Computer safety has never been more of a necessity, regardless of your location in the world. This week’s cyber news recap spans from Western Europe to Australia, with a variety of threats that everyday users may face themselves.

UK Hospital System Hit with Malware

In the last few days, a hospital network in the UK was infected with what is likely ransomware. This incident has lead officials of the affected hospitals to temporarily shut down all hospital operations until the infection is isolated and removed. While current patients will still receive care, all emergency cases are being transferred to other area locations. It comes as no surprise to see yet another hospital fall victim to cybercriminals due to the lack due to lack of security that’s systematic across the industry.

Flash Player Android App Actually Banking Trojan

Recently, many smartphone users may have noticed an increase in popups requesting payment card information. While initially unsuspecting, upon installation, the app will request administrative rights for the device and begin gathering data from over 90 different banking apps and other social media apps. Consumers using third-party app stores should be extremely cautious as the trojan uses fake overlays to appear as a legitimate application.

Converse Online Store Hacked

In the weeks following the largest data breach in Australia’s history, the country’s online retail site for Converse shoes was hacked. The prime target was payment card information, as is the norm for many of the recent online-retailer cyberattacks. However, the figures for any compromised information are still unknown. Fortunately for any customers that made purchases during that period of time, the site was able to remediate the incident quickly.

CEO Phishing Scam Targets New Zealand Nurses

With email scams always changing and evolving, the weakest point in an organization’s security is still the employees. Earlier in the week, an email coming from the alleged CEO of the New Zealand Nurses Organization requested the email addresses of all 47,000 employees. The recipient swiftly responded with the full list. Unfortunately for the victim, the email wasn’t from a legitimate source or even a company email domain, as the sender was noted to be a Yahoo address.

Google Discloses Windows Vulnerability, Receives Backlash from Microsoft

In the past week, Google released information regarding a zero-day vulnerability in a Windows OS kernel that was actively being exploited in the wild. After disclosing the information to Microsoft to get the issue resolved, they announced a simplified statement about the vulnerability. As some might suspect, Microsoft took offense as they require a more unified public disclosure. Microsoft has also announced a coordinated effort with Google and Adobe to mitigate any negative outcomes of the recent exploits and that a patch will be released in the coming days.

The post Cyber News Rundown: Edition 11/4/2016 appeared first on Webroot Threat Blog.

Your online identity is at risk now more than ever. This week’s cyber news update covers the growing threat of online banking attacks and phishing scams across the globe.

Tesco Bank Hacked For Millions

Tesco’s banking services released a statement earlier this week announcing that several thousand bank accounts had been hacked, resulting in the theft of nearly $3 million USD. At present, this attack is the largest hack to target a western bank. While Tesco Bank is still looking into the breach, they have already compensated customers whose accounts were affected, and have stated that no confidential customer information was exposed.

Google Safe Browsing Gets More Persistent

Ever since Google launched Safe Browsing over a decade ago, hundreds of millions of users have been prevented from being drawn into malicious websites through fake warning notifications. With the latest updates to Google’s security policies, Google will show additional full-page warnings for any offenders who violate policies repeatedly until the site can be verified. With the addition of the Repeat Offenders policy, sites that attempt to use any coverage gap to revert to harmful activity after the safety verification will be shut down for a period of 30 days.

TrickBot Banking Trojan Spreading Rapidly

A new trojan has risen and is targeting banking customers across the globe. Having started in the UK and spread into continental Europe, TrickBot uses redirection attacks and server-side injection to compromise user login credentials. Using spam emails as their delivery method, attackers have been able to hit a wider range of victims with a very high success rate.

PlayStation Hacks Target UK Gamers

Recently, dozens of PlayStation Network users have reported their accounts had been compromised and used to make fraudulent charges. While it is still unclear how the accounts are being compromised, it likely stems from reusing passwords, or possibly another Sony breach. Due to the increase in attacks, Sony recently released two-factor authentication to provide enhanced security for its users.

Nigerian Prince Scammers Upping Their Tactics

In the early days of the internet and email, scammers took advantage of ignorant users by pretending to be someone of great importance who simply needed help transferring funds. Today, these types of scammers have evolved their strategy by targeting victim computers and stealing login credentials to sensitive sites. Another change in their strategy has been to focus on big businesses, rather than individual consumers, to increase profitability.

The post Cyber News Rundown: Edition 11/11/2016 appeared first on Webroot Threat Blog.

Alarming Number of Sites Still Using SHA-1 Certificates

The January deadline for switching over to SHA-2 rapidly approaching. For the vendors that are still lagging behind, they will begin to see browser warnings to their customers stating the site is untrustworthy for processing sensitive information. Surprisingly, 1/3 of all worldwide sites are still using the insecure algorithm. Unfortunately for many of these vendors, switching to SHA-2 could take quite a bit of work, as they have to locate and identify their current SHA-1 certificates before the migration can start.

PoisonTap Tool Navigates Around Password-Protected Computers

Recently, a new tool has been making its name by allowing an attacker to gain access to a computer, even while locked, by simply plugging in a malicious USB. The tool, dubbed PoisonTap, gains access to any unencrypted internet traffic and captures cookies used to login to sensitive accounts. Once the information is captured, the tool installs a backdoor to allow the attacker further access to the computer, then transfers all data back to the attacker’s server.

Ransomware Steps Up Blackmailing Methods

Ransomware is still on a steady path of destruction, and one variant has gone the extra step to better ensure the ransom gets paid. By scanning the system for any trace of child exploitation or pirated content, the ransomware is able to display a directed warning message about any files found that it could then expose to the public. By threatening the user with releasing any incriminating files, the attackers hope for a higher number of victims paying the ransom, as it now holds leverage against the payment.

Adult Friend Finder Hack, Possibly Largest Ever

Recently, the adult dating site Adult Friend Finder, and its network of other sites, has fallen victim to one of the biggest data hacks on record. With nearly 412 million users accounts compromised, the network’s security is coming under scrutiny as nearly a third of the passwords found were stored as plain text files or relied on the long-outdated SHA-1 algorithm. Even more worrying, many of the passwords appear to be extremely simple words or number sequences that are likely being re-used alongside the same email address for other websites.

Corporation Chains Hit with Customer Service Malware Attack

In the past few weeks, many vendors have complained about receiving fake customer service emails that contain malicious attachments. These attacks begin by impersonating a customer trying to provide sensitive information via email, and coercing the company representative into opening said attachment. Once opened, the malware begins downloading additional tools for collecting and transferring sensitive information back to the attackers. This method of stealing consumer data is not new, but the approach of remaining on the phone for the duration of the attack is something few researchers have seen before.

The post Cyber News Rundown: Edition 11/18/16 appeared first on Webroot Threat Blog.

For many years now, Microsoft has offered a system with Windows that allows you to take control of another machine. This has been invaluable for system admins that need to control servers and other Windows machines, without having to run around from office to office or site to site. Easy takeover of machines does come with risks. The protocol known as Remote Desktop Protocol (RDP) and the Remote Desktop Connection software that relies on it are often victims of simple attacks. These attacks have been on the rise in recent years and are extremely popular at the moment, as they are enticing for cyber criminals that seek to compromise the admins and machines that control whole organizations.

How Remote Desktop Protocol at risk?

RDP often uses a particular port that is easy to locate in a scan. And unfortunately, the default account username for an admin is often Administrator. While it’s no secret that having a poor password policy is not ideal, it’s worth reiterating here it can mean that hackers can try huge amounts of passwords before anyone is alerted or an account is locked out.
Once an intruder gets admin access, they can deliver specialized malware or remote access tools that can often be almost impossible for any security solution to detect. With admin privileges and route access to the desktop, maximum damage can be done. This stresses the importance of policies, monitoring, logging, backups and incident response.

How do I protect my organization?

Preventing such brute force attacks isn’t as complicated as it may seem. You can employ a few easy actions to keep your organization safe:

Prevent scanning for an open port

• Change default RDP port from 3389 to another unused port
• Block RDP (port 3389) via firewall
• Restrict RDP to a whitelisted IP range

Prevent attackers from gaining access if RDP is enabled

• Create a Group Policy Object (GPO) to enforce strong password policy (GPOs are important and should be common practice for your organization)

Optional

• Require two-factor authentication

Think you may have been compromised?

Getting to the bottom of suspicious activity is vitally important and our team is here to help. Contact us today.

The post RDP Attacks: What You Need to Know and How to Protect Yourself appeared first on Webroot Threat Blog.

The sheer number of cyberattacks lately led us to this question: which states are at the greatest risk of a cyberattack? Naturally, we took it a step further. We looked into data on population and population density in an effort to find correlations.

Which are the most infected states?

Opening up our list in the top three spots are California, Texas, and Florida. These three states were both the top three most populated and the top three most infected. This immediately led us to some questions: is the only correlation between states and the number of infections population? Based on these top three, that might be a safe guess.

Pulling up the rear of the top 10 are North Carolina and Wisconsin. North Carolina held strong at #9 for the Census’ most populated state and as Webroot’s 9^th most infected state. The only major difference we noted is the fact that Wisconsin made it onto the list of the most infected states, while Georgia, 8^th for most populous, doesn’t even rank.

Wait a second, Georgia doesn’t even rank? For the record, Wisconsin is the 21^st most populous state, which puts them way outside the range of the top 10. What’s even more surprising about this discrepancy is that Georgia’s population is at 10,214,860 and Wisconsin’s is about half that at 5,771,337.

So, I think that safely puts our “more people equals more infections” theory to bed.

How do the most infected cities stack up?

The most infected cities in the U.S. compared to a list of the most populous cities proved even more surprising. Since we noticed that there wasn’t a strong correlation at the state level, we wondered about the city level instead, and took a side-by-side analysis of the most infected cities and most population dense areas of the U.S.

The first thing we noticed in the above is how little correlation there seems to be between population density and the number of infected devices in the city, which we expected would have some impact. In fact, a quick glance at the list shows that none of the most infected cities are in any of the most population-dense states.

Additionally, even though Texas is 2^nd on our list of most-infected states, it has its infections more localized in its larger cities. As a point of comparison, consider that NYC is one of the most population-dense cities in the U.S., but it conversely doesn’t even make it into the top ten for the number of infected devices.

Another example of an apparent contradiction to our hypothesis is that Arizona, which doesn’t even make it into the top ten for most infected devices or for population, but look how many infected devices reside in Phoenix:

Although Phoenix is right behind Chicago and Houston in the number of infected devices, it’s a significantly smaller city. The same goes for Denver. Even though Colorado is at #23 for population and infected devices, Denver itself nonetheless makes its way into our top ten. Maybe Webroot users have some hometown pride?

Cybercriminals have no geographical bias. Whether you live in a big city or small town, east or west coast, you’re susceptible to being a victim of cybercrime. Check out our infographic on the most infected states and protect yourself with award-winning security.

The post Top 10 Most Infected States appeared first on Webroot Threat Blog.

Between a handful of high profile network hacks and the steady stream of ransomware attacks, the last week of November didn’t pull any punches in the constant sparring match that is cybersecurity. In the wake of headlines about a US Navy breach, large scale network outages across Germany, and more, internet users across the globe must stay watchful and wary of their next click.

US Navy Sees Massive System Compromise

Officials in the US Navy have been notified of a security breach stemming from a Hewlett Packard Enterprise contractor whose laptop had been compromised. Currently, the Navy is contacting those who may be a part of the nearly 140,000 names and social security numbers that were affected, though it is still unclear on exactly how the breach occurred. With the steady rise in cyberattacks, the stress on IT departments of all sizes is mounting to defend against future attacks.

Tech Support Scammers Using Ransomware to Boost Income

Researchers have discovered an unsettling evolution to the traditional cold-calling tech support scams: executing ransomware on their victims’ computers to ensure payment for their “cleaning services”. While typical scammers will attempt nearly anything to get personal information, the use of ransomware takes the threat one step further by maliciously forcing payment regardless of any services rendered. Even worse for victims of VindowsLocker—as the ransomware is dubbed–the authors failed to properly setup the ransom transactions and thus, users may be unable to regain their files even if the ransom is paid.

UK National Lottery User Accounts Hacked

Major website hacks are occurring regularly due to reused login credentials, and it’s still a shock when a large site operator has to begin notifying tens of thousands of users about a possible data breach. Now we’re adding the UK National Lottery to the list. Only a small fraction of the National Lottery’s users were compromised, but Camelot, the operator for the lottery, has been forcing password resets for any potentially compromised individuals. While password re-use is the likely cause of the breach, it is still uncertain why the Lottery didn’t offer any additional authentication prior to the user accounts that were taken over.

San Francisco Train System Brought Down By Ransomware

In recent days, it has been discovered that the San Francisco Municipal Transit Agency was taken offline with only a poorly worded ransom message displaying for customers and employees alike. The attack led to the SFMTA providing free rides to customers while the issue was being resolved. In a surprising stance, the excessive ransom demanded–100 bitcoins totaling over $70,000 USD—was not paid to the attackers. For many public utilities and services, having the capability to promptly return to normal functions after such an attack is extremely important, and fortunately the SFMTA have announced that no customer information was compromised.

German Telecom Provider Hit with Mirai Variant

There is no doubt the world is now more attentive after the last Mirai botnet attack that took down several prominent sites. Yet, a similar variant has been deployed keeping DSL customers in Germany disconnected. Recently, nearly 900,000 telecom customers have been unable to access anything reliant on their DSL routers, which have been under attack for several days. By scanning for commonly open ports on routers, the attackers are able to remotely execute code resulting in a widespread DDoS attack.

The post Cyber News Rundown: Edition 12/2/16 appeared first on Webroot Threat Blog.

Corny title aside, ‘tis officially the season for online shopping, and that means a drastic increase in phishing scams. In order to obtain sensitive information from specific organizations and people, these threats have become increasingly sophisticated and are carefully crafted. According to the latest Webroot Quarterly Threat Update, 84 percent of phishing sites exist for less than 24 hours, with an average life cycle of under 15 hours.

“In years past, these sites could endure for several weeks or months, giving organizations plenty of time to block the method of attack and prevent more victims from falling prey,” said Hal Lonas, chief technology officer at Webroot. “Now, phishing sites can appear and disappear in the span of a coffee break, leaving every organization, no matter its size, at an immediate and serious risk from phishing attacks.”

3 things you NEED to know about phishing

During 2016, Webroot has observed an average of over 400,000 phishing sites each month. To keep up with the incredibly short life cycles and sheer volume of phishing sites and URLs, you have to abandon old techniques that use static or crowdsourced blacklists of bad domains and URLs. There are over 13,000 new malicious sites per day, approximately 11,000 of which last 24 hours or less, rendering static lists obsolete within moments of being published.

Nearly all of today’s phishing URLs are hidden within benign domains. Since phishing attacks no longer use dedicated domains, URLs must be checked each time they are requested. At the speed of today’s attacks, a page that was totally benign just seconds ago may have since been compromised.

Google, PayPal, Yahoo, and Apple are heavily targeted for attacks. Cybercriminals know to impersonate sites that people trust and use regularly. Webroot took a closer look at the companies for which impersonation would likely cause the largest negative impact. Of these “high-risk” organizations, Google was impersonated in 21 percent of all phishing sites between January and September 2016, making it the most heavily targeted.

Emails to avoid

With the holiday season in full swing and the New Year fast approaching, hackers are up to their old tricks. According to Mike Trammell, senior director, office of the CISO, Webroot, we should all be wary of emails containing UPS, USPS, and FedEx shipping alerts; 401k/benefit enrollment notices; and miscellaneous tax documents from now through the end of January.

So far, we have seen the following email subjects related to phishing:

• FTC subpoena
• RE: insurance
• Shipping status changed for your parcel # XXXXXXXXX

Be on the lookout for these types of messages in your inbox, since they’re likely to be phishing attempts that could lead to credential harvesting, ransomware infections, and more.

Our holiday wish for you

With holiday gifting on the horizon, the scammers are out in force, so remember to be extra vigilant. Remind your families, friends, colleagues, and clients to use secure and reputable websites and to only click links from sources they trust. Particularly at this time of year, if a stranger contacts you or anyone you know, whether by phone or by email, remember that they might not be who they claim to be. Before giving them any information or money, try contacting them back through their publicly available contact information.

From everyone at Webroot, we hope you have a secure and joyous season, and a happy new year!

The post All Phishing Scams Want for Christmas… appeared first on Webroot Threat Blog.

Personal computers and devices aren’t the only targets for ransomware authors. Their methods have evolved to target government offices and profitable organizations, forcing them to rethink their cybersecurity mitigation plans.

Blackheart Records Data Left Exposed Online

Recently, it has been discovered that a large, unsecured database containing sensitive information on several prominent recording artists from Blackheart Records was left publicly available for an undetermined amount of time. The data that was found included passport scans, banking information, and other sensitive login information for Joan Jett and several of her bandmates. While the database has since been taken offline, the researchers state that there are still hundreds of servers and private machines that use Rsync as a backup, which leaves the server vulnerable.

GoldenEye Ransomware, New Petya Variant

In the past week, a new variant of the Petya ransomware has been discovered in the wild. Going by the name ‘GoldenEye‘, the variant runs the file encryption prior to gaining administrative privileges to modify the MBR (Master Boot Record), unlike Petya which would attempt the MBR modification first. While encrypting the hard drive, ‘GoldenEye’ displays a fake ChkDsk screen to placate the user until the process is complete. Currently, it’s main targets appear to be German-speaking users and is primarily spread through spam email campaigns.

Stegano Embeds Malicious Code in Banner Ads

In the past few months, researchers have been seeing a steady rise in the malicious ad campaign dubbed ‘Stegano’, which places malicious code into the parameters controlling transparency for pop-up banner ads. This recent campaign could potentially lead to millions of end-users becoming infected, as the altered ads have been found on many high-traffic news sites that typically have higher levels of security. Once the code ensures the system is running Internet Explorer, it begins redirecting the victim to sites hosting Adobe Flash exploits and attempts to infect and gather sensitive data. Fortunately for many users, several of the Flash exploits have already been resolved, which will lead to fewer infections.

Pennsylvania Prosecutor’s Office Pays Ransom

While the Avalanche Network was being dismantled by cooperating government agencies last week, the prosecutor’s office in Pennsylvania was recovering from a cyber attack which demanded a $1,400 bitcoin ransom payment. The attack was linked to a 2015 employee breach, but the after effects are still being seen after they decided to pay the ransom. In the six-year span that the Avalanche group operated, they are credited with infecting over half a million computers across nearly 200 countries.

Indiana County Out $200,000 After Ransomware Attack

Recently, it was announced that Madison County, Indiana spent a total of $200,000 in the wake of a ransomware attack on several county offices. With a ransom of $21,000 being paid out to the attackers, the additional expenditures were to recover their infected systems and provide better long-term security, including a backup solution for their data. Even with a high ransom, it’s not surprising to see the costs continue to rise as the victims scramble to rebuild and begin the hard task of creating and implementing a cybersecurity mitigation plan.

The post Cyber News Rundown: Edition 12/9/16 appeared first on Webroot Threat Blog.

Managed service providers are tasked with serving a broad range of markets, from construction to healthcare; accounting to legal; staffing firms to manufacturing; media and advertising to technology. But the day-to-day MSP challenges, even across so many diverse verticals, remain the same. Let’s break it down: modern technology changes fast and keeps gaining momentum, so how do you stay current and relevant? Providing quality goods and services gets complicated and pricey fast; how do you give your customers the value they expect without your own margins taking a hit? As the managed services sector continues to grow, how do you differentiate yourself from the competition?

Let’s switch gears a little and talk about cybersecurity. It’s no surprise that MSPs often think of endpoint protection as a “necessary evil.” MSPs have to supply endpoint cybersecurity services that satisfy their clients’ demands, but most solutions involve time-consuming infection remediation, awful system performance, mountains of malware-related downtime, not to mention the resulting customer frustration.

Staying Relevant and Seizing Opportunity

Because SMBs typically lack the internal resources needed to effectively manage complex systems, cybersecurity is an ideal avenue for putting the managed services model to use. Faced with modern threats and the hassles of traditional endpoint protection products, most users feel overwhelmed by security awareness and management, so offering next-generation protection that’s easy to manage, won’t conflict with other software, and won’t slow users down as it keeps them safe is an excellent way to stay relevant and build customer loyalty.

The High Cost of Living

As you well know, providing services isn’t sustainable if your solutions don’t amplify your profitability. But you can drive down operational costs by selecting an endpoint cybersecurity vendor that uses a cloud-based architecture and requires no infrastructure investment, thereby enabling faster deployment and less intensive management. If the vendor offers highly responsive support, automatic remediation, and low resource usage, you can improve customer satisfaction while reducing time spent repairing systems—without having to skimp on quality.

Looking to the Future

When choosing a cybersecurity partnership, be sure to look for a vendor whose solutions foster predictable, recurring revenue to help quantify future revenue for business decisions, and who provides marketing resources and sales enablement to boost MSP margins. And keep your options open—find a partner who offers flexible billing to lower your overhead and enable easy scalability (and won’t lock you into a contract you’re unhappy with in the long run.) Finally, pick a partner with a strong reputation, so you can leverage their proven protection to increase your customer loyalty and generate more referrals.

Proving the Point

Ultimately, these tips are just hearsay. Until you can properly vet a solution in a real-world environment, it’s hard to determine what will and won’t work for your business. Try to find solutions you can trial easily, and look to industry experts and your peers for their experiences and advice.

Read this case study to find out how SWAT Systems, an MSP managing over 3,300 endpoints, drastically improved their customer satisfaction, reduced time spent remediating infections by 75%, and increased profitability an average of 10-20%—just by switching cybersecurity vendors.

Or, take a free, no-risk, no-conflict 30-day trial of Webroot SecureAnywhere Business Endpoint Protection with the Global Site Manager to see the solution SWAT Systems chose in action.

The post Maximizing MSP Profits with Cybersecurity Partnerships appeared first on Webroot Threat Blog.

Credit card fraud and email scams aren’t the only thing you have to worry about this holiday season. Criminals in the UK are stepping up their game by using radio frequencies to steal cars.

Ransomware Uses Credit Card Emails with Infected Attachments

A new ransomware variant of Cerber is using fake credit card reports to entice users into opening infected email attachments. By tricking users with fake fraudulent charges for items they never purchased, the malware authors hope the victim will open the malicious document to review and cancel the charge. Fortunately, the emails are poorly-worded and contain several spelling mistakes to make them easier to spot.

Another Yahoo Hack…

Many of you have heard of the fairly large hack that affected Yahoo users in the last few years, and have (hopefully) taken steps to protect yourselves from fraudulent activity. But Yahoo recently came forward to reveal a much larger hack that could affect over 1 billion users and their account information. Although Yahoo was able to identify the infiltration point, the information—both encrypted and unencrypted—had been compromised for at least a year before they discovered the breach.

Enterprising Car Thieves Use Radio Waves to Keep Doors From Locking

Criminals are jamming the radio signals that lock and unlock vehicles, leaving unattended cars open and ready to steal. While the majority of recent thefts have taken place in the UK, this could easily become a global concern. As vehicle technology continues to advance, it’s no surprise that car thieves are keeping up with the times.

Health Service Providers Stuck on Old OS

A recent study on UK National Health Service trusts found that over 90% of healthcare providers were running their networks on Windows XP. Microsoft themselves stopped supporting this outdated operating system over a year ago and, as such, it’s full of vulnerabilities. Unfortunately, many providers around the world use outdated software with known security issues, which can put sensitive patient information at risk.

Evernote Changes Tune After Privacy Concerns

In the past few days, Evernote, the popular note-taking app, announced they would begin allowing select employees to view snippets of user data to better enhance their machine learning algorithms. The program was launched as an opt-out, but the issue of privacy erupted almost immediately. After just one day’s worth of outcry, the company changed the policy to opt-in and sent an apology to their 200 million users.

The post Cyber News Rundown: Edition 12/16/16 appeared first on Webroot Threat Blog.

Who remembers the Atari 2600? Yeah, I don’t either. Just kidding. Maybe. It’s hard to think about the words tech and toys together before the 1990s. However, they were a thing. Kids of the late 70s reveled in the Atari 2600. It became a staple of pop culture—defining a generation of gaming young enthusiasts. But tech toys didn’t stop there.

While you’re contemplating that, our team has put together a fun infographic to take you down memory lane through the History of Holiday Tech and emergence of cyber risks. We hope you enjoy!

The post History of Holiday Tech Toys appeared first on Webroot Threat Blog.

Did we get you to click? That’s how the bad guys get you, too. One little click on the wrong link and your clients’ businesses could be up the proverbial creek.

Theft only comprises one aspect of the activities cybercriminals undertake, but it’s a sizeable chunk of their enterprise. What’s worth noting is what the thieves are stealing. The majority of cybercrime is focused on stealing data with the intent of selling it for profit to a third party, but what keeps one little malware family in the headlines is how differently it plays the game. In a recent conversation between Webroot Chief Technical Officer and rocket scientist Hal Lonas and Penton Technology Market Analyst Ryan Morris, we can see how ransomware is rewriting all the rules.

During the discussion, Lonas noted, “the bad guys used to want your data because it was valuable to them. If [they] could get your credit card number or your identity or a secret from your company, [they] could go sell that.”

When Morris asked what makes ransomware different, Lonas had this to say: “The interesting thing about ransomware is that criminals are now saying, ‘Your data is valuable not to me, the bad guy, but to you. How much is your data worth to you?’ They’re betting that you don’t have any backup and protection in place, so their angle is to take your data and hold it for ransom until you decide what the value is, and then you pay them.” So, while conventional security threats may steal information to sell down the line, what sets ransomware apart is that it seeks to extort money from the victimized company itself.

Morris responded that he’s heard about modern companies with robust security operations run by professional in-house InfoSec teams who, as recently as this year, have paid ransoms. “That blew my mind,” he stated. “I, perhaps naively, thought we’d solved these types of problems.”

Layered Security is the Game Changer in Fighting Ransomware

The question is: if even large businesses with high-powered, fully-staffed dedicated IT departments are having a hard time with these threats, what hope do smaller businesses and the managed service providers (MSPs) they trust to secure them have to fight back against ransomware?

Morris raised the questions, “How can we win the battle in the ransomware universe? What preventive steps should we take, and what ongoing measures should MSPs and end users implement to protect themselves from ransomware threats?”

Lonas cited these key strategies for a solid cybersecurity defense:

“Investing in backups and data security is of paramount importance. That’s hardly new advice. It applies to everything from business security to homeowner’s insurance. But, with a threat like ransomware on the loose, it’s more crucial than ever to make sure our data is securely backed up and that we can recover it quickly, easily and in its entirety. We also have to test the backups; spend a little extra time and money verifying that the recovery systems are going to work.

“From there, we need to make sure we have a multi-level security approach in place. We’ve talked about this for years—the layered security approach—to ensure that malware and other types of breaches don’t get through, and each new attack vector can mean a new layer. Sometimes this causes redundancy, but as long as the various layers work in harmony, they provide comprehensive security that can prevent breaches. Firewalls, next-generation firewalls, web filtering, proxies, VPNs… we have to ensure all of those protection layers are deployed.”

As he continued, Lonas made sure to emphasize the importance of endpoint security. “We have to have world-class endpoint security on all of our machines: the Windows machines, the Apple machines, and the mobile devices, including bring-your-own-device.” According to Lonas, every device that could conceivably connect to a network needs protection so that it doesn’t become the gateway for cybercriminals to infiltrate an organization.

The More Your Clients Know…

Finally, user education is critical. Lonas concluded his recommendations by stating that users need to be aware of the types of threats they’re going to face, the various kinds of phishing attacks, fake messages, emails, and even phone calls they might get from people claiming to be tech support personnel who just need a password to make a quick update. “Bad guys are always figuring out new ways to get to us,” he warns. “The combination of layered security that covers all potential threat vectors, solid backup and recovery strategies, and user education is the only way companies can protect themselves, their employees, and their customers from ransomware.” Existing Webroot MSPs can take advantage of the tools and content available in the ChannelEdge Toolkit and use it educate and inform their clients on threat protection and industry best practices.

Get Ready, Get Set, Take Action

Adopt a next-generation endpoint security solution that uses advanced behavioral technology and real-time detection to keep users safe. Take a 30-day FREE trial of Webroot SecureAnywhere® Business Endpoint Protection—no risk, no obligation to buy. You don’t even have to uninstall existing security.

Find out for yourself how Webroot partners with MSPs to delight customers, lower costs, and boost profits. Learn more.

The post MSPs Won’t Believe What Ransomware is up to Now… appeared first on Webroot Threat Blog.

As 2016 comes to a close, it’s time to reflect back on the largest/most significant security news stories that left an impact on the world.

Mirai Botnet

Being hailed as the largest attack of its kind in history, the DDoS attack launched by the Mirai botnet encompassed over 100,000 unique endpoints and hit a peak of 1.2 Tbps, all through the unauthorized use of IoT devices. During the attack, many highly-trafficked sites were brought to a halt along with several critical Internet infrastructure points based on the Dyn server architecture which supports the majority of the Internet’s DNS pathways.

Panama Papers Leak

Early in 2016, it was announced that a confirmed data breach had taken place within Mossack Fonseca, one of the largest offshore law firms in the world. In the breach are over 11 million files with financial documents for thousands of prominent individuals, from actors to politicians to entire corporations.

Adult Dating Sites’ Users Exposed

While several adult dating sites were targeted by hackers in 2016, the farthest reaching was the FriendFinder Network breach that affected over 400 million active customer accounts. Even worse for the victims, the majority of user passwords were stored in plaintext, or without any encryption in place.

Hospital Succumbs to Ransom Demand

With more and more healthcare facilities coming under attack from ransomware, it’s no surprise to see at least one fail to have the proper backups and are forced to pay the ransom to regain their systems. Early in the year, Hollywood Presbyterian medical center was forced to pay a $17,000 ransom to ensure they could continue normal operations, which set an example for attacks in the coming months, for potential targets to properly defend against such attacks.

FBI vs. Apple Encryption Debate

As data privacy concerns continue to grow, the dispute between the FBI and Apple regarding a phone used by a suspect in the San Bernadino shootings being unlocked possible evidence in the case. The issue ended up going to court with Apple defending its customers rights by declining to assist with bypassing the encryption, as the workaround could be used limitlessly once created. The case was eventually dropped as the FBI was able to gain access to the device without Apples’ assistance.

The post Cyber News Rundown: Edition 12/23/16 appeared first on Webroot Threat Blog.

Why wait for news on the next big thing in technology, when you can get a sneak peek at the hottest, up-and-coming consumer tech and innovations at CES 2017? For the last 50 years, the yearly CES event has served as a showcase and springboard for the latest advancements in tech as they enter the marketplace.

But, before your gobble up the newest, smartest gadgets, it’s important to consider their implications for our overall security. Here are some things we’re thinking about in preparation for this year’s event.

Artificial Intelligence and the Internet of Things

Devices of all types keep getting smarter and the number of connections between them grows in size and variety. The “Internet of Things,” isn’t just a sci-fi movie fantasy anymore—it’s here, and it raises some serious concerns.

Hypothetically speaking, if my phone were connected to my fridge and other appliances, my thermostat, my home security system, and even my car, what would happen if a hacker stumbled across a vulnerability in my toaster’s firmware? Could they lift my banking credentials? Or stop my car’s engine while I’m on my commute? Sure, it might sound unlikely or extreme, but you can see how increasing connectedness doesn’t just bring benefits and convenience; it also offers up an assortment of new opportunities for hacks and other cybercrime.

This year’s CES event will address IoT cybersecurity concerns, such as regulations around self-driving cars, what smart thermostats and other advances in the domestic future will bring.

CES Sessions to Consider:

• The IoT Becomes Personal: Bosch shows how “things” become partners, and covers advanced tech in the areas of connected mobility, industry, smart home, and smart city.
• Smart Technology for Smarter Cars: Valeo presents its groundbreaking technologies for intuitive, clean, and connected driving.
• Next Big Thing: Smarter Homes for Everyone: From urban apartments to country mansions to smart cities, this talk discusses the technology at the heart of it all, and how close to this future we really are.

Architecting Smart Cities

Many organizations around the world are working on solutions to help make smart cities even smarter; more energy efficient, more comfortable, and more automated. Unfortunately, a lot of these innovations can suffuse city networks and the devices connected to them with cybersecurity vulnerabilities.

For more information about smart cities and their implications, the CES panel Smart Cities, Smart States, Smart Mobility will discuss the symbiotic relationship cities and mobility have enjoyed for centuries while considering the societal promises that connected technologies offer.

Additionally, to raise awareness and connect organizations working to address these vulnerabilities, CES 2017 will be launching The Smart Cities Hackathon, where developers, makers, and smart cities specialists can collaborate on solutions for sustainability, safety, and efficiency.

Hackathon participants will get to play with:

• Amazon Alexa Skills Kit
• IBM Watson Cognitive and Bluemix APIs
• Intel’s Grove IoT Dev Kit
• Honeywell’s Connected Home API
• UL’s Safety Index
• Open Data from the City of Las Vegas
• Other leading IoT technologies TBA

Technology Rising Stars

In addition to various security concerns, we can’t forget that CES is a smorgasbord of new technology. Seasoned techies and n00bs alike, be sure to check out the 2017 Tech Trends to Watch session for a guided tour through key trends and emerging technologies, as well as how the Internet of everything, artificial intelligence, virtual reality, autonomous vehicles, wearables, and more are shaking up everything we take for granted.

Other sessions to consider:

• Last Gadget Standing: Yahoo! Tech’s David Pogue and his team of experts, along with the audience, predict which product on the CES show floor that’s destined for greatness.
• Mobile Apps Showdown: App producers will have just 4 minutes to demo their app before judges, both on and offline, will identify the winner. Bonus: this year, CES is introducing the 10under20: Young Innovators to Watch!
• Extreme Tech Challenge: The Extreme Tech Challenge is the world’s largest startup competition, and identifies emerging leaders with the potential to dominate their markets.

There will be a lot to take in at CES 2017, and we look forward to hearing about the newest advances technologies, as well as how we can all collaborate to continue building a smarter, more secure future for everyone.

The post What to Expect at CES 2017 appeared first on Webroot Threat Blog.

Ransomware “Star” Shines on LG Smart TV

As ransomware continues to steal the malware stage, its authors have widened their target audience to include smart devices, such as TVs. Since a number of smart TVs use Android® operating systems, they can be susceptible to the same Android malware that usually strikes mobile devices. Recently, owners of an older LG TV model were presented with a ransomware lock screen after installing a third-party streaming app for movies. The good news for current customers, however, is that many TV manufacturers have taken steps to help prevent these types of attacks by adopting a Linux-based OS.

Facebook Vulnerability May Reveal Private Email Addresses

Bug bounty programs are rewards that many websites offer to encourage “white hat” individuals to report bugs, exploits, and vulnerabilities in their code. They’ve been around for years, and can offer big money to people who can successfully verify a vulnerability in a website or application. One such payout occurred recently when a researcher found a Facebook bug that let him access the private email addresses of any user through the Facebook Group notification function. After sending group invitations, he noticed the page URL showed the recipient’s email address in plain text. Fortunately, thanks to this intrepid bounty hunter, the vulnerability has been addressed.

Ransomworm: The Newest Contender in the Ransomware Ring

A good cybercriminal—that is, one who is good at their trade—is always on the lookout for the latest ways to exploit internet usage habits and vulnerabilities. According to researchers on the subject, the next evolution of highly lucrative ransomware campaigns will likely incorporate network worm capabilities. By adding the functionality of a network worm, ransomware could more easily spread across entire networks, causing exponentially more devastation to its victims. While early variants of a Ransomworm have already been seen in the form of USB propagating infector ZCryptor, it won’t be long before we see wider spread variants in the wild.

Airline Booking Systems Rival TSA for Worst Security Nightmare

“Booking travel.” That’s all I had to say before you groaned, right? Planning a trip already has the potential to be extremely stressful. A lot of the frustration is (at least partially) due to ancient systems that have been in place across the world for decades; and, although they facilitate various necessities for air travel, they don’t always do so quickly or efficiently. More importantly, because many of these systems are over 30 years old, they aren’t up to today’s security standards, and they can be insanely difficult to retrofit—leaving customers’ information vulnerable.

Music Pirate May Walk the Plank

You might think music piracy is sooo early 2000s, but P2P programs that allow users to “share” their music libraries are still alive and well, and authorities confirm that piracy is still thriving. Recently, a UK man was arrested for distributing singles from the country’s Top 40 list across multiple torrent sites and causing untold commercial loss to record companies and artists.

The post Cyber News Rundown: Edition 12/30/16 appeared first on Webroot Threat Blog.

If you’re anything like me, you probably make a bunch of lofty resolutions every year that you probably won’t, or even can’t, achieve. (For instance, I’ve been promising to hit the gym a little harder for about 6 years now.)

But enough is enough. Here are 5 completely achievable resolutions to help keep you and your identity safe in the New Year. Best of all, they’re not too hard and don’t take long, so you get the satisfaction of checking things off your list right away!

1.     Layer Your Wi-Fi Security

Remember over the holidays, when you had to read your super long and complicated router password to everyone in your family so they could connect to the Wi-Fi? Wouldn’t it have been great if they’d taken a seat and listened all at once so you wouldn’t have to repeat it 50 times in between trips to the kitchen to baste your bird or check a timer? Wouldn’t it be even better if you could have your own guest network with a friendly password that the whole family can remember?

Well… you can.

These days, continuing technological advances have given most routers dual-band technology. The “dual” part means you have a 5 GHz band for devices that are centrally located and more or less stationary near your router, giving you the best possible speeds, while there’s a 2.4 GHz connection for devices that are more mobile and need a longer range.

If you activate Guest Networking for both your 5GHz and 2.4GHz bands within your router’s settings, you can create separate passwords for residents and guests. That way, you can manage who gets access to your secure network, and then your connection won’t get bogged down the next time you want to stream the football game while your 3-year-old niece is glued to the Disney Holiday Special.

Be sure to enable WPA2 security on both networks to protect your houseguests and to keep holiday opportunists from leeching off of your connection.

2.     Enable Biometric Screening or a PIN on your New Device

Did you get a new toy over the holidays? Make sure to enable two-factor authentication and either a security PIN or biometric access to your devices whenever possible. Although it might add another second or two to the time it takes to unlock your devices, it’ll be worth it when you realize your mom won’t casually stumble across those pictures from so-and-so’s bachelor/ette party.

3.     Avoid Opening Emails On the Go

This one might be the easiest of all, and a lot of recent studies have suggested that ignoring your email a bit more often can have incredible benefits for your stress levels and overall mental health. And, let’s face it, who couldn’t use a little help de-stressing after the holidays?

Unsecured Wi-Fi in coffee shops and the like is a prime spot for cybercriminals to take advantage. If you absolutely have to open your emails while you’re out and about, we recommend staying connected to your mobile data plan. And if you’re worried about data rates, try to wait until you’re connected to a secure Wi-Fi network that you trust, and one that you know has encryption in place. Besides, if you really take stock of it all, those emails can probably wait.

4.     Activate Automatic Updates

You’d be amazed how many breaches could be avoided by keeping software/firmware up to date. Hackers often exploit known vulnerabilities that companies like Adobe and Microsoft have already patched or are close to patching, figuring that the numbers game will still come out in their favor. After all, there are a lot of people out there who ignore updates or may not realize how important they can be. If you don’t have time to stay on top of every update, enabling automatic updates on your devices is an easy way to close the window of opportunity for cyber thieves and other hackers.

5.     Install a Unified Threat Management Appliance (UTM)

Think of a UTM as a souped-up firewall. The average family has at least 4 connected devices in their home, and many have more than double that amount. For larger families, not to mention people who run a business from their home, a Unified Threat Management appliance will add another layer of network protection for your highly connected gateway.

In all seriousness, you could probably complete most—if not all—of these tasks in the span of a Sunday afternoon, and they could save you from spending countless hours on the phone with banks and creditors as you try to retrieve a stolen identity or dispute fraudulent charges. How many of your other resolutions have that going for them?

So what are you waiting for? Take the initiative in 2017 and follow these tips to protect your family, your home, your identity, and your privacy from modern cyberattacks.

The post 5 Totally Achievable Resolutions appeared first on Webroot Threat Blog.

By now, everybody has probably heard of CryptoLocker. It makes sense that CryptoLocker would get a fair amount of media attention, since it’s been involved in several high-profile hacks, but there are a number of other players on the ransomware stage that deserve a place of distinction among the list of players. Managed service providers (MSPs) like you know the value of staying up to date on the variety of different types of threats—in addition to their individual stats and characteristics—to keep clients safe.

Cast of Ransomare Players

1. CryptoWall 4.0 

   A bit like the Barrymores, the Sheens, the Coppolas, (the Kardashians?), the CryptoWall family gets more media coverage with every generation. Following in the family tradition, CryptoWall 4.0 uses phishing emails for distribution. This is hardly a surprise, since phishing is still the single most effective way to drop a malware payload. But CryptoWall 4.0 marches to the beat of its own drum; not only are the victim’s files encrypted, this ransomware randomizes the filenames so the victim can no longer tell which file is which. By fanning the flames to create confusion around how much file damage there actually is, the new CryptoWall increases its chances that victims will pay up.

   Additionally, CryptoWall 4.0 includes a free decrypt video to convince victims that the decryption steps they need to get their files back is effortless, and that handing over the ransom will get them their files back.

   • Phishing email attachment is source of payload
   • Randomizes victim’s filenames to create confusion
   • Offers free decrypt demo to add credibility

2. PadCrypt 

   Rather than hiding out and concealing its plans, what makes PadCrypt different from its contemporaries is its willingness to interact with the public. Embedded into the “product”, PadCrypt includes a chat interface. The ransom process of setting up a Bitcoin wallet, filling it with bitcoins, and sending payment can be complicated. By offering this chat feature, PadCrypt lends a more human support element to the ransomware process, providing so-called support to its victims. (How sweet!)

   • First ransomware with chat support
   • Communicates via Darknet to avoid being traced
   • “Helps” even less savvy victims pay up

3. TeslaCrypt 

   Because it targeted gamers specifically and encrypted the files they need for their games, TeslaCrypt is more of what you’d call a cult fave. The files it takes hostage included saves, mods, and profiles. But since TeslaCrypt was being sold by non-authors on the Darknet, the original authors leaked the master decryption key to the public to permanently diffuse the threat. While it’s laying low for now, we wouldn’t be surprised if TeslaCrypt showed up again next season.

   • Accounted for ~11% of distributed ransomware
   • Attacked over 200 extensions on newer variants
   • Targeted gamers (Valve, Bethesda, Unreal Engine files)
   • Circumvented 3rd party defense to deliver polymorphic payloads at root level

4. RaaS (Ransomware-as-a-Service) 

   Not an actor, per se, but RaaS is more like a local theater company that encourages audience participation. Created for criminals by criminals, it opens up the ransomware stage to hackers of all skill levels. Thanks to RaaS, almost anyone can distribute encrypting ransomware payloads of their own design. In return, hackers pay for the service by sharing a cut of their spoils with the original author.

   • Enables almost anyone to make ransomware
   • Portal for malware generation is exclusively in Darknet (typically invite-only)
   • Intended for less-skilled cybercriminals who rent botnets
   • The malware author who created the portal takes a commission

 Conclusion

Even though the number of ransomware stars keeps growing, and their methods keep getting more diverse and advanced, managed service providers (MSPs) can take steps to maximize defense and help clients stay ahead. Keeping yourself and your customers in the know about the latest tactics and types of exploits favored by today’s ransomware is vital—as well as putting together an all-star cast with next-generation endpoint protection that utilizes collective threat intelligence to proactively protect against the rising stars of malware.

Next Steps: Want to find out if Webroot has what it takes to protect your customers? See for yourself with a no-risk FREE trial. You don’t even have to uninstall existing security. Want to learn more about how Webroot partners with MSPs to delight customers, lower costs, and boost profits? Learn more.

The post Four Rising Stars on the Ransomware Stage appeared first on Webroot Threat Blog.

FireCrypt Ransomware Builder Found in Wild

Researchers have discovered a new ransomware variant that uses “.firecrypt” as its amended extension once encryption has taken place. FireCrypt is compiled using a command line builder software that allows varying inputs and outputs to be determined by the author for a unique hash, as this allows for better disguise by enabling the author to change the icon and executable name. Along with the usual encryption, FireCrypt also connects to the Pakistan Telecom Authority website and begins downloading all of the available content, thus filling the victims hard drive with thousands of junk files.

Los Angeles College Hit with Cyberattack

While many students are preparing to return to classes after their winter break, employees at Los Angeles Valley College are working to determine the severity of a cyberattack. It is still unclear how the systems were breached or to what extent any sensitive information has been access, though officials are working with law enforcement.

Philippine Army Website Vandalized By Hackers

In the past week, the official Philippine Army website was compromised by a hacker going by the alias, Shin0bi H4x0r. The site itself displayed several messages to any visitors, boasting about the weak security and taunting the site admins. Though the site has since been taken offline, it is still undecided how the site was breached.

Experts Doubtful of Russia’s Part in Recent Hacking

With so many recent stories surrounding Russia’s involvement with the recent utility grid breach in Vermont and the implied connection to the hacks that took place during the election, many security researchers are unsure how involved Russia actually is. Flaws found in the US utility services are not a secret, and officials have been working to resolve them for quite some time. While public outcry over Russia hacking the election has been very pro-America, it stands as a bit hypocritical, as the US is assuredly involved in similar tactics all across the globe.

Malicious Super Mario Run Apps Found on Android

While Super Mario Run was released for iOS in the early part of December, it has yet to hit the official Android app store for sale. Due to the release gap, many cybercriminals have been cashing in by creating at least 9,000 known malicious versions of the app and distributing them through third-party app stores. Users are warned to avoid downloading any Super Mario Run-related apps until the official version has been released by Nintendo on the Google Play Store.

The post Cyber News Rundown: Edition 1/6/17 appeared first on Webroot Threat Blog.

Personal computers and devices aren’t the only targets for ransomware authors. Their methods have evolved to target government offices and profitable organizations, forcing them to rethink their cybersecurity mitigation plans.

Blackheart Records Data Left Exposed Online

Recently, it has been discovered that a large, unsecured database containing sensitive information on several prominent recording artists from Blackheart Records was left publicly available for an undetermined amount of time. The data that was found included passport scans, banking information, and other sensitive login information for Joan Jett and several of her bandmates. While the database has since been taken offline, the researchers state that there are still hundreds of servers and private machines that use Rsync as a backup, which leaves the server vulnerable.

GoldenEye Ransomware, New Petya Variant

In the past week, a new variant of the Petya ransomware has been discovered in the wild. Going by the name ‘GoldenEye‘, the variant runs the file encryption prior to gaining administrative privileges to modify the MBR (Master Boot Record), unlike Petya which would attempt the MBR modification first. While encrypting the hard drive, ‘GoldenEye’ displays a fake ChkDsk screen to placate the user until the process is complete. Currently, it’s main targets appear to be German-speaking users and is primarily spread through spam email campaigns.

Stegano Embeds Malicious Code in Banner Ads

In the past few months, researchers have been seeing a steady rise in the malicious ad campaign dubbed ‘Stegano’, which places malicious code into the parameters controlling transparency for pop-up banner ads. This recent campaign could potentially lead to millions of end-users becoming infected, as the altered ads have been found on many high-traffic news sites that typically have higher levels of security. Once the code ensures the system is running Internet Explorer, it begins redirecting the victim to sites hosting Adobe Flash exploits and attempts to infect and gather sensitive data. Fortunately for many users, several of the Flash exploits have already been resolved, which will lead to fewer infections.

Pennsylvania Prosecutor’s Office Pays Ransom

While the Avalanche Network was being dismantled by cooperating government agencies last week, the prosecutor’s office in Pennsylvania was recovering from a cyber attack which demanded a $1,400 bitcoin ransom payment. The attack was linked to a 2015 employee breach, but the after effects are still being seen after they decided to pay the ransom. In the six-year span that the Avalanche group operated, they are credited with infecting over half a million computers across nearly 200 countries.

Indiana County Out $200,000 After Ransomware Attack

Recently, it was announced that Madison County, Indiana spent a total of $200,000 in the wake of a ransomware attack on several county offices. With a ransom of $21,000 being paid out to the attackers, the additional expenditures were to recover their infected systems and provide better long-term security, including a backup solution for their data. Even with a high ransom, it’s not surprising to see the costs continue to rise as the victims scramble to rebuild and begin the hard task of creating and implementing a cybersecurity mitigation plan.

The post Cyber News Rundown: Edition 12/9/16 appeared first on Webroot Threat Blog.

“Highest average score for ease of use, quality of support, and […] requirements in endpoint protection.” That’s how Marty Duffy, Director of Research at G2 Crowd, describes Webroot after seeing the results of this year’s G2 Crowd survey on Best Software for IT Teams 2017. We’d be lying if we said we weren’t over the moon.

“Webroot Endpoint Protection’s users consistently commended the product in 2016. Mid-market users recognized the tool as a stand-out product to be used by IT teams. It received the highest average score for ease of use, quality of support, and meets requirements in endpoint protection (mid-market),”
said Marty Duffy, Director of Research, G2 Crowd.

G2 Crowd is a peer-to-peer business software review platform. Since 2014, they’ve recognized the best software products based on reviews by professionals across numerous markets. Their awards are supported exclusively by actual user satisfaction ratings, not obscure testing methodologies or paid industry reviewers. This is important to us for a couple of reasons.

Integrity and Customer Focus

First, at Webroot, two of our core company values are integrity and customer focus. We believe in respect, honoring our commitments, and measuring our success by our customers’ success. Our strength as a company is defined by the people who trust us to protect their businesses, clients, homes, and families. We’re proud to repay their trust by giving them the best possible service.

Real-time Protection

Second, cybersecurity continues to be a topic that gets more groans than cheers. Most users, both at home and at work, consider cybersecurity to be a kind of necessary evil. Sure, it keeps you safe from malware and other attacks, but it can also slow down your computer and get in the way of your activities. But we’re in the business of changing people’s minds on the subject. We devised a smarter way to protect businesses and individuals in the connected world. Our cloud-based protection and threat intelligence stop threats using behavior and contextual data, without draining system resources. We eliminated the hassle of system-intensive updates. And when any Webroot-protected device encounters a new threat, every device connected to our advanced threat intelligence platform is protected in real time.

Being recognized for this award serves to underscore our commitments as we continue to grow and innovate throughout the coming year. And, hot on the heels of being named Most Customer Friendly Company of the Year, we’ve only got one more thing to say: Thank you!

See for yourself what all the fuss is about. Take a free 30-day trial of Webroot SecureAnywhere® Business Endpoint Protection today. It won’t conflict with your existing security, and only takes a few seconds to install.

The post Webroot named among the Best Software Products for IT Teams 2017 appeared first on Webroot Threat Blog.