Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
When you get a chance, take a look at the top three news headlines. Whatever major events, developments or cultural phenomena you see there, you can be sure that cyber threat actors are trying to exploit them for political or monetary gain.
So it’s no surprise that with Pokémon GO, Zika, and the Olympics firmly in the public conscience, there’s a breadth of cyber schemes aimed at leveraging their immense popularity. And one of the most common modus operandi for stealing sensitive data from unsuspecting users? Fraudulent mobile apps. Out of the millions of mobile apps RiskIQ crawls each day—in the major app stores like Google Play, Apple’s App Store, and Amazon, as well as third-party app stores and mobile carriers’ markets serving localized content to users around the word—thousands are fraudulent or otherwise malicious.
The Olympics: Getting torched
Cyber threat actors are using the size, complexity, and dynamic nature of the global app store ecosystem to exploit well-known Olympic Games sponsors. In such a complex environment, it’s increasingly difficult for sponsoring organizations to monitor their mobile presence and protect their customers from fraud. Cyber threat actors, realizing this lack of visibility by major sponsors, will create several—if not hundreds—of apps that mimic the original, offering games or other interactive experiences that ask users to provide financial data and other sensitive information.
Users are conditioned to grant app permissions to gain access to the content. Shady developers are happy to take advantage of this social conditioning.
It’s worth noting that even legitimate apps can be compromised, especially if they are not kept up to date. The story is always the same; every major sporting event—from the Super Bowl to the Olympics to the Copa America—leaves a graveyard of event-specific apps in their wake made by sponsors and completely forgotten about by all—except opportunistic cyber threat actors. Eventually, these can be hacked and exploited at the organization’s expense.
Pokémon GO: Gotta hack ’em all
Once published, malicious mobile apps can rapidly proliferate from official stores throughout the app store ecosystem, spreading to new stores and web download locations without the developer’s knowledge or consent. The distribution of fraudulent Pokémon apps is broad—of the 2,100 malicious apps in one Pokémon search query inside RiskIQ, 364 of them are from an app store in China, while almost 300 are in Google Play.
These unofficial, third-party apps, such as “Helper for Pokémon GO”, in which players can crowdsource the Pokémon they can find in the game at a particular time, were created to leverage the Pokémon brand for nefarious purposes. The ratio of fraudulent Pokémon apps to authentic ones is extraordinarily high: one out of ten Pokémon apps is malicious, and of the 2,100 Pokémon apps we’ve found, 1,150 can steal information. These actors were so successful that at its peak of popularity, “Poké Radar” hit #2 on the Apple App Store, behind only Pokémon Go itself.
Zika: Not the only virus you have to worry about
RiskIQ has even found fake mobile apps exploiting the concern over the Zika epidemic in Brazil by offering “safety information” but delivering malware instead. The example below is a malicious app that was in the Android app store. It looks like a helpful way for people traveling to Rio can stay safe and informed, promising to send push notifications with crucial updates. However, it was blacklisted by RiskIQ for serving malware instead.
Fig-1 Just one of the many fraudulent apps in mainstream app stores.
Below is a similar app within the RiskIQ tool. In gritty detail, it lists the app’s attributes, many of which are clear indicators of its fraudulent nature.
Fig-2 Another Example of a Zika-related fraudulent app.
Apple’s review process is much more intense than other app stores, though Google began screening apps before they get pushed to Google Play in 2015. Still, it’s possible for apps like the one above to slip through the review process—and even top the charts.
There just too many savvy cyber threat actors out there with the tools and know-how to take advantage of people and wreak havoc on their employers, and eventually the organization’s data. For security teams to defend their organizations against growing cyber threats outside the firewall like fraudulent mobile apps, they must discover and monitor their entire attack surface so they can quickly identify, remediate, and investigate any cyber threats that may surface.
But that’s not enough. These attackers use automation to launch sophisticated attacks at very low cost by rotating and reusing undetected infrastructure, so a security team’s visibility is mostly based on what they see on the corporate network. Once they detect a cyber threat locally, the attacker has already moved, and they’re stuck playing catch up. Therefore, security teams must use the internet as a replacement for the corporate network, i.e. calling upon their own advanced analytics and machine learning to wield Internet datasets such as WHOIS and Passive DNS against adversaries to stay one step ahead of them.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
RiskIQ's #COVID19 Daily Update for 4/8:
➡️The lockdown in Wuhan, China has been lifted for residents
➡️Twitter CEO Jack Dorsey gives $1 billion to COVID-19 relief
➡️Nearly 1/3 of U.S. apt. renters haven't paid any April rent
Read the full update here: https://bit.ly/2Uv3CMV
.@CrowdStrike Store partner @RiskIQ is offering a free Digital Footprint Snapshot report for businesses transitioning to working remotely. It's a quick, easy way to understand the assets connected to your organization. Learn more: http://ow.ly/R1Mp50z3qnk #remotework #wfh
As RiskIQ finds a spike in potentially malicious infrastructure using #COVID19, the UK’s domain name registrar has suspended 600 suspicious #coronavirus websites. Read more via @daphneleprince, @ZDNet https://zd.net/2XgfOUJ
Register for RiskIQ's latest webinar to learn how #COVID19 changed the threat landscape for both the attacker and defender. RiskIQ's Fabian Libeau will explore this rapid transformation and outline steps security teams must now take: https://bit.ly/2Xi81pq
RiskIQ's #COVID19 Daily #Cybercrime Update for 4/7:
➡️NASA suffers huge increase in #malware attacks
➡️Hackers are spoofing Zoom and other tools to deploy malware
➡️#Interpol issues alert on #ransomware attacks on hospitals
Read the full update here: https://bit.ly/2QwfRHS