Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
For years, vulnerability management was synonymous with vulnerability scanning and pen-testing. These were the keys to understanding which of your organization’s digital assets are susceptible to threats and where its vulnerabilities lie. However, widespread cloud migration and the explosive growth of the average business’s online presence fundamentally changed what security teams need to protect, making scanning and pen-testing not nearly sufficient.
Vuln management has been an exercise in navel-gazing, looking at our asset’s weak spots to close the shields. But once the whole IT footprint became a digital footprint—web, social, mobile, etc.—vulnerability scanning and pen-tests showed just how incomplete they were, unable to see beyond into that digital sphere. What was once a small area to defend is now an expansive digital attack surface, a universe of digital assets scattered across the web, cloud, and apps. It’s only natural for exposures to go unnoticed on this fluid, digital attack surface.
Unfortunately, breaches via these internet-connected assets are happening at an unprecedented rate, many of them a result of assets compromised that organizations weren’t aware even existed. How do we mitigate exposures and risks, when those exposures and risks are hidden in digital assets we cannot see? There must be an easier way.
It’s time to think bigger than vulnerability management. Welcome to the age of digital attack surface management.
Traditional security scanners, which can only identify and scan a portion of an organization’s external digital attack surface, are not enough to adequately manage a business’s digital risk. While scanning known digital assets for vulnerabilities is crucial, it’s the unknown portion of the digital attack surface that’s impossible to evaluate with traditional scanners, i.e., the part most likely to be targeted by attackers. Some of these assets are unknown to IT teams, either in-house shadow IT or created by third-parties. Others were spun-up by threat actors, purpose-built to attack their business, employees, and customers by impersonating their brand.
RiskIQ believes that it’s because of this glaring gap in traditional vulnerability management that one of the new capabilities evaluated in The Forrester Wave™: Vulnerability Risk Management, Q4 2019, was how well the participating vendors help organizations with digital footprinting. Without the capabilities of a traditional vuln. scanner, RiskIQ was named a “strong performer” in the report. RiskIQ enables businesses to understand what internet-exposed assets they need to scan and how to prioritize them based on their unique profile.
The report noted that “reference customers state that RiskIQ has been invaluable in helping them discover infrastructure they didn’t know existed.” In our view, it is because of these capabilities that RiskIQ was described in the report as “a strong tool to have in your vulnerability management toolbox.”
Organizations must have a full inventory of digital assets connected to them outside their internal network to determine what may be potentially vulnerable to attacks. Being able to identify assets associated with an organization is key to a comprehensive approach to vulnerability management. RiskIQ helps vulnerability management programs and penetration testing teams find digital assets connected to their organization outside their internal network, providing visibility into assets that may be vulnerable to attacks.
With this information, they can monitor their application portfolio for indicators of compromise (IOCs) and detect threats and malicious behaviors designed to elude security scanners such as malware injection, sophisticated website defacement, DNS hijacking, and domain ownership hijacking. These IoCs help vuln-management teams to prioritize the applications that need to be scanned & reviewed. Having this view of the business combined with scanning brings a complete digital risk management solution to the table.
Today’s internet-scale cyberthreats can overwhelm the defenses of businesses that lack visibility into vulnerable digital assets that comprise their digital attack surface. Many of the front-page data breaches you read about are a result of threat actors finding unknown, unprotected, and unmonitored assets to use as attack vectors.
With a sophisticated sensor network working in tandem with virtual users, RiskIQ has been enabling customers to find digital assets connected to their digital attack surface for over a decade. By building an inventory of digital assets and issuing alerts as soon as someone in the company stands up something new, security teams can evaluate a better picture of what their organization looks like to attackers.
RiskIQ maps an organization’s digital attack surface via relationships between web components, and actively monitors it for threats with the proprietary telemetric internet data collected by its global networks of crawlers.
Once you have an accurate picture of your digital footprint, it is far easier to understand and implement mitigation techniques to ensure that all of your external assets are protected. Having this inventory of your assets enables you to be aware of malware and malicious behaviors, failing infrastructure, unauthorized configurations, DNS hijacking, defacement, and failures in web compliance. It also aids vulnerability management and pen test programs and teams to determine external assets.
Get your #RSAC 2020 party started by joining RiskIQ at IGNITE, hosted by @FlashpointIntel! Register now: https://t.co/XhmW7kUCY8
Now you can see why we named it Magecart 🙃 it’s where it started in 2014. A group normally skimming data through Mage.php when a cart checkout is done, started pioneering a client-side JS skimmer.
The rest of the story can be read in our 2018 report: https://t.co/aGlU984pTU https://t.co/AwDlwdb36p
Based on data from @riskiq it appears this campaign by the Russian GRU to hack and breach Burisma in Ukraine started around 11-11-2019 (and possibly earlier) with the registration of the domain kub-gas[.]com cc @Ushadrons @file411 @IdeaGov #infosec #phishing #malware #disinfo
RiskIQ is excited to announce that growth expert Christophe Culine has joined our team as Chief Revenue Officer, leading our sales organization to great things in 2020 and beyond https://t.co/DYCAOfYeIa
RiskIQ's @ydklijnsma was on @DarknetDiaries to talk about the global phenomenon of #Magecart. Listen in on how credit card skimming on online purchases is happening—and happening often.