Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
2018 Holiday Shopping Season Threat Activity: A Snapshot
The 2018 holiday shopping season was the largest ever for online retailers, but threat actors filled their pockets, too.
So what did the threat activity around this shopping frenzy look like?
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
Phishing actors are always innovating and creating new methods to lure victims into gaining access to their financial information, PII, and user accounts. Understanding the latest phishing techniques and threat actor tendencies helps us position our customers to stay one step ahead of phishing threats targeting their organizations.
In the Q4 2017 Phishing Roundup, we’ll detail the trends in phishing activity as observed by RiskIQ over Q4 of 2017, drawing upon data used in the Q3 Report for comparisons and recapping trends we’ve seen over the entirety of 2017. The data in this report, which is comprised of internally blacklisted resources—unique phishing URLs in this case—will focus on:
Overall, RiskIQ observed 27,285 uniquely blacklisted phishing—domains, down 2% from Q3, targeting a total of 259 unique brands, down 7%. However, the most significant trend to surface in Q4 was a stark increase in phishing campaigns leveraging social media platforms, a trend that accounted for 20% of the top-ten most phished brands including the overall most-phished brand.
This new focus on social media by threat actors is significant because it represents a pivot in tactics between Q3 and Q4 toward social media platforms and away from cloud service providers, which represented 10% of targets in our previous report. Financial institutions are almost always the target of the highest volume of attacks, but social media is an interesting new addition to the top-target list.
There are several potential reasons why social media is drawing more attention from threat actors. For one, the growth in popularity of financial integrations within social media platforms that, for example, give users the ability to send and receive money, can make for an easy payday. There’s also the possibility of using sensitive information from posts, messages, and profiles that can be used as lures in social engineering attacks.
The full breakdown of the most phished brands is as follows:
Our Q4 registrar data, except for one outlier, showed the same top-five players (although in a different order), which have clearly become tried and true tools for phishers. The hosting provider data from Q3 to Q4, however, showed a significant discrepancy, making it impossible to speculate on any potential trends.
Overall detections dropped off slightly in a few key areas during 2017, a decline that isn’t unusual as phishing tends to be very cyclical—the number of observed domains and targeted brands remained relatively close each quarter, but the number of unique URLs varied widely.
Financial institution targets showed a general decline while social media targets showed a general increase, especially over the last quarter. Q4 was also the first quarter observed where the top targeted brand was a social media platform. While this is not a new phenomenon by any means, our data has never displayed its presence as prominently as Q4 of 2017.
RiskIQ provides access to our unique phishing detection capabilities with our External Threats product line. Knowing your phishing risk is only half the battle; External Threats offers real-time monitoring and web enforcement capabilities to help you protect your organization’s assets with RiskIQ’s industry-leading security intelligence.
The #Magecart supply-chain attack frenzy continues with AppLixir, RYVIU, OmniKick, eGain, AdMaxim, CloudCMS, and Picreel falling victim https://t.co/b7UWqL2PzW #BrowserThreats
Regarding Forbes: the skimmer was customized for Forbes, it wasn't an automated attack. Here's the rest of the infrastructure (not just for Forbes) they've been setting it up since January:
Fascinating learning about the cyber attacker's playbook from Yonathan Klijnsma: step 1: gain entry. 2. more reconnaissance 3. Theft, then profit #transportsecurity #TSC
Today at the #TransportSecurityCongress, RiskIQ's
@ydklijnsma spoke about the #Magecart breach of British Airways, which you can read more about here: https://t.co/cPqEqVVllj (Photo credit @SmartRailNews)
Context is everything! Here's how using Tags and Classifications in @RiskIQ PassiveTotal can get your team aligned and supercharge your investigations https://t.co/Wk5OfBZPu2 #ThreatHunting