Press Releases

RiskIQ Analyzes Millions of Internet Observations to Map the Enterprise Attack Surface

New Report Details Five Ways Hackers are Exploiting Organizations Outside the Firewall

SAN FRANCISCO – June 11th, 2020RiskIQ, the global leader in attack surface management, today released a new report analyzing the company's internet-wide telemetry and massive internet data collection to reveal the true extent of the modern corporate digital attack surface. The report, 'Analysis of an Attack Surface: Five Ways Hackers are Targeting Organizations,' is a data-driven exploration of five areas of their digital presence where organizations lack visibility and the pathways hackers are exploiting these blind spots.

The research comes from RiskIQ's unique collection technology, which extracts terabytes of internet data to map the billions of relationships between internet-exposed infrastructure worldwide to assess digital risk. The company's systems make daily scans of hundreds of unique ports and service banners across the entire IPv4 space and execute billions of HTTP requests to take in passive DNS data and extract web components such as SSL certificates, tracking code, and cookies.

"Today, organizations are responsible for defending not only their internal network but also their digital presence across the internet and the cloud," said Lou Manousos, RiskIQ CEO. "Bringing the massive scope of an organization's attack surface into focus helps frame the challenges of extending cybersecurity outside the corporate firewall, especially as staff forced to work from home in response to COVID-19 push that boundary farther out."

When brands understand what they look like from the outside-in, they can begin developing an attack surface management program that allows them to discover everything associated with their organization on the internet—both legitimate and malicious—and investigate the threats targeting them.

Report highlights include:

  1. The Global Attack Surface is much bigger than you think: RiskIQ observed 2,959,498 new domains (211,392 per day) and 772,786,941 new hosts (55,199,067) across the internet over two weeks, each representing a possible target for threat actors.
  2. Sometimes hackers know more about your attack surface than you do: Looking at the attack surfaces of FTSE-30 companies, each organization had, on average, 324 expired certificates and 46 Web frameworks with known vulnerabilities.
  3. The hidden attack surface: In Q1 2020, RiskIQ identified 21,496 phishing domains across 478 unique brands.
  4. The mobile attack surface: In 2019, RiskIQ discovered 170,796 blacklisted mobile apps across 120 mobile app stores and the open internet.
  5. JavaScript Threats - A New Frontier of Cybercrime: So far, in 2020, RiskIQ has detected 2,552 Magecart attacks or 425 instances of Magecart per month.

To see additional insights and analysis, download the full report here:

About RiskIQ
RiskIQ is the leader in digital attack surface management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts, security teams, and CISO’s, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk, and take action to protect the business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners, and MassMutual Ventures.

Try RiskIQ Community Edition for free by visiting To learn more about RiskIQ, visit

© 2020 RiskIQ, Inc. All rights reserved. RiskIQ is a registered trademark of RiskIQ, Inc. in the United States and other countries. All other trademarks contained herein are the property of their respective owners.


Holly Hitchcock
Front Lines Media