Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
2018 Holiday Shopping Season Threat Activity: A Snapshot
The 2018 holiday shopping season was the largest ever for online retailers, but threat actors filled their pockets, too.
So what did the threat activity around this shopping frenzy look like?
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
Are your customers putting sensitive data into insecure webforms? Data suggests many people are.
That’s why this past January, internet browser giants Google and Mozilla attempted to increase the security awareness of their users around the dangers of using insecure forms. Any information submitted over a non-HTTPs secured connection—login credentials, credit card numbers, and other personal information—can easily be intercepted by threat actors.
The latest iterations of both Google Chrome and Mozilla Firefox now feature warnings (shown below) to users who are entering sensitive data on non-secure HTTP connections. For advanced internet users and security professionals, the dangers of using non-encrypted internet connections should be clear. However, your average internet user can be oblivious to these threats:
Fig-1 Mozilla Insecure Form Warning
Diving into customer data gives insight into the kinds of risk assessment decisions our Enterprise Digital Footprint customers are faced with. When analyzing a sample size of 154 workspaces of customers that have at least 3,000 confirmed assets, we found that, on average, each workspace had 9,712 unique URLs that were classified as insecure forms.
It’s not that most security teams are negligent, either—while HTTPS or Hypertext Transfer Protocol Secure has been around for years, it is only now becoming the standard baseline for internet security. HTTPS makes use of SSL/TLS encryption techniques to keep data between a user and a web server private, which involves the server sending an SSL certificate to the user’s browser, which is also known as a “handshake” to authenticate the session.
Fig-2 Example of Google Chrome Insecure Form Warning
The implications of not using HTTPS connections are vast. The loss of personal data, profit, and reputation are all very legitimate concerns when talking about risk assessment.
Consumers can protect themselves online by taking the following steps:
1. Enabling personal firewalls and security software packages (with anti-virus, anti-spam, and spyware detection features) is a must, especially for those who engage in online financial transactions.
2. Make sure your computer has the latest security patches, and make sure that you conduct your financial transactions only on a secure web page using encryption. You can tell if a page is secure in a couple of ways. Look for a closed padlock in the status bar, and see that the URL starts with “https” instead of just “HTTP.”
3. Some phishers make spoofed websites which appear to have padlocks. To double-check, click on the padlock icon on the status bar to see the security certificate for the site. Following the “Issued to” in the pop-up window you should see the name matching the site you think you’re on. If the name differs, you are probably on a spoofed site.
Unfortunately, most consumers don’t take the above precautions. The action taken by Google and Firefox is encouraging, but often it’s up to businesses to protect their consumers from insecure web forms.
Insecure forms are just one major component that we here at RiskIQ track for our Digital Footprint customers. These customers are not only concerned with what their assets are, but also mitigating vulnerabilities to ensure those assets are secured for their respective users. Once you have an accurate picture of your digital footprint, it is far easier to understand and implement mitigation techniques to ensure that all of your external assets are protected. This inventory of your assets is also critical for compliance with numerous industry regulations.
Once the full inventory of digital assets has been established and confirmed, continuous monitoring of those assets is critical. Digital Footprint provides continuous monitoring and scanning of digital assets for issues such as malware, infrastructure failure (such as insecure webforms), defacement, and compliance.
Learn more about RiskIQ Enterprise Digital Footprint here>
The #Magecart supply-chain attack frenzy continues with AppLixir, RYVIU, OmniKick, eGain, AdMaxim, CloudCMS, and Picreel falling victim https://t.co/b7UWqL2PzW #BrowserThreats
Regarding Forbes: the skimmer was customized for Forbes, it wasn't an automated attack. Here's the rest of the infrastructure (not just for Forbes) they've been setting it up since January:
Fascinating learning about the cyber attacker's playbook from Yonathan Klijnsma: step 1: gain entry. 2. more reconnaissance 3. Theft, then profit #transportsecurity #TSC
Today at the #TransportSecurityCongress, RiskIQ's
@ydklijnsma spoke about the #Magecart breach of British Airways, which you can read more about here: https://t.co/cPqEqVVllj (Photo credit @SmartRailNews)
Context is everything! Here's how using Tags and Classifications in @RiskIQ PassiveTotal can get your team aligned and supercharge your investigations https://t.co/Wk5OfBZPu2 #ThreatHunting