Blog

External Threat Management

External Threat Management

State-sponsored Social Engineering: How You Can Protect Your Business From Iranian Cyber Threats

RiskIQ agrees with most experts that Iran is likely planning additional cyber-attacks in the coming months to punish the U.S. for the airstrike that killed the Iranian Islamic Revolutionary Guard Corps (IRGC) Commander, Qasem Soleimani. 

Below, RiskIQ's managed intelligence services team, comprised of former intelligence officers, assesses how state-sponsored threats from Iran can affect your business. 

So far—in keeping with its modus operandi—Tehran's response to the attack has been measured and proportional. Four days after the strike, the IRGC launched numerous ballistic missiles at U.S. airbases in Iraq, inflicting minor casualties. According to the Washington Post, on January 8th, the head of Iran's Aerospace Force, stated they "did not intend to kill... [instead, they] intended to hit the enemy's military machinery."

Historically, Iran has also conducted retaliatory attacks calibrated to maintain plausible deniability and avoid escalation. Attribution for cyber attacks is difficult, making it a useful—and frequently used—countermeasure for Tehran.

Iran has a first-world cyber-attack capability

Continue Reading
External Threat Management

A New Decade Of Javascript Threats

Just a decade ago, the world's Javascript was a nearly untapped wellspring of victims and cash for attackers, a new frontier for cybercrime that covered 95% of all websites on earth. It was ripe for the picking. 

Because they execute in the victim's browser, Javascript threats were outside the corporate network and beyond the purview of traditional security controls. Realizing they were operating in a blind spot for security teams, innovative threat actors seized the opportunity and started picking apart the Javascript of websites worldwide. 

E-commerce was particularly vulnerable to this onslaught, with web-skimmers intercepting consumer credit card numbers across a massive swath of websites. With the rise in the value of cryptocurrency, actors also went to work stealing users' CPUs to mine coins, stealthily placing their cryptominers in the Javascript of thousands of victimized websites. 

Soon, entire underground economies grew around the spoils of Javascript threats, and the pool of threat actors grew. More novice threat actors took advantage of pre-packaged cryptominers and skimming tools and pre-hacked websites. At the same time, advanced attackers kept raising the bar for innovation by finding new ways to breach websites and maximize profits. 

Eventually, mega breaches resulting from Magecart attacks, such as the hack of British Airways, brought Javascript threats to the public consciousness. The hack of a renowned Fortune Global-500 company and the subsequent exfiltration of thousands of customer records shattered consumer trust. It also drew the ire of the GDPR, which proposed a fine against the company of £183m, or 1.5% of British Airways' 2017 revenues.

Continue Reading
External Threat Management

The Internet Is Growing, and so Is Your Attack Surface

Imagine you were responsible for the protection of a building. 

You'd probably start by analyzing its entire interior and exterior, mapping every square foot to determine what defenses you need to put in place and where. Along with your locks and alarms, you'd want to install a network of surveillance cameras positioned to give you real-time visibility of the entire structure, i.e., anywhere a burglar could possibly show up. It's a pretty clear-cut formula that, once implemented, ensures you're ready to defend against intruders.

Securing a building is a metaphor that's used in corporate cybersecurity often, and for a good reason—it's a straightforward way of characterizing network security controls. Your firewalls and proxies are your locks, and your scanners are your security cameras, letting you know everything that's going on within your network. Traditionally,  these things would leave you in good shape cybersecurity-wise. However, the world is rapidly changing, and so is the threat landscape targeting businesses. 

Due to cloud server migration, hosting, and other digital media initiatives, a business's digital presence no longer fits neatly behind its tightly secured perimeter. Its attack surface sprawls out across the open internet, outside the scope of firewalls and endpoint protection, as a collection of millions of digital assets laid bare for all to see, including hackers, as they research their next threat campaigns. 

This new reality for security teams means that the building metaphor must take a turn for the absurd to still represent what they need to protect. Now, imagine that building you're guarding is not only growing larger every day, but also its rooms are changing, rotating, and reorientating in real-time. The map you made of your building yesterday is no longer relevant today—you’ve lost track of many of the rooms, and new, hidden rooms have sprung up. 

Continue Reading
External Threat Management

It’s Time to Rethink Vulnerability Management. Welcome to the Age of Digital Attack Surface Management

For years, vulnerability management was synonymous with vulnerability scanning and pen-testing. These were the keys to understanding which of your organization's digital assets are susceptible to threats and where its vulnerabilities lie. However, widespread cloud migration and the explosive growth of the average business's online presence fundamentally changed what security teams need to protect, making scanning and pen-testing not nearly sufficient.

Vuln management has been an exercise in navel-gazing, looking at our asset's weak spots to close the shields. But once the whole IT footprint became a digital footprint—web, social, mobile, etc.—vulnerability scanning and pen-tests showed just how incomplete they were, unable to see beyond into that digital sphere. What was once a small area to defend is now an expansive digital attack surface, a universe of digital assets scattered across the web, cloud, and apps. It's only natural for exposures to go unnoticed on this fluid, digital attack surface. 

Unfortunately, breaches via these internet-connected assets are happening at an unprecedented rate, many of them a result of assets compromised that organizations weren't aware even existed. How do we mitigate exposures and risks, when those exposures and risks are hidden in digital assets we cannot see? There must be an easier way. 

It's time to think bigger than vulnerability management. Welcome to the age of digital attack surface management.

Vulnerability Management, Beyond Scanning

Continue Reading
External Threat Management

Infosec 2020: RiskIQ Looks Ahead to a New Decade of Cybersecurity

2020 will see organizations continue to shift digital interactions closer to customers and launch innovative methods for marketing, advertising, and selling their products online. While this will continue to bring great rewards for businesses, it will also increase risk over the coming year. 

Cybercriminals always move to where the money is, whether it's mass cloud migrations, booming e-commerce, or a hot cryptocurrency market. The cybersecurity industry must respond to this development by working closely with businesses to develop new ways to keep the data of both organizations and consumers secure.

As the cybersecurity industry heads into a new year and a new decade, many of the threats we'll see will be an acceleration of the developments of previous years. Welcome to Infosec 2020, RiskIQ's predictions for the year ahead and beyond.

CISOs who can't attribute threats won't survive. 

Security is now a business input, and CEOs want to know how their organization's security posture affects the business as a whole. With breaches and other security incidents causing multi-million dollar losses, the c-suite is asking their security teams for context around incidents. CISOs must invest in the talent and technology to answer questions like, How did we get targeted? Why are we an attractive target, and by whom? What other organizations did these attackers hit, and what about our business made us a target? What can we do to respond?  

Continue Reading
External Threat Management

RiskIQ’s 2019 Black Friday E-commerce Blacklist Report: Crucial Intel for Thanksgiving Weekend

This Thanksgiving weekend, you can be sure that cybercriminals will be getting their fill, too. 

In 2018, Black Friday pulled in a record $6.2 billion in online sales, a growth of 23.6% from 2017. Then, Cyber Monday became the most popular day for e-commerce sales ever, amassing $7.8 billion. With online spending this Black Friday and Cyber Monday projected to set yet another record in 2019, cyberattackers are showing that they're out to get a piece of the online shopping pie.

Already, these bad holiday actors are impersonating the brands of leading e-tailers, as well as the poor security habits of consumers, to fool shoppers looking for Black Friday deals, sales, and coupons. They're creating fake mobile apps and landing pages to trick users into downloading malware, using compromised sites, or giving up their login credentials and credit card information.

Meanwhile, Magecart, a rapidly growing cybercrime syndicate comprised of dozens of subgroups that specialize in cyberattacks involving digital credit card theft by skimming online payment forms, will thrive over Black Friday and Cyber Monday. Magecart is responsible for placing skimmers on scores of e-commerce sites, and RiskIQ is alerted to new Magecart breaches hourly. With this influx of e-commerce activity, Magecart actors will be working overtime.

To compile crucial intelligence for both consumers and brands around this season's Thanksgiving shopping weekend, RiskIQ developed our 2019 Black Friday E-commerce Blacklist report. The report analyzes the results of keyword queries of our Global blacklist and mobile app database, RiskIQ's extensive repositories of cyber threat data compiled over ten years of crawling and passive sensing the web. Specifically, we looked at the ten most trafficked* e-commerce brands over Thanksgiving weekend. 

Continue Reading
External Threat Management

Five Momentous Examples of Executive Threats and How to Prevent Them

Many executives focus their security efforts and budgets solely on physical cyber threats, but attacks targeting an executive's digital presence can be just as dangerous. 

Criminals are looking to exploit the wealth of high-profile and high net-worth individuals—or cause them embarrassment or personal harm—at an unprecedented rate. And, as the most abundant source of company secrets and IP, they're a primary attack vector of their businesses too. 

Attacks on VIPs involve attempts at accessing their sensitive information and span both the real world and the web. Because of their digital and physical vulnerabilities, protecting them requires a 360-degree view of their attack surface, i.e., anything related to their physical or digital presence that can be used against them. But to defend an executive's attack surface, you first have to define it. 

Today, developing a plan to protect an executive, and in turn, their families and businesses, means understanding what information should be considered sensitive and having the tools to monitor the internet for it. References to names and addresses of the individual and their family and associates on forums, malicious rhetoric toward them, and the presence of leaked sensitive data are all crucial intelligence. This internet-wide visibility provides security teams with invaluable information and context not only about potential cyberattacks, but also attacks that may occur in the real world. 

The top historic executive threats demonstrate how seemingly insignificant information has enabled completely preventable incidents. These top-five examples of threats to executives illustrate the overlap between the physical and the digital threat landscapes.

Continue Reading
External Threat Management

The Q2 2019 Mobile Threat Landscape: Blacklisted Apps Increase 20%, Cyber Attackers Target Tax Season, Surveillance Apps Wreak Havoc

The digital revolution is causing businesses to invest significantly in mobile, where they can make more frequent and more meaningful interactions with employees, prospects, and customers. Global app spending hit $101 billion in 2018 and will surpass that this year. In 2018, global app spending hit $101 billion and is expected to surpass that this year. Mobile is a significant portion of the overall corporate attack surface where security teams often suffer from a lack of visibility. 

For the past ten years, RiskIQ's discovery platform has mapped the global mobile threat landscape. It now monitors more than 120 mobile app stores around the world and scans nearly two billion resources daily to look for mobile apps in the wild. With this internet-wide telemetry, RiskIQ observes and categorizes the threat landscape as a user would see it, downloading analyzing, and storing every app we encounter while recording changes and new versions.

In our Q2 2019 Mobile Threat Landscape report, we provide an overview of the Q2 2019 Mobile Threat Landscape and dive into emerging trends you need to know for the rest of the year. 

For the second-consecutive quarter, blacklisted apps increased with a 20% spike, increased from 44,850 to 53,955, and accounting for over 2% of all apps in RiskIQ's dataset. Blacklisted apps are apps that appear on at least one blacklist such as VirusTotal, which, per its website, inspects files or web pages with over 70 antivirus products and other tools. A blacklist hit from VirusTotal shows that at least one vendor has flagged the file as suspicious or malicious. 

The percentage of blacklisted apps relative to the total number of apps known by RiskIQ also increased for the second-straight quarter, jumping from 1.95% to 2.1 %. These blacklisted apps feature a host of familiar threats such as brand imitation, phishing, and malware. The mobile threat landscape also saw cyber attackers leveraging tax season with malicious and fraudulent apps meant to fool consumers filing their taxes into downloading them. 

Continue Reading
External Threat Management

RiskIQ Named Strong Performer in The Forrester Wave™: Vulnerability Risk Management, Q4 2019

For the past decade, RiskIQ has been helping organizations discover and manage risk across their digital attack surface. Since our inception, we've continued to enhance our capabilities and data sets to uncover more of the internet and better understand how attackers interact with it. Now, RiskIQ is proud to have been named a strong performer in The Forrester Wave™: Vulnerability Risk Management, Q4 2019, which recognized our platform as "a strong tool to have in your vulnerability management toolbox."

With breaches of businesses via internet-connected digital assets making headlines every day, the need for organizations to manage their full attack surface, from inside the network to all that lies beyond the firewall, is gaining serious momentum. Today's internet-scale threats can overwhelm the defenses of businesses that lack visibility into their vulnerable digital assets, which makes vulnerability risk management (VRM) a crucial element of attack surface management.

According to the Forrester Wave report, VRM is a four-stage process involving asset management, vulnerability enumeration, prioritization, and remediation. One of the new capabilities evaluated in the Forrester Wave™: Vulnerability Risk Management, Q4 2019, was how well these products help organizations with digital footprinting to understand what internet-exposed assets they may not be aware of. Traditional security scanners, which can only identify and scan a portion of an organization's external attack surface, have failed to help businesses adequately manage their digital risk because they cannot provide a full inventory of internet-facing assets.

With a sophisticated sensor network working in tandem with virtual users, RiskIQ has been assisting customers in finding digital assets connected to their attack surface for over a decade. By building an inventory of digital assets and issuing alerts as soon as someone in the company stands up something new, vulnerability and pen-testing teams can evaluate a better picture of what their organization looks like to attackers. In RiskIQ’s view, it is because of these capabilities that it was described in the Forrester report as "a strong tool to have in your vulnerability management toolbox."

Because our virtual user network continually interacts with these assets and downloads their page content, our platform can also help determine which page components are vulnerable. These include third-party software components such as frameworks, programming languages, and client-side JavaScript libraries. This unique capability finds assets with security misconfigurations and applications showing indications of compromise, identifying exactly where they reside.

Continue Reading