Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
2018 Holiday Shopping Season Threat Activity: A Snapshot
The 2018 holiday shopping season was the largest ever for online retailers, but threat actors filled their pockets, too.
So what did the threat activity around this shopping frenzy look like?
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
Third-party session replay scripts provide analytics that gives website owners insight into user behavior and how people interact with different parts of their site. These scripts capture and playback browsing sessions—every click, scroll, and input—and send this data to a third-party server. This data can even be linked to a user’s real identity.
Data from session replay scripts proves incredibly valuable to companies that want to optimize their site based on the way people interact with it, which has driven a massive popularity of the scripts—a study published by researchers at Princeton University reported that 482 of the 50,000 most trafficked websites use them, many without clear disclosure to users. In fact, almost 100,000 websites in total use the scripts, the most popular ones from companies such as FullStory, SessionCam, Clicktale, Smartlook, UserReplay, Hotjar, and Yandex.
While great for marketing purposes, using these scripts can be a big problem. On May 25, 2018, the General Data Protection Regulation (GDPR) goes into effect, which applies to any organization that collects, stores, and uses personal information about an EU citizen. As part of the regulation’s fairness and transparency guidelines, organizations must clearly state at the point of capture how they’ll be using an individual’s data. Permission to use their data must be explicit and demonstrated through an action such as ticking a box, a significant departure to the ‘opt out’ process most organizations have in place today. Evidence of violations and negligence serves as cause for significant fines.
Since the Princeton researchers released their research, two of the prominent companies they found using session replay scripts—Bonobos and Walgreens—said they would stop using them until they could evaluate their use for themselves. With two major online retailers needing some introspection vis-à-vis their data collection to make sure their marketing strategies align with the GDPR, many more could find themselves flat-footed on May 25th.
In fact, querying our own data, RiskIQ uncovered that the domains of 38 of the top 50 U.S. online retailers contain session replay scripts.
To support GDPR specifications, organizations need a comprehensive understanding of their digital footprint—all of the various internet-exposed assets that belong to them. They must be able to discover which external assets collect personally identifiable information (PII), including a user’s name, phone number, address, social media presence, photos, lifestyle preferences, location data, and even their IP address.
It sounds straightforward, but for multinational companies with expansive web infrastructure, merely compiling and assessing site details is often fraught with gaps and inaccuracies. When looking at 25 of the 50 largest banks in the U.S. (2017), the RiskIQ Threat Research team discovered that 68% of the banks had significant security gaps in PII collection.
RiskIQ Digital Footprint PII/GDPR Analytics feature helps expedite GDPR compliance during the initial discovery and subsequent audit processes by helping organizations identify websites belonging to them, as well as specific pages on those websites that collect PII insecurely.
With PII/GDPR Analytics applied to the Digital Footprint inventory, RiskIQ will automatically tag an organization’s internet-facing assets that have login forms, collect PII, or have cookies, and flag potential GDPR violations. Assets in this inventory can be filtered by tags, allowing for easy compliance evaluation and analysis. Organizations will also receive a detailed, quarterly point-in-time GDPR assessment in a PDF format for convenient analysis, reporting, and sharing, as well as a CSV file of external assets that collect PII.
Register for our upcoming webinar to learn more about RiskIQ GDPR Analytics and investigate assets running session replay scripts in our RiskIQ Community Public Project.
The #Magecart supply-chain attack frenzy continues with AppLixir, RYVIU, OmniKick, eGain, AdMaxim, CloudCMS, and Picreel falling victim https://t.co/b7UWqL2PzW #BrowserThreats
Regarding Forbes: the skimmer was customized for Forbes, it wasn't an automated attack. Here's the rest of the infrastructure (not just for Forbes) they've been setting it up since January:
Fascinating learning about the cyber attacker's playbook from Yonathan Klijnsma: step 1: gain entry. 2. more reconnaissance 3. Theft, then profit #transportsecurity #TSC
Today at the #TransportSecurityCongress, RiskIQ's
@ydklijnsma spoke about the #Magecart breach of British Airways, which you can read more about here: https://t.co/cPqEqVVllj (Photo credit @SmartRailNews)
Context is everything! Here's how using Tags and Classifications in @RiskIQ PassiveTotal can get your team aligned and supercharge your investigations https://t.co/Wk5OfBZPu2 #ThreatHunting