Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
The digital revolution is causing businesses to invest significantly in mobile, where they can make more frequent and more meaningful interactions with employees, prospects, and customers. Global app spending hit $101 billion in 2018 and will surpass that this year. In 2018, global app spending hit $101 billion and is expected to surpass that this year. Mobile is a significant portion of the overall corporate attack surface where security teams often suffer from a lack of visibility.
For the past ten years, RiskIQ’s discovery platform has mapped the global mobile threat landscape. It now monitors more than 120 mobile app stores around the world and scans nearly two billion resources daily to look for mobile apps in the wild. With this internet-wide telemetry, RiskIQ observes and categorizes the threat landscape as a user would see it, downloading analyzing, and storing every app we encounter while recording changes and new versions.
In our Q2 2019 Mobile Threat Landscape report, we provide an overview of the Q2 2019 Mobile Threat Landscape and dive into emerging trends you need to know for the rest of the year.
For the second-consecutive quarter, blacklisted apps increased with a 20% spike, increased from 44,850 to 53,955, and accounting for over 2% of all apps in RiskIQ’s dataset. Blacklisted apps are apps that appear on at least one blacklist such as VirusTotal, which, per its website, inspects files or web pages with over 70 antivirus products and other tools. A blacklist hit from VirusTotal shows that at least one vendor has flagged the file as suspicious or malicious.
The percentage of blacklisted apps relative to the total number of apps known by RiskIQ also increased for the second-straight quarter, jumping from 1.95% to 2.1 %. These blacklisted apps feature a host of familiar threats such as brand imitation, phishing, and malware. The mobile threat landscape also saw cyber attackers leveraging tax season with malicious and fraudulent apps meant to fool consumers filing their taxes into downloading them.
Additionally, Q2 saw an influx of heavily downloaded Android apps that abuse permissions and contribute to ad fraud, as well as the emergence of a sophisticated spy app dubbed Exodus that can access sensitive data such as pictures and contacts. Initially designed for Android, the app made its way to the Apple App Store.
Q2 2019 key findings include:
This quarter’s report goes on to offer tips, including that users should be skeptical when downloading mobile apps and have antivirus software along with regular backups. Malicious apps mimicking popular, highly downloaded apps is a persistent problem. These tactics are successful because we recognize and make instantaneous judgments about visual stimuli.
Download the RiskIQ Mobile Threat Landscape Q2 2019 report here.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
Tomorrow: Stop by the @CrowdStrike booth at 11:30 to see the RiskIQ Illuminate app in action! It analyzes CrowdStrike endpoint coverage and compares it to RiskIQ's unmatched external data to provide a 360-degree view of your attack surface: https://bit.ly/2ujagwt #RSAC2020
The RiskIQ Illuminate app for @CrowdStrike shows your organization's security visibility gaps by analyzing CrowdStrike endpoint coverage and comparing it to @RiskIQ's view of your digital attack surface https://bit.ly/2HFXStG
🛡️#CyberSecurityBrief #Alert: @FTC Refunds Victims Of @OfficeDepot Tech Support Scam via @BleepinComputer @AthertonLab #CyberSecurity #InfoSec #Malware #Ransomware #DDoS #DataBreach #ITsecurity #CyberThreats #CloudSecurity #CyberSecurityInsights https://cybersecurityinsights.substack.com/p/your-friday-morning-cybersecurity?r=63k3&utm_campaign=post&utm_medium=web&utm_source=twitter
At #RSAC2020, stop by the @CrowdStrike booth on Tuesday at 11:30 to see the RiskIQ Illuminate app in action! It analyzes CrowdStrike endpoint coverage and compares it to RiskIQ's unmatched external data to provide a 360-degree view of your attack surface: https://bit.ly/2ujagwt