Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Are your customers putting sensitive data into insecure webforms? Data suggests many people are.
That’s why this past January, internet browser giants Google and Mozilla attempted to increase the security awareness of their users around the dangers of using insecure forms. Any information submitted over a non-HTTPs secured connection—login credentials, credit card numbers, and other personal information—can easily be intercepted by threat actors.
The latest iterations of both Google Chrome and Mozilla Firefox now feature warnings (shown below) to users who are entering sensitive data on non-secure HTTP connections. For advanced internet users and security professionals, the dangers of using non-encrypted internet connections should be clear. However, your average internet user can be oblivious to these threats:
Fig-1 Mozilla Insecure Form Warning
Diving into customer data gives insight into the kinds of risk assessment decisions our Enterprise Digital Footprint customers are faced with. When analyzing a sample size of 154 workspaces of customers that have at least 3,000 confirmed assets, we found that, on average, each workspace had 9,712 unique URLs that were classified as insecure forms.
It’s not that most security teams are negligent, either—while HTTPS or Hypertext Transfer Protocol Secure has been around for years, it is only now becoming the standard baseline for internet security. HTTPS makes use of SSL/TLS encryption techniques to keep data between a user and a web server private, which involves the server sending an SSL certificate to the user’s browser, which is also known as a “handshake” to authenticate the session.
Fig-2 Example of Google Chrome Insecure Form Warning
The implications of not using HTTPS connections are vast. The loss of personal data, profit, and reputation are all very legitimate concerns when talking about risk assessment.
Consumers can protect themselves online by taking the following steps:
1. Enabling personal firewalls and security software packages (with anti-virus, anti-spam, and spyware detection features) is a must, especially for those who engage in online financial transactions.
2. Make sure your computer has the latest security patches, and make sure that you conduct your financial transactions only on a secure web page using encryption. You can tell if a page is secure in a couple of ways. Look for a closed padlock in the status bar, and see that the URL starts with “https” instead of just “HTTP.”
3. Some phishers make spoofed websites which appear to have padlocks. To double-check, click on the padlock icon on the status bar to see the security certificate for the site. Following the “Issued to” in the pop-up window you should see the name matching the site you think you’re on. If the name differs, you are probably on a spoofed site.
Unfortunately, most consumers don’t take the above precautions. The action taken by Google and Firefox is encouraging, but often it’s up to businesses to protect their consumers from insecure web forms.
Insecure forms are just one major component that we here at RiskIQ track for our Digital Footprint customers. These customers are not only concerned with what their assets are, but also mitigating vulnerabilities to ensure those assets are secured for their respective users. Once you have an accurate picture of your digital footprint, it is far easier to understand and implement mitigation techniques to ensure that all of your external assets are protected. This inventory of your assets is also critical for compliance with numerous industry regulations.
Once the full inventory of digital assets has been established and confirmed, continuous monitoring of those assets is critical. Digital Footprint provides continuous monitoring and scanning of digital assets for issues such as malware, infrastructure failure (such as insecure webforms), defacement, and compliance.
Learn more about RiskIQ Enterprise Digital Footprint here>
Another Magecart group has started to compromise misconfigured S3 buckets! Please secure your buckets.
We detailed how to secure your S3 Buckets in our original reporting: https://t.co/QKrZqWV506
The Columbus, OH #ThreatHunting community is out in full force for today's workshop! Together, we're powering better investigations through data.
Some insights based on reporting by @RiskIQ: Beyond Wipro: Meet the ‘Gift Cardsharks’ Behind the Massive Campaign Targeting Victims with Commercially Available Tools https://t.co/6Vxsnygp1z via @ooda
For today's executives, protecting your organization means protecting yourself—and knowing that personal security sits at the confluence of the physical and digital worlds. https://t.co/HShORi3X6j #ExecutiveProtection #ExecutiveSecurity
Overlap in RiskIQ's unique data sets uncovered a massive threat campaign using popular marketing and analytics tools to target gift card retailers, distributors, and processors. Here's what you need to know https://t.co/GkHsPFwkkd #ThreatIntelligence