Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
When properly issued, SSL certs, data files that digitally bind a cryptographic key to an organization’s details, allow secure connections from a web server to a browser and help users validate the legitimacy of the site that they are using.
However, all too often, organizations lack, or have expired SSL certificates on their web assets, which can be hazardous to those visiting their sites, and therefore, harmful to their businesses. But recently, Google began sending out notices to site owners reminding them that with version 62 of its Chrome browser—scheduled to be released on October 24—they’ll require websites with any text input to have an SSL certificate lest a “NOT SECURE” warning pop up in their browser’s omnibox.
This crackdown, which affects any site in which users can enter data, will affect a surprising amount of businesses. When analyzing a sample size of 154 workspaces of customers that have at least 3,000 confirmed assets, RiskIQ found that, on average, each workspace had 9,712 unique URLs that were classified as insecure forms.
Fig-1 Results from our research of 154 workspaces
Not only that, RiskIQ also identified 100K live websites belonging to FT-30 organizations in the UK. Of those, 13K pages were collecting PII, an average of 400 pages per organization. A third of these pages are still collecting information insecurely, either through lack of encryption or by using very old, vulnerable encryption algorithms. Insecure collection of PII can affect consumers through loss and fraudulent use of their personal data, and organizations through loss of revenue, brand reputation and damages. Under GDPR those damages can be considerable if collected data is compromised.
‘SSL’ has become an umbrella term that is used to describe both the original SSL, or Secure Sockets Layer encryption method, and the newer, more secure Transport Sockets Layer, or TLS method. Essentially, when people refer to ‘SSL,’ they just mean establishing a secure, encrypted connection between a web server and a client. At their basis, SSL certs are powerful security measures that, for the most part, protect against threats on insecure networks, such as man-in-the-middle attacks.
SSL certs make use of various types of symmetric and asymmetric encryption algorithms when sending information between a web server and a client in a process known as the ‘SSL handshake.’ The SSL handshake occurs on top of the Transmission Control Protocol layer (TCP) and involves an exchange of public (and sometimes private) keys between the server and the client or the server and another server, resulting in a secured connection. Once the handshake is established, a client’s browser will visually display a URL as ‘HTTPS.’
Even if your assets do have SSL encryption, they may still be problematic. For example, Google, along with Microsoft and Mozilla, have all publicly announced plans to disable support for certificates using outdated SHA-1 hashes and Symantec’s failure to adequately validate the certificate owner at time of issuance has resulted in a loss of trust in their certificates by browser makers.
It’s not that most security teams are negligent, either—while HTTPS or Hypertext Transfer Protocol Secure has been around for years, it is only now becoming the standard baseline for internet security. Recently, RiskIQ examined data from ten of our Digital Footprint customers who also happen to be large financial institutions. While there was variation in the size of each digital footprint, all ten customers had noticeable security flaws related to their assets having either expired SSL Certificates or using obsolete SHA-1 hashes. On average, each customer had roughly 38 assets using expired SSL Certificates, with one outlier.
Lacking SSL encryption can have an immediate negative business impact. When end users confront alarming warnings from top web browsers stating “Secure Connection Failed,” their trust in the website can quickly erode.
Using a network of tens of thousands of these virtual users, we scan the entire internet millions of times per hour, collecting telemetric data to produce a dynamic index of your web attack surface. This process illuminates websites, mobile apps, URLs, web page content, ASNs, IPs, and nameservers, many of which aren’t currently in your inventory. RiskIQ uncovers all digital assets that appear online that tie back to your organization, enabling your security team to understand the attack surface outside your firewall, bring unknown assets under management, and survey your digital footprint from the view of a global adversary.
Digital Footprint provides continuous monitoring of these web assets to highlight compromised web infrastructure and web compliance issues such as expired SSL certificates and the use of now obsolete SHA-1 certs. Furthermore, notifications are sent to our Digital Footprint customers whose certifications are set to expire at both the 90 and 60-day marks so that they may be addressed before they become a critical security issue. SSL Certifications are the first line of defense against external threat actors and, as such, should always be appropriately updated/configured.
Once you have an accurate picture of your digital footprint, it is far easier to understand and implement mitigation techniques to ensure that all of your external assets are protected. This inventory of your assets is also critical for compliance with numerous industry regulations.
Signing up for RiskIQ Community Edition now gives you access to one of the most popular RiskIQ products–Digital Footprint. When you sign up or sign in with your organizational email address, you get a glimpse into your organization’s attack surface.
Tomorrow: RiskIQ's @joshuamayfield sits down with @forrester's @josh_zelonis to discuss what goes into a next-gen vulnerability management program, and why discovering unknowns is where it all starts: https://t.co/kCxgPVJ1sD
What are the keys to a Modern Vulnerability Risk Management Program? On Tuesday, @joshuamayfield and @josh_zelonis will examine why defending your organization's digital attack surface starts with being able to discover unknowns and investigate threats: https://t.co/kCxgPW0Ckb
IGNITE is just 10 days away! RSVP now to kick off #RSAC and party with Flashpoint, @elastic, @ThreatQuotient, @Siemplify, and @RiskIQ: https://t.co/hnlh0UhHEo
The largest UK #GDPR fine was £183m in 2018 as B.A. booking website was hit by Magecart ccard skimming code. @RiskIQ worked with https://t.co/E3JRdvCMWA and Shadowserver to take down the malicious domains. https://t.co/iiH69vbKFK