Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
2018 Holiday Shopping Season Threat Activity: A Snapshot
The 2018 holiday shopping season was the largest ever for online retailers, but threat actors filled their pockets, too.
So what did the threat activity around this shopping frenzy look like?
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
Beginning this month, versions 5.6 and 7.0 of the server-side scripting language PHP will reach end-of-life and will no longer be supported. That means websites using these versions of PHP will run on a platform that no longer receives updates or patches, leaving them extremely vulnerable to hacks and data exposure.
Sites running PHP 5 should update to newer, supported versions of PHP 7.2 immediately, but many lack the visibility into their internet-exposed attack surface that helps these organizations identify assets running PHP and upgrade to the latest version if needed.
Just how prevalent is this now outdated version of PHP? Of the 78.9% of all the websites using PHP, 59.6% of them using Version 5. According to RiskIQ telemetry data, 55,714,034 of the sites we crawled all-time ran version 5, and 11,612,312 since the start of 2018.
However, sites are beginning to upgrade. In the graph below, you can see a spike in PHP version 7 adoption, likely in a last-ditch effort to upgrade before the end-of-life:
Fig-1 Spike in PHP version 7 Adoption
Vulnerabilities in site dependencies can result in threat actors gaining access to thousands, and in the case of PHP version 5, potentially millions of sites at once. Recently, a group under the now-infamous Magecart umbrella skimmed payment information entered into forms on Ticketmaster’s various websites by hacking third-party components shared by many of the most frequented e-commerce sites in the world.
Unfortunately, many security teams have a blind spot comprised of unknown and unmanaged internet-facing assets that often act as inroads for cyber attacks and data breaches from outside the firewall. They need is a system which continuously monitors their web assets and with a scanning tool that can be automatically updated with the latest intelligence about new vulnerabilities as they’re discovered, such as outdated versions of PHP.
While organizations may not be able to patch these vulnerable platforms themselves, visibility into the scope of the impact on an enterprise allows an organization to make an informed risk decision, as well as help them manage and understand their overall risk. This visibility can enable them to establish a defense and mitigation strategy much faster than they’ll be able to execute on patching.
Sites that are still using PHP 5.6 should contact their hosting provider and push them to support a secure version of the language. For help identifying if you’re vulnerable following the PHP version 5 end-of-life, contact us today.
Meeting the mobile malware threat: Fabian Libeau, EMEA VP at @RiskIQ, looks at the growing threat posed by mobile malware to businesses, their brands and customers, and how it can be tackled. https://t.co/0W1J3M9bfv
Our EMEA VP, @flibeau, looks into the growing threat posed by mobile #malware to businesses, their brands, and customers via @MMMagTweets https://t.co/7gYaaf5UjW
Magecart’s web-based supply chain attacks are taking over the web. Our very own head of threat research, @ydklijnsma, discusses the phenomenon via @cbronline https://t.co/4b8cfIKPoo #Magecart
Web threats are redefining cybercrime. Today, #Magecart isn’t just a security problem; it’s also a business problem https://t.co/yggG0lWsK2
Magecart Group 4 take 2: We took down another 30+ domains which Group 4 setup right after our previous takedown and blog. We will continue our disruption efforts with @abuse_ch & @Shadowserver.
Here is the new set of domains that have been taken offline: https://t.co/CDbJgGqT1g