Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Based on the success of several high profile attacks (ex. Target & AT&T) over the last year exploiting access points created by enterprises connecting into their third-party associates, there’s a growing concern that third-parties present potentially intolerable levels of risk to the enterprise. While the purpose of exploiting third-parties in recent highly publicized breach cases had been gaining access to sensitive areas of affiliated enterprises’ internal networks, there’s another more insidious threat and this one could be even more dangerous. The threat is malware embedded somewhere along the amalgamation of websites, webpages, ads, mobile apps, etc. that a consumer surfing the web would falsely assume belongs to a given organization. This assumption could result from being directed to the page via search engine, the company name or brand appearing in the URL, and/or logos, trademarks, products and services being present on the website, webpage, or mobile app actually hosted on third-party infrastructure. The problem is that users often mistake these assets — which generally have fewer security controls in place — for corporately controlled ones and are willing to share sensitive information, which creates unsafe environment for cyber criminals to exploit.
Adding to the problem is that the modern security discourse around third-party data leaks is more focused on low percentage chance, complex APTs that are costly to carry out, require many moving parts and take years to develop. Organizations should be more concerned with phishing or water holing attacks on an enterprise affiliated website targeting consumers because they are cost effective, relatively low-tech, low-risk and potentially high value. In a recent article on CSO magazine, author Taylor Armerding provides evidence that third-party vendors are weak points. He quotes ZeroPoint Risk Research CEO MacDonnell Ulsch, “almost without exception, a third-party vendor or affiliate is involved (in a successful cyber attack).” Interestingly, MacDonnell wrote about this a year ago, before Target and At&T were breached. Armerding points out that a phishing attack on HVAC led to the leak of millions of Target customer credit cards — all it took was an employee clicking on a malicious link. Similarly, AT&T disclosed that their mobile customers were breached through their third-party vendor and account information, like social security numbers and dates of birth, was compromised.
Amerdering stresses in his article that no enterprise can live on an island and needs multiple relationships with outside vendors, contractors, affiliates, partners and others to function in a connected world. In the chaos of ever expanding and disparate online public interactions points propped up across enterprise and their associates to serve consumers, the ramifications of varying levels of security controls across the online distribution chain create the perfect hiding place for compromised digital assets embedded with well hidden pieces of malware. It is incredibly difficult to gain visibility into the resulting security grey area. RiskIQ offers technology capable of discovering — with an automated an ongoing process — all websites and mobile applications associated in any way with a given enterprise. We provide an outside-looking-in perspective as we crawl assets at Internet scale allowing enterprises to view their network from the vantage of the millions of online users interacting with them on a daily basis. If something malicious exists and can be tied in anyway to a RiskIQ customer, it will be identified and swift action will be taken to remove it before it causes harm.
Peter Zavlaris, Marketing Analyst & Resident Blogger
Back to RiskIQ Blog
Tomorrow: RiskIQ's @joshuamayfield sits down with @forrester's @josh_zelonis to discuss what goes into a next-gen vulnerability management program, and why discovering unknowns is where it all starts: https://t.co/kCxgPVJ1sD
What are the keys to a Modern Vulnerability Risk Management Program? On Tuesday, @joshuamayfield and @josh_zelonis will examine why defending your organization's digital attack surface starts with being able to discover unknowns and investigate threats: https://t.co/kCxgPW0Ckb
IGNITE is just 10 days away! RSVP now to kick off #RSAC and party with Flashpoint, @elastic, @ThreatQuotient, @Siemplify, and @RiskIQ: https://t.co/hnlh0UhHEo
The largest UK #GDPR fine was £183m in 2018 as B.A. booking website was hit by Magecart ccard skimming code. @RiskIQ worked with https://t.co/E3JRdvCMWA and Shadowserver to take down the malicious domains. https://t.co/iiH69vbKFK