Quantcast
Channel: Webroot Blog
Viewing all 1110 articles
Browse latest View live

Cyber News Rundown: Infowars Hacked by Card Skimmers

0
0
Reading Time: ~2 min.

Infowars Online Site Compromised by MageCart Attack

Earlier this week, a security researcher found payment card-stealing scripts running on the Infowars online site. The scripts managed to stay active for nearly 24 hours. At least 1,600 users of the site may have been affected during this period, though many were returning customers who wouldn’t have had to re-enter their payment information into the compromised forms. As of writing, the malicious scripts being used by Magecart are active on nearly 100 other online stores, with almost 20% getting re-infected within a two-week period.

Scammers Syphon €19 Million From French Film Company

A lawsuit recently revealed that savvy scammers successfully took nearly €19 million through a series of unauthorized transfers from a spoofed personal email address of the company’s CEO. After requesting additional information from the scammers, who continued to provide highly-detailed documents suggesting their legitimacy, several payments were transferred from the company’s main cash pool with promises of a quick payback from the scammers.

Chinese Headmaster Caught Cryptomining on School’s Systems

The headmaster of a Chinese school was fired after staff discovered an excessively high power bill previously written off as a faulty HVAC system was actually caused by several cryptomining rigs running off the school’s electricity. The headmaster brought the mining machines into the school in mid-2017 and evaded blame for the excess power consumption until the physical proof was discovered. While it appears no other harm was done, cryptomining software can be dangerous, as you can never be sure nothing else is bundled with it.

New Botnet Exploits Unpatched Bug in Over 100,000 Devices

Researchers have been monitoring a relatively new botnet that is currently controlling over 100,000 devices, including 116 device types from multiple manufacturers. By taking advantage of well-known bugs within Universal Plug n Play, hackers can quickly take control of the device and begin monitoring traffic from outside of the network.

Cathay Pacific Airlines Cyberattack Occurred Over Several Months

After originally claiming a data breach had taken place last month, affecting 9.4 million customers, new findings have shown the attacks have been happening regularly since March. Even though local laws didn’t require the company to notify authorities regarding a data breach, it is still surprising that it has taken almost nine months to determine what data had been exposed and what hadn’t.

The post Cyber News Rundown: Infowars Hacked by Card Skimmers appeared first on Webroot Blog.


How to Keep Your Kids Safe Online

0
0
Reading Time: ~4 min.

As digital natives become more immersed in and dependent upon technology, they are likely to experience “cyber fatigue,” which can be thought of cybersecurity complacency. Paired with the invincible feeling that often accompanies being young, this can be a dangerous combination. It’s easy to mistakenly believe that hacked devices and identity theft are things that only happen to adults. Kids and teenagers, however, are just as high-risk and the impacts of cybersecurity breaches could potentially affect them for years into their future. So how can we protect our kids’ digital lives in the same way we protect their offline lives?

Frank Conversations

The internet may seem like a playground of endless entertainment, but we need to educate our children about the dangers that exist there as well. Have you had a friend or family member who’s been hacked or somehow had important information compromised? Talk to your kids about it, how it happened, why it happened, and the work needed to fix it. These real-life examples may be one of your most powerful education tools, as they help children more concretely understand the concept of cybersecurity threats. Demonstrating that these things can happen to anyone, including them, is the quickest way to get their cybersecurity guard up. Looking for fresh ideas on how to talk to your kids about cybersecurity? Check out the Webroot Community for advice and tips.

Common Scams

Teach your children about the most common cybersecurity threats, especially ones that are particularly pervasive on social media, including phishing, identity theft, and malicious websites. They should never accept private messages from people they don’t know, or click on links from friends or family that seem out of character or suspect. If they aren’t sure a message from a friend is actually from that individual, they should not hesitate to verify their identity by calling them, or by asking specific questions only that individual would know. The comments sections of websites like YouTube are also potential flashpoints. Clever comments can entice users into clicking on a risky link that navigates them to a malicious site.

Illegal Downloads

The temptation to download an illegal copy of a favorite movie, game, or album can be strong, but ethical and legal implications aside, it remains one of the most risky online behaviors. In fact, a recent study found that there was a 20% increase in malware infection rates associated with visits to infringing sites. Make sure your kids know the impact illegal downloads have on their security, and inform them of alternative streaming and download options. If you’re able, give your child an allowance for services like Steam for video games, or Amazon Video for films and shows. Providing them with alternative options is the best way to keep your child from giving into the temptation of illegally torrenting content.

Mobile Safety

A recent study found that people aged 15 to 24 spend about four hours a day on their phones. This works out to roughly 1,456 hours of mobile engagement a year, making mobile devices one of the most vulnerable entry points for cybersecurity breaches. Make sure your child’s phone is protected with a pin number, password, or biometrics on the lock screen, and that they know to leave Bluetooth turned off when not in use. Connecting to public WiFi networks could also leave your child vulnerable, but you can protect their devices from open networks by securing them with a VPN.

Digital Footprint

Many young people today use anonymous or “private” messaging services, like Whisper, Sarahah, or Snapchat, believing that they are protected by the apparent anonymity. However, cybersecurity experts have long been critical of these services, as nothing online is 100% anonymous.

“There is no single app that is capable of providing complete anonymity,” says Randy Abrams, Sr. Security Analyst at Webroot. “Even though someone may think they are anonymous, our online behavior allows people to track and identify us. Apps that claim to provide anonymity often collect and sell personally identifying data left behind from internet searches.”

“Some apps may offer much higher degrees of anonymity, but it takes a tremendous amount of knowledge and discipline to be anonymous,” he adds. “If an app requires access to your contacts, pictures, storage, location or the ability to make and receive phone calls or SMS messages, anonymity quickly starts to disappear.”

Free applications have to make a profit somewhere, which often means that they are storing, tracking and selling user data. This is particularly dangerous as users are lulled into a false sense of security, which can quickly be shattered when these services are affected by a cybersecurity breach. Make sure your kids know nothing they say online is truly private, and that a negative digital footprint can drastically alter the course of their lives.

Shared Responsibility

We believe cybersecurity is a shared responsibility, and that it is not just up to parents to educate digital natives. This is why we’ve developed a cybersecurity awareness initiative with the Aurora Public School System in Colorado. In addition to providing students with online safety tips, we’ve given them insights on potential career paths, and connected them with our engineers to solve problems using skills like math and coding that could benefit them later in their careers.

We encourage parents to explore and advocate for cybersecurity and STEM education opportunities for children in their local communities. For more educational content to help keep your family safe from cyber threats, visit the Home + Mobile section of our blog.

The post How to Keep Your Kids Safe Online appeared first on Webroot Blog.

Charity Scams to Watch Out for During the Holidays

0
0
Reading Time: ~5 min.

‘Tis the season of giving, which means scammers may try to take advantage of your good will. A surprising fact about American donation habits is that everyday folks like yourself are the single largest driver of charitable donations in the United States. Giving USA’s Annual Report on Philanthropy found that individuals gave $286.65 billion in 2017, accounting for 70 percent of all donations in the country.

Last year, Giving Tuesday donations alone grew by 22 percent, with an average household donation of $111. With the seventh annual Giving Tuesday on November 27 fast approaching and technology that makes it increasingly easier to support your favorite causes, it’s more important than ever to keep your guard up before you click the “donate” button.

Charity Scams

Unsolicited donation requests are fairly normal during the holiday season —especially since non-profits depend on year-end giving for the success of their organizations—but look out for a few behaviors as red flags. Overly aggressive pitches including multiple phone calls and emails, or high-pressure tactics that require your immediate donation, should always be avoided. Be on high alert for “phishy” emails and links; make sure to check the sender’s email address and hover over links to reveal their true destination before clicking on them. Even if a website looks legitimate, it may be a spoofed. Check that the domain matches the company you intended to visit. This can be trickier than it sounds. For instance, stjudehospital.com may appear to be genuine, but an easy Google search of “St. Jude Hospital” reveals their actual site to be stjude.org.

If you’re donating to a charity you’ve never worked with before, do a little research before committing your funds. Charity Navigator is a particularly useful resource; just type in the organization’s name and check out their rating. If they are not listed on Charity Navigator, it’s probably best to err on the side of caution and donate your hard-earned dollars elsewhere. Also, be sure to only enter sensitive or personal information into websites that have an SSL certificate; you’ll be able to tell if a page is secure if the link begins with “https”. (This is a great tip for shopping online this holiday season too.) Finally, before making any online donations, make sure you have a strong antivirus program installed that can detect phishing sites and that it’s up-to-date on all your devices.

If you are contacted by a charitable organization by telephone and want to make a donation, don’t give them your credit details over the phone. Have them mail you a donation form for you to evaluate and mail back. Remember: no legitimate charity will ask you to wire them money or pay them in gift cards. If you encounter a charity that is urging you to do so, cut all contact and block them on all platforms.

Bear in mind that not all charity scams are out for money, either—some are hoping to skim personal information. There is absolutely no reason to provide a charitable organization with information like your Social Security Number or driver’s license number—these are major red flags. Also, be especially cautious of requests to send an SMS code to donate via text message.

Social Media Scams

Social media is an easy and typically secure way to donate to legitimate charitable organizations, but scammers know how to use these platforms as well. Social media scams are on the rise, but a little bit of common sense goes a long way with donations on social channels. If you’re looking to donate to someone through a crowdfunding site, be sure the campaign fully answers these questions:

  • Can you verify if the organizer of the campaign has an existing relationship with the intended donation recipient?
  • Is there a plan for how the funds be used to aid the intended recipient?
  • Are verifiable friends and family of the intended recipient making donations and leaving supportive comments?
  • How will the intended recipient access the funds?

If you cannot easily find the answers to these questions, we recommend you avoid donating to that campaign.

Another pervasive social media scam is celebrity imposters who pretend to raise funds for charities or disaster relief. These imposters use the familiar faces of some of our favorite media personalities to gain our trust and access our wallets. If you have been solicited by a celebrity for donations, stop and take moment before you give. Make sure it’s their official social media page, which can be often verified on Twitter and Facebook by a small blue checkmark next to their name. You may also Google the celebrity’s name and “scam” to see if others have already reported a trap.

Source: @PatrickDempsey on Twitter

Attacks Targeting Seniors

While scams that target our aging loved ones are a problem year-round, the Consumer Financial Protection Bureau says scammers tend to ramp up their efforts during the holidays to take advantage of seasonal generosity. Most charity scams that target seniors are similar to the ones we all face, including phishing emails, phishing sites, and false charities. However, “Grandkid Scams” are a unique variety.

For this type of fraud, an older adult is contacted by a someone pretending to be a family member in desperate need of money or assistance, often impersonating a grandchild. Speak with the older adults in your life about the common signs of scams, like misspelled emails and requests for wire transfers, and teach them how to hover over a link to check its destination. Remind them to verify whether a family member is reaching out for money, and check in with them more often leading up to the holidays to catch any potential security issues early.

Stop Attacks Early

Vigilance is key in stopping a potential security breach in its tracks. If you believe you may have unwittingly sent money to a scam charity, reach out to the organization you used to send the money, such as your bank or credit card company. Tell them the transaction was fraudulent and ask them to cancel it, if possible. If you believe your personal information was exposed, you can freeze your credit to prevent any long-term damage. Also, if you think you may have encountered a charity scam of any type, be sure to report it to the FTC to help keep others safe.

Even if you don’t think you have suffered a breach, keep an eye on your credit score and monitor your banking and credit accounts closely this holiday season. Paying a little extra attention will help you act quickly if your information has been compromised, potentially saving you and your family major holiday heartache. For an added layer of protection, secure all of your family’s devices behind a trusted VPN, which will keep your private data encrypted and safe should anyone try to intercept information you send over WiFi.

Do you know of a common scam we missed? Have some advice you think we should have included? Let us know in the comments!

The post Charity Scams to Watch Out for During the Holidays appeared first on Webroot Blog.

What’s Next? Webroot’s 2019 Cybersecurity Predictions

0
0
Reading Time: ~4 min.

At Webroot, we stay ahead of cybersecurity trends in order to keep our customers up-to-date and secure. As the end of the year approaches, our team of experts has gathered their top cybersecurity predictions for 2019. What threats and changes should you brace for?

General Data Protection Regulation Penalties

“A large US-based tech company will get hammered by the new GDPR fines.” – Megan Shields, Webroot Associate General Counsel

When the General Data Protection Regulation (GDPR) became law in the EU last May, many businesses scrambled to implement the required privacy protections. In anticipation of this challenge for businesses, it seemed as though the Data Protection Authorities (the governing organizations overseeing GDPR compliance) were giving them time to adjust to the new regulations. However, it appears that time has passed. European Data Protection Supervisor Giovanni Buttarelli spoke with Reuters in October and said the time for issuing penalizations is near. With GDPR privacy protection responsibilities now incumbent upon large tech companies with millions—if not billions—of users, as well as small to medium-sized businesses, noncompliance could mean huge penalties.

GDPR fines will depend on the specifics of each infringement, but companies could face damages of up to 4% of their worldwide annual turnover, or up to 20 million Euros, whichever is greater. For example, if the GDPR had been in place during the 2013 Yahoo breach affecting 3 billion users, Yahoo could have faced anywhere from $80 million to $160 million in fines. It’s also important to note that Buttarelli specifically mentions the potential for bans on processing personal data, at Data Protection Authorities’ discretion, which would effectively suspend a company’s data flows inside the EU.

AI Disruption

“Further adoption of AI leading to automation of professions involving low social intelligence and creativity. It will also give birth to more advanced social engineering attacks.” – Paul Barnes, Webroot Sr. Director of Product Strategy

The Fouth Industrial Revolution is here and the markets are beginning to feel it. Machine learning algorithms and applied artificial intelligence programs are already infiltrating and disrupting top industries. Several of the largest financial institutions in the world have integrated artificial intelligence into aspects of their businesses. Often these programs use natural language processing—giving them the ability to handle customer-facing roles more easily—to boost productivity.

From a risk perspective, new voice manipulation techniques and face mapping technologies, in conjunction with other AI disciplines, will usher in a new dawn of social engineering that could be used in advanced spear-phishing attacks to influence political campaigns or even policy makers directly.

Ransomware is Out, Cryptojacking is In

We’ll see a continued decline in commodity ransomware prevalence. While ransomware won’t disappear, endpoint solutions are better geared to defend against suspicious ransom-esque actions and, as such, malware authors will turn to either more targeted attacks or more subtle cryptocurrency mining alternatives.” – Eric Klonowski, Webroot Principal Threat Research Analyst

Although we’re unlikely to see the true death of ransomware, it does seem to be in decline. This is due in large part to the success of cryptocurrency and the overwhelming demand for the large amounts of computing power required for cryptomining. Hackers have seized upon this as a less risky alternative to ransomware, leading to the emergence of cryptojacking.

Cryptojacking is the now too-common practice of injecting software into an unsuspecting system and using its latent processing power to mine for cryptocurrencies. This resource theft drags systems down, but is often stealthy enough to go undetected. We are beginning to feel the pinch of cryptojacking in critical systems, with a cryptomining operation recently being discovered on the network of a water utility system in Europe. This trend is on track to continue into the New Year, with detected attacks increasing by 141% in the first half of 2018 alone.

Targeted Attacks

“Attacks will become more targeted. In 2018, ransomware took a back seat to cryptominers and banking Trojans to an extent, and we will continue see more targeted and calculated extortion of victims, as seen with the Dridex group. The balance between cryptominers and ransomware is dependent upon the price of cryptocurrency (most notably Bitcoin), but the money-making model of cryptominers favors its continued use.” – Jason Davison, Webroot Advanced Threat Research Analyst

The prominence of cryptojacking in cybercrime circles means that, when ransomware appears in the headlines, it will be for calculated, highly-targeted attacks. Cybercriminas are now researching systems ahead of time, often through backdoor access, enabling them to encrypt their ransomware against the specific antivirus applications put in place to detect it.

Government bodies and healthcare systems are prime candidates for targeted attacks, since they handle sensitive data from large swaths of the population. These attacks often have costs far beyond the ransom itself. The City of Atlanta is currently dealing with $17 million in post-breach costs. (Their perpetrators asked for $51,000 in Bitcoin, which the city refused to pay.)

The private sector won’t be spared from targeting, either. A recent Dharma Bip ransomware attack on a brewery involved attackers posting the brewery’s job listing on an international hiring website and submitting a resume attachment with a powerful ransomware payload.

Zero Day Vulnerabilities

“Because the cost of exploitation has risen so dramatically over the course of the last decade, we’ll continue to see a drop in the use of zero days in the wild (as well as associated private exploit leaks). Without a doubt, state actors will continue to hoard these for use on the highest-value targets, but expect to see a stop in Shadowbrokers-esqueoccurrences. Leaks probably served as a powerful wake-up call internally with regards to access to these utilities (or perhaps where they’re left behind). – Eric Klonowski, Webroot Principal Threat Research Analyst

Though the cost of effective, zero-day exploits is rising and demand for these exploits has never been higher, we predict a decrease in high-profile breaches. Invariably, as large software systems become more adept at preventing exploitation, the amount of expertise required to identify valuable software vulnerabilities increases with it. Between organizations like the Zero Day Initiative working to keep these flaws out of the hands of hackers and governmental bodies and intelligence agencies stockpiling security flaws for cyber warfare purposes, we are likely to see fewer zero day exploits in the coming year.

However, with the average time between the initial private discovery and the public disclosure of a zero day vulnerability being about 6.9 years, we may just need to wait before we hear about it.

The take-home? Pay attention, stay focused, and keep an eye on this space for up-to-the-minute information about cybersecurity issues as they arise.

The post What’s Next? Webroot’s 2019 Cybersecurity Predictions appeared first on Webroot Blog.

Cyber News Rundown: USPS Exposes Personal Data

0
0
Reading Time: ~2 min.

USPS Website Leaves Personal Data Available to Anyone

Within the last week, The U.S. Postal Service (USPS) has been working to resolve a vulnerability that allowed any authenticated user to view and modify the personal information for any of the other 60 million users. Fortunately, USPS was quick to fix the vulnerability before any detectable alterations were made, which could have included changes to social security numbers, addresses, and even live tracking information on deliveries.

Amazon Exposes Customer Data

Many Amazon shoppers recently received an email informing them that their personal information was released, though the announcement was light on details. To make matters worse, Amazon’s only response was that the issue has been fixed. It did not mention what the actual issue was or what may have caused it. Official Amazon forums have been bombarded with concerned customers in advance of the approaching holiday season.

IRS Audit Reveals Fraud Protection Failure

It was revealed during a recent audit of the IRS that victims of at least 89 unique data breaches received no fraud protection for their tax filings. The number of affected victims is just over 11,000, some of whom have already fallen victim to tax filing fraud for either their 2016 or 2017 tax return. IRS staff have made promises to include the missing breaches in their tracking systems as quickly as possible and to begin assisting the victims of these incidents.

Atrium Health Breach Involves 2.65 Million Patients

The names and other sensitive personal information have been compromised for over 2.65 million patients of Atrium Health after a third-party provider experienced a data breach. Over the course of a week in late September, several servers belonging to AccuDoc were illegitimately accessed, though none of the data was downloaded. Fortunately, the servers didn’t contain payment or personal medical records and Atrium Health was informed just 2 days after the incident was discovered.

New Jersey Police Computers Hit with Ransomware

Since Thanksgiving Day, the computer systems for one New Jersey police force have been taken completely offline after experiencing a ransomware attack. Computer and email systems normally used by office administrators were also shutdown as a precaution. It’s possible that the attack originated from one of the two official devices that have been missing for several months following the previous mayor’s abrupt passing.

The post Cyber News Rundown: USPS Exposes Personal Data appeared first on Webroot Blog.

Cyber News Rundown: WeChat Ransomware

0
0
Reading Time: ~2 min.

Touch ID Used to Scam Apple Users

Two apps were recently removed from the Apple App Store after several users reported being charged large sums of money after installing the app and scanning their fingerprint. Both apps were fitness-related and had users scan their fingerprint immediately so they could monitor calories or track fitness progress. But the apps launched a payment confirmation pop-up with the user’s finger still on the device to charge any card on file for the account. Luckily, the apps were only available for a brief period before being removed and refunds issued.

Signet Jewelers Expose Customer Order Data

Signet Jewelers, the parent company for Kay and Jared jewelers, was informed last month by an independent researcher of a critical flaw in their online sites. By simply altering the hyperlink for an order confirmation email, the researcher was able to view another individual’s order, including personal payment and shipping information. While Signet resolved the issue for future orders, it took additional weeks to remedy the flaw for past orders.

WeChat Ransomware Hits over 100k Chinese Computers

In the five days since December began, a new ransomware variant dubbed WeChat Ransom has been spreading quickly across China. With over 100,000 computers currently infected and thousands more succumbing each day, WeChat has made a significant mark. Though it demands a ransom of only roughly $16 USD, the variant quickly begins encrypting the local environment and attempts to steal login credentials for several China-based online services. Fortunately, Tencent banned the QR code being used to send ransom payments and disabled the account tied to it.

Nearly 100 Million Users Compromised in Quora Breach

Servers containing sensitive information for nearly 100 million Quora.comusers were recently compromised by unknown hackers. In addition to personal information about users, any posts or messages sent over the service were also breached. While informing affected users of the leak, Quora stated that all password data they store was fully encrypted using bcrypt, which makes it considerably more expensive and time-consuming for the hackers to break the algorithms and obtain the data. 

Marriott Hotels Breach Leaves Half a Billion Users Vulnerable

In one of the largest data breaches to date, Marriott International is under fire for exposing the personal data of nearly 500 million individuals. A class-action lawsuit has been filed against the hotel chain. For many victims, their names, home addresses, and even passport information was available on an unsecured server for nearly four years after the company merged with Starwood, whose reservation systems were already compromised.

The post Cyber News Rundown: WeChat Ransomware appeared first on Webroot Blog.

What Separates Webroot WiFi Security from Other VPNs?

0
0
Reading Time: ~2 min.

Virtual Private Networks (VPNs) are quickly becoming a fundamental necessity for staying safe online. From large corporations to family households, people are turning to VPNs to ensure their data is encrypted end to end. But as with any emerging technology, it’s easy to become overwhelmed with new and untested VPN options. So, how does Webroot® WiFi Security distinguish itself from other VPNs?

Whether or not you can trust your VPN provider should be the first thing to consider when selecting a VPN. A recent analysis of nearly 300 mobile VPN services on the Google Play store found that, unlike Webroot WiFi Security, almost one in five didn’t encrypt data as it was transmitted through their private network, a core tenant of VPN protection. At Webroot we have decades of cybersecurity experience. We’ve built confidence with every customer, from the world’s leading IT security vendors to families just like yours. Security and privacy are what we do best, and Webroot WiFi Security was purpose-built to always encrypt your data without screening, storing, or selling your private information.

“New products from unknown companies can be risky—what data are they capturing, what are they doing with the data, and how are they protecting that information?” notes Andy Mallinger, Webroot director of product. “Webroot has been in the security business for more than 20 years, and has built machine learning-based security systems for more than a decade. We designed our products to evolve with the ever-changing threat landscape. Adding VPN protection with Webroot WiFi Security, is a perfect next step in our continued evolution.”

Best-in-class security

Webroot WiFi Security was built to provide best-in-class security, while still being easy to use. A one-click setup automatically enables security features without any confusion or missed steps. For extra security, Android®, Mac®, and Windows® users can enable Webroot WiFi Security’s unique “killswitch” feature. If your VPN connection is lost, the kill switch prevents the transmission of your data over an unsecure network until you are reconnected to the VPN.

“Webroot WiFi Security also helps protect your privacy by obscuring your location,” says Randy Abrams, senior security analyst at Webroot. “Websites are able to precisely pinpoint your location and use that information to track your browsing habits. With Webroot WiFi Security, you can be in Broomfield, Colorado, but your VPN IP address can make it look like you are in any one of the more than 30 countries where our VPN servers are located.”

Privacy plus security

Webroot WiFi Security also offers Web Filtering powered by BrightCloud® Threat Intelligence*. This feature provides an extra layer of protection that keeps your financial information, passwords, and personal files from being exploited. Webroot goes a step above other VPNs by safeguarding users from visiting malicious or risky websites known to be associated with malware, phishing, key logging spyware, and botnets. Web Filtering is a feature that the user can choose to enable or disable.

The combination of consumer trust and the power of best-in-class threat intelligence makes Webroot WiFi Security one of the most unique and secure VPN offerings on the market. Webroot has a deep history of protecting its customers’ privacy, and we are excited to showcase this dedication in the VPN market.

Ready to make the switch to Webroot WiFi Security? Learn more after the jump.

*The BrightCloud Web Filtering feature is only available on Windows®, Mac®, and Android® systems.

The post What Separates Webroot WiFi Security from Other VPNs? appeared first on Webroot Blog.

Cyber News Rundown: Android Trojan Steals Credentials

0
0
Reading Time: ~2 min.

Clemson Supercomputer Susceptible to Cryptojacking

IT staff at Clemson University have been working to remove the recent introduction of a cryptominer on its supercomputer, known as Palmetto. As they compromised the system for the mining of Monero, the attackers’ ploy was only spotted due to spikes in computing power and rising operating costs for the supercomputer, since manually monitoring the entire system is nearly impossible. It’s still unknown who was responsible for the mining, but Clemson staff have already begun increasing security measures to discourage copy-cat crimes. 

Cyberattack Strikes Italian Oil Company

Italian oil and gas company Saipemfell victim to a cyber-attack earlier this week that knocked several critical servers offline. The attack appears to have focused specifically on servers located in Middle Eastern countries in which the company operates. It’s presently believed the attackers were also involved in prior cyberattacks on Saudi Aramco, for whom Saipem is a supplier. 

Data Breach Affects Topeka Residents

A data breach that could expose the personal details of nearly 10,000 residents of Topeka, Kansas was recently discovered. The breach could affect anyone who made online payments to the Topeka Utilities Department between October 31 and December 7. Officials are still working to determine the cause of the breach. The city’s utility department is in the process of contacting all 10,000 potential victims.

Google+ Reaches End of Life Sooner than Expected 

While the consumer version of Google+was destined to be shut down in mid-2019, a new bug will hasten its end to April. This final vulnerability had the potential to expose entire user profiles to any applications searching for data, even if the account was set to private. This vulnerability left over 52 million accounts accessible to any number of app developers during the six days it was left exposed.  

Android-based Trojan Steals Credentials

A new Trojan has been spotted on the Android OS that uses screen overlays for popular applications to trick users into entering credentials for apps like PayPal, Google Play, and even several banking apps. By displaying the overlay in the lock foreground screen, users are unable to close the pop-ups with normal methods, and can only do so by completing a form requesting login information. Additionally, the malware can identify if a legitimate app is currently installed and prompt the user to open it and log in, thereby removing a step in gaining access to the victim’s funds.

The post Cyber News Rundown: Android Trojan Steals Credentials appeared first on Webroot Blog.


Cyber News Rundown: Facebook Bug Exposes User Photos

0
0
Reading Time: ~2 min.

Facebook API Bug Reveals Photos from 6.8 Million Users

Facebook announced this week that an API bug had been found that allowed third-party apps to access all user photos, rather than only those posted to their timeline. The vulnerability was only available for 12 days in mid-September, but could still impact up to 6.8 million users who had granted apps access to their photos in that time.

Children’s Charity Falls Victim to Email Scam

Over $1 million was recently diverted from a children’s charity organization after hackers were able to gain access to an internal email account and begin creating false documents and invoices. Due to a lack of additional authentication measures, the funds were promptly transferred to a Japanese bank account, though insurance was able to compensate for most of the loss after the scam was finally discovered.

Email Extortion Scams Now Include Hitmen

The latest in a series of email extortion campaigns promises its victims will be executed by a hitman if a Bitcoin ransom of $4,000 isn’t paid within 38 hours. Given such poorly executed scare tactics, it comes as no surprise that the payment account has still not received any funds after several days. Hopefully, as the threats of violence leads to victims contacting law enforcement rather than paying the scammers, these types of scams will become more rare.

Hackers Force Printers to Spam PewDiePie Message

Nearly 50,000 printers around the world have been spamming out a message suggesting subscribing to PewDiePie on YouTube and recommending the recipient improve their printer security. The group behind the spam has stated they want to raise awareness of the real threat of unsecured devices connected to the internet and how they can be used maliciously. In addition to sending print-outs, attackers could also steal data being printed or modify documents while they are being printed.

Cybersecurity Audit Shows Major Vulnerabilities in U.S. Missile Systems

A recent report showed that U.S. ballistic missile defense systems have consistently failed security audits for the past five years. Some of the major flaws included a lack of encryption for data stored on removable devices, patches reported in previous years that remained untouched, and the regular use of single-factor authentication for entire facilities. Physical security issues that could leave highly-sensitive data exposed to anyone willing to simply try to access it were also detailed in the report.

The post Cyber News Rundown: Facebook Bug Exposes User Photos appeared first on Webroot Blog.

Cybersecurity Trends to Watch Out for in 2019

0
0
Reading Time: ~5 min.

The cybersecurity landscape is in constant flux, keeping our team busy researching the newest threats to keep our customers safe. As the new year approaches, we asked our cybersecurity experts to predict which security trends will have the most impact in 2019 and what consumers should prepare for.

Continued Growth of Cryptojacking

“Cryptojacking will continue to dominate the landscape. Arguably more than a third of all attacks in 2019 will be based off of leveraging hardware in your devices to mine cryptocurrency.” – Tyler Moffitt, Senior Threat Research Analyst 

The largest cyber threat of 2018 will continue its unprecedented growth in 2019. Cryptojacking—a type of hack that targets almost any device with computing power, including mobile devices, company servers, and even cable routers to mine for cryptocurrencies—grew by more than 1,000% in the first half of 2018. Compared to ransomware attacks, cryptojacking is incredibly stealthy, with many systems losing processing power while sitting idle anyway. We are now seeing cryptojacking in more significant systems, as was the case when Nova Scotia’s St. Francis Xavier University struggled for weeks to recover after cryptojacking software led to the school to disable its entire digital infrastructure in order to purge the network. For home internet users, cryptojacking can put undue stress on your computer’s processor, slowing down performance and increasing your electric bill.

But, as with any cybersecurity threat, it’s a constant cat-and-mouse game between criminals and the security industry. As cryptojacking continues to grow, so does criminals’ ability to successfully implement the attack. At the same time, so does our knowledge and ability to defend against it. This type of attack can impact your devices in multiple ways, whether via a file on your computer or a website you visit. We recommend a layered solution that can protect against these different attack vectors, like Webroot SecureAnywhere® solutions.

General Data Protection Regulation (GDPR) Influence

“We are going to see a lot more legislation proposed within the US that will be very similar to GDPR, much like California already has. These types of laws will inspire the idea that companies don’t own data that identifies people, and we need to be better stewards of that data. Data, by all accounts, is a commodity. It’s necessary for innovation and to stay competitive, but the data must be good to be of any use.” – Briana Butler, Engineering Data Analyst

The General Data Protection Regulation (GDPR) is a set of regulations put in place in 2018 that standardize data protection measures within the European Union, marking the beginning of a new era of international data protection. In the United States, California has been on the frontlines of data protection law since 2003 when bill SB1386 was passed, pioneering mandatory data-breach notifications nationwide. California continues to innovate in data privacy law with the recently passed California Consumer Privacy Act of 2018 (CCPA), possibly the toughest data privacy law in the country. Although clearly influenced by GDPR, it differs in many ways—enough that companies who are compliant with GDPR may need to take additional steps to also be compliant under the CCPA. But it’s not just lawmakers who are pushing for data protection regulation, influential tech industry leaders like Tim Cook are also calling for stronger consumer protections on data collection nationwide.

What does this mean for you? Expect another wave of “Privacy Update” emails and cookie collection pop-up notices while browsing, as well as expanded protections regarding the collection and storage of your personal data. Given the rising regularity of third party data breaches—like the one that recently left 500 million Marriott guests exposed—stronger data protection laws can only mean good things for consumers.

Biometrics on the Rise

“We will see continued growth in biometric services. Devices with usernames and passwords will become the legacy choice for authentication.” – Paul Barnes, Sr. Director of Product Strategy

Largely associated with facial and fingerprint recognition, biometrics have been on the rise since at least 2013, when the launch of TouchID placed the technology in every iPhone user’s hands. But the adoption of biometric technologies—particularly facial recognition biometrics—was dampened by cultural and ethical concerns, with some fearing the establishment of a national biometric database. But today we are beginning to see the normalization of facial recognition biometrics, like those utilized by Snapchat and Instagram. Biometrics are also now widely seen used in critical infrastructure applications. Airports use biometrics to facilitate a faster boarding process, and hospitals are adopting biometrics for both patient care and as a HIPAA security precaution.

We predict this regular exposure to biometrics will lead to a larger cultural acceptance and adoption of biometrics as a trusted security standard, leading to the eventual death of usernames and passwords. Why bother with a login when your computer knows the minute details of your iris? But convenience may come as a cost. Corresponding with rising use, biometric data will continue to become a more valuable commodity for cybercriminals to steal.

The Beginning of the End for SSNs

“There will be significant discussion around replacing Social Security numbers for a more secure, universal personal identity option.” – Kristin Miller, Director of Communications

In 2017 the Equifax breach compromised 145.5 million Social Security numbers, forcing us to face an uncomfortable truth: SSNs are a legacy system. First available in 1935 from the newly minted Social Security Administration, they were created to track accounts using Social Security programs. They were never intended to act as the secure database key we expect them to be today.

The conversation has already begun on the federal level. “I think it’s really clear there needs to be a change,” White House Cybersecurity Coordinator Rob Joyce said at the 2017 Cambridge Cyber Summit. “It’s a flawed system. If you think about it, every time we use the Social Security number you put it at risk.”

Although it will be some time until we fully replace Social Security numbers, what should you expect from a replacement? When it comes to personal identifiers that are both unique and secure, the conversations tend to center around two technologies: biometrics and blockchains. Biometrics—particularly behavioral biometrics, which derive their logic from individual’s behavioral patterns, such as the syncopation of types or taps on a screen, or even your unique heart beat—are proving to be an especially intuitive solution.

Certification for the Internet of Things

“We will finally see a consumer IoT/connected goods certification body, similar to the Consumer Electrical Safety Certifications today. This will enforce the notion of Security by Design for a smart goods manufacturer.” – Paul Barnes, Sr. Director of Product Strategy

We love the Internet of Things (IoT). It powers our smart homes, our fitness trackers, and our voice assistants. But IoT devices are notoriously insecure, oftentimes featuring overlooked flaws that can lead to exploitation in unexpected places. A recent Pew Research Center survey looked at how growing security concerns are influencing the spread of IoT connectivity reported only 15% of participants saying security concerns would cause significant numbers of people to disconnect from IoT devices. Alternatively, 85% believe most people will move more deeply into an interconnected life due to the convenience of IoT products. Recently published documents may signal that the time of putting convenience ahead of security is quickly coming to an end.

The United Kingdom’s department for Digital, Culture, Media, and Sport (DCMS) published the “Code of Practice for Consumer IoT Security.” The code outlines thirteen steps for organizations to follow for the implementation of appropriate security measures in IoT offerings. It also emphasizes the need for a secure-by-design philosophy, a belief that security measures need to be designed into products, not bolted on afterwards. This type of regulatory influence on the industry is sure to make waves across the pond, and we are already seeing this play out with California’s new IoT security law.

Keep these predictions in mind as you make your way through 2019. Staying informed is the best way to keep you and your family safe, so check back here for more cybersecurity trend updates in the future!

The post Cybersecurity Trends to Watch Out for in 2019 appeared first on Webroot Blog.

Cyber News Rundown: Amazon User Receives Thousands of Alexa-Recorded Messages

0
0
Reading Time: ~2 min.

Amazon User Receives Thousands of Alexa-Recorded Messages

Upon requesting all his user data from Amazon, one user promptly received over 1,700 recorded messages from an Alexa device. Unfortunately, the individual didn’t own such a device. The messages were from a device belonging to complete stranger, and some of them could have easily been used to find the identity of the recorded person. While Amazon did offer the victim a free Prime membership, it’s cold comfort, as these devices are constantly recording and uploading everyday details about millions of users. 

San Diego School District Hacked

In a recent phishing scheme, hackers successfully gained the trust of a San Diego Unified School Districtemployee and obtained credentials to a system that contained student, parent, and staff data from the past decade. The database mostly consisted of personal data for over half a million individuals, but also included student course schedules and even payroll information for the District’s staff. 

Data Breach Affects Hundreds of Coffee Shops

Attackers were able to access payment data for 265 Caribou Coffee shopsacross the United States. The breach could affect any customers who made purchases between the end of August 2018 and the first week of December. The company recommends that any customers who may have visited any of their locations across 11 states engage a credit monitoring service to help avoid possible fraud.

FBI Shuts Down DDoS-for-Hire Sites

At least 15 DDoS-for-Hire siteshave been taken down in a recent sweep by the U.S. Justice Department, and three site operators are currently awaiting charges. Some of the sites had been operating for more than 4 years and were responsible for over 200,000 DDoS attacks across the globe. This is the second in a series of government-led cyberattack shutdowns over the last year. 

Email Scam Offers Brand New BMW for Personal Info

A new email scam is informing victims that they’ve just won a 2018 BMW M240iand over $1 million dollars, which they can easily claim if they provide their name and contact information. Victims who provide their contact details are then contacted directly and asked to give additional information, such as their social security number and credit or bank card details. If you receive this email or one like it, we recommend you delete it immediately, without opening it. 

The post Cyber News Rundown: Amazon User Receives Thousands of Alexa-Recorded Messages appeared first on Webroot Blog.

Cyber News Rundown: Ransomware Hits Tribune Publishing

0
0
Reading Time: ~2 min.

American Newspapers Shutdown After Ransomware Attack

Nearly all news publications owned by Tribune Publishing suffered disruptions in printing or distribution after the publisher was hit by a ransomware attack. Many of the papers across the country were delivered incomplete or hours or days late. Even some papers that had been sold off to other publishers in previous years were affected. Fortunately, digital and mobile versions of the newspapers were untouched by the attack, allowing users to view local news as normal online.

‘PewDiePie’ Hacker Turns Focus to Smart Devices

The hacker previously responsible for hacking thousands of printers and directing them to print ads in support of PewDiePie, the world’s largest YouTuber, has now started using unsecured smart devices to continue the campaign. In addition to requesting the “victim” subscribe to PewDiePie, the hacker’s main message is to bring light to the extreme lack of security many of us live with daily. By using the standard ports used by smart TVs to connect to streaming devices, the hacker has even created scripts that will search for these insecure ports and begin connecting to them.

California Alcohol Retailer Faces Data Breach

One of the largest alcohol retailers in California, BevMo, recently announced they’ve fallen victim to a credit card breach on their online store. The breach lasted for nearly two months, during which time customer payment card data for nearly 14,000 customers was illegitimately accessed. While officials are still unclear as to who was behind the breach, it is likely related to the MageCart attacks that appeared across the globe during the latter half of 2018.

Blur Password Manager Leaves Passwords Exposed

An independent security researcher recently discovered a server that was allowing unauthenticated access to sensitive documents for well over two million users. The exposed information included names, email addresses, IP addresses from prior logins, and even their account password, though the company has remained firm that the passwords contained within their accounts are still secure. Since the reveal, Blur’s parent company, Abine, has prompted users to change their main passwords and enable two-factor authentication, if they had not already done so.  

Bitcoin Wallets: Still Major Target for Hackers

Nearly $750,000 worth of Bitcoin was stolen from Electrum wallets in an attack that began only a few days before Christmas. By exploiting a previously documented vulnerability, the hackers were able to inject their own server list into the connections made by the Electrum wallet and successfully rerout their victims to another server, where they were then presented with a fake update screen. By moving forward with the “update,” malware was promptly downloaded to the device and users could then enter their wallet credentials, only for them to be stolen and their accounts drained.

The post Cyber News Rundown: Ransomware Hits Tribune Publishing appeared first on Webroot Blog.

Top 5 things SMBs should consider when evaluating a cybersecurity strategy

0
0
Reading Time: ~3 min.

SMBs are overconfident about their cybersecurity posture.

A survey of SMBs conducted by 451 Research found that in the preceding 24 months, 71% of respondents experienced a breach or attack that resulted in operational disruption, reputational damage, significant financial losses or regulatory penalties. At the same time, 49% of the SMBs surveyed said that cybersecurity is a low priority for their business, and 90% believe they have the appropriate security technologies in place. Clearly, SMBs are not correctly evaluating cybersecurity risk.

Many of us can relate – each day we ignore obvious signs that point to a reality that is in direct contrast to our beliefs. For example, as each year passes, most of us get a little slower, muscles ache that never ached before, we get a bit softer around the middle, and we hold our reading material farther away. Yet, we are convinced we could take on an NBA player in a game of one-on-one or complete the American Ninja Warrior obstacle course on the first try. 

While it’s unlikely that most of us can make the improvements needed to compete with elite athletes, the same can’t be said for enterprise cybersecurity. The journey is not an easy one given the security talent vacuum, a lack of domain understanding at the executive level, and the complexity of implementing a long-term, metric-based strategy. But, if you are an SMB struggling to run up and down the proverbial court, here are five things you should consider when building a better security practice:

1.   Experienced staff are valuable, but expensive, assets. 

Although enterprise cybersecurity is a 24/7/365 effort requiring a full roster of experienced professionals, many SMB cybersecurity teams are underequipped to handle the constant deluge of alert notifications, let alone the investigation or remediation processes. In fact, only 23% of survey respondents plan to add staff to their security teams in the coming year. For many SMBs, the security staffing struggles may get worse as 87% reported difficulties in retaining existing security professionals. To fill this gap, SMBs are increasingly turning to MSPs and MSSPs to provide the expertise and resources needed to protect their organizations around the clock.

2.   Executives understand what is at stake, but not what action to take. 

As the threat landscape becomes more treacherous, regulatory requirements multiply, and security incidents become more common, executives at SMBs have become more acutely aware of the business impact of security incidents – most are feeling an urgency to strengthen organizational cybersecurity. However, acknowledging the problem is only the first step of the process. Executives need to interface with their internal security teams, industry experts and MSPs in order to fully understand their organization’s risk portfolio and design a long-term cybersecurity strategy that integrates with business objectives.

3.   Security awareness training (SAT) is low-hanging fruit (if done right). 

According to the 451 Research Voice of the Enterprise: Information Security: Workloads and Key Projects survey, 62% of SMBs said they have a SAT program in place, but 50% are delivering SAT on their own using ‘homegrown’ methods and materials. It should be no surprise that many SMBs described their SAT efforts as ineffective. MSPs are increasingly offering high-quality, comprehensive SAT for a variety of compliance and regulatory frameworks such as PCI-DSS, HIPAA, SOX, ISO, GDPR and GLBA. SMBs looking to strengthen their security posture should look to partner with these MSPs for security awareness training.

4.   Securing now means securing for the future. 

The future of IT architecture will span both private and public clouds. This hybrid- and multi-cloud infrastructure represents a significant challenge for SMBs that require a cybersecurity posture that is both layered and scalable. SMBs need to understand and consider long-term trends when evaluating their current cybersecurity strategy. With this aim in mind, SMBs can turn to MSPs and MSSPs with the experience and toolsets necessary for securing these types of complex environments. 

5.   A metrics-based security approach is needed for true accountability. 

In a rush to shore up organizational security, SMBs might make the all-too-common mistake of equating money spent with security gained. To be clear: spending not backed by strategy and measurement only enhances security posture on the margins, if at all. To get the most bang for each buck, SMBs need to build an accountable security system predicated on quantifiable metrics.Again, this is an area where SMBs can partner with MSPs and MSSPs. This serves as an opportunity to develop cybersecurity strategy with measurable KPIs to ensure security gains are maintained over time. MSPs can help SMBs define the most applicable variables for their IT architectures, whether it be incident response rate, time-to-response or other relevant metrics.

The strategic reevaluation of organizational security is a daunting task for any organization, but given the risks SMBs face and their tendency to be underprepared, it is a necessary challenge. These key points of consideration for SMBs embarking on this critical journey underscore the importance of building an accountable and forward-looking security system and highlight the ways in which SMBs can work alongside MSP or MSSP partners to implement the right cybersecurity system for their organizations. I hope this will be the wake-up call all SMBs need to unleash their inner cybersecurity all-star.

If you’re interested in learning more about how other SMBs are approaching cybersecurity, read my report Security Services Fueling Growth for MSPs.

The post Top 5 things SMBs should consider when evaluating a cybersecurity strategy appeared first on Webroot Blog.

The Must-Have Tech Accessory for Students

0
0
Reading Time: ~4 min.

We live in a digital age where internet-connected devices are the norm. Our phones, our televisions, even our light bulbs are tied together in today’s tech ecosystem. For high school and college students, this degree of digital connection is the standard, and when school is in session, tech accessories are a popular way to customize the various connected devices that are now an essential part of students’ lives.

With their focus on specialized accessories, it’s easy for students to overlook the importance of securing their connected devices. What’s the point of an expensive phone case or the perfect PopSocket if you’re leaving yourself, and your data, vulnerable? Hacks, security breaches, and stolen identities are often seen as things that don’t happen to digital natives. But security breaches can happen to anyone—no matter how sophisticated a user may be—and are almost always preventable by practicing safe cyber habits and having the right security is in place. But where do you start?

Back to basics

For students at any level, these best practices may seem eye-rollingly intuitive, but they are the basic tools for staying safe and secure online. Flaws with basic cybersecurity often prove to be the catalyst for a chain reaction of breaches, so by making sure these essential fail-safes are in place, you go a long way toward protecting yourself from cybercrime.

Awareness

Being aware of your surroundings and the connectivity of your devices is the first step towards a digitally secure life. But what does awareness mean from a cybersecurity standpoint? It means turning airdrop, file sharing, and open Bluetooth connectivity off, before you use your device in a public area. It means not leaving your laptop unattended, even if you’re just running to the bathroom at the coffee shop. It means using a free tool, such as haveibeenpwned.com, to see if your data has been breached in the past and taking corrective measures if it has been. Most importantly, it means treating public networks like they are public, and not accessing sensitive information through them unless you take the proper precautions (more on that below).

Two-Factor authentication

Two-factor authentication, where a validation message is sent upon login, is a security feature that verifies that you are the one who is actually attempting to access your account, particularly if the access request is coming from an unrecognized device or location. Two-factor authentication is the best way to stop unauthorized users from logging into your accounts. Most social media services offer two-factor authentication, but if you don’t trust them to be up to the task, use a third party service such as Authy or Google Authenticator. SMS and email two-factor authentication measures are demonstrably weaker than other available two-factor measures, and should be avoided if possible (although it’s better than using only a password alone).

Multiple passwords

No one likes to remember multiple passwords, let alone multiple secure passwords. But never reusing passwords is the best way to prevent third-party breaches from affecting multiple accounts. A good tip for varied passwords you can remember? Choose a phrase (or favorite song lyric) and break it down into sections. For example, the quick brown fox jumps over the lazy dog, becomes three separate passphrases.

  • the quick brown
  • fox jumps over
  • the lazy dog

This is a handy trick to wean yourself off the same two passwords you’ve been using since middle school, and is better than password redundancy. Make sure you include spaces in your passphrases. In the rare case spaces are not allowed, then a phrase without spaces will suffice.

Digging deeper

If the tips above are the metaphorical security sign in the window of your digital life, the measures outlined below are the actual security system. A small amount of additional effort on your part will help keep you safe during your educational career. 

Antivirus software

Making sure you have trusted antivirus software running on all devices is one of the most effective ways to stay safe from online threats. A cross-device service, such as Webroot SecureAnywhere® solutions, will keep you safe from potentially malicious emails, files, or apps. An important step to never skip? Keeping your antivirus software up to date. This will help prevent newly surfaced viruses and malware from penetrating your systems. Or, chose cloud-based antivirus solutions, like Webroot’s, that do not require updates.

Password managers

Don’t want to bother with remembering passwords at all? Password managers with secure encryption make generating and storing passwords safe and easy. Many password managers are compatible with common browsers such as Chrome and Firefox, making it easy to securely auto-fill passwords and other forms online.

Message encryption

Encryption services use ciphers to convert messages into random symbols, which are only able to be converted back when accessed by the intended recipient, with a special key. Common encryption options are Apple Messages and Signal, as well as WhatsApp, which is owned by Facebook. If you prefer an encryption option that isn’t owned by a large corporation, Signal is a part of Open Whisper Systems.

Virtual private networks

If you must access sensitive information through a public network, setting up a virtual private network (VPN) will block and redirect your IP address, preventing outside parties from tracking and storing your information. Your VPN setup will largely depend on both your specific devices and price point, but with a little research and energy you can prevent anyone and anything from accessing your digital vault.

Vigilance is key

These tools are the true must-have tech accessories to support young people today and their digitally enhanced life. It’s easy to be overwhelmed as a student with school, work, and social life, but don’t let your cybersecurity defenses lag. Stay informed and stay updated.

The post The Must-Have Tech Accessory for Students appeared first on Webroot Blog.

Cyber News Rundown: Bad Apps Infect Google Play

0
0
Reading Time: ~2 min.

Malicious Apps Get Millions of Installs

Google recently removed 85 apps from the Play Store after they were found to contain predatory adware. With over nine million combined downloads, the apps were mostly fake games or utility apps that began pushing a constant stream of full-screen ads to users until the app itself crashed. More worrisome, while nearly all the apps shared similar code, they were mostly uploaded from different developer accounts and used different digital certificates to minimize detection.

Tuition Scam Targets UK College

Several parents of students attending St. Lawrence College in the UK fell victim to an email scam over the holidays that requested early tuition payment at a discounted rate for the upcoming terms. While security measures surrounding parental information have since been improved, at least two separate families confirmed they sent undisclosed amounts of money to the scammers. Though these types of attacks target large audiences, it takes only a small number of successful attempts to make the campaign profitable.

Australian EWN System Hacked

With the help of a strong detection system, a brief hack of the Australian Early Warning Network (EWN) was quickly shutdown. Some of the messages contained warnings about the security of the EWN and listed several links that the user could navigate through. Fortunately, staff were quick to notice the severity of what was occurring and acted to prevent additional customers from being spammed.

Ransomware Uses Children’s Charity as Cover

When CryptoMix first came to light, it included a ransom note masquerading as a request for a “donation” to a children’s charity. It has since returned, but now includes actual information from crowdfunding sites attempting to help sick children and using their stories to guilt victims into paying a ransom. Even worse, as victims navigate the payment process, the ransomware continues to urge them on with promises that the sick child will know their name for the aid they provide.

Exploit Broker Raises Bounties for New Year

Following the New Year, a known exploit broker, Zerodium, announced they would be effectively doubling all bounty payouts for zero-day exploits. While lower-end Windows exploits will net a researcher $80,000, some Android and iOS zero-days will pay out up to $2 million. Unfortunately for many working on the lawful side, nearly all the exploits obtained by Zerodium will be privately sold, rather than used for patching or improving security.

The post Cyber News Rundown: Bad Apps Infect Google Play appeared first on Webroot Blog.


MSPs: Your Security Vendor Should Integrate with More Than Just Your RMM and PSA

0
0
Reading Time: ~2 min.

For many MSPs, integrating their security solution with their remote monitoring and management (RMM) and professional service automation (PSA) platforms is essential for doing business. Together, these platforms help lower the cost of keeping up with each client, ensuring profitable margins for a healthy, growing business.

For true providers of IT services—MSPs that sell services rather than licenses and take a holistic approach to client IT health—RMM and PSA integrations are critical for keeping track of hundreds or even thousands of unique endpoints and automating recurring operations for numerous clients.

Like many of the other features of our security solutions, our RMM and PSA integrations are custom-built with the needs of MSPs in mind. They’re designed to help MSPs create the most efficient, well-oiled versions of their businesses possible so that service is prompt, solutions are effective, and profit is preserved.   

Here’s what you should expect from your RMM and PSA security integrations:

  1. Faster rollouts- One of the core benefits of RMM-assisted deployments, expect rollouts to new endpoints to be fast and hassle-free with well-designed integrations. New endpoints should be easy to set up with protection turned on in just a few clicks.
  2. Simplified management- Efficiency is key to profitability. So a centralized dashboard displaying what’s running, what’s broken and how, infection statuses, endpoints requiring attention, and more helps increase the number of endpoints a single technician can manage, boosting efficiency and, ultimately, profitability. 
  3. The data you need- The best RMM and PSA integrations make it possible to get the data you need to run a successful business. Whether it’s per-client data for calculating a client’s cost to you, information on policy settings for sites and endpoints, or additional reporting delivered to clients to promote peace-of-mind, having access to allof your data empowers decision-making. 

Integrations don’t have to end there

Integrating disparate products can be a laborious, time-intensive process. For that reason, many security vendors are reluctant to coordinate too closely with customers to automate functions unique to their businesses. But it doesn’t have to be that way. 

Advanced plugins and tools allow for complete customization of dashboards, reporting, and data tracking. Each can be customized to track the metrics most useful to the organization. Critical processes, like issuing periodic reports, can be fully automated. This can be extremely beneficial when it comes to communicating with customers. Weekly or monthly reports demonstrate that, despite a lack of any major security incidents, it wasn’t for lack of trying on the part of cybercriminals. 

More than simply allowing different business platforms to talk to one another, integration plugins can be used for running commands and performing actions. This includes creating, modifying, or deleting licenses, removing duplicate endpoints, or quickly creating new console sites. 

Insist on better integrations

So when considering which cybersecurity vendor offers the most for your MSP, consider not only whether the solution allows you to communicate with your RMM and PSA platforms, but also how deeply. Does the vendor have a dedicated integrations team? Do they offer tools for the customization of business-specific reporting? Can essential, recurring business processes be automated?

The answers to the questions above will help you determine how much value RMM and PSA integrations add for your business. In a market where margins can be razor thin and built-in efficiencies can make or break the bottom line, the answers may make all the difference.

The post MSPs: Your Security Vendor Should Integrate with More Than Just Your RMM and PSA appeared first on Webroot Blog.

Cyber News Rundown: Ransomware Halts Texas Town

0
0
Reading Time: ~2 min.

Texas Town Brought to a Halt by Ransomware

Several days ago the town of Del Rio, Texas, fell victim to a ransomware attack that knocked most of the town’s major systems offline. While the town’s IT department quickly worked to isolate the infection, remaining departments were forced to switch to hand-written transactions in order to not completely shut down. Fortunately, the attack was quickly resolved and all city websites returned to normal within only a couple of days.

Data Vulnerability Affects Booking Systems for 141 Airlines

Researchers recently discovered a vulnerability affecting the Amadeus ticket booking system, which is used by more than a hundred international airlines. By making simple changes to a provided URL link, researchers were able to access passenger records and view related flight information. They were also able to access an Israeli airline’s user portal and make changes to the user account, and even change or cancel flight reservations.

Ryuk Ransomware Surpasses $4 Million in Ransom Payments

The ransomware variant known as Ryuk has pulled in nearly $4 million in Bitcoin payments alone since last August. By remaining dormant on previously infected systems, Ryuk can stay hidden for months or even years while its operators build an understanding of the system. In doing so, the attackers are able to command much higher ransom payments by focusing on victims with the means to pay a larger sum.

Account Vulnerability Plaguing Fortnite Players

A new vulnerability has been found pertaining to user accounts for Fortnite that could allow attackers to take full control of an account. By intercepting game-specific authentication tokens, attackers could access a user’s payment card details and use them to purchase in-game currency, or even gain access to a victim’s in-game conversations. Fortunately, Epic Games reacted swiftly to the announced exploits and quickly resolved the security flaws.

Advertising Hack Pushes Malware on Online Shoppers

The latest MageCart attack has compromised the entire distribution network for Adverline, a French advertising company that conducts a substantial amount of business in Europe. By injecting a malicious JavaScript code into dozens of online stores, the attack has been used to steal payment data from at least 277 unique websites thus far. By starting the attack at the top of the distribution chain, these types of attacks have an increased chance of success as the number of victims rises.

The post Cyber News Rundown: Ransomware Halts Texas Town appeared first on Webroot Blog.

Smart Wearables: Convenience vs. Security

0
0
Reading Time: ~3 min.

Fitness trackers and other digital wearables have unlocked a new era of convenience and engagement in consumer health. Beyond general fitness trackers, you can find wearables for a variety of purposes; some help diabetics, some monitor for seizure activity, and some can aid in senior citizens’ health and quality of life. But the convenience of an interconnected lifestyle may be a double-edged sword. Fitness trackers and wearables are notoriously unsecured. Wearables record and store some of our most sensitive health data—which is often 10x more valuable than a stolen credit card— making them a particularly attractive target for hackers.

So what types of data does your fitness tracker store? For a start, it holds the identifying information required to set up your account, such as your email, username, and password. But other fitness tracking specifics can make a user easier to identify, including as gender, birthdate, geographical location, height, and weight. Health and activity data provides an in-depth look at the user’s daily habits through the power of GPS monitoring. If your device is paired inside of a network, other personal device information will also be stored, such as your Unique Device IDs or MAC addresses. Depending on the device, your wearables may also store your credit card information or bank account information.

New vulnerabilities

Because of their versatility, wearables and fitness trackers leave us vulnerable in many ways. In last year’s MyFitnessPal hack, which affected 150 million users, attackers hoped to access credit card information but came away with only usernames and passwords. But what about the information that is more specific to wearables, like GPS tracking? After the fitness tracker Strava revealed hidden army bases through heatmap tracking, the Pentagon began to restrict the use of wearables by military personnel due to the potential security threat. And the recently uncovered MiSafe vulnerability left thousands of children unsecured, allowing hackers to track their movements, listen in on conversations, and actually call children on their smart watches. 

Even with these concerns, the wearables market continues to grow, with the prevalence of such devices predicted to double by 2021. Large healthcare organizations and insurance carriers are also starting to use insights from fitness trackers to influence both patient care and insurance rates. We’re even beginning to see the introduction of wearables for employee tracking, although this has met with mixed response. With this increased exposure to potentially insecure technologies, you’ll need to take extra steps to ensure your family’s security.

Where to start

Always research any fitness trackers or wearable devices before you commit, and be sure to avoid devices with any known security flaws. Notable examples to avoid are Medion’s Life S2000 Activity Tracker and Moov’s Now tracker. The Life S2000 requires no authentication and sends data unencrypted, and the Now tracker can leave users vulnerable to attack via Bluetooth connectivity. Even larger brands like Lenovo struggle to maintain an adequate level of security in their fitness trackers; the Lenovo HW01 smart band sends both registration and login data to its servers unencrypted.

Although it’s tedious, we recommend you always read the privacy policy of any wearable device or fitness tracking app before you use it. If the data storage and security measures outlined in the policy aren’t up to snuff, request a refund and let the manufacturer know why. Periodically reviewing your app’s privacy settings on your phone is also a good practice—just to make sure you’re comfortable with the app’s level of access. Take common-sense cybersecurity measures to help keep your wearables as secure as possible. Never reuse passwords or use third party login services like Facebook Login, and consider using a password manager like LastPass® instead.

Wearables and fitness trackers are here to stay, and the Internet of Things (IOT) is only going to keep growing. We have to work together to protect ourselves as we integrate these technologies into our daily lives. After all, the price of convenience cannot match the value of our personal security.

As always, be sure to check back here to stay updated on the newest cybersecurity trends.

The post Smart Wearables: Convenience vs. Security appeared first on Webroot Blog.

Cyber News Rundown: Anatova Ransomware Infects the Globe

0
0
Reading Time: ~2 min.

Anatova Ransomware Reaches Global Market

A new ransomware family, dubbed Anatova by researchers, has been infecting machines across the globe. During encryption, Anatova appears to focus on small files to speed up overall encryption times, but doesn’t append the encrypted files with a new extension. Unexpectedly, this variant demands DASH crypto coins, rather than using a currency with a less visible transaction ledger. It also uses several tactics to prevent analysis in both real-world and virtual environments.

Android Malware Remains Dormant until it Detects Motion

On the Google Play store, researchers have discovered several malicious apps that rely on an unusual trigger to install a banking Trojan: motion sensors. By monitoring the motion sensor in a specific mobile device, the malware can determine if it is a real victim device or a research emulator (which would likely remain stationary during analysis.) In particular, one of these insidious apps was downloading the Anubis banking Trojan, which launched a fake Android update screen to start keylogging in hopes of capturing banking credentials.

Google Faces First Major GDPR Fine

Regulators in France have issued a fine against Google for two separate complaints, the first being the company’s misuse of their users’ data, the second being the legal use of that data without providing the user enough details to give fully-informed consent. This fine is the first issued by the CNIL, the official regulator for France, and could cost Google up to $57 million.

ElasticSearch Database Exposes Online Gambling Bets

In the last couple days, security researchers have discovered a database holding sensitive information on dozens of online casino sites’ bettors. After contacting the hosting provider, researchers verified that the database, which contained over 100 million bet entries, had finally been secured. However, it’s still unclear whether the database’s owner or the ISP was responsible.

Chinese Crypto Farms Get Unique Ransomware Strain

Since China houses most of the world’s cryptocurrency mining farms, it comes as little surprise that malware authors are beginning to focus on this lucrative market. By infecting Antminer devices, which mine Litecoin and Bitcoin, this variant can quickly shut down the device and prevent further mining operations. Victims must choose between paying an extremely high ransom and allowing the infection to spread to thousands of other devices. For victims who do not pay, this variant also threatens to shut down devices’ fans, causing them to overheat and eventually destroy themselves.

The post Cyber News Rundown: Anatova Ransomware Infects the Globe appeared first on Webroot Blog.

A Miner Decline: The Surprising Slowdown of Cryptomining

0
0
Reading Time: ~4 min.

This is the first of a three-part report on the state of three malware categories: miners, ransomware and information stealers.

In Webroot’s 2018 mid-term threat report, we outlined how cryptomining, and particularly cryptojacking, had become popular criminal tactics over the first six months of last year. This relatively novel method of cybercrime gained favour for being less resource-intensive and overtly criminal when compared to tactics involving ransomware. But mining cases and instances of mining malware seem to have dropped off significantly in the six months since this report, both anecdotally and in terms of calls to our support queue. 

The crytpo world has gone through significant turmoil in this time, so it’s possible the reduced use of malicious cryptojacking scripts is the result of tanking cryptocurrency values. It’s also possible users are benefitting from heightened awareness of the threat and taking measures to prevent their use, such as browser extensions purpose-built to stop these scripts from running. 

Setting aside the question of why for a moment, let’s take a look at some stats illustrating that decline during that time period.

Cryptojacking URLs seen by Webroot over six months beginning 1 July through 31 December, 2018, Webroot SecureAnywhere client data. 

Webroot endpoints detected URLs associated with over 17,000 cryptojacking instances over the last year.


New miner malware seen by Webroot 

Data from six months beginning 12 July through 9 Jan, 2019, Webroot data, units logarithmic.

Portable executable mining malware seen by Webroot threat intelligence. Data from hundreds of millions of Webroot sensors.


Monero mining profitability ($)

Data covering six months from 12 July – 9 Jan, 2019, Bit Info Charts, units logarithmic

We chose Monero as the currency to analyse here because of its popularityamong crooks operating miners or cryptojacking sites. However, results for Bitcoin over the same time period are similar.


Monero price ($)

Data covering six months from 12 July through 9 Jan, 2019, World Coin Index

Interpreting the data

None of the graphs are identical, but without too much statistical comparison, I think a broad trend can be seen: malicious mining is on the decline alongside a general decline in coin value and coin mining profitability. 

Profitability affecting criminal tactics is of course not surprising. The flexibility of exploit kits and modern malware campaigns like Emotet mean that cybercriminals can change tactics and payloads quickly when they feel their malware isn’t netting as much as it should.

Thanks to the dark web, criminal code has never been easier to buy or rent than in recent years, and cryptocurrencies themselves make it easy to swap infection tactics while keeping the cash flowing. Buying or renting malicious code and malware delivery services online is easy, so the next time the threat landscape changes, expect criminals to quickly change with it. 

Should I still care about miners?

Yes, absolutely. 

Cryptocurrency, cryptomining, and malicious cryptomining aren’t disappearing. Even with this dip, 2018 was definitely a year of overall cryptocrime growth. Our advanced malware removals teams often spot miner malware on machines infected by other malware, and it can be an indication of security holes in need of patching. And any illegal mining is still capable of constantly driving up power bills and frustrating users.

Where are cybercriminals focused now?

Information theftis the current criminal undertaking of choice, a scary development with potentially long-lasting consequences for its victims that are sometimes unpredictable even to thieves. The theft, trade, and use for extortion of personal data will be the focus of our next report.

What can I do?

Cryptojacking may only be on the decline because defences against them have improved. To up your chances of turning aside this particular threat, consider doing the following:

  • Update everything. Even routers can be affected by cryptojacking, so patch/update everything you can.
  • Is your browser using up lots of processor? Even after a reset/reinstall? This could be a sign of cryptojacking.
  • Are you seeing weird spikes in your processor? You may want to scan for miner infections.
  • Don’t ignore repeated miner detections. Get onto your antivirus’ support team for assistance. This could be only the tip of the iceberg.
  • Secure your RDP.

What can Webroot do?

Webroot SecureAnywhere®antivirus products detect and remove miner infections, and the web threat shield blocks malicious cryptojacking sites from springing their code on home office users. For businesses, however, the single best way to stop cryptojacking, is with DNS-level protection. DNS is particularly good at blocking cryptojacking services, no matter how many sites they try to hide behind.

Persistent mining detections might point to other security issues, such as out-of-date software or advanced persistence methods, that will need extra work to fix. Webroot’s support is quick and easy to reach.

In the end, cryptomining and cryptojacking aren’t making the same stir in the cybersecurity community they were some months ago. But they’ve far from disappeared. More users than ever are aware of the threat they pose, and developers are reacting. Fluctuations in cryptocurrency value have perhaps aided the decline, but as long as these currencies have any value cryprojackers will be worth the limited effort they require from criminals.

Watch for the use of cryptominers to be closely related to the value of various cryptocurrencies and remain on the lookout for suspicious or inexplicable CPU usage, as these may be signs that you’re being targeted by these threats. 

And of course, stay tuned to the Webroot blog for information on the latest threat trends.

The post A Miner Decline: The Surprising Slowdown of Cryptomining appeared first on Webroot Blog.

Viewing all 1110 articles
Browse latest View live




Latest Images