Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Mozilla, the world’s second most popular browser, announced an important cyber security decision last week to distrust a range of bad SSL certificates issued by Certificate Authorities (CAs) WoSign and Startcom, citing “technical and management failures”.
In a nutshell, the cyber security industry agreed several years ago that SHA-1 is becoming risky to use for SSL certificates, and set a deadline of January 1st, 2016 for the industry to stop issuing SSL certs that use it. WoSign, which has acquired full ownership of Startcom, continued to issue SHA-1 SSL certs to customers, made to look valid by back-dating them, i.e., faking the date of issuance. There are several potential impacts from issuing weak certificates discussed in our technical blog, but the main business impact will be alarming “Secure Connection Failed” browser warnings when people visit your website. These certificates also present the risk for Man in the Middle attacks on users’ sessions and more.
Why would two Chinese CAs backdate certificates with weak ciphers, and then repeatedly deny it? Is this a shady operation, or simply a mistake? Keep in mind that it took Apple and Mozilla essentially saying they would put WoSign and Startcom out of business for them to finally respond to the claims of wrongdoing (we’ll let you draw your own conclusions).
Once WoSign was forced to come clean, the answer provided isn’t much of answer. To read it, jump to “9. Issue S: Backdated SHA-1 Certs (January 2016)” inside the official PDF response (if you are comfortable opening a Chinese PDF). The number of mistakes and poor judgment calls made at WoSign disclosed in this advisory, make it look like Hanlon’s Razor has been in effect there for some time.
If your organization is using SSL certificates from either of these CAs, you could be a victim of this. In fact, RiskIQ’s current global index shows 762,649 websites using Certificates belonging to the 2 CAs. If you are a RiskIQ Enterprise Digital Footprint customer, log in and go to your Insights Dashboard to review usage of WoSign and Startcom SSL Certificates.
Fig-1 For specifics on analyzing certificates, visit our technical blog
If you are unsure if—or where—you are running WoSign or Startcom SSL Certificates, you are certainly not alone. As businesses expand into digital channels, the challenge of finding and managing an increasingly decentralized attack surface grows exponentially. To demonstrate this risk, RiskIQ performed a quantitative assessment of threats facing the top 35 banks and financial service firms as a result of decentralized web and mobile attack surface in April 2015. The data we collected confirms this challenge:
Fig-2 RiskIQ’s Enterprise Digital Footprint inventories all the SSL certs in your environment
Most organizations have challenges managing their ever-expanding digital footprint and resultant Internet-exposed attack surface and struggle to find risk issues like invalid and potentially exploitable SSL Certificates. RiskIQ’s Enterprise Digital Footprint was purpose built to solve this problem.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
.@CrowdStrike Store partner @RiskIQ is offering a free Digital Footprint Snapshot report for businesses transitioning to working remotely. It's a quick, easy way to understand the assets connected to your organization. Learn more: http://ow.ly/R1Mp50z3qnk #remotework #wfh
As RiskIQ finds a spike in potentially malicious infrastructure using #COVID19, the UK’s domain name registrar has suspended 600 suspicious #coronavirus websites. Read more via @daphneleprince, @ZDNet https://zd.net/2XgfOUJ
Register for RiskIQ's latest webinar to learn how #COVID19 changed the threat landscape for both the attacker and defender. RiskIQ's Fabian Libeau will explore this rapid transformation and outline steps security teams must now take: https://bit.ly/2Xi81pq
RiskIQ's #COVID19 Daily #Cybercrime Update for 4/7:
➡️NASA suffers huge increase in #malware attacks
➡️Hackers are spoofing Zoom and other tools to deploy malware
➡️#Interpol issues alert on #ransomware attacks on hospitals
Read the full update here: https://bit.ly/2QwfRHS
Via @WIRED, this week's top security news, including RiskIQ data highlighting how #Magecart are taking advantage of the boom in online shopping https://bit.ly/2xXuT2K