Greek Bank Cyber Attacks

Recently, several Greek banks were hit with a cyber attack that brought their systems to a halt for several hours. The hackers, claiming to be a group called the Armada Collective, demanded a bitcoin ransom be paid by Monday evening. The banks refused to pay, however, which caused the group to extend the deadline before unleashing another attack.

Read More: http://recorderpost.com/12389/three-greek-banks-hit-by-cyber-attack/

ModPOS on the Rise

As we enter the holiday season, a new point-of-sale malware is targeting major national retailers. The malware, named ModPOS, appears to be more advanced than previous POS infections, by using multiple different components to gather as much data as possible and encryption to hide it’s tracks. Fortunately for consumers, many retailers already use point-to-point encryption for payments, with many more expected to follow in the coming months.

Read More: http://www.latimes.com/business/la-fi-modpos-malware-20151125-story.html

Office of Personnel Management Hacked

In the past several months, it has become clear that Chinese hackers gained access to the U.S. Office of Personnel Management and exposed the data of over 20 million federal employees and their families. The Chinese government has stated that they captured the hackers responsible for the attacks, though these reports are still unconfirmed.

Read More: https://www.washingtonpost.com/world/national-security/chinese-government-has-arrested-hackers-suspected-of-breaching-opm-database/2015/12/02/0295b918-990c-11e5-8917-653b65c809eb_story.html

VTech Hack

With high tech toys becoming more prevalant, the risks of children becoming victims of cyber attacks increases as well. The latest breach comes from Hong Kong based toy company, VTech, whose servers were attacked and lead to the exposure of nearly 5 million customers’ data. The hacker, who has remained anonymous, was able to access nearly 200GB of pictures, chat logs between parents and children, and usernames/passwords for those accounts.

Read More: http://arstechnica.com/security/2015/11/hacked-toymaker-leaked-gigabytes-worth-of-kids-headshots-and-chat-logs/

Security in the Health Industry

For quite a while now, most healthcare facilities have lacked the infrastructure for increasing their data security, and simply allowing employees access to most data with a username/password. This has recently changed, and now many hospitals across the U.S. are adding two-factor authentication to their security protocols. This boost in security, along with additional training for employees will decrease the chances of a data breach in the future.

Read More: http://www.fiercehealthit.com/story/onc-two-factor-authentication-capabilities-rise-hospitals/2015-12-02

The post Threat Recap: Week of December 4th appeared first on Webroot Threat Blog.

Internet security isn’t just about your devices, but also what connects your devices to the internet.

Here at Webroot we have seen an influx of customers having problems with ads popping up on their devices while SecureAnywhere is reporting a clean scan. They report seeing multiple ads, some pornographic in nature, while connected to their home network—and only that network. Our advanced malware technicians have found that the DNS settings have been changed on the modem router and were causing these ads.

Getting a router from an ISP (Internet Service Provider) comes with several benefits and security risks. For benefits, the ISP technicians are trained on how to set up and support the modem, as well as being able to log into remotely using a backdoor they have set up to assist customers. This is not a setting you, as a user, can change or turn off.

Arris Cable modems are used by many major ISPs (Time Warner Cable, Comcast, Cox Communications, etc.) for this purpose. They are designed so a technician can login and help set up the router remotely for their customers. The backdoor they use has a password generated for it every day by a publically available algorithm (http://tylerwatt12.com/potd/) or—even worse—it’s a hardcoded password. This is not your default username/password, but a backdoor created by the manufacturer.

Once hackers/non-support technicians have access to the router through the technician’s backdoor, they can change the DNS settings to show ads on any device connected to the router. Because all traffic is being routed through the DNS server, your information can be compromised. Router settings can also be changed to allow for telnet access later if they want to get back in for any reason.

There are several ways they can infect your router, but it is usually done remotely by scouring IP addresses and seeing of the username/password of the day set by the algorithm works. Once they have access to the router, they are free to change the DNS settings as they wish.

How can you tell if you have this kind of infection?

If there are devices on your network receiving ads while only connected to that network—not seeing ads when on other networks (such as at a coffee shop or at the office)—and the Webroot SecureAnywhere software is reporting no threats, this could indicate the router has been accessed by someone outside your ISP’s company.

What can you do to protect your self?

By buying your own router, there will be no backdoor for ISP technicians. The routers you buy tend to last longer and have better configurations (port forwarding, encryption, SSID). However, you will have to set it up yourself, as major ISPs will not support modems that they do not provide.

Securing cable modems is more difficult than other embedded devices as, in most cases, you cannot choose your own device/firmware, and software updates are almost entirely controlled by your ISP. Below is an incomplete list of suspicious routers. You can also contact your ISP and ask them to address this exploit and provide a firmware update OR provide a non-vulnerable modem. 

• Arris CM820A
• Arris DG860
• Arris DG950A
• Arris TM501A
• Arris TM602A
• Arris TM602B
• Arris TM722G
• Arris TM802G
• Arris TM822G
• Arris TG862
• Arris TG862A
• Arris WBM760A

Sources:

http://www.forbes.com/sites/andygreenberg/2012/07/13/researchers-say-time-warner-cable-and-comcast-distribute-wifi-routers-lacking-the-most-rudimentary-security/

https://www.kb.cert.org/vuls/id/419568

http://www.theregister.co.uk/2015/11/20/arris_modem_backdoor/

https://w00tsec.blogspot.com/2015/11/arris-cable-modem-has-backdoor-in.html

https://github.com/borfast/arrispwgen

The post What are the security risks with using a router provided by your ISP? appeared first on Webroot Threat Blog.

Top 5 Week of Dec. 7

UAE Bank Hack

In the last week, a major financial institution in the United Arab Emirates was hacked, with customer information being ransomed for a sum of nearly $3 million USD. The bank’s refusal to pay the significant ransom lead to the hacker releasing account information of nearly 500 customers, via Twitter. Although the Twitter accounts were shut down, the hacker continued on, contacting customers and demanding they pay a ransom for their information.

http://www.wired.com/2015/12/hacker-leaks-customer-data-after-a-united-arab-emirates-bank-fails-to-pay-ransom/

Anonymous Targets UN

In response to the arrests of protesters outside the Climate Change Summit in Paris, the hacker group, Anonymous, released sensitive information for nearly 1,500 UN officials. The protest, which started off peacefully, ended with nearly 100 protesters being arrested after clashing with local police.

http://www.scmagazineuk.com/anonymous-hacks-un-climate-conference-officials/article/457797/

Malvertising on the Rise

With internet users constantly being bombarded by ads, it’s no surprise that malware authors are joining the game. Using malicious Javascript, the ads can infect computers without the need for any user input, other than navigating to the website originally. Upon arrival on the landing page, the browser is scanned to find any exploitable plugins and, if successful, the malware is downloaded to the computer.

http://www.wired.com/2015/12/hacker-lexicon-malvertising-the-hack-that-infects-computers-without-a-click/

DDoS Attack on UK College Network

Recently, a major academic computer network in the UK fell victim to a targeted DDoS attack that slowed it down significantly and made certain functions unavailable.  The attacks began on Monday and have continued throughout the week, causing severe disruption to many universities across the country. Jisc, the company that operates and provides the network services has claimed that they are working diligently to restore functionality as quickly as possible.

http://www.bbc.com/news/education-35043243

Microsoft Warns of Security Issues after IE EOL

Coming as no surprise to many, Microsoft has confirmed that its flagship browser, Internet Explorer, will be reaching the end of the road. After the launch of Windows 10 and Microsoft Edge, it was only a matter of time before the highly exploited browser had the plug pulled on it. The offical end date for support on older versions will be January 12, 2016, though IE 11 will continue to receive security updates on currently supported Windows operating systems.

http://www.dailystar.co.uk/tech/news/479794/Microsoft-Windows-Internet-Explorer-end-security-updates

The post Threat Recap: Week of Dec 7th appeared first on Webroot Threat Blog.

It’s that magical time of year for all technically minded folks: sysadmins, IT pros, nerds and gamers.  It’s that time where you get to go home to family, gather around the fire, and fix their computers.

That’s right; it’s not about the turkey or the giving of presents, it’s about cleaning toolbars off grandma’s computer.

For those of you who go through this annual ritual, here’s a few things to make the process easier for everyone:

1. Facelift: SSD, memory, larger screen.  One of the cheapest ways to give aging hardware a boost is getting easier every day.  SSD prices are bombing like your boss’s jokes at the holiday party, RAM has been cheap for a while, and bigger screens are always cheap around the holidays.  Replacing an HDD with an SSD will make them think you gave them a whole new computer.  For moving the boot drive, I recommend Paragon Software’s Migrate OS to SSD software: https://www.paragon-software.com/technologies/components/migrate-OS-to-SSD/ That way you don’t have to do a fresh install, and you can just leave the migration running while you eat dessert.  Combine that with a USB to SATA cable: http://www.amazon.com/gp/product/B00HJZJI84 and you only have to open up the case once to swap the drive out after the migration is complete.  While the case is open, slap in some extra RAM so that when Chrome tabs gobble up all the memory their computer doesn’t grind to a halt.  And finally those aging eyes will benefit from the jump to a larger screen.  27 inches seems to be the pricing sweet spot lately.  And you can take home the replaced screens to use as second, third, fourth and fifth monitors for yourself while playing Fallout 4.
2. Auto-reset the internet.  How tired are you of asking people if they’ve tried turning it off and on again?  For one aspect you can now automate the process.  They make plugs that detect when the Internet connection goes down that automatically power cycle the cable modem and/or router: http://www.amazon.com/PI-Manufacturing-Internet-Controllable-Automatic/dp/B006PPISCG That will save you from having to explain to your parents which device they have to try turning off and on again when the Internet goes out.
3. Setup easier remote access – Have you ever had this conversation: “Go to the address bar.  That thing at the top.  Type in: H-T-T-P-colon-slash – the one that leans to the right, not the left, now another slash.  Yes the same direction as the last one.  Now L-O-G.  No, G as in Get a clue…”  You get the picture.  While you’re home, why not setup a shortcut on the desktop that goes directly to your preferred remote support website?  That way grandma knows what to click on when you have to remote in to uninstall the latest toolbar she installed.
4. Install antivirus that allows central management – obviously I’m going to recommend Webroot: http://www.webroot.com/us/en/home/ But no matter what you choose, it’s nice to have something that has a central online console. This allows you to see whether mom’s computer has run a scan in the last decade and how many viruses your younger brother managed to catch while visiting those sites he likes to go to.  With Webroot you can also kick off scans and reboots from anywhere you can get online.
5. Protect their credit – everyone’s had their information stolen at this point so you might as well put a freeze on your credit.  Mom and dad probably aren’t getting a lot of loans these days therefore this won’t be a big inconvenience for them.   Here’s how to go about it: http://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs This just means they’ll need to call in and unfreeze with their password before they get any more lines of credit, and it will stop the bad guys from taking out loans in their name.  Because face it, they already have all of your personal information.  Protect your inheritance.
6. Install an ad blocker and privacy protection – ads are a huge vector for malware these days.  I like uBlock Origin to stop ads and Privacy Badger to stop companies following you around the web with tracking cookies.  Put those browser extensions in place and teach mom and dad how to turn them on or off for individual sites for when they break core functionality.
7. Get them on a better browser – if they’re still using Internet Explorer then you should be ashamed of yourself.  Protip: change the existing IE icon on the desktop to open up Chrome or Firefox instead, so they don’t have to learn to click on anything new.
8. Power protection – get some cheap UPS and surge protection so that any desktop devices & cable modems won’t go haywire if the power blips: http://www.amazon.com/Eaton-Electrical-3S350-External-UPS/dp/B00906CH8S
9. Setup online backup – I like Backblaze: https://www.backblaze.com/ $5 a month for unlimited storage on each computer.  Now your baby pictures aren’t in danger of going up in a puff of magic smoke.  Restores are easy and you get email reports letting you know that the backups are successful.
10. Get better wireless – Ubiquiti has awesome and affordable prosumer APs that will give you a signal from two streets over: http://www.amazon.com/Ubiquiti-Networks-Enterprise-Unifi-UAP/dp/B00HXT8R2O No longer will the neighbor’s Wifi interfere.  I use one to cover an entire three-story house from top to bottom.
11. Connect the house with powerline Ethernet – save the wireless for devices that move.  For anything static, from streaming devices on your TV to media servers, wired is the way to go.  Powerline Ethernet is now rock solid and you can turn your whole house into a hub by plugging these into any outlet: http://www.amazon.com/TP-LINK-TL-PA4010KIT-Powerline-Adapter-Starter/dp/B00AWRUICG No running cables throughout the house required.
12. Stop bundleware – next time dad installs an update, you don’t have to worry about uninstalling a toolbar with this one simple trick: http://unchecky.com/ This software automatically unchecks the bundleware checkboxes so that you don’t have to use a cattle prod to train family to uncheck anything.
13. Install a password manager – anything to get people to use good passwords without having to teach their aging brains to remember anything new.  If you use an online password manager, then you can automatically change their passwords and update the password manager for them whenever there’s a report of a breach on a site your family uses.
14. Follow Swift on Security on Twitter.  A parody account that is both funny and useful.  Taylor Swift’s Infosec alter ego will keep you up-to-date on the latest security news and breaches, all while serenading you with the latest hits: https://twitter.com/swiftonsecurity/

Hopefully this list will help you get through the holidays at home without having to resort to hiding in the basement.  Make a few of these changes and it should make the next year of family tech support that much easier.  May the force help you live long and prosper.

The post IT at Home for the Holidays appeared first on Webroot Threat Blog.

CryptoWall 4.0 users have found that Russian users are spared any encryption when the malware is deployed on their system. That’s because it checks for what keyboard is being used and if Russian is detected as the keyboard language then it will kill itself before encryption. This isn’t that much of a surprise since we’ve always known these guys were Russian (at least the spam servers) and target mainly the US and Europe. But everyone is susceptible to encrypting ransomware so here’s a look at a recent encrypting ransomware what will target Russians.

While this encrypting ransomware may look a little different, it’s pretty much the same as the rest; encrypt your files from a phishing email and hold them ransom for bitcoin payment via tor browser. The encryption routine is done using GPG Tool which is an open source encryption tool and appends the file extension to “.vault”

Once you enter the Onion link into a tor browser you’ll be presented with the following pages

The bitcoin currency is continuing its climb

This is the payment portal – The victim is subject to a price increase after 4 days.

This variant also introduces the “freebie” structure where it allows you 4 free file decrypts. This is so you know what the decryption routine is like and know that you’ll get your files back if you do pay the ransom.

Once you’ve paid for the ransom you have access to download the decryption tool from the portal.

MD5 Analyzed:

87c6023bf8922d84927247c15621a02e

Webroot will catch this specific variant in real time before any encryption takes place. We’re always on the lookout for more, but just in case of new zero day variants, remember that with encrypting ransomware the best protection is going to be a good backup solution. This can be either through the cloud or offline external storage. Keeping it up to date is key so as not to lose productivity. Webroot has backup features built into our consumer product that allow you to have directories constantly synced to the cloud. If you were to get infected by a zero-day variant of encrypting ransomware you can just restore your files back as we save a snapshot history for each of your files up to ten previous copies. Please see our community post on best practices for securing your environment against encrypting ransomware.

The post Russians are not immune to Encrypting Ransomware appeared first on Webroot Threat Blog.

Recently, Webroot published 2015 SMB Threat Report: Are organizations completely ready to stop cyberattacks?, which included the results from a survey of 700 SMB decision makers worldwide about their IT security, their readiness for security response, and use of MSP recourses in their environment.

Many SMBs are outsourcing cybersecurity to managed services providers (MSPs) to make up for the lack of time and in-house expertise. According to the report, 81% of respondents agreed such outsourcing would improve their bandwidth for addressing other tasks. With the majority of SMBs surveyed planning to increase their cybersecurity budget in 2016, VARs across a broad variety of industries are beginning to embrace this service-centric relationship with their clients. For customers, choosing to work with an MSP means they avoid installation and maintenance headaches. They also avoid diverting resources towards laborious IT security support tasks or ad hoc break/fix reseller charges.

Although SMBs appear more aware of cybersecurity-related risks to their organizations, many are still unsure or under-informed about their own readiness to handle such risks even with heavy investments of time into protecting the environments. Incredibly, even with 56% of respondents reporting over 17 hours spent on cybersecurity, 44% are still feeling they have less time to stay up-to-date on threats.

Just 37% of IT decision makers surveyed in the US, the UK, and Australia believe their organizations are completely ready to manage IT security and protect against threats. While I am not entirely surprised given the considerable cybersecurity challenges SMBs face, but it’s still an alarmingly low number.

On the flip side, when asked how confident IT decision makers would be that someone on their staff could deal with a cyberattack, a surprising 84% responded confidently. Given the other responses to this survey, this was unexpected and indicates a discrepancy and possible misperception of IT resources, knowledge, and capability to thoroughly address a cyberattack.

Webroot’s SMB Threat Report makes it clear that the future of security is in need of some change with IT decision makers are stretched thin. In the near future, we should expect a continued movement towards “outsourced IT,” particularly on the cybersecurity front. According to the survey, 81% of respondents believe outsourcing IT solutions would increase their bandwidth to address other areas of their business. In order to reap the full array of benefits, though, IT decision makers must be proactive about identifying MSPs that offer “intelligent cybersecurity” solutions.

Our definition of intelligent? Solutions that are easy to install, can be managed remotely, and provide real-time protection against modern threats. While these are all important qualifications, we expect SMBs to place an increased premium on the “real-time” component.

The post Webroot’s 2015 SMB Threat Report: An Analysis appeared first on Webroot Threat Blog.

Apple has projected yet another record holiday for sales, but this should come as no surprise to fellow ‘Macheads’. I myself, am a huge fan of Apple and have been for a quite some time; I still have my iBook, and it still works! My desk is home to an iMac, Macbook, and many other small Apple devices. The one thing that most people believe is that there is no need to worry about security for their beloved Apple devices, which is a bit over inflated. So here are a few security tips from one Machead to the others to keep your new and old Mac devices secure this holiday season.

Top Ten tips for OS X security

1. Create a standard account (non-admin) for everyday use– Log into the standard account for your everyday activities, and to store your personal information. Whenever an administrator’s password is required, type the admin username, and the appropriate password. This will lead to more password requests than if you were working under an admin account. However these requests should make you think whether you should be entering your password.
2. Set Gatekeeper to allow Mac App Store and identified developers– Gatekeeper resides under Preferences>Security & Privacy and its main function is to allow the user to control which apps can be run without further escalation and or attention. If you download an application that doesn’t meet the criteria you will not be able to run it.
3. Stay current with OS X updates– Mac OS X has a built-in software update tool “Software Update”. It’s a good idea to run “Software Update” frequently and install updates when available.
4. Disable automatic login– Automatic login means that anyone who can access your Mac only needs to start it up to have access to all of your files.
5. Use the built in Firewall– The firewall can be tuned to your needs whether it be at home, work or travel.
6. Use a password manager to help prevent phishing attacks– It’s important to create complex, unique passwords, however for most of us, the more complicated the password the easier it is for us to forget it.
7. Use Mac FileVault for full-disk encryption– FileVault encrypts your entire hard drive using a secure encryption algorithm (XTS-AES 128). You should enable this feature on your Mac because if your hard drive isn’t encrypted, anyone who manages to steal your computer can access any data on it.
8. Use a Mac anti-virus (WSA)– Let’s face it, Mac malware is real and only getting worse.
9. Enable iCloud Mac locator and remote wipe– If your system is ever stolen you can log into iCloud.com or use the Find My iPhone app on an iOS device to locate your device, send it a command to lock it, have it issue a sound, or remotely wipe the device.
10. Use “Secure Empty Trash” to remove data– By default files are simply marked for deletion and not really deleted making file recovery simple. Using Secure Empty Trash things get much more difficult to recover.

Tips to secure your iOS

1. Enable Passcode Lock – This is one of the key security tips, The stronger the passcode the better. Apple has incorporated a fingerprint scanner in the newer iPhone models which allows users to use their fingerprints for authentication when unlocking their device and making purchases.
2. Erase all data before selling, trading in, or sending off for repair.
3. Update – By keeping your apps and operating system up-to-date, you will strengthen the security of your device. You can turn on the automatic downloads feature which will update apps in the background and without the need for you to do anything.
4. Don’t Jailbreak – sure, some of the Jailbreak tweaks are cool and can do some fun things but is the lack of security really worth it?
5. Enable Safari security settings – these settings include blocking pop-ups, disabling autofill, fraud warnings, and the ability to clear cookies/history/cache.
6. Disabling Bluetooth/WiFi – there are several freeware tools designed to sniff for Bluetooth and WiFi signals then gather information from open devices. It is also best to not use public WiFi; you don’t really know what the guy sitting at the other table in Starbucks is doing on his computer.
7. Find my iPhone– This should go without saying, this feature not only helps you find a lost or stolen phone, but it also makes wiping the phone a little harder. I had an iphone stolen and find my iPhone found it five months later… in Canada… someone sold it on ebay.
8. Disable Siri on Lock screen – Siri is a great tool and assest but she can also talk to much, this will keep her quite until the correct person is able to unlock the device.
9. Set up a VPN – A Virtual Private Network is a must-have and can bring extra security to anyone who uses their devices on different wireless networks. Some VPN services are free of charge, but some can cost several dollars a week which is more than a fair price for protecting your information.
10. Turn on two-step verification for Apple ID and iCloud – a great way to prevent issues without someone knowing both the password and the 4-digit verification code.

The post Quick Tips to Protect Your New (and old) Apple Devices appeared first on Webroot Threat Blog.

2015 has been the worst year so far for security breaches.  Although the state of online security reminds me of that scene in Office Space where Peter says that every day you see him is the worst day of his life, there’s a few things you can do to protect yourself against getting your data and online identity stolen.  If you’re looking for a New Year’s resolution that isn’t “I’m going to buy a gym membership and only go for a week”, try this list (it goes to 11!) on for size.

1. Change your passwords, just in case – chances are the password database of some online service that you use has been stolen sometime in 2015.  While most companies don’t store the actual password, they do store a password hash (fancy term for encryption, basically) that can sometimes be used to reverse engineer your password.  That can take some time on a powerful computer, so even though the breach might have happened 6 months ago and nobody’s hacked into your account yet, that doesn’t mean you are safe.  Change your passwords regularly, just like you change the batteries in your smoke detectors.
2. Use a password manager – every security boffin will tell you not to use the same password everywhere.  The problem with that is that we all probably have at least 3 dozen online accounts.  Remembering all those passwords, especially if you change them regularly, just isn’t feasible.  That’s where password managers come in.  Just remember one master password and the password manager software stores all the rest securely for you.  It also fills in your password automatically if you use their browser extension.  Don’t use the browser auto-fill for passwords, as those are usually not stored securely.
3. Use good passwords – don’t use a password that contains any personal information about yourself, such as your birthday, your dog’s name or your favorite flavor of Ben & Jerry’s ice cream.  Using that information makes it easier to break password hashes in the process mentioned in point 1.  Good passwords should be long and random (that’s what she said!).  If you do take the advice in point 2 and use a password manager, they typically offer a secure random password generator.  If not, you can use this website: https://strongpasswordgenerator.com/
4. Secure your WiFi – when you plugged in that new wireless router you got for Festivus, you probably didn’t realize that you had to change the password on it.  If you don’t then anyone you let on your wifi (or who breaks in) can log in to your router and do whatever they like.  While the wireless security might also be on by default, it doesn’t hurt to check and make sure it is using the strongest security setting, which is the WPA2 protocol.  To log into your router you generally have to look at the info on the bottom of the device to see how to login and what the default login and password are.  Typically you’ll put the IP address of the router into your browser to get started.  If the only association you have when I mention IP is a joke about a book called The Yellow River, then find the nerdy kid who lives on your street (the one wearing glasses and a Minecraft shirt) and offer them a $25 Gamestop gift card to come secure your router for you.  Remember to notify the kid’s parents first so they don’t think you’re kidnapping him or her.
5. Change your PIN to something unpredictable – analysis of debit card PINs shows that over a quarter of them are one of 20 common combinations such as 1234 or 0000.  If your PIN is one of the 20 on this list, then go change it right now to something that isn’t on the list.  Also, saying “PIN number” is redundant since PIN stands for “Personal identification number”, so stop saying that.
6. Freeze your credit – if you get your identity stolen you’ll eventually get it sorted out.  The problem is that will take hundreds of hours of your time, and you might not have access to your bank accounts until you get it cleared up.  Have you tried living without money lately?  It’s not a lot of fun.  If you want a story scarier than the Krampus movie, read this.  You can regularly check your credit reports for new accounts that you didn’t open, but an ounce of prevention is always best.  Call up the credit agencies and freeze your credit.  That way nobody, including you, can open new lines of credit without first unfreezing using a secure procedure.  It’ll also stop you from impulse buying a new Mustang that you can’t afford.  The FTC has a handy guide here.
7. Turn on two-factor authentication – two-factor authentication is one of the typical stupid names that techies come up with when naming technology.  It should be called something self-explanatory such as “confirm my identity”.  What it means is that when you log into an online service, they text you a passcode after you’ve logged in.  You have to type in the code they text to your phone to confirm it’s really you.  This makes sure that you not only know the password but also have access to your own phone.  Two ways of identifying you – that’s what the phrase “two-factor authentication” means in plain English.   It’s unlikely that a thief will be able to steal your password and your phone at the same time, which is why this makes things more secure.  Good banks and credit unions will have this enabled by default.  Some of your online services or banks might not have it turned on by default, which is dumb of them.  If that’s the case, go into the settings and turn it on, or call them and ask them to turn it on for you.  If your bank or credit union doesn’t offer 2FA (to make the phrase two-factor authentication even more obtuse) then it’s time to switch banking institutions.
8. Enable a PIN on your phone – yes it’s annoying.  If it bothers you that much, get a phone with a fingerprint reader.  If you don’t, then whoever finds your phone after you leave it in the bar at 3am will have your entire life at their fingertips.  They can reset all your passwords because they have access to your email.  Then they can clean out your bank accounts and leave you with something worse than a hangover the next morning.
9. Don’t believe anyone who contacts you – you know that guy who comes up to you at the gas station with an empty gas can and a story about a lost wallet?  He’s a con man.  Same goes for the person who calls you pretending to be Microsoft or the email pretending to be from Paypal.  If someone initiates contact with you then chances are they aren’t who they say they are.  If someone calls saying they are from your bank, from the IT department or from Microsoft and starts asking you for credit card numbers, passwords, or to remote into your computer, then hang up on them.  The only legitimate call you’ll get from your bank is when their security department calls you in the middle of your holiday shopping spree to verify that you are the one who made those rash purchases.  In those cases they’ll tell you what transactions were made with your card and ask you to confirm it was you and not a thief who stole your credit card details.
10. Update all your software – most hackers breaking into online systems use known vulnerabilities that have already been patched.  They look for computers that haven’t been updated to the latest patches.  Run Windows Update to update your operating system and also update any other software you use regularly.  That software will generally have a menu option to check for updates under the Help or About drop-down menu.  Well-written software will check for updates automatically.  A lot of software is not well written.
11. Don’t open email attachments – especially from people you don’t know.  Even if the email looks like it is from someone you know, it could be that their email account was hacked.  If they didn’t tell you previously to expect an email with an attachment, then don’t open it.  If you get a suspicious email from a friend or family member, call them up and ask them if they really sent it and why they attached a word document that it’s really, really important that you open right now.  Most likely they’ll have no idea what email you are talking about.  For a list of other common online and email scams, check out this page.

Wouldn’t it be nice if technology could be used to make all of the above something you don’t have to think about?  Maybe in about 20 years this will be the case.  In the meantime, it makes sense to spend a few hours protecting yourself now so that you don’t have to spend 100 hours on the phone with banks and creditors sorting out the mess when your identity gets stolen.  Stay safe in 2016!

The post Top 11 Security resolutions for the New Year appeared first on Webroot Threat Blog.

As 2015 comes to an end, we all look back at the huge list of big-name data breaches that occured, from passwords revealed to full on dating identities. It was not a pretty year for companies with lacking security protocols to say the least. And while we can sit here and delve into what happened, as a security company we must continue looking forward to what is going to happen next. Lessons were learned in 2015, but there is still going to be breaches, security problems to be solved, and as technology advances, so will the vectors for attack.

To look forward, to continue preparing, we here at Webroot have works on a list of our top 4 security predictions for 2016.

1. People Push Back:  Tools that prevent unintentional data collection – such as cookie blockers, microphones, malicious advertisements, and camera blockers – will be increasingly adopted by consumers. Many of these tools block ads indiscriminately which will have an impact on legit sites ability to fund themselves. Consumers will also require web companies to disclose consumer data use and how it is being protected.

2. Increased Attacks on IoT Devices: As more common items add connectivity for convenience, and thus become part of the IoT, it is expected that hackers will take advantage of poorly implemented security. Weaknesses in passwords, firmware updates and the storage of user specific data make IoT devices a prime target and attacks against these devices will increase in 2016.

3. More Breaches: Cybercriminals will double down on phishing attacks – whether via telephone, texts, tweets, Instagram, Snapchat and other social avenues. With rapid growth on the rise in 2015, attackers will create remote sessions into PCs disguised as a trusted account vendor.  Also, reps from fraudulent sites will offer support which results in a remote connection and users’ systems getting compromised.

4. 2016 Presidential Elections: There will be a spike in cybercriminal activity that exploits the 2016 US presidential elections and causes mass disruption. The attacks will include spam emails, campaign donation scams, fake election sites and telephone-based threats, which have been on the rise in 2015. Attacks will target social media and will increase in activity as the election night approaches. As a result, candidates will need to be more security-aware than ever before.

With these in mind, this is not the limit of what we will see but more of the avenues that we feel will have the biggest impact on the global threat landscape. What predictions fo you have for this coming year? Share your ideas in the comment box below.

The post Top Security Predictions for 2016 appeared first on Webroot Threat Blog.

Update: We now have a soundbite of the music played after infection: 

The RaaS (Ransomware as a Service) business model is still seeing growth. Here is the latest cyber criminals have to offer and it could later on be used for Mac and Linux OS

As with all other RaaS platforms you sign up to create new samples from hidden servers in the Tor Network. Just input the bitcoin wallet address you want your “revenue” to be deposited in.

Once you input a deposit bitcoin address, you’ll be presented with a very easy to use portal with customization and stats. The customization allows you to fully lock the computer – which will make the lockscreen pop-up every few seconds and not be able to be minimized. What is interesting is that it even mentions to use caution with this feature as victims will find it difficult to check that their files have even been encrypted and will have to use another machine to pay the bitcoin ransom. The stats will show you how many people you are infecting and how many people are paying the ransom.

Once you click download it will generate the malware with your customized setting and payment amount. The size of the file is 22MB which is quite large for malware in general. This is because main malware component inside the payload, “chrome.exe” is a packaged NW.js application which contains the malware code. NW.js s a framework that lets you call Node.js modules directly from the DOM and enables a way of writing applications with multiple web technologies that work on ALL operating systems. While we did see strings in the code reference commands only used on Unix operating systems, current samples only work on windows… for now. We suspect that Mac/Linux compatibility is in the works.

This is the infection lockscreen that pops up once you are infected and files are encrypted. You are also blasted with music from the video game Metal Gear Solid – which is bizarre and very obnoxious. We see that they’ve made sure to use the free decrypt tactic that was first introduced in 2014 with CoinVault – we did confirm that this feature works.

As always, these come with detailed instructions on how to purchase bitcoins with USD and then send it over to the ransom wallet.

Webroot will catch this specific variant in real time before any encryption takes place. We’re always on the lookout for more, but just in case of new zero day variants, remember that with encrypting ransomware the best protection is going to be a good backup solution. This can be either through the cloud or offline external storage. Keeping it up to date is key so as not to lose productivity. Webroot has backup features built into our consumer product that allow you to have directories constantly synced to the cloud. If you were to get infected by a zero-day variant of encrypting ransomware you can just restore your files back as we save a snapshot history for each of your files up to ten previous copies.

Please see our community post on best practices for securing your environment against encrypting ransomware.

The post Ransom32 – A RaaS that could be used on multiple OS appeared first on Webroot Threat Blog.

In support of January being Clean Up Your Computer Month and National Privacy Day on January 28th, here are some great tips to start 2016 off right.

Let’s face it, we are all guilty of letting our computers get out of hand from time to time. I, for one, realized this when cleaning up one of my hard drives and discovered that I had 363 games either installed or ready to install. Typically a person will download something they want or need for a given moment, use it and never get rid of it. This can clutter and bog down your hard drive or even worse, leave personal information openly available. Here are a few tips that will help keep your machine clean.

Keep your desktop tidy! For me this is the pet peeve that my fiancée is guilty of and it drives me crazy. If your desktop looks like someone dumped a bucket of icons all over it then you might want to think of condensing and organizing. This can make for faster boot times, and easier navigation. Don’t let your desktop look like this…

Try to keep everything organized!

The download folder can be your worst nightmare on a device. I find this to be the one area that I am horrible at keeping track of. I need a picture for a blog or a gif to send to a coworker… months later I find myself questioning why I have a random gif of a plane crash on my computer. This folder can build and build until it is out of hand. Minimize the amount of files you have in here, if it is old .dmg files then trash them. This will greatly reduce clutter on most people’s macs. The mail downloads folder is another location that people tend to ignore. You can get to it using spotlight and typing in mail downloads or In the Finder, select Go > Go to Folder. Type ~/Library/Containers/com.apple.mail/Data/Library/Mail Downloads in the text field (This is only for people that use the built-in Email app).

Just as most of us adapted to cleaning the cache on Windows, you should do the same for your Mac. This doesn’t just relate to web browser cache, OS X stores lots of information in cache to allow for a faster loading time. You can go to the caches location and do a clean-up yourself (which I only advise for those who know what they are doing) or you can simply go to utilities in Webroot SecureAnywhere and click “Optimize Now”. This will clean up certain caches and logs for you.

A key to having a clean computer is not just removing known junk but also removing unwanted Apps. Be sure to remove applications that you are no longer in need of. I like keeping a spreadsheet with my license keys, in case I need one of the apps in the future. Unused or unwanted apps can take up massive amounts of hard drive space.

My final tip… Most macs come with a microfiber screen cloth… Use it.

A physically dirty computer is something that no one wants to look at. Apple has a page dedicated to recommendations and guidelines for cleaning their products. https://support.apple.com/en-us/HT204172

The post Cleaning up your Mac appeared first on Webroot Threat Blog.

A lot happens in the security world, some big and some small, and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot ThreatBrief, highlighting 5 major security news stories of the week.

Hackers Targeting Ukraine Energy Infrastructure

In the last week, several regions of Ukraine were subjected to electrical blackouts as the result of a malware attack. The malware package, dubbed BlackEnergy back in 2007 when it originally surfaced, has the capability to render machines unbootable, destroy critical systems, and create backdoors into the infected machine.

Read more: http://arstechnica.com/security/2016/01/first-known-hacker-caused-power-outage-signals-troubling-escalation/

Tax Season Security Risks

As tax season approaches, many people are finding themselves as victims of identity fraud. This remains prevalent as many are not as concerned about online security when using government sites and entering personal information. By creating fraudulent sites and using phishing emails disguised as tax information, identity theft is easier and more widespread than ever before.

Read more: http://www.net-security.org/secworld.php?id=19285

Comcast Security Not So Secure

Recently, third-party security vendor Rapid7, discovered a method of infiltrating the Xfinity security system by using a simple radio-jammer to disrupt the wireless signals used to determine if the home is secure or not. This gap in communication would be unnoticed as there is no indication to the homeowner that the “all clear” signal is no longer being received. Fortunately for Comcast customers, the issue is being reviewed and hopefully a solution is found.

Read more: http://arstechnica.com/security/2016/01/comcast-security-flaw-could-help-burglars-break-into-homes-undetected/

Javascript Ransomware on the Rise

At the start of this year, a new variant of RaaS began making headway into the market, labeled Ransom32. This iteration of ransomware comes packaged in a javascript application that allows anyone with a Bitcoin account to run their own Ransomware campaign and customize everything from level of computer lockdown to the amount of Bitcoins to be paid.

Read more: http://www.webroot.com/blog/2016/01/06/ransom32-raas-used-multiple-os/

Thai Police Forces Hacked

In response to the recent court decision regarding the deaths of two British tourists in Thailand, hacker group Anonymous targeted several police websites and took them offline. It is believed that the decision was made hastily and the men accused were charged and executed without solid evidence. An image displayed on many of the Thai police websites states, “Failed law. We want justice!”

Read more: http://news.softpedia.com/news/anonymous-hacks-14-thai-police-websites-to-protest-flawed-murder-investigation-498485.shtml

The post Threat Recap: Week of January 3rd appeared first on Webroot Threat Blog.

For over a decade, one of the most common ways to infect a computer with malware has been the implementation of “macros” in Word and Excel documents. Macros are small scripts that automate a series of commands in a document; most commonly they are used to automate legitimate repetitive tasks in applications like MS Excel and MS Word. Because of the security issues inherent to macros, Microsoft added security features in Office 2003 and all subsequent Office releases in order to curb macro abuses. In particular, the use of macros is disabled by default in Microsoft Office applications, requiring the user to manually turn macros on in order to use them.

Because of this, it is less likely to be infected by a document containing a malicious macro, but it is still possible. Typically, a document containing a malicious macro these days will be accompanied by instructions that ask the user to enable macros in their Office applications. Fortunately, these types of attacks are easy to detect if you know what to look for.

The first thing to be aware of is that unless you already use macros regularly in your work, you will probably never be sent a legitimate document that contains a macro script. In the case that you do use macros regularly, they will usually be similar types of documents that come from the same sources. If you receive a document via e-mail from an unknown sender, and the document contains macros, it is probably malware and should be deleted immediately.

The most popular type of malware infection these days comes in the form of a bogus shipping e-mail, such as a UPS Shipping Notice or a USPS “failed delivery” e-mail, as shown below:

In this example, we can see a few different things that would alert you to the fact that it is bogus. First, observe the “From” e-mail address. The e-mail claims to be from the USPS but the sender is from “no-reply@Postal-Reporter.com” instead of a “USPS.com” e-mail address. Secondly, because the e-mail address is an unknown or previously uncontacted sender, the fact that the message has a document attached is highly suspicious. We would recommend immediately deleting an e-mail like this and would especially advise not downloading or opening the attached document.

If this type of document is downloaded, it may not be immediately detected by security software because the document itself does not contain malware. It is only when macros are run that the malicious script is activated; usually this would trigger a download and launch of malicious software.

When this document is opened, what you will usually see in MS Word is something like this:

The document contains no real information but is meant to trick you into believing that you will not be able to read a message without enabling macros in MS Word. You can see that MS Word displays a yellow bar with “SECURITY WARNING: Macros have been disabled.”, also giving you the option to “Enable Content”. This is your clear warning that something is not right with this document. If you have opened a suspicious document and have gotten this far, you should immediately close and delete the document before going any further with it.

Knowing how to spot these types of attacks is the best way to avoid them, but there is one more thing you can do to ensure that a malicious macro document does not infect your computer. By default, the “Trust Center” setting for macros is “Disable all macros with notification”. This means that if macros are detected in a document, you will see that yellow “SECURITY WARNING” bar. We would recommend changing this setting to “Disable all macros without notification”, which will simply block the ability to use macros without prompting you to enable them:

This is especially useful if you share your computer with others who are not already trained in spotting these types of malicious documents. We hope that this helps you to pre-emptively detect and avoid these types of infections in the future.

The post A look at a typical macro infection appeared first on Webroot Threat Blog.

A lot happens in the security world, some big and some small, and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot ThreatBrief, highlighting 5 major security news stories of the week.

Fitbit Accounts Hacked

On Monday of this week, it was reported that dozens of Fitbit accounts had been accessed, with users information leaking to external sites. According to Fitbit, customer’s usernames, passwords, and location information were accessed, likely from customers reusing passwords for multiple website logins. Fitbit doesn’t currently use two-step authentication for account security, but that is likely to change in the coming months.

Read More: https://nakedsecurity.sophos.com/2016/01/11/fitbit-users-fall-victim-to-account-takeovers-dont-reuse-passwords/

Industrial Sized Vulnerabilities

Having devices connected to a network is always a risky proposition, especially when the devices in question are industrial motors; running power plants, water treatment plants, and other large infrastructure systems. Recently, a vulnerability was found that would allow unauthorized read and write access to the drives, thus allowing the motor speed to fluctuate or rise to unsafe levels.  The vulnerability has been found in several variable-frequency drives currently available on the market.

Read More: http://www.wired.com/2016/01/an-easy-way-for-hackers-to-remotely-burn-industrial-motors/

Japanese Banks Attacked

Recently, the Rovnix banking trojan, which has been quite prevalent in Europe, has bridged the language barrier and aimed itself at the Japanese banking system. The infection is commonly spread through email attachments, which contain the malicious payload in an otherwise unsuspecting email. Using web injection, Rovnix is capable of loading an imitation page of the targetted bank and allow users to login normally, while logging that information externally.

Read More: http://www.darkreading.com/vulnerabilities—threats/japanese-banks-targeted-with-new-rovnix-trojan/d/d-id/1323818?

Nissan Sites Hit with DDoS Attack

With the Detroit Auto Show taking place this week, it could only be coincidental that Nissan’s global and Japanese sites have been the main focus of a DDoS attack, in response to whale and dolphin hunting by Japanese hunters. Nissan appears to have been targetted, not due to their stance on hunting, but because they are a major Japanese corporation and the attack would bring national attention to the whaling issue.

Read More: http://www.bbc.com/news/technology-35306206

NSA Code Found in Juniper Software

In the last week, Juniper Networks have announced they will no longer be using a particular piece of code that may have been linked to the NSA, to allow monitoring of private network sessions. The code used a mathematical constant that was generated using Dual Elliptic Curve, which is not only untrusted, but was widely distributed via government contracted software kits.

Read More: http://www.businessinsider.com/r-juniper-networks-will-drop-code-tied-to-national-security-agency-2016-1

The post Threat Recap: Week of January 10th appeared first on Webroot Threat Blog.

Tax season officially began on January 19^th, and with tax season comes the inevitable rise in tax-related scams. Identity thieves tend to step up their game a bit during tax season, looking to get the ultimate prize – your Social Security Number. Scammers often use the threat of jail time for unpaid tax debt to trick you into giving out sensitive personal information. As with so many scams, seniors are a major target. Telephone scams are particularly popular, but as more people file their taxes electronically, phishing emails and malicious email attachments have become more prevalent.

Now is a good time to help educate your family members about these types of scams. It is important to pay extra attention to any email that is tax related. Be aware that the IRS will not contact you via email to request any personal or financial information. Don’t click on any links or download any attachments from emails claiming to be from the IRS. If you need tax related information, go directly to the official IRS website at www.irs.gov instead of using a search engine.

For more information on taxes and security, the IRS have provided resources at: https://www.irs.gov/Individuals/Taxes-Security-Together

The post As tax season approaches, beware of tax related scams appeared first on Webroot Threat Blog.

This week, we held our first BrightTALK webinar of 2016 (January 19th), talking about crypto-ransomware. I’ve got to admit I’m always overwhelmed at the numbers of people interested in this as a topic, and I called in help from one of our top threat researchers Tyler Moffitt to help me out with answering the more technical questions. In fact, Tyler and I double-handed the presentation as we’re both getting used to discussing the issues. It always helps when you have a real expert on hand, my background isn’t a coding one.

We tried as always to be terrifyingly truthful. At Webroot, we have had a lot of success with our next-generation behavioral approach of stopping customers from getting infected by all the variants of Crypto. Inevitably that leads to malware authors’ taking an interest in finding ways around our defenses, which admittedly has lead to a few very regrettable failures in stopping the infections) Right now though we are holding our own and, in fact, have been forced to innovate more to be even better at stopping this threat.

None-the-less, we do not believe we can stop every crypto threat, but we do believe we can protect against these attacks far faster and more effectively than other endpoint solutions. I might add no testing or results I’ve seen anywhere else or claims from expensive machine learning next generation vendors makes me believe anything different. There are a lot of Emperor’s new clothes out there, and as my namesake Hans Christian Andersen’s points out, “They haven’t got anything on!”

I’ve also done something I don’t normally do and that’s send out slides to those that requested them, if for a good reason. Which usually is to persuade a recalcitrant or unbelieving customer they need to spend some cash on protecting their only real asset, their irreplaceable data. I did mention a story I was told by a Webroot Partner in Australia about a friend (not a Client of his) who’d paid-up AUS $100,000 to get his server unencrypted after an attack, much what the FBI were forced to admit they often advise too.

These days if the crypto-ransomware has encrypted your files and unless you have other precautions in place, you are in trouble. Even paying up is not a guarantee. And this isn’t just for businesses but home consumers as well; this infection will and does target anyone with a connected PC.

The presentation which I am referring to above can be accessed here: https://www.brighttalk.com/webcast/8241/181075. This is a very logical approach when it comes to discussing what crypto-ransomware is; it’s history; its variants; some ways it avoids detection and probably most valuable what to do to protect yourself from having to pay extortion money for your own data.

On a more emotional level, I’d like to take the treasured programming from the malware authors of crypto-ransomware and delete it forever. I’m sure they’d agree with their own assertion that CryptoWall is not malicious. I agree it isn’t – it’s pure evil in a digital age.

The post Crypto-ransomware – still a real worry appeared first on Webroot Threat Blog.

A lot happens in the security world, some big and some small, and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot ThreatBrief, highlighting 5 major security news stories of the week.

Kiev Airport Cyber Attack

In recent weeks, Ukraine’s infrastructure has been under attack by Russian hacktivists, with Kiev’s main airport as the primary focus of the latest attack. It would seem that the BlackEnergy malware platform was in use, once again, to gain access to several computers on the airport’s network, including access to air traffic control systems. Ukrainian authorities are still unsure if the Russian government is involved, as this string of attacks comes at a volatile time for both countries.

Read More: http://www.reuters.com/article/us-ukraine-cybersecurity-malware-idUSKCN0UW0R0

British Banks Fighting Malware Improvements

With over a dozen British banks being targetted by the persistent banking trojan, known as Dridex, it’s latest update is capable of altering crucial DNS settings. By changing these settings, it directs the unknowing user to a fake banking website, which allows sensitive information to be gathered and sent off to a command-and-control server for verification. Dridex is most commonly transmitted using macro-enabled MS Office documents sent as attachments via email.

Read More: http://www.csoonline.com/article/3024323/security/dridex-banking-malware-adds-a-new-trick.html#tk.rss_news

Top US Cities Hit With Malware in 2015

In the past week, a study revealed the cities in the US that were the most common targets for malware attacks in 2015; the highest being Little Rock, Tampa, St. Louis, Orlando, and Denver. Each of the top five cities had rates over 650% of the national average, with Little Rock reaching 1,412% above. While it is unclear whether geographical location has any effect, the New England region was not present in the top 20 regions listed.

Read More: http://www.networkworld.com/article/3023432/malware-cybercrime/little-rock-tampa-and-st-louis-hardest-hit-by-malware-among-us-cities-study-finds.html

Encryption Still Major Issue for Companies

Encryption issues have plagued companies and customers alike for many years, and there are no signs of it slowing, as many companies still refuse to implement it on a widescale. This comes as no surprise as nearly two-thirds of companies only use encryption for “proprietary company data”, while most companies cite “employee data” as their reason for implementing encryption at all, it seems to be often pushed aside or forgotten.

Read More: https://nakedsecurity.sophos.com/2016/01/19/survey-shows-many-businesses-arent-encrypting-private-employee-data/

Apple Corrects Cookie Theft Bug

It was noted recently that a bug found in Apple’s iOS that allowed for unauthorized access to unencrypted website cookies has been resolved with the release of iOS 9.2.1. The bug itself could allow attackers to impersonate unsuspecting users on their commonly browsed sites, and allow for a malicious javascript payload to execute on subsequent site visits.

Read More: http://arstechnica.com/security/2016/01/ios-cookie-theft-bug-allowed-hackers-to-impersonate-users/

The post Threat Recap: Week of January 17th appeared first on Webroot Threat Blog.

When it comes to digital security, little is as important as knowing how to create a strong password. An ideal password is easy enough to remember so that it doesn’t need to be written down, yet complex enough to prevent someone else from guessing it. For many, this is a challenging and even frustrating experience, a delicate balancing act. However, there are a few techniques that can help you to reliably create strong passwords. The first thing to know is what passwords you should NEVER use.

SplashData, an online security company who’s “SplashID” software allows you to securely store your passwords, has recently released a list of the Worst Passwords of 2015. This list was compiled from more than 2 million passwords that were publicly leaked during the last year:

1. 123456
2. password
3. 12345678
4. qwerty
5. 12345
6. 123456789
7. football
8. 1234
9. 1234567
10. baseball
11. welcome
12. 1234567890
13. abc123
14. 111111
15. 1qaz2wsx (first two columns of main keys on a standard keyboard)
16. dragon
17. master
18. monkey
19. letmein
20. login
21. princess
22. qwertyuiop (top row of keys on a standard keyboard)
23. solo
24. passw0rd
25. starwars

This is the fifth year that SplashData has released a Top 25 list, and many of the entries have been seen year after year. The passwords “123456” and “password” have been the top two entries since SplashData has started publishing an annual Top 25 list. However, due to the popularity of “Star Wars: The Force Awakens”, this is the first year that related passwords like “solo”, “princess”, and “starwars” have appeared on the list.

What we can take away from this list is that many people continue to put themselves at risk by using weak, easily guessed passwords. “We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers,” Morgan Slain, CEO of SplashData, said in a statement.

“As we see on the list, using common sports and pop culture terms is also a bad idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.”

So, what can you do to ensure that your passwords are strong?

• Avoid using full words and names. Hackers regularly use “dictionary attacks” to guess passwords, and any word or name that is commonly known is considered unsafe to use.
• Create passwords or passphrases of twelve characters or more with mixed types of characters. A password longer than 12 characters, if created with the appropriate complexity, will be nearly impossible to guess quickly.
• Use a different password for each website you log into. If someone is able to discover your password for one site, they will not be able to use that same password to log into another site with your information.
• Use a password manager such as LastPass or SplashID to organize and protect passwords, generate random passwords, and automatically log into websites. This is also a feature that is offered with some Webroot SecureAnywhere software packages.
• Test your password for complexity with a password checker, such as Password Meter.

To create a strong password, try using the “Letter/Number Substitution” technique, which generate seemingly random jumbles of letters and numbers that only you would remember. First, think of a phrase that you want to associate with the site or service you are setting up.

• Example: “testpassword” (DO NOT USE)

Next, substitute characters for some of the letters using numbers and special characters which resemble those letters.

• Example: “t3$9@S$w0rD” (DO NOT USE)

This example password is rated as 100% “Very Strong” using the Password Meter. By using this technique with even longer words in combination with numbers or special characters placed between the words, you can create passwords that will be nearly impossible to guess. With these tips in mind, you can ensure that your password won’t appear on next year’s list!

The post Worst Passwords of 2015, Best Passwords of 2016 appeared first on Webroot Threat Blog.

The IoT (Internet of Things) as a concept has been with us since the late 1990’s and has evolved from simple M2M (Machine-to-Machine) connectivity into a vision for Operational Productivity enabled by Interoperability.  Innovation and investment in new IoT technology and business models are driven by the pursuit of key operational benefits such as

• Provisioning Assets as Services
• Efficiency through Automation
• Resource Utilization
• Environmental Impact
• Safer and more productive Critical infrastructure

Next generation IoT devices and platforms are now being deployed in Critical Infrastructures such as Integrated Transportation (Auto, Railway, Airports,…), Oil & Gas Operations, Industrial & Manufacturing facilities, Energy distribution, and SmartCity systems.  Operations are becoming dependent on these efficient and high-availability IP aware systems.

New systems are being deployed and older non-IP based systems are being modernized with IP aware functions at a rapid rate. Supporting this movement has driven device manufacturers to deploy new classes of devices and systems that can take advantage of direct and indirect Internet Connectivity in order to leverage public and private IoT Cloud Services Platforms.  Theses next generation smart systems can perform many advanced functions such as data aggregation and storage, advanced analytics, prediction, prognostication, and even limited decision making.   What was considered advanced data processing and decision making in a data center just two years ago is now being deployed regularly in stand-alone IP connected devices at the Internet edge.   This along with rapid developments in semiconductor and control technology is paving the way for a new wave of robotics and autonomous systems where cloud processes like machine learning are being brought down to the edge (FOG computing).

In order to deliver the vision of IoT business models, the lines between traditional enterprise IT systems (IT) and the high-availability autonomous operational infrastructures is undergoing radical evolution with new standards and vendors.  As with many new waves of technology advancement, there are those who seek to leverage weaknesses for criminal exploit, state-sponsored espionage, or simply mischief on a grand scale.   These new systems are very enticing to those who specialize in advanced exploits.  Increasingly, malicious actors who have targeted personal computing with malware, viruses and phishing exploits are now targeting critical infrastructure elements for profit and other motives.  Modern cyber attacks on critical infrastructure take advantage of compromised IP addresses (Servers, Websites, etc) to carry out DDoS, BotNet and other forms of remote command and control exploits.

Webroot deployed the cyber-security industry’s first, most advanced, and most effective real-time cloud-based Threat Intelligence.  We have been providing this service exclusively to leading Security Appliance, NGFW, and Access Point OEMS for over 5 years.  These OEMs are leaders in bringing the latest cyber security approaches to corporate and public IT Enterprises.  This same technology, which has armed advanced networking equipment providers with a real-time defense against Internet launched attacks, is now made available to non-telecom equipment developers for cyber protection to support the growing new classes of IoT systems such as connected Automobiles, Industrial Automation, Process Control, Aviation, Railway, Power Management, and Home Energy Management.

As system designers look to protect new and existing IoT devices and networks, they are increasingly applying techniques formerly used by the most advanced firewall and network security appliance manufacturers.   IoT gateways are emerging as this new class of OEM appliance. They are being designed to locally integrate single and multi-vendor platforms.  Common functions are real-time data stream analytics, protocol translations, networking control, endpoint control, storage, and manageability.  However, until recently IoT gateways were being built without sufficient security or intelligence to properly protect critical infrastructure.  What is new and very exciting now is that non-security appliance vendors are now able to bring advanced cyber-security into IoT Gateways and offer Cyber-Security as a Services to critical infrastructure. IoT Gateways can now utilize cloud-based cyber-security to securely connect legacy and next-generation devices to the Internet of Things.

I am pleased and excited to be part of the efforts by Webroot and our partners to ensure that the latest techniques are leveraged across these new IoT devices, appliances, systems and platforms.  We look forward to our continued dialogue with you in advancing collective threat intelligence.

The post Webroot’s Acceleration with Advancement of IoT appeared first on Webroot Threat Blog.

A lot happens in the security world, some big and some small, and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot ThreatBrief, highlighting 5 major security news stories of the week.

Indian Banks Hit with Ransomware

Recently, several Indian banks were infiltrated by an unknown hacker, who used this access to launch a ransomware attack. Using LeChiffre, a manually-executed ransomware program, the hacker was able to encrypt the already infected machines, and set a ransom of 1 Bitcoin (currently worth ~$400 USD). Though not meant to be used in a large-scale malware distribution campaign, hundreds of bank computers were infected, with several top bank executives paying the ransom. A decryptor for LeChiffre is available; though only useful for version 2.6.

Read More: http://news.softpedia.com/news/lechiffre-ransomware-hits-three-indian-banks-causes-millions-in-damages-499350.shtml

New Technology Leads to Car Issues

With the improvements in vehicle technology, there is bound to be a rise in exploitable vulnerabilities. Using the existing OBD II ports in consumer vehicles, researchers were able to wirelessly gain access to the system network and make changes to critical components. Unfortunately, these issues are industry-wide and the automakers are playing catch-up to a whole string of problems that were previously nonexistent. This is only the beginning of a long road for car companies, in terms of keeping ahead of these issues.

Read More: http://time.com/4195332/hacking-cars-security/

PayPal Resolves Java Exploit

This week, it was found by an independent researcher, that there was a critical bug in PayPal’s servers. The bug allowed access to databases used by the PayPal app, which gave the attacker access to information that had been deserialized for communication between  various programs. Using the information that was gathered, the attacker could then drop a malicious payload onto the servers, and gain further access to sensitive information.

Read More: https://nakedsecurity.sophos.com/2016/01/27/critical-java-bug-found-in-paypal-servers/

Android Ransomware Evolving

Ransomware is nothing new for the Android OS, and now there have been updates that can allow a fake screen overlay to be created over an administrator access dialog box, with the user then clicking on the fake button and unknowingly giving full access to the malicious software. Fortunately for most Android users, the multiple dialog boxes that are being exploited have been changed with Android 5.0, to no longer display above system dialog messages.

Read More: http://www.pcworld.com/article/3027123/new-android-ransomware-uses-clickjacking-to-gain-admin-privileges.html

Payment Data Security Needs Update

A survey was recently completed that asked 3,700 IT security professionals, in several different industries, questions covering their data security policies and actual practices. Over half of those surveyed stated that they had no idea where some of their customer data was stored, while a similar number allowed third-party access to customer payment data, with no multi-factor authentication required. Hopefully, with the rise in data breaches over the last year, many of these companies will strive to improve payment data to better protect themselves and their customers.

Read More: http://www.net-security.org/secworld.php?id=19369

The post Threat Recap: Week of January 24th appeared first on Webroot Threat Blog.