Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
2018 Holiday Shopping Season Threat Activity: A Snapshot
The 2018 holiday shopping season was the largest ever for online retailers, but threat actors filled their pockets, too.
So what did the threat activity around this shopping frenzy look like?
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
With cryptocurrency mania in full swing, investors must now navigate an entirely new, rapidly expanding threat landscape. Coins, alt-coins, tokens, exchanges, and other cryptocurrency apps—both legitimate and malicious—pop up in the marketplace every day, many of which leverage the massive popularity and ‘get-rich-quick’ promise of cryptocurrency to attract new users. Some of these apps are stood up to target users, while many become the target of hackers themselves.
RiskIQ observes cryptocurrency threat campaigns that show threat actors bank on the fact that, to many people, the concept of cryptocurrency is nebulous at best, but still seen as a viable way to make money. This widespread perception creates fertile ground for scammers, who take advantage by creating all manners of cryptocurrency fakery designed to fool people out of money. Already, RiskIQ has detected and blacklisted dozens of fake cryptocurrency apps in the mobile app ecosystem that exploit the names of well-known exchanges and mixers, as well as hundreds of sites that falsely promise to make users money in other ways.
The site cryptcoins.biz, for example, has a glossy crypto veneer but resembles a common advance fee scheme. Users can purchase phony “coins,” marketed as various “cryptocurrencies” with real money (rubles) via Payeer, with the goal of being able to exchange them for a return on investment later. They can also earn them through “bonuses” rewarded for taking actions such as clicking on ads, visiting web pages, and recruiting new users.
However, the exchange rates for these coins to rubles are intentionally confusing and absurdly steep. To receive a payout via Payeer, users must first exchange their coins for “silver,” which they then exchange for rubles at a rate of 100 “coins” to 1 “silver,” and 100 “silver” to 1 ruble. This rate makes for a fantastic deal for the people who run the site, but it’s a shakedown for customers.
Fig-1 Phony coins named after actual cryptocurrencies promising investors a profit
Cryptcoins[.]biz is only one of a network of sites operated by a single individual or group, all sharing the cryptocurrency theme. A single IP address, 18.104.22.168, hosts several domains using cryptocurrency themes and falsely promising their users profits. Pivoting in RiskIQ PassiveTotal, we see a handful of domains resolving to this address, ranging from sites masquerading as digital currency exchanges, sites offering ways of earning free cryptocurrency, and “economic simulators” that promise users to renew in-game profits for real-world money. One of these sites asks users to send .5 – 5 ETH (Ethereum) and promises a return of 5 – 50 ETH.
Fig-2 Site offering a huge ROI ion a .5 ETH investment (yeah right)
According to RiskIQ PassiveTotal’s PDNS data, this address was not routable before March 7th, with many of the domains currently routed to this IP were created soon after:
Fig-3 PDNS data inside RiskIQ PassiveTotal for the IP 22.214.171.124
Other notable domains in this network include:
The cryptocurrency threat landscape is dangerous for users, but brands are also at risk. Threat actors hack vulnerable sites or spin up fake, illegitimate websites to siphon money off of brands, often with typosquatting domains and fraudulent branding. By leveraging domains or subdomains that appear to belong to major brands, these actors trick people into visiting their sites, which attempt to scam them and/or run cryptocurrency mining scripts to siphon users’ CPUs.
Unfortunately, security teams lack visibility into all of the ways that they can be attacked externally, and struggle to understand what belongs to their organization, how it’s connected to the rest of their asset inventory, and what potential vulnerabilities are exposed to compromise. RiskIQ Digital Footprint has you covered by continuously discovering an inventory of your externally-facing digital assets and managing risks across your digital attack surface. If you would like more information about RiskIQ Digital Footprint Enterprise can help you with exposure to cryptominers, call us at 888-415-4447 or email us at firstname.lastname@example.org.
Webcast: Learn how #webskimming attacks work and what organizations can do to protect themselves with @RiskIQ | 4/18 @ 3:30PM ET | https://t.co/1Qe36D9NW1
Today is the deadline to file your taxes, but threat actors didn’t procrastinate. Download @RiskIQ’s 2019 #TaxSeason Threat Roundup for data and analysis around the threat landscape facing taxpayers this year https://t.co/ALAepevk15 #phishing #mobilethreats
Tax Hacks: How Seasonal Scams Cause Yearlong Problems https://t.co/QuqeibM9Xl by @kellymsheridan #taxday #taxtips #fraud #cybercrime
This #phishing page is a copy of an online IRS form for updating electronic #tax information.
A new report found 1,235 instances of similar phishing sites targeting online tax filers, and 468 suspicious URLs.
Via @forbes: Before, cyber security was practiced within the confines of the firewall, but should now traverse the entire internet https://t.co/Bg1vwGhwpp #AttackSurfaceManagement #Infosec