Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Today, it’s WannaCry, yesterday it was Struts2, the day before it was Heartbleed, and tomorrow will be a brand new threat to your organization’s digital attack surface.
While digital threats increase in velocity, volume, and adaptability, two things are certain: organizations need to think about their automating defenses for external threats, and need a complete and continuous inventory of their entire digital footprint from the perspective of the internet, as customers and adversaries see it.
Unfortunately, many security teams have a blind spot comprised of unknown and unmanaged internet-facing assets that often act as inroads for cyber attacks and data breaches from outside the firewall. According to the Ovum “On the Radar” Report, which recognized RiskIQ’s Digital Threat Management Platform, business operations, which are more often positioned outside the sight or management of IT, can prove difficult to control, and put business operations and reputation at risk.
To protect your organization from the next wave of threats, here are three things you need to consider.
Note: Acces the RiskIQ PassiveTotal Public Project for WannaCry here>>
The May 2017 attack leveraged the ETERNALBLUE exploit that was leaked by Shadow Brokers in March of 2017. The specific vulnerability utilized in this attack was found in Microsoft Windows systems, detailed by CVE-2017-0144, and was likely introduced into organizations through a malicious email attachment opened by a user connected to a corporate network. From the point of entry, the malware spread laterally as a worm.
The following are resources we recommend to harden SMB usage in internal networks:
Before last week’s now infamous attack with WanaCrypt0r ransomware, most organizations were mainly concerned with compliance fines, financial liability, and material loss of customer confidence through theft of data or fraud. Now, organizations need to consider the cost of the access to and resumption of their data and systems as well, which can be held hostage by automated ransomware attacks at internet scale.
Attackers performing reconnaissance will often find unknown, unprotected, and unmonitored assets to use as attack vectors. For a large enterprise, these types of assets are typically easy for even novice hackers and threat groups to find, and because they’re unmonitored, provide an easy way in and out. To defend yourself, you need to know what attackers see when they’re looking at your business from outside the firewall. After all, following an attack or breach, saying “we didn’t know that asset existed,” doesn’t alleviate the damage done.
The “On the Radar” report highlights RiskIQ Digital Footprint, which is a digital footprint discovery, generation, and management solution that is responsible for discovering the external web and digital assets associated with an organization. It provides the mapping, monitoring, and management facilities needed to plot an organization’s Internet attack surface accurately, and therefore, its external risk posture. It uses RiskIQ’s volumes of telemetric Internet data to generate a dynamic and evolving picture of an organization’s threat footprint, assessing at-risk domains, websites, applications, URLs, web page content, autonomous system numbers (ASNs), IP addresses, SSL certificates, and other online associations.
Once you have an accurate and current picture of your digital footprint—including the frameworks and web applications running on your external assets—it is far easier to understand and execute problem-resolution techniques to ensure that your external assets remain secure. This inventory of your assets is also critical for compliance with numerous industry and government regulations.
It is useful to have security analysts capable of investigating and working within the security community, as most enterprises were working this issue as it happened throughout the weekend. Those people need the right tools. With RiskIQ PassiveTotal(r), analysts can track indicators such as IPs and SSL certificates related to attacks, which in the case of WannaCry, could have pointed to other infected systems.
The Ovum report cited that RiskIQ offers security analysts detailed access to broad, correlated, and derived data presented in a way that enables faster, more revealing, threat investigations, as well as enabling collaboration and proactive monitoring. As a starting point for incident response teams and threat hunters, we have put together a public project that includes IP addresses and certificates associated with this most recent WannaCry attack that you can use in your to find related infrastructure and investigate across your organization: https://www.passivetotal.org/projects/cc66064c-f94d-4b84-6bcc-4ff3cf51afa9
If you don’t have the right people with the right tools, you don’t have a seat at the table, and that means you find out later—and those couple of hours could have put you at greater risk.
What’s in a #malvertisement? We found more #magecart and a 186% spike in drive-by delivery https://t.co/rsl9GGiRUZ
.@TechCrunch's @zackwhittaker found that thousands of MoviePass customer card numbers were exposed because a critical server was left unsecured. With @ydklijnsma and RiskIQ data in @passivetotal, he discovered the exposure began all the way back in May https://t.co/blde3p21dU
Can you spot the phish? In tomorrow's PassiveTotal Thursday, we’ll take a real-life #phishing page targeting a popular brand and break it down to show how it differs from the genuine. Register today: https://t.co/EP2q6On5vE #ThreatHunting
We're thrilled to welcome Dean Ćoza, who will lead our product and technology teams as RiskIQ Chief Product Officer. Read more about Dean's appointment here:
Check out the brand new @RiskIQ Threat Hunting course on @CybraryIT
Manage Your Attack Surface Management using the "Mark of the Web"
https://t.co/ZGDBGyecJr #cybersecurity #magecart #course #cybrary