Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
2018 Holiday Shopping Season Threat Activity: A Snapshot
The 2018 holiday shopping season was the largest ever for online retailers, but threat actors filled their pockets, too.
So what did the threat activity around this shopping frenzy look like?
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
Despite worldwide malvertising rising consistently since programmatic advertising gained popularity, it took a brief hiatus in Q3 2017. Overall, RiskIQ scanned 53% fewer advertisements containing a blacklisted incident—phishing, scams, exploit kits, and malware—than Q2, reversing a trend highlighted in our Q2 report, which found 19% increase in total malvertising over Q1.
RiskIQ has seen a steady long-term increase of malvertising, but quarter to quarter detections appear to be cyclical. It’s interesting to note how the type of malvertising fluctuates, and how that may indicate a change in attacker tactics.
According to RiskIQ detections, exploit kits have continued to decline, but malware, which decreased by almost 45% last quarter, was the only type of malvertising to increase in Q3. Meanwhile, phishing, which rose over 100% last quarter, experienced a considerable decline, which could mean attackers thought it wise to pivot to dropping malware from trying to trick users into clicking on deceptive ads that may lead to pages requesting sensitive data.
Although our data shows a 21% drop in scams (disingenuous advertising), it continues to be a favorite tactic of threat actors—RiskIQ detected almost 990,000 incidents in Q3 and profiled several new tactics. Scammers drive immense amounts of valuable traffic to their sites via vast scam networks. Their fraudulent landing pages (take a survey to win a free PlayStation!), are often ignored by typical malvertising detection methods because of the gray nature of their payloads but can grow to enormous sizes and degrade the quality of the internet.
To combat this problem, RiskIQ scans over 2 billion pages and nearly 20 million mobile apps per day, resulting in a curated blacklist of malicious ads from across the internet. This proprietary list sets RiskIQ apart, enabling customers to vet new demand sources and prevent malware within their ad infrastructure. RiskIQ is unique in that our crawling infrastructure allows us to capture the entire ad redirect chain and creative sources, which indicate which part of the ad-serving process was compromised, and helps us identify the entity responsible for the threat.
Learn more about how RiskIQ can proactively scan and track ads as they traverse the supply chain so you can empower your team to take immediate action to identify and remove malicious malvertisement hosts and advertisers from
your network or publisher website, minimizing the threat to your end users.
The #Magecart supply-chain attack frenzy continues with AppLixir, RYVIU, OmniKick, eGain, AdMaxim, CloudCMS, and Picreel falling victim https://t.co/b7UWqL2PzW #BrowserThreats
Regarding Forbes: the skimmer was customized for Forbes, it wasn't an automated attack. Here's the rest of the infrastructure (not just for Forbes) they've been setting it up since January:
Fascinating learning about the cyber attacker's playbook from Yonathan Klijnsma: step 1: gain entry. 2. more reconnaissance 3. Theft, then profit #transportsecurity #TSC
Today at the #TransportSecurityCongress, RiskIQ's
@ydklijnsma spoke about the #Magecart breach of British Airways, which you can read more about here: https://t.co/cPqEqVVllj (Photo credit @SmartRailNews)
Context is everything! Here's how using Tags and Classifications in @RiskIQ PassiveTotal can get your team aligned and supercharge your investigations https://t.co/Wk5OfBZPu2 #ThreatHunting