Research | Our Q3 report details what's new in the world of ransomware.
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
Threat Advisories
The latest threat research report from ReliaQuest Threat Research research team.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
November 30, 2023
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
Editor’s Note: This blog was written by our teammates at Digital Shadows (now ReliaQuest) to align with the new SOC Talk installment: Keeping Black Friday Cyber Threats at Bay.
The tail end of the calendar year represents arguably the most important period for retailers and companies working in e-commerce, with a huge amount of yearly profits determined in the penultimate two months of the year. This profit is largely generated through the two biggest online sales events of the year, Black Friday and Cyber Monday. Keeping online retail stores running, while also ensuring that customer’s data is protected, is absolutely essential during this period. In this blog, we will give you a run down of the key threats you need to consider over the coming weeks.
The Black Friday period represents a hugely profitable yet perilous time for online retailers. Maintaining operations, and the ability to receive and process online orders, is absolutely essential at this time, with outages of even just a few hours likely to result in huge losses. This was a common sentiment during our discussion with clients in the past month, who identified that business continuity was the most important consideration for Black Friday. Although the data is a couple of years old, this sentiment can be seen in the graphic below, highlighting online sales volume by month.
Online sales volume by month (Source: SaleCycle)
Last year’s blog on Black Friday identified many of the threats facing consumers during this time of heightened ecommerce activity. This includes an abundance of Black Friday related phishing scams and fake infrastructure. Threat actors creating malicious infrastructure—including impersonating domains, fake mobile applications, and malicious emails—will likely use the event to harvest users’ financial and personally identifiable information (PII).
How can you spot these fraudulent sites? The best method is simple mindfulness and using increased vigilance during this period. Be aware of anything that lands in your inbox unannounced, or otherwise expresses a requirement for urgency; as my father frequently tells me, there’s no such thing as a free lunch and if something appears too good to be true, it probably is.
Anything that looks out of place in an email or on a domain is key to spotting a scam. Spelling mistakes, branding disparities, or of course, the classic tactic of deliberating misspelling a URL. Typosquatting is a common and effective threat that leverages users’ unsafe browsing habits. For example, a website spoofing Digital Shadows (now ReliaQuest) might present as www.digital5hadows[.]com. An alternate approach often taken by fraudsters is to change a website domain extension, or to use a fake website with a country code top layer domain (ccTLD); this affixes a domain extension that is most commonly assigned to websites associated with a country or sovereign state.
Impersonating domains will often offer wildly appealing deals. Don’t fall for them (Source: Fortinet)
During the research for this blog, we compiled a list of 40 well known retailers and used SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) to find associated impersonating domains. Digital Shadows (now ReliaQuest) identified approximately 14,000 impersonating domains, which were identified by searching between 30 Oct 2022 and 01 Nov 2022. Results were found after starting with 40 seed domains—which refer to a starting point in which we can identify any impersonating material—typically reflecting the retailer’s main website. While this number appears large, in reality it’s just a fraction of the fake domains that are being created every day. This of course doesn’t affect just larger retailers, lesser known brands are just as likely to elicit malicious attention.
For retailers, the best method of staying on top of the many impersonating domains that will surface at this time is to use a DRP service like that offered by Digital Shadows (now ReliaQuest). By using this service you’ll be able to identify brand infringements as they occur, triage the risk over time, and remediate when required. SearchLight’s customized alerting is capable of spotting malicious infrastructure masquerading as your brand, whether that be via domain names, assets types or intellectual property, or even malicious use of company logos. Our managed takedown service can also assist with removing impersonating material, whether that be a phishing site, a fake mobile application, or other infringing content. If you’d like to learn more, why not take a test drive of SearchLight.
Magecart, a term often used interchangeably with credit card skimmers or formjacking, entered the common cyber threat lexicon in 2018. British Airways, Ticketmaster, and NewEgg were three of the first victims of this type of threat, with customers’ credit card details stolen after the company’s e-commerce websites were compromised by malware. Magecart allows threat actors to steal credit card information by adding unique scripts into the source code of susceptible payment webpages. Malicious code is typically hidden within an HTML comment, so that it appears benign when placed in the source code. Magecart is designed to read information entered into payment forms on checkout pages, before sending data back to a remote computer controlled by attackers.
Magecart attack lifecycle (Source: Trend Micro)
Magecart is attractive to attackers as they only need to compromise a single third party script operating on a site. If undetected, an attack can impact hundreds or even thousands of consumers before the retailer is able to identify anything has happened. As Magecart attacks frequently target vulnerabilities within third party scripts and software, the emphasis in mitigating this activity should be placed on understanding what third party services operate on sites, before minimizing their use where possible. Managing this risk can also be achieved by maintaining compliance with Payment Card Industry Data Security Standards (PCI DSS); PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.
Extortion attacks represent arguably the biggest current cyber threat to business. We’ve written at length over the significant risk posed by ransomware activity, however extortionists in 2022 have used a variety of methods to solicit ransom payments from victims. One that is particularly pertinent during the Black Friday period is distributed denial of service (DDoS) attacks. Originally thought of as a declining attack vector or primarily used as a distraction for more pernicious activity, DDoS has seen a resurgence in 2022—particularly in the context of the Russia – Ukraine war. Hacktivists actors on both sides of the war have used DDoS to try and influence the outcome of the conflict; it is believed that during the first 6 months of the conflict DDoS activity trebled when compared with the first six months of 2021.
Digital Shadows (now ReliaQuest) has also identified a demonstrable increase in data breaches being used as the solitary angle for extortion. In the attacks, threat actors will deliberately exfiltrate sensitive data before threatening to post it onto a dedicated data leak site—reminiscent of ransomware double-extortion attacks. Of course, additional eyes scrutiny of a retailer during Black Friday will only serve to increase any reputational and business risk associated with a data breach, particularly if customer PII or financial data is exposed.
So at this particularly important time, how can you keep your services up and running, with data free from the risk of theft? A huge amount of cyber risk can be lowered by focussing on managing your company’s attack surface. This is a process that aims to continuously discover, classify, and assess the security of your IT ecosystem. Before Black Friday, aim to identify what your assets are, what you have visibility of, and what gaps in visibility you might have. At this point, an assessment can be made on any shortcomings that might be present. This could include unnecessary exposure of remote services, over reliance on redundant third party scripts on certain websites, or unpatched exploitable vulnerabilities. Focussing on fixing these common access vectors can greatly reduce the chance of your services being impacted during this hugely important time of the year.
Protect your organization’s web presence with ReliaQuest GreyMatter Digital Risk Protection. GreyMatter DRP provides continuous monitoring of deep and dark web sources to isolate legitimate threats and provide real-time alerting and fast remediation.