will expand to skimming more than just credit card data to login credentials and other sensitive information.
– Terry Bishop, Technical Director, EMEA
2019 saw a decline in cryptojacking—secretly using someone’s computing power to carry out the cryptomining task. This decline was not surprising because the price of cryptocurrency has also decreased following its zeitgeist moment in 2018. However, recently, cryptocurrency prices have been creeping up. They will likely move past the breakeven point for currency miners, i.e., the point where it is once again profitable to run cryptojacking campaigns.
With successful miners able to go undetected for months, this is an issue that is likely to linger throughout the year, making it essential for organizations to monitor for these threats actively.
– Fabian Libeau, SVP, EMEA
Many organizations have almost no visibility into their web-facing assets and the way their users interact with them. Because of this, browser-based threats will become the go-to method for threat actors to target organizations, their employees, and, perhaps most publicly, their customers.
Browser-based attacks such as Web skimming, Cryptocurrency Miners, Fingerprinters, and Waterholing are responsible for some of the most high-profile breaches in recent history, such as the hack of British Airways. Our researchers now encounter these attacks daily, and they’ll only be ramping up in intensity into 2020, becoming a leading attack pattern for breaches in the Retail, Professional Services, Finance, and Manufacturing industries. Cyber Security executives will need to be confident in their defensive postures outside the firewall, especially regarding their companies’ own and third-party JavaScript in critical assets.
– Dan Schoenbaum, President, and COO
Once upon a time, cybercriminals were predictable. Young and hoodie-clad, they had high hopes of getting famous in the digital underworld. But over the years, cyber attackers’ goal of infecting evolved to stealing. Now, as we approach 2020, the objective will change once again. Welcome to the age of conquest and information control.
We already see cybercriminals setting up basecamp in our networks for months before we see them, as well as highly organized and well-funded syndicates seizing control of computer resources the world over. Most cybersecurity folks are aware of the botnet craze and other forms of conquest like ransomware, cryptomining, and integrity change. But 2020 will also give rise to integrity exploits, i.e., fraudulently manipulating information to harm human interpreters by changing the inputs of decision-making. For example, if I change the manifest on your Shanghai-bound barge it’s rerouted Anchorage, millions can be lost.
– Josh Mayfield, Head of Global Product Marketing
Eventually, threat actors will increase their adoption of adversarial machine learning to evade detection by security vendors’ machine learning models forcing the good guys’ models to evolve quickly to keep up. However, 2020 will not be the year this happens. Less sophisticated, large-scale attacks will still be the tactic of choice for threat actors. These attacks are built to overwhelm security teams and vendors, not necessarily outsmart them.
But that’s not to say machine learning and automation will not play a huge role in security in 2020. With the sheer volume of these attacks, defending against them will not be a job for humans. Machine learning and automation will be the only way to scale defenses to meet this challenge.
– Adam Hunt, CTO
With business happening at warp speed, organizations will rush even more to adopt dev-ops practices. They’ll have good intentions but will make mistakes that will, in many cases, cause their efforts to be more harmful than good. These mistakes will result in data leaks or unintended publishing of company data to the public cloud, as well as easily exploitable security flaws from misconfigurations, unknown assets, and vulnerable third-party components.
Cloud migration is top-of-mind for IT departments, and the movement of organizations transitioning to the cloud will only intensify in 2020. However, as CIOs and their teams move their digital presence outside their organization, they must be able to manage risk and combat threats. It will be vital for businesses to understand their full attack surface—across the internet and the cloud— and measure the risk of threats and exposures as they grow their digital presence beyond their firewall.
RiskIQFollow
Get your #RSAC 2020 party started by joining RiskIQ at IGNITE, hosted by @FlashpointIntel! Register now: https://t.co/XhmW7kUCY8
Now you can see why we named it Magecart 🙃 it’s where it started in 2014. A group normally skimming data through Mage.php when a cart checkout is done, started pioneering a client-side JS skimmer. The rest of the story can be read in our 2018 report: https://t.co/aGlU984pTU https://t.co/AwDlwdb36p
Based on data from @riskiq it appears this campaign by the Russian GRU to hack and breach Burisma in Ukraine started around 11-11-2019 (and possibly earlier) with the registration of the domain kub-gas[.]com cc @Ushadrons @file411 @IdeaGov #infosec #phishing #malware #disinfo
RiskIQ is excited to announce that growth expert Christophe Culine has joined our team as Chief Revenue Officer, leading our sales organization to great things in 2020 and beyond https://t.co/DYCAOfYeIa
RiskIQ's @ydklijnsma was on @DarknetDiaries to talk about the global phenomenon of #Magecart. Listen in on how credit card skimming on online purchases is happening—and happening often. https://t.co/idgq5jTyvG
