Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Phishing actors are always innovating and creating new methods to lure victims into gaining access to their financial information, PII, and user accounts. Understanding the latest phishing techniques and cyber threat actor tendencies helps us position our customers to stay one step ahead of phishing threats targeting their organizations.
The first 2018 quarterly iteration of the Phishing Roundup will detail the trends in phishing activity as observed by RiskIQ over Q1 of 2018, drawing upon data used in the Q4 Report of 2017 for comparison and recapping trends we’ve seen entering into the new year. The data in this report, which is comprised of internally blacklisted resources—unique phishing URLs in this case—will focus on:
For the second quarter in a row, Q1 saw a slight decrease of over 2% in overall phishing detections from Q4 of 2017, with 26,671 unique domains identified. The data we observed, however, was much richer than in the past regarding targeted brands. During Q1, RiskIQ saw a total of 299 unique brands targeted through phishing pages, up from the 259 brands we observed in Q4 of 2017. The category breakdown of the top-ten targeted brands is as follows:
-40% financial institutions
-20% digital transaction providers
-10% large tech company
-10% major health insurance provider
-10% cloud storage provider
-10% social media platform
As usual, the same financial institutions make up a significant portion of the top-ten targeted brands for Q1 of 2018 and much of the social media targeting trend that we observed in Q4 of 2017 is now mostly gone, which may indicate a return to tried and trusted tactics by cyber threat actors.
However, the top-ten percentage breakdown for Q1, which includes the arrival of cloud storage providers which were not there last quarter, may indicate an overall more diverse detection of targeted brands. This diversity of targets helps RiskIQ’s detection models improve their ability to detect phishing attacks.
Hostinger proved to be a flash in the pan in Q4 2017, leading the list of registrars used by phishing URLs and then dropping out of the top-five entirely. GoDaddy, which is no stranger to the top of this list, reclaimed its place ahead of the pack, which isn’t surprising as phishing attacks, as well as the infrastructure used therein, tend to be extremely cyclical.
Phishing by registrar
The list of top hosting providers used by phishing actors in Q1 was more tumultuous, with all five spots changing hands and three of the five new to the list. Phishing actors are constantly changing infrastructure, so they have shopped elsewhere in Q1 rather than using the same tools from Q4.
Phishing by hosting provider
RiskIQ provides access to our unique phishing detection capabilities with our External Threats product line. Knowing your phishing risk is only half the battle; External Threats offers real-time monitoring and web enforcement capabilities to help you protect your organization’s assets with RiskIQ’s industry-leading security intelligence.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
RiskIQ's #COVID19 Daily Update for 4/8:
➡️The lockdown in Wuhan, China has been lifted for residents
➡️Twitter CEO Jack Dorsey gives $1 billion to COVID-19 relief
➡️Nearly 1/3 of U.S. apt. renters haven't paid any April rent
Read the full update here: https://bit.ly/2Uv3CMV
.@CrowdStrike Store partner @RiskIQ is offering a free Digital Footprint Snapshot report for businesses transitioning to working remotely. It's a quick, easy way to understand the assets connected to your organization. Learn more: http://ow.ly/R1Mp50z3qnk #remotework #wfh
As RiskIQ finds a spike in potentially malicious infrastructure using #COVID19, the UK’s domain name registrar has suspended 600 suspicious #coronavirus websites. Read more via @daphneleprince, @ZDNet https://zd.net/2XgfOUJ
Register for RiskIQ's latest webinar to learn how #COVID19 changed the threat landscape for both the attacker and defender. RiskIQ's Fabian Libeau will explore this rapid transformation and outline steps security teams must now take: https://bit.ly/2Xi81pq
RiskIQ's #COVID19 Daily #Cybercrime Update for 4/7:
➡️NASA suffers huge increase in #malware attacks
➡️Hackers are spoofing Zoom and other tools to deploy malware
➡️#Interpol issues alert on #ransomware attacks on hospitals
Read the full update here: https://bit.ly/2QwfRHS