Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Traditionally, the most formidable approach to website security has been one akin to the video game Space Invaders. Organizations have a clearly defined space they must protect and they have an ever-upgradeable cannon they can use to repel attacks. As threats evolved, organizations could simply improve their cannons in order to remain secure. It was simple, it was easy; processes and controls could be built around it, and the security folk slept comfortably at night.
However, the problem with this strategy is that the clearly defined space that needs to be protected is no longer crystal clear. Plus, traditional methods that have been evolved to manage website security like web-based firewalls or endpoint management systems are all well and good for static web landscapes but struggle to address today’s problems of scale.
In a recent web study completed by RiskIQ, measuring just a sliver of the Internet occupied by five major brands, it was discovered that 500 separate networks were hosting over 27,000 websites tied to just those five organizations! That means that for every individual company, there are on average 100 separate ASNs to keep track of. We found many examples of websites hosted externally on services like Amazon AWS, Softlayer, NTT, etc., as well as on third-party vendor and partner networks.
The real question is: of these 27,000 websites discovered, what percentage is completely unprotected because no one knows it exists? How many were inherited from acquisitions, produced by business units within the enterprise without informing Information Security, or created by fraudsters looking to leverage a marketable brand to steal data or spread malware? How many have missed crucial security updates and exist with old, highly vulnerable versions of software? What kind of data is made available through them? What happens when you include mobile applications into the equation?
It is within these dark areas of enterprise IT infrastructure that cyber criminals can exploit major brands unopposed. Further exacerbating the problem are the attacks targeted towards end users. These threats exist outside of the firewall in the form of malvertising, well hidden exploit kits, drive-by downloads, water-holing attacks and phishing attempts. They are real and they need to be properly addressed.
RiskIQ is powered by a massive scale crawling infrastructure. However, instead of working as an agent-based system or WAF system, RiskIQ crawls the web itself. It pulls sources of information made publically available in order to generate an accurate and dynamic list of digital assets tied to a brand.
The virtual user technology programmed into the crawling architecture imitates real user behavior in order to observe from the perspective of the customer each individual website looking for signs of misbehavior. RiskIQ’s full packet capture allows forensics to key in on infected software, and its full DOM capture allows forensics to recreate the infection and identify the location of the malicious URL.
In other words, RiskIQ can turn the relative chaos of modern Internet landscapes into a definable area, allowing organizations to once again train their cannons and fire away!
– Peter Zavlaris
Back to RiskIQ Blog
What are the keys to a Modern Vulnerability Risk Management Program? On Tuesday, @joshuamayfield and @josh_zelonis will examine why defending your organization's digital attack surface starts with being able to discover unknowns and investigate threats: https://t.co/kCxgPW0Ckb
IGNITE is just 10 days away! RSVP now to kick off #RSAC and party with Flashpoint, @elastic, @ThreatQuotient, @Siemplify, and @RiskIQ: https://t.co/hnlh0UhHEo
The largest UK #GDPR fine was £183m in 2018 as B.A. booking website was hit by Magecart ccard skimming code. @RiskIQ worked with https://t.co/E3JRdvCMWA and Shadowserver to take down the malicious domains. https://t.co/iiH69vbKFK
The theme of this year's @cctxcanada 4th annual collaboration event is "Give and Take: Why helping others drives our success." RiskIQ's Geoff Roote explains the modern Internet Attack Surface and why defending the web is a collaborative community effort.
State-sponsored social engineering: how you can protect your business from Iranian #CyberThreats https://t.co/uoI0wG2Pje #ThreatIntelligence