Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
2018 Holiday Shopping Season Threat Activity: A Snapshot
The 2018 holiday shopping season was the largest ever for online retailers, but threat actors filled their pockets, too.
So what did the threat activity around this shopping frenzy look like?
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
June 26, 2019
SAN FRANCISCO – June 26th, 2019 – RiskIQ, the global leader in attack surface management, today published a threat intelligence report detailing its discovery of a sophisticated, far-ranging threat campaign using commercially available and open-source marketing tools to launch phishing attacks against an array of organizations, many of which deal with gift cards.
This threat group’s activities initially surfaced when investigative journalist Brian Krebs reported on the breach of IT supplier Wipro on his website “Krebs on Security,” explaining how Wipro’s IT systems were compromised and used to attack the company’s customers. However, RiskIQ data pointed to this attack being far from an isolated incident.
The report shows how the campaign is, in reality, a highly targeted and well-orchestrated operation with a reach that far exceeds the compromised infrastructure of Wipro and involves a long list of targets dating back to 2016. Although attribution cannot be confirmed, the group’s numerous concurrent attacks display hallmarks of some state-sponsored activity such as precision, organization, and, likely, a financial motive.
Infrastructure overlap in PDNS, WHOIS, and SSL certificate data sets allowed RiskIQ researchers to profile this group and surface and connect its infrastructure.
“With RiskIQ’s data-collection grid and unique external view of threat actor operations, we could piece together a more complete picture of this group and their attack campaigns, tools, and possible motives,” said Yonathan Klijnsma, Head Researcher at RiskIQ. “The sheer scale of the infrastructure involved in this campaign and the concerted effort to attack so many different organizations at once is both impressive and disturbing.”
Report highlights include:
RiskIQ is the global leader in attack surface management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social, and mobile exposures. Trusted by thousands of security analysts, security teams, and CISOs, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk, and take action. Its software protects businesses, brands, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners, and MassMutual Ventures.
Visit https://www.riskiq.com or follow us on Twitter. Try RiskIQ Community Edition for free by visiting https://www.riskiq.com/community/
© 2019 RiskIQ, Inc. All rights reserved. RiskIQ is a registered trademark of RiskIQ, Inc. in the United States and other countries. All other trademarks contained herein are the property of their respective owners.
Front Lines Media