Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
RiskIQ uses multiple methods of automated detection that all play off each other to track threat patterns, which enables our customers to protect their digital presence from threats. Every piece of data we collect helps train and optimize the accuracy of our models—even a simple redirector that leads to a run-of-the-mill phishing page.
Sometimes, detections are straightforward. During the loading process, RiskIQ’s web crawlers gather a web page’s full document object model (DOM) and the page sequence of a crawl. For example, the crawl below shows a simple redirection script that sends users to a typical phishing page:
Fig-1 Response body captured by RiskIQ Crawlers showing the malicious redirect
Fig-2 The phishing page it leads to
As part of our crawl analysis, we analyze the structure of a rendered web page, looking for indications of foul play. In this case, the phishing page was detected immediately by our machine-learning model. However, not all phishing detections are as straightforward as the one above, so we often rely on layering on additional methods, as we’ll describe below.
With any machine-learning algorithm, active feedback and retraining are crucial to maintaining the quality of the model. RiskIQ uses an active learning feedback loop, whereby humans regularly review pages that are then fed back into our machine learning models. In the course of reviewing pages, a RiskIQ data scientist came across the pages above and labeled each one—a phishing page, and a redirector to a phishing page.
By doing so, these pages were also fed into all of our machine learning models, including our dynamic model that performs a behavioral analysis of a web page as it loads. This behavioral analysis quickly identified several other pages with similar patterns.
Security professionals are often playing a game of whack-a-mole. Once a new threat is detected, threat actors will change their modus operandi, rendering previous detections obsolete. With RiskIQ’s varied detection techniques, however, small changes are not enough to evade detection. If an actor tries to evade signature-based detection by changing URI patterns, we can track them by dynamic analysis of the page or page structure, and vice versa. Even if they obfuscate their code, update their page structure, change their URI patterns, upgrade their web components, and change their scripts (quite a lot of work!), we can still track them through our massive amounts of other data: whois, passive DNS, tracking IDs, cookies, and our proprietary host pairs dataset, to name several. Signing up for RiskIQ Community Edition now will allow you to start pivoting on these data sets today.
Security will always be a game of whack-a-mole, but through large-scale data collection across a variety of data types and automated detection algorithms, RiskIQ continues to make it harder for the moles to hide.
Contact us for more information about how RiskIQ collects internet data and uses it to automate and optimize threat detection.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
🛡️#CyberSecurityBrief #Alert: @FTC Refunds Victims Of @OfficeDepot Tech Support Scam via @BleepinComputer @AthertonLab #CyberSecurity #InfoSec #Malware #Ransomware #DDoS #DataBreach #ITsecurity #CyberThreats #CloudSecurity #CyberSecurityInsights https://cybersecurityinsights.substack.com/p/your-friday-morning-cybersecurity?r=63k3&utm_campaign=post&utm_medium=web&utm_source=twitter
At #RSAC2020, stop by the @CrowdStrike booth on Tuesday at 11:30 to see the RiskIQ Illuminate app in action! It analyzes CrowdStrike endpoint coverage and compares it to RiskIQ's unmatched external data to provide a 360-degree view of your attack surface: https://bit.ly/2ujagwt
Credit Card Skimmer Found on Nine Sites, Researchers Ignored - by @Ionut_Ilascu
Looking for plans in San Francisco Monday night during #RSAC 2020? You're invited to party with RiskIQ at IGNITE, hosted by @FlashpointIntel! RSVP today: https://bit.ly/2R1SPJe