Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Correlate attacks based on share web page attributes and associations
Built on terabytes of collected data from across the internet, RiskIQ extracts and analyzes internet data to create new data sets that aid in discovering, understanding, and mitigating digital threats.
These data sets provide customers with insight into web page attributes and associations based on RiskIQ’s vast crawling infrastructure and can provide security analysts with new data sets through which to investigate and track attacks to their organizations.
For example, often when a website’s HTML is scraped and reposted for something like a phishing campaign, malicious actors don’t bother to change things like the associated Google Analytics ID, tracking pixels, cookies, or social networks connections. Being able to search official tracking codes can surface pages where the threat actor has forgotten to change this information, leading to security teams finding and shutting down a malicious campaign.
Also, like most digital organizations, some hacking organizations utilize tools like Google Analytics to measure the success of their malicious campaigns. We can find other instances across the internet where we’ve seen the same malicious actor’s analytics tracker and uncover additional campaigns associated with them.
The connection could range from a top-level redirect (HTTP 302) to something more complex like an iframe or script source reference. What makes this data set powerful is the ability to understand relationships between hosts based on details from visiting the actual page. Host pairs relies on knowing website content, so it’s likely to surface different values that other sources like passive DNS and SSL certificates do not.