Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Today, it’s WannaCry, yesterday it was Struts2, the day before it was Heartbleed, and tomorrow will be a brand new threat to your organization’s digital attack surface.
While digital threats increase in velocity, volume, and adaptability, two things are certain: organizations need to think about their automating defenses for external threats, and need a complete and continuous inventory of their entire digital footprint from the perspective of the internet, as customers and adversaries see it.
Unfortunately, many security teams have a blind spot comprised of unknown and unmanaged internet-facing assets that often act as inroads for cyber attacks and data breaches from outside the firewall. According to the Ovum “On the Radar” Report, which recognized RiskIQ’s Digital Threat Management Platform, business operations, which are more often positioned outside the sight or management of IT, can prove difficult to control, and put business operations and reputation at risk.
To protect your organization from the next wave of threats, here are three things you need to consider.
Note: Acces the RiskIQ PassiveTotal Public Project for WannaCry here>>
The May 2017 attack leveraged the ETERNALBLUE exploit that was leaked by Shadow Brokers in March of 2017. The specific vulnerability utilized in this attack was found in Microsoft Windows systems, detailed by CVE-2017-0144, and was likely introduced into organizations through a malicious email attachment opened by a user connected to a corporate network. From the point of entry, the malware spread laterally as a worm.
The following are resources we recommend to harden SMB usage in internal networks:
Before last week’s now infamous attack with WanaCrypt0r ransomware, most organizations were mainly concerned with compliance fines, financial liability, and material loss of customer confidence through theft of data or fraud. Now, organizations need to consider the cost of the access to and resumption of their data and systems as well, which can be held hostage by automated ransomware attacks at internet scale.
Attackers performing reconnaissance will often find unknown, unprotected, and unmonitored assets to use as attack vectors. For a large enterprise, these types of assets are typically easy for even novice hackers and threat groups to find, and because they’re unmonitored, provide an easy way in and out. To defend yourself, you need to know what attackers see when they’re looking at your business from outside the firewall. After all, following an attack or breach, saying “we didn’t know that asset existed,” doesn’t alleviate the damage done.
The “On the Radar” report highlights RiskIQ Digital Footprint, which is a digital footprint discovery, generation, and management solution that is responsible for discovering the external web and digital assets associated with an organization. It provides the mapping, monitoring, and management facilities needed to plot an organization’s Internet attack surface accurately, and therefore, its external risk posture. It uses RiskIQ’s volumes of telemetric Internet data to generate a dynamic and evolving picture of an organization’s threat footprint, assessing at-risk domains, websites, applications, URLs, web page content, autonomous system numbers (ASNs), IP addresses, SSL certificates, and other online associations.
Once you have an accurate and current picture of your digital footprint—including the frameworks and web applications running on your external assets—it is far easier to understand and execute problem-resolution techniques to ensure that your external assets remain secure. This inventory of your assets is also critical for compliance with numerous industry and government regulations.
It is useful to have security analysts capable of investigating and working within the security community, as most enterprises were working this issue as it happened throughout the weekend. Those people need the right tools. With RiskIQ PassiveTotal(r), analysts can track indicators such as IPs and SSL certificates related to attacks, which in the case of WannaCry, could have pointed to other infected systems.
The Ovum report cited that RiskIQ offers security analysts detailed access to broad, correlated, and derived data presented in a way that enables faster, more revealing, threat investigations, as well as enabling collaboration and proactive monitoring. As a starting point for incident response teams and threat hunters, we have put together a public project that includes IP addresses and certificates associated with this most recent WannaCry attack that you can use in your to find related infrastructure and investigate across your organization: https://www.passivetotal.org/projects/cc66064c-f94d-4b84-6bcc-4ff3cf51afa9
If you don’t have the right people with the right tools, you don’t have a seat at the table, and that means you find out later—and those couple of hours could have put you at greater risk.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
RiskIQ's #COVID19 Daily Update for 4/8:
➡️The lockdown in Wuhan, China has been lifted for residents
➡️Twitter CEO Jack Dorsey gives $1 billion to COVID-19 relief
➡️Nearly 1/3 of U.S. apt. renters haven't paid any April rent
Read the full update here: https://bit.ly/2Uv3CMV
.@CrowdStrike Store partner @RiskIQ is offering a free Digital Footprint Snapshot report for businesses transitioning to working remotely. It's a quick, easy way to understand the assets connected to your organization. Learn more: http://ow.ly/R1Mp50z3qnk #remotework #wfh
As RiskIQ finds a spike in potentially malicious infrastructure using #COVID19, the UK’s domain name registrar has suspended 600 suspicious #coronavirus websites. Read more via @daphneleprince, @ZDNet https://zd.net/2XgfOUJ
Register for RiskIQ's latest webinar to learn how #COVID19 changed the threat landscape for both the attacker and defender. RiskIQ's Fabian Libeau will explore this rapid transformation and outline steps security teams must now take: https://bit.ly/2Xi81pq
RiskIQ's #COVID19 Daily #Cybercrime Update for 4/7:
➡️NASA suffers huge increase in #malware attacks
➡️Hackers are spoofing Zoom and other tools to deploy malware
➡️#Interpol issues alert on #ransomware attacks on hospitals
Read the full update here: https://bit.ly/2QwfRHS