Category Archives: featured posts

Cybersecurity in Schools: What Families Need to Know

Reading Time: ~ 3 min.

Our kids are more connected than any previous generation. From the moment they wake up, they have an instant connection to the internet through phones, tablets, and laptops. The internet is also now an important part of their learning experience, and many parents often assume that cybersecurity has risen as a priority for school administrators. But with many institutions struggling to modernize legacy systems, that assumption puts our children’s security at risk. Here are the top threats to cybersecurity in schools and how to protect against them, so you can send your kids out the door knowing they’re safe and secure. 

Learn how VPNs help safeguard your data and can enable private and anonymous web browsing.

Unsecured School WiFi

Many school WiFi networks are as vulnerable as any public network at a coffee shop or airport. In an attempt to secure WiFi networks in K-12 environments, many schools use pre-shared key (PSK) authentication. PSK authentication is the practice of sharing a single WiFi password with network users in order to grant access. This password often makes its way onto unauthorized devices, granting potentially malicious users access to the school’s network, and to your child’s digital footprint.

Weak Cybersecurity Practices

A school’s cybersecurity defense plan is only as strong as its weakest link, and that weak link is often the plan’s users and overseers. According to Verizon’s 2019 Data Breach Investigation Report, a startling 35% of all education sector data breaches were caused by human error. Mistakes as simple as using discontinued or out-of-date software can leave entire school systems vulnerable—even at prestigious institutions like Stanford University. Because Stanford was using discontinued software called NolijWeb, a white hat hacker was able to exploit a security flaw that left sensitive student data easily accessed through a simple change to a numeric ID in a URL. While exploring the scope of the vulnerability, 81 students’ private data was exposed, including information like Social Security numbers, citizenship status, criminal status, standardized test scores, ethnicity, and home addresses.

Targeted Cybersecurity Attacks

Due to the highly sensitive data stored within their systems, education IT infrastructure is consistently a top target for cybercriminals. K-12 school systems and higher education saw more than 48 million records exposed through data breaches in 2017 and 2018 alone. The threat has become a large enough issue that the FBI has released a public service announcement warning that the education sector was one of those most frequently targeted by social engineering schemes and phishing attacks. 

Beyond traditional cyber threats, schools often face a unique adversary—the students themselves. The Joint Information Systems Committee (JISC) recently conducted a survey that examined more than 850 cyberattacks against schools and concluded that a majority of those incidents had been perpetrated by students or school staff. Although an attacker who targets a school so that they won’t have to take a test may not be as costly as one that targets student data, it still can grind a school system to a halt.

How to Protect Your Student’s Cybersecurity

How can you protect your child’s cybersecurity while they are at school? Get involved. Ask the school’s administrators about their cybersecurity policy. Ask about their strength of their firewalls, their email security measures, and the amount of encryption applied to the data storage systems. If you’re not satisfied with their measures, be your child’s cybersecurity advocate.

Although you may have limited control over any school-provided devices, you can secure your child’s personal devices behind a trusted VPN (though they must know how to use it first). This will wrap your child’s data in a tunnel of encryption, protecting them from prying eyes wherever they go. In some cases, VPNs can prevent access to testing and curriculum sites on school networks, so students should know how to connect and disconnect to their VPN at will.

Most importantly, teach your child to be aware of the risks of cybercrime and how to combat them. Help them understand how a VPN and other measures can keep them safe, how to recognize phishing attacks, and why they should always be vigilant. Your child knows to wear a seatbelt when riding in someone else’s car, they should also know how to stay safe online, whether at home, school, or a friend’s house.

The key to truly protecting your children from potential cybersecurity threats is education, both for yourself and for your family. Follow us on Facebook and Twitter to stay up to date on the latest risk reports and security tips.

The post Cybersecurity in Schools: What Families Need to Know appeared first on Webroot Blog.

Context Matters: Turning Data into Threat Intelligence

Reading Time: ~ 3 min.

1949, 1971, 1979, 1981, 1983 and 1991.

Yes, these are numbers. You more than likely even recognize them as years. However, without context you wouldn’t immediately recognize them as years in which Sicily’s Mount Etna experienced major eruptions.

Data matters, but only if it’s paired with enough context to create meaning.

While today’s conversations about threat intelligence tend to throw a ton of impressive numbers and fancy stats out there, if the discussion isn’t informed by context, numbers become noise. Context is how Webroot takes the wealth of information it gathers—data from more than 67 million sources including crawlers, honeypots, as well as partner and customer endpoints—and turns it into actionable, contextual threat intelligence.

Read about the importance of data quality for a threat intelligence platform in our latest issue of Quarterly Threat Trends.

What defines contextual threat intelligence?

When determining a definition of contextual threat intelligence, it can be helpful to focus on what it is not. It’s not a simple list of threats that’s refreshed periodically. A list of known phishing sites may be updated daily or weekly, but given that we know the average lifespan of an in-use phishing site to be mere hours, there’s no guarantee such lists are up to date.

“Some threat intelligence providers pursue the low-hanging fruit of threat intelligence—the cheap and easy kind,” says Webroot Sr. Product Marketing Manager Holly Spiers. “They provide a list of of IP addresses that have been deemed threats, but there’s no context as to why or when they were deemed a threat. You’re not getting the full story.”

Contextual threat intelligence is that full story. It provides not only a constantly updated feed of known threats, but also historical data and relationships between data objects for a fuller picture of the history of a threat based on the “internet neighborhood” in which it’s active.

Unfortunately, historical relationships are another aspect often missing from low-hanging threat intelligence sources. Since threat actors are constantly trying to evade detection, they may use a malicious URL for a period before letting it go dormant while its reputation cools down. But because it takes more effort to start from scratch, it’s likely the actor will return to it before too long.

“Our Threat Investigator tool, a visualization demo that illustrates the relationship between data objects, is able to show how an IP address’s status can change over a period of time, says Spiers. “Within six months, it may show signs of being a threat, and then go benign.”

What are the elements of context?

Over the course of a year, millions of internet objects change state from benign to malicious and back numerous times as cyber criminals attempt to avoid detection. And because threats are often interconnected, being able to map their relationships allows us to better predict whether a benign object has the potential to turn malicious. It also helps us protect users from never-before-seen threats and even predict where future attacks may come from.

That’s where the power in prediction lies—in having contextual and historical data instead of looking at a static point in time.

Some elements that are needed to provide a deeper understanding of an interwoven landscape include:

  • Real-time data from real-world sources, supplemented by active web crawlers and passive sensor networks of honeypots designed to attract threats, provide the necessary data for training machine learning models to spot threats
  • An ability to analyze relationships connecting data objects allows threat intelligence providers to make a connections as to how a benign IP address, for example, may be only one step away from a malicious URL and to predict with high confidence whether the IP address will turn malicious in the future.
  • Both live and historical data helps in the development of a trusted reputation score based on behavior over time and common reputational influencers such as age, popularity, and past infections.

Seeing the signal through the noise

Context is the way to turn terabytes of data into something meaningful that prompts action. Having the power to be able to dig into the relationships of internet objects provides the context that matters to technology vendors. For consumers of contextual threat intelligence, it means fewer false positives and the ability to prioritize real threats.

“Working with real-world vendors is key,” according to Spiers. “The reach of contextual threat intelligence and number of individuals it touches can grow exponentially.”

The post Context Matters: Turning Data into Threat Intelligence appeared first on Webroot Blog.

Out from the Shadows: The Dark Web

Reading Time: ~ 4 min.

You’ve likely heard of the dark web. This ominous sounding shadow internet rose in prominence alongside cryptocurrencies in the early 2010s, eventually becoming such an ingrained part of our cultural zeitgeist that it even received its own feature on an episode of Law & Order: SVU. But as prominent as the dark web may be, few average internet users can properly explain what it is and the cyber threats it provides a haven for. Let’s step back from the pop culture mythos and dive into what makes the dark web so dark.

Don’t let cybercriminals steal your money or identity. Protect your devices with cloud-based security.

Open Web, Deep Web, and Dark Web: Know the Difference

The open web, or surface web, is the internet we use every day. This includes all the web content that can be found through search engines and is accessed by traditional web browsers. Though you might find it surprising that the open web accounts for just 5% of the internet. The rest is made up of the deep web. 

The deep web is the section of the internet that is not indexed by search engines and cannot be found through traditional search methods. This means that the only way to access deep web content is through a direct URL. While rumors about the deep web make it seem as if it is exclusively used for nefarious purposes, content on the deep web is often banal. It is largely comprised of school and university intranet systems, email and banking portals, internal sites for businesses and trade organizations, and even things like your Netflix or Hulu queues. Nothing to be afraid of there.

While the dark web is technically a part of the deep web, it takes anonymity a step further by using overlay networks to restrict access, often attracting users engaged in illicit activity. These networks use special anonymized software to grant users access; the largest and most famous of which is Tor. Tor stands for “The Onion Router,” which references its “onion routing” technique of using encapsulated layers of encryption to ensure privacy. Tor websites are most easily recognized by their “.onion” domains, and by the fact that they cannot be accessed through traditional web browsers. You may have heard stories about the NSA trying to shut Tor down, but don’t expect the services to go away soon. It has funding from high places, with a recent FOI request revealing that one of Tor’s largest financial contributors has long been the U.S. State Department—likely to offer encrypted communication options for State Department agents working in the field.

Is the Dark Web Illegal?

The dark web isn’t inherently illegal—the illegality comes from how it can be used. Darknet markets, such as the infamous and now defunct original Silk Road, showcase how thin the line is between legal and illegal dark market activities. As long as what you are purchasing is legal, using a darknet market is as lawful as making a purchase from any other online retailer. But buying illicit drugs or human organs? Yeah, that’s definitely illegal. 

Although not as remarkable as some of the more grotesque items available, one of the most commonly found items for sale on the dark web is data. With a reported 281 data breaches in just the first quarter of 2019, we have already seen 4.53 billion records exposed this year alone. That’s potentially more than 4 billion chances for hackers to profit off the victimization of strangers, and a majority of them will use the dark web to do so. We have seen several high-profile data breaches resurface on the dark web—Equifax, Canva, Under Armor, and Evite all recently had their user data available for sale on darknet markets.

The Dark Web and Malware-as-a-Service

Beyond selling your data, the dark web can be used to harvest it as well. Webroot Security Analyst, Tyler Moffitt, explains this growing threat:

“Anyone can create malware in today’s landscape where the dark web is very accessible,” says Moffit. “There are ransomware services on .onion links that will allow you to input just a few bits of information, like a bitcoin address, desired ransom, late fees, etc., and unique binaries are generated to distribute however they like. The only ‘catch’ is that the portal creator usually takes a cut (around 30%) for any ransom payments made.”

These malware-as-a-service attacks mean that an attacker doesn’t even need to know how to execute one; they just need to know how to navigate to the portal. Therein lies the largest dark web danger for many consumers—anonymized cyberattacks available at the click of a mouse.

Keeping Your Data Off the Dark Web

Like a hydra with its multiple heads, black markets will likely never be wiped out. When you shut one down, two more will pop up. Darknet markets are just their newest evolution. While you can’t expect to see this threat disappear anytime soon, you can take steps to keep your data secure and off the dark web.

Using an up-to-date antivirus solution will help stop malware from scraping your data on the dark web. You can also lock your credit (called freezing) to help prevent new credit lines being open without additional information. Another recommendation is avoiding public WiFi without a VPN, as it leaves you susceptible to a man-in-the-middle attack (MITM). Even with these precautions, a breach may still occur. Keeping your sensitive accounts secured with a trusted password manager can also help prevent cyber attacks from spreading beyond their breach point. 

Follow us on Facebook and Twitter to stay up to date on the latest threats to your online security and privacy.

The post Out from the Shadows: The Dark Web appeared first on Webroot Blog.

Webroot Culture: Serena Peruzzi Shares Her Side

Reading Time: ~4 min.

Today we chat with Web Analyst Manager Serena Peruzzi. Serena constantly filters through the web to analyze content. Sometimes her position requires looking through difficult material, but other times you can find her traveling, organizing company events, and even gardening!  

See how Serena helps build Webroot’s company culture in this Employee Spotlight.

How did you get into the technology field? 

During my undergrad in Translation and Interpreting 10 years ago, I came to realize how big a role automation and machine translation were going to play in my field. Thus, I decided to beat the trend to the punch and focus my research on Google Translate for my thesis; further on, I completed a master’s degree in Translation Technology, which mixed together traditional translation with state-of-the art localization technologies, and included leveraging on Machine Learning and language pattern recognitions to build automated translation engines. Google Translate pretty much rules the multilingual content scene for the general public, making content in more than 100 languages immediately accessible to the global audience with just one click. Also, a lot of crowdsourced content, for example travel or business reviews on the web, is also localized using machine translation technologies to maximize international reach. Additionally, many large corporations already leverage on customized enterprise machine translation engines to translate manuals and other documentation. There are already technologies allowing to converse in multiple languages in real-time, so there’s virtually no language barriers than cannot be overcome anymore; of course, provided you have an internet connection 

What does a week as a Web Analyst Manager look like? 

I typically have a few one-on-one calls with all remote Web Analysts on a weekly or bi-weekly basis, and two team meetings per week, one with the US and one with Sydney. We discuss top issues, upcoming tool updates and feature releases, and use the wisdom of the crowd to find a solution to difficult cases. We use a collaborative Kanban board to track the topics we discuss, so that we can always go back to them or track progress on resolutions. Finally, I work on a number of projects related to training, quality assessments, classification approvals, new implementations, case escalations from the team, and documentation. I also have a few gardening tasks to take care of, keeping the Webroot Threat plants alive is quite an arduous task!  

What have you learned / what skills have you built in this role? 

Customer care, URL threat analysis, and all aspects of people management are among the key skills I learned in the role. It also helped me keep up my passion for foreign languages, especially Spanish and Japanese, since I need to analyze web content from all over the world. 

What is the hardest thing about being a Web Analyst Manager? 

Explaining what a Web Analyst does is quite an arduous task, partially because it is a very complex and multi-faceted role involving analyzing large amounts of online content, but also because it involves, to some extent, evaluating content that may be disturbing or violent in nature, and it can be a difficult sell at times. 

What is your greatest accomplishment in your career at Webroot so far? 

Having helped build a global team of brilliant and enthusiastic minds is perhaps what makes me most proud of being in Webroot. The Web Analysts are first and foremost masters of languages and cultures; collectively we speak 12 different languages. The more languages you know, the more confidence you have in analyzing online content from all over the world, bringing different perspectives to the mix. Also, we have another element in common: we all want to make the internet a little safer for our user base. Because of that, building the team has always been an incredibly fun experience. It allows candidates to bring up their unique backgrounds and passions for different cultures and the IT security world in their interviews. 

Does your work allow you to travel a lot? Where are some of the coolest places you have travelled?  

I’ve travelled to San Diego, Colorado and Sydney with Webroot. While I enjoyed all my trips, I do have a weak spot for Australia. I am a big fan of water sports, and Australia offers the best sceneries for surfing and diving. It also hosts some of the most amazing animals I’ve ever seen. I’ll admit that my encounter with a group of Huntsmen in Sydney, despite being harmless spiders, had me run away fast. But when I first met Quokkas (smiling furry animals), they literally melted my heart 

Best career advice you’ve received? 

There’s a saying in Ireland which can be used as an antidote when things don’t go your way, “What’s for you won’t pass you”. I felt particularly close to it when I couldn’t attain a role in the past, as it ultimately led me to a different, extremely satisfactory role surrounded by amazing people. 

Are you involved in anything at Webroot outside of your day to day work? 

Aside from gardening, I’ve given a hand with organizing team-building and social events for Dublin in the past, including Christmas parties, Health day, mini-golf and bubble football tournaments, and escape room challenges. Since the team is spread across three offices, team events vary based on group size and local amenities. In Ireland, we typically go out for a nice meal once a month, and order in food for celebrations; additionally, there are regular pub sessions with other Webroot teams. We also have office-wide team building activities on a quarterly basis, and/or when we have visitors on-site.  

Favorite memory on the job? 

St Patrick’s Day in the office, when I was in Support, was also a truly fun day. On our lunch break we went to Temple Bar, the very core of St Patrick’s celebrations, hid amongst the mayhem of thousands of party-goers celebrating, and then pinged the US team to spot us on the live street camera, just like in a game of “Where’s Waldo.” 

To learn more about life at Webroot, visit https://www.webroot.com/blog/category/life-at-webroot/

The post Webroot Culture: Serena Peruzzi Shares Her Side appeared first on Webroot Blog.

Antivirus vs. VPN: Do You Need Both?

Reading Time: ~3 min.

Public concern about online privacy and security is rising, and not without reason. High-profile data breaches make headlines almost daily and tax season predictably increases instances of one of the most common types of identity theft, the fraudulent filings for tax returns known as tax-related identity theft

As a result, more than half of global internet users are more concerned about their safety than they were a year ago. Over 80% in that same survey, conducted annually by the Center for International Governance Innovation, believe cybercriminals are to blame for their unease.  

Individuals are right to wonder how much of their personally identifiable data (PII) has already leaked onto the dark web. Are their enough pieces of the puzzle to reconstruct their entire online identity?  

Questions like these are leading those with a healthy amount of concern to evaluate their options for enhancing their cybersecurity. And one of the most common questions Webroot receives concerns the use of antivirus vs. a VPN.  

Here we’ll explain what each does and why they work as compliments to each other. Essentially, antivirus solutions keep malware and other cyber threats at bay from your devices, while VPNs cloak your data by encrypting it on its journey to and from your device and the network it’s communicating with. One works at the device level and the other at the network level.  

Why You Need Device-Level Antivirus Security 

Antiviruses bear the primary responsibility for keeping your devices free from infection. By definition, malware is any software written for the purpose of doing damage. This is the category of threats attempting to undermine the antivirus (hopefully) installed on your PC, Mac, and yes, even smartphones like Apple and Android devices, too.  

In an ever-shifting threat landscape, cybercriminals are constantly tweaking their approached to getting your money and data. Banking Trojans designed specifically for lifting your financial details were among the most common examples we saw last year. Spyware known as keyloggers can surreptitiously surveil your keystrokes and use the data to steal passwords and PII. A new category of malware, known as cryptojackers, can even remotely hijack your computing power for its own purposes.  

But the right anti-malware tool guarding your devices can protect against these changing threats. This means that a single errant click or downloaded file doesn’t spell disaster. 

“The amazing thing about cloud-based antivirus solutions,” says Webroot threat analyst Tyler Moffit, “is that even if we’ve never seen a threat before, we can categorize it in real time based on the way it behaves. If it’s determined to be malicious on any single device, we can alert our entire network of users almost instantaneously. From detection to protection in only a few minutes.” 

Why You Need Network-Level VPN Security 

We’ve covered devices, but what about that invisible beam of data traveling between your computer and the network it’s speaking to? That’s where the network-level protection offered by a VPN comes into play.  

While convenient, public networks offering “free” WiFi can be a hotbed for criminal activity, precisely because they’re as easy for bad actors to access as they are for you and me. Packet sniffers, for instance, can be benign tools for helping network admins troubleshoot issues. In the wrong hands, however, they can easily be used to monitor network traffic on wireless networks. It’s also fairly easy, given the right technical abilities, for cybercriminals to compromise routers with man-in-the-middle attacks. Using this strategy, they’re able to commandeer routers for the purpose of seeing and copying all traffic traveling between a device and the network they now control.  

Even on home WiFi networks, where you might expect the protection of the internet service provider (ISP) you pay monthly, that same ISP may be snooping on your traffic with the intent to sell your data.  

With a VPN protecting your connection, though, data including instant messages, login information, social media, and the rest is encrypted. Even were a cybercriminal able to peek at your traffic, it would be unintelligible.  

“For things like checking account balances or paying bills online, an encrypted connection should be considered essential,” says Moffit. “Without a VPN, I wouldn’t even consider playing with such sensitive information on public networks.”  

How Webroot Can Help 

Comprehensive cybersecurity involves protecting both data and devices. Antivirus solutions to protect against known and unknown malware—like the kinds that can ruin a laptop, empty a bank account, or do a cybercriminals bidding from afar—are generally recognized as essential. But for complete protection, it’s best to pair your antivirus with a VPN—one that can shield your data from intrusions like ISP snooping, packet sniffers, and compromised routers.  

Click the links for more information about Webroot SecureAnywhere® antivirus solutions and the Webroot® WiFi Security VPN app.  

The post Antivirus vs. VPN: Do You Need Both? appeared first on Webroot Blog.

Notice: What Happens on Public Computers, Stays on Public Computers

Reading Time: ~4 min.

These are the places your digital tracks can be dug up. With a little sleuthing.

Experts have warned for years of the risks of using public computers such as those found in libraries, hotels, and airline lounges. 

Many warnings focused on the potential for hackers to plant keystroke loggers, or intercept data as it flows across the internet. Indeed, in 2014, the National Cybersecurity and Communications Integration Center of the U.S. Secret Service issued an advisory for “owners, managers, and stakeholders in the hospitality industry” concerning data breaches. The text of the advisory claimed, “The attacks were not sophisticated, requiring little technical skill, and did not involve the exploit of vulnerabilities in browsers, operating systems or other software.” A 2014 announcement may seem to be an outdated reference, except that the recent Marriott data breach of over 300 million records was attributed to an attack in…wait for it…2014.)

But spyware and keyloggers aren’t the most common threat to the users of business center and other public computers. Forgetfulness, operating systems, applications, and temporary files are high up on the list. For several years I have searched public computers, mostly at hotels, to see what kinds of information people have left behind. It’s been an interesting passion project, to say the least.  

Uncovering a Very Public Digital Paper Trail

The first places I look are the documents, downloads, desktop, and pictures folders. The pictures folder typically yields the least interesting information, usually pictures of groups of drunken guys, group gatherings at restaurants, weddings, or cats.

The desktop, document, and occasionally downloads folders are where most documents are inadvertently left behind. Some interesting samples I’ve discovered include a spreadsheet of faculty merit raises at a university in Texas, including the names of professors, their departments, their current salaries, and their projected raises. Another was the assignment of a chief officer to a ship belonging to one of the largest shipping companies in the world. It included the officer’s name, address, phone number, vessel name, date of assignment, and contact information.

I have come across corporate audits and strategic business plans. Recently, I discovered a document called “closing arguments” created by a district attorney. When possible, I contact the owners of the information to help them understand the risks of using public computers for sensitive work. I rarely hear back, however the DA did thank and assure me the document was a training example.

The biggest menace, however, has been the temporary files folders, which include auto-saved documents and spreadsheets, as well as attachments. It is in the Temporary Internet Files folder that I have uncovered complete emails, and even a webpage including a bank statement detailing a large balance, the account holder’s name, sources of income, and the names and addresses of places he had done business. Of all of the temporary files I have discovered, documents belonging to businesses’ employees have been the most unsettling. 

If you must, take precautions

There is some good news concerning the safety of public computers. Due to technology changes, I no longer find the contents of emails in the Temporary Internet Files folder. But we’re far from out of the woods. I have found my inbox cached, including pictures within emails and even a PDF that had not yet opened.

Although I could not open emails in the temoprary copy of my inbox shown above, subject lines and return email addresses may reveal more information than desired. 

Deleting temporary internet files is a good habit, but there are multiple locations that temporary files are stored. Documents edited on public computers remain of particular concern. Due to auto-save features, it’s possible to open a document on a thumb drive and leave auto-saved documents behind on the computer. Now in normal operating circumstances and with current operating systems and Office applications, this is not likely to happen. But errors like OS and application crashes willleave these copies behind. Microsoft Word and Excel will even proactively offer these auto-saved documents to the next user of these applications

The PDF file shown above was left behind when I read an email using my ISP’s webmail interface. 

Other than finding and deleting information left behind, my use of public computers is limited to reading online articles, checking the weather, and performing internet searches. What personal information you are willing to leave behind on a public computer depends on your risk tolerance. But it’s important to note that accessing corporate data on public computers could result in an inadvertent violation of company policies involving confidential data.

Although I still find public computers running Windows XP, there is a growing shift in the hospitality industry to use Kiosk applications. These provide limited functionality combined with locked-down security configurations. Access to the start menu is not possible and functionality is limited to desktop applications. Printing of boarding passes is a common allowed application. Reading web email is sometimes allowed, though I don’t recommend it because it requires entering a password. The risk of password compromise may be low, but the value of practicing quality security habits leads me to advise against it. If you must, consider changing your email password the next time you log onto a private computer.

If you happen to be using a public computer without a Kiosk interface, would you be so kind as to copy this blog, paste it into a Word document, and save it on the public computer to help inform the next user? They may end up paying it forward.

The post Notice: What Happens on Public Computers, Stays on Public Computers appeared first on Webroot Blog.

The Evolution of Cybercrime

Reading Time: ~5 min.

From Landline Hacking to Cryptojacking

By its very nature, cybercrime must evolve to survive. Not only are cybersecurity experts constantly working to close hacking loopholes and prevent zero-day events, but technology itself is always evolving. This means cybercriminals are constantly creating new attacks to fit new trends, while tweaking existing attacks to avoid detection. To understand how cybercrime might evolve in the future, we look back to understand how it emerged in the past. 

Cybercrime’s origins are rooted in telecommunications, with “hacker” culture as we know it today originating from “phone phreaking,” which peaked in the 1970s. Phreaking was the practice of exploiting hardware and frequency vulnerabilities in a telephone network, often for the purpose of receiving free or reduced telephone rates. As landline networks became more security savvy—and then fell out of favor—phone phreaking became less and less common. But it hasn’t been phased out completely. In 2018, a phone phreaker staged a series of creepy attacks in New York City WiFi kiosks, reminding us that the phreaks may have been forgotten, but they are certainly not gone. 

Cybercrime as we currently think of it began on November 2, 1988 when Robert Tappan Morris unleashed the Morris Worm upon the world. Much like Dr. Frankenstein, Morris did not understand what his creation was capable of. This type of self-replicating program had never been seen before outside of a research lab, and the worm quickly transformed itself into the world’s first large-scale distributed denial of service (DDoS) attack. Computers worldwide were overwhelmed by the program and servers ground to a halt. Although Morris quickly released the protocol for shutting the program down, the damage had been done. In 1989, Morris was the first to be prosecuted and charged in violation of the Computer Fraud and Abuse Act. 

At the turn of this century, we began to see a new era of malware emerge as email gave hackers a fresh access point. The infamous ILOVEYOU worm infected 50 million computers in 2000, corrupting data and self-propagating by exploiting a user’s email contacts. Given that the infected emails were coming from an otherwise trusted source, it forced many consumers to gain perspective on cybersecurity for the very first time. With antivirus software becoming a must-have for all computer owners, cybercriminals had to get inventive once again. 

Phishing Makes A Splash 

Phishing is the practice of tricking a user into willingly providing account logins or other sensitive information. This popular style of attack began with downloadable files through email, like the ILOVEYOU worm, but quickly grew more sophisticated. Phishing emails often imitate a trusted source, like an internet or phone service provider, and often include official-looking graphics, email addresses, and dummy websites to trick the user. In some cases, these phishing attacks are so convincing that even top government officials have been fooled—something we learned all too well in 2016 when the Democratic National Committee was breached.  

With the rise of social media, we have seen a new style of phishing attack that doesn’t appear to be going anywhere anytime soon. Messages from Facebook, Instagram, Twitter and other social media accounts are frequent and increasingly sophisticated sources of social media phishing. 

The Rise of Ransomware 

No history of cybercrime would be complete without an examination of ransomware, a type of malware that gains access to critical files and systems and encrypts them, blocking a user from accessing their own data. Perpetrators extort the user, threatening to permanently delete the data or—in some cases—expose incriminating or embarrassing information. While ransomware has been around for decades, encryption and evasion techniques have become increasingly refined, sometimes at the hand of state actors. One of the most infamous examples of ransomware is the WannaCry attack in 2017, in which North Korean hackers used loopholes developed by the United States National Security Agency in the Windows operating system to attack more than 200,000 computers across 150 countries.  

This made ransomware an international cybersecurity boogeyman, but it shouldn’t be your top concern. Webroot security analyst Tyler Moffitt explains why it’s a complicated strategy: 

“Ransomware requires criminals to execute a successful phish, exploit, or RDP breach to deliver their payload, bypass any installed security, successfully encrypt files, and send the encryption keys to a secure command-and-control server—without making any mistakes,” Moffitt said. “Then the criminals still have to help the victim purchase and transfer the Bitcoin before finally decrypting their files. It’s a labor-intensive process and leaves tracks that must be covered up.”  

Cryptojacking: the cutting edge? 

A more recent workaround for the hard work of ransomware? Cryptojacking. Cryptojacking works by embedding JavaScript code into a website, which can then harvest the processing power of all devices that visit that site, using device processors to mine cryptocurrency for the host. This resource theft drags systems down, but often stealthily enough to go undetected; a fact that makes it very attractive to hackers. The number of cryptojacked URLs detected more than doubled from September to December of 2018, and cryptojacking attacks have officially surpassed ransomware in prevalence.  

“Cryptojacking costs basically nothing to pull off and has much less illegal footprint,” Moffitt said. “When criminals are leveraging victims’ hardware (CPU) and power for siphoned crypto, the profits are very appealing. Even with the volatility of crypto prices, large campaigns have been able to make hundreds of thousands of dollars in only a few months. It’s estimated that over 5% of the cryptocurrency Monero in circulation is the result of illicit mining.”  

Until recently, a cyptocurrency mining service called Coinhive was responsible for 60% of all cryptojacking attacks. Coinhive announced in early March 2019 that they would be shuttering the service. But this is by no means a death knell for crytpojacking—competitors are already rushing to fill the vacuum, not to mention inventing new ways to pivot off of existing cryptojacking techniques.  

Being prepared for this next generation of cybercrime requires a few things from internet users. Keeping devices protected with antivirus software is a strong first step, but awareness of current threat trends is also helpful in preventing outside actors from viewing your data. Pairing antivirus software with a trusted VPN wraps your web traffic in a tunnel of encryption, shielding it from prying eyes. A double-pronged antivirus-plus-VPN defense will stop a majority of cybercrime in its tracks, but it’s by no means where your cybersecurity plan should end.  

The best tool you have against evolving cybersecurity threats? Ongoing education. Read Webroot’s 2019 Threat Report to prepare yourself against threats on the horizon, and check back for regular cybercrime updates. 

The post The Evolution of Cybercrime appeared first on Webroot Blog.

A Chat with Kiran Kumar: Webroot Product Director

Reading Time: ~4 min.

The process of bringing a cybersecurity product to market can be long and tedious, but Kiran Kumar, Product Director at Webroot, loves to oversee all the moving parts. It keeps him on his toes and immersed in the ever-changing world of security technology.

We sat down to chat with Kumar about his #LifeAtWebroot, heard how he got to where he is today, and why he’s loved every minute of his journey.

Tell us about your role as a Product Director.

I’m the product director for our network portfolio of products. This includes Webroot DNS Protection, FlowScape, and our next-gen security solution. I’m also responsible for the overall solutions platform, the next-gen solution we are working on.

What does a typical week look like for you? 

My typical week ranges from working with customers on concept validation or case studies, to presenting at events. I’ll help customers with damage control, provide assurance of the product, or pitch Webroot solutions. I would say that at least 40-50% of my job is working with the engineering team on the next product release. The key is to stay on top of everything and keep my eyes and ears open because it’s the product director’s responsibility to make things happen. You must be able to collect information from different stakeholders, bring it all together, and prioritize. Sometimes no one reports to you, but you still have to bridge the gaps and constantly negotiate, make decisive trade-off decisions, get buy-ins, etc. That’s the key to being a strong product director. I spend time with a lot of people both inside and outside: marketing, sales, sales engineering, customer success, public relations, analyst relations, you name it. It’s a matter of constantly juggling and prioritizing.

What is your favorite part of working as a Product Director?

I enjoy being able to make a difference. Also, the satisfaction of building relationships with all these different groups of people and rallying them to achieve a common goal is really satisfying. You have to take everyone else’s opinion, along with your own, and figure out the best the direction to move in. All of that starts with the product. It’s a key part of every organization. I love seeing all the work that goes into bringing a product to market. The ability to make an impact and visibility into projects is tremendous.

What have you learned in this role? 

I think one of the biggest pieces of advice that I can give, and that I’m continuing to work on myself, is that building relationships is absolutely critical to success. You have to use negotiation skills, persuasion tactics, and figure out how to rally the whole troop. I’d say that’s critical in many areas of business. Also, you need to constantly have a sense of curiosity and willingness to challenge yourself. Good enough is not good enough. Ask questions and take ownership of things. One great thing about Webroot is that everyone is open to questions and collaborating to find answers.

What is the hardest thing about being a Product Director?

The most challenging thing about the job is staying levelheaded. Every day you need to be flexible and willing to adapt because a hundred different things will be thrown your way and you need to be prepared to handle it. You can’t be flustered. Another challenge is figuring out how to work quickly. One of the hardest things is working through problems and getting them solved in the time that I want — quickly.

Is this what you expected to be doing in your career?

After graduating from college, I never expected that I would be a product director, but I was at the right place at the right time. I started at a technology consulting company and was placed at a security company. I started doing business analysis, and that’s still a part of my job, but product management is more inclusive of business analysis, product management, market research – everything this position entails. I didn’t like programming as much. I couldn’t sit behind a computer all day – that’s just not my personality. Now I’ve been in the industry about 16 years, and I have to say I have had the best time working at Webroot.

What makes working at Webroot so amazing? 

One benefit to being located in our smaller San Diego office, besides the weather, beach, and beer, is I’ve been able to see it grow. We have about 90 people in this office and I know everyone. The people at Webroot are really friendly and helpful, so it’s easy to feel welcomed. The Webroot culture is very open and not hierarchical. Since I’ve been here I’ve been able to talk to anyone, including any executive. I am super passionate about the products I support and the audiences we help – SMB/MSP.

Best career advice you’ve received? How have you seen that advice playing out in your own career? 

For someone who’s starting fresh and getting into product management, I would say to be open, be flexible, and constantly seek to challenge yourself. Soak in as much as you can. For people more senior, I would say to continue with relationship building and be mindful of how you can make the biggest impact. This position isn’t about having an MBA and writing up numbers. It is very technology focused and it’s all about being able to adapt and able to provide solutions, not just numbers.

What’s your favorite patio? (Place to go when it’s nice outside, place to get a drink.)

There’s a really nice brewery close to the office called Ballast Point. The team goes there a lot. But my favorite food is Mexican and I love hole-in-the-wall places. There’s one restaurant in the Torrey Pines area called Berto’s that’s awesome. It’s not fancy, but their veggie burrito keeps me coming back.

To learn more about life at Webroot, visit https://www.webroot.com/blog/category/life-at-webroot/.


The post A Chat with Kiran Kumar: Webroot Product Director appeared first on Webroot Blog.

How To Keep Better Tabs on Your Connected Apps

Reading Time: ~5 min.

Not that long ago, before data breaches dominated daily headlines, we felt secure with our social media apps. Conveniently, every website seemed to allow logging in with Facebook or Twitter instead of creating a whole new password, and families of apps quickly became their own industry. Third-party apps and games on social media platforms (remember Farmville on Facebook?) were allowed profile access en masse. Trivia games, horoscope predictions, personality quizzes — all seemingly secure and engaging diversions — let social media users enable some type of third-party app.  

Unfortunately, we now know that this left many of us, and our data, exposed to a potential breach

So we turned to Randy Abrams, Webroot’s Sr. Security Analyst, for insights on how to keep third-party app breaches in check. The trick to keeping yourself and your loved ones safe? Information silos, both on and off of social media. 

“As a rule, I leave my apps in silos, meaning I severely limit their connectivity level — especially when it comes to accessing my mobile device, “Abrams says. “Apps for email, texting, and calling people do have a reasonable need for access to your contacts on the phone. Most other apps, such as social media apps do not need to be able to look up your unsuspecting friends.”  

Limiting the access your apps have to their direct functions will help keep you and your loved ones safe. Here’s how to get it done. 

Mobile App Permissions 

Limiting your app’s permissions may seem like a chore, but it is the best way to keep breaches from expanding in scope. We’ve put together a mobile app permissions crash course to help you silo your sensitive data quickly and easily. 

For Android Users 

To monitor and edit an existing application’s accessibility permissions on your device, go to your Android’s settings and tap Apps & Notifications. From there, you will be able to locate all the applications that are active on your device. When you’ve located the application whose permissions you would like to edit, simply tap the app and then tap “Permissions” to view and edit its current permission settings. 

To review an application’s accessibility permissions before you install it on your device from the Google Play Store, tap on the app you’d like to install and click Read more to bring up its detail page. Scroll to the bottom and tap App permissions to review the app’s requested permissions. After you install and open the application for the first time, you will be prompted to allow or deny application permissions (like access to your contacts or location). You can always edit the application’s existing permissions later using the steps outlined above. 

For iOS Users 

To monitor and edit an existing application’s accessibility permissions on your device, go to the settings app Privacy to see all the permissions available on your phone (like location services and camera access). Select the permission set you would like to review to see all of the applications with access, and revoke any permissions you’re not comfortable with. 

To review an application’s accessibility permissions at install, simply open the app and begin using it. The app will request permissions, which you can either allow or deny. You can always revoke permissions after they have been granted by following the steps outlined above. 

Preventing social media applications from gaining unnecessary access to your mobile data could help stop data breaches from spreading. But it won’t stop the breaches themselves from happening. Leaving apps enabled entails large-scale security issues — not only for ourselves, but also for friends and family connected with us through social media. When we connect apps to our social media profiles, we expose not just our information, but the shared information of a broader network of connections — one that expands well beyond our immediate circles. In a startling example, only 53 Facebook users in Australia downloaded Cambridge Analytica’s infamous thisisyourdigitallife app, but a total of 311,127 network connections had their data exposed through those users. That amount of collateral damage is nothing to scoff at. 

Removing Third Party Apps 

“Facebook is the company best known for leaking extensive amounts of data about users, usually by default privacy settings that allow third-party apps to access as much user data as possible,” says Abrams. “Most users had no idea they could control some of what is shared and would have a difficult time navigating the maze to the settings.” 

Facebook 

Facebook made a few reform efforts to help make managing third-party access to your account a little bit easier. Click on Settings from the account dropdown menu, and then select Apps and Websites. This should take you to a dashboard that will show your active, expired, and removed apps. It will also give you the option to turn off the capability for any third-party apps to connect with your profile. 

Twitter 

From your account dropdown, click on Settings and privacy. Click on the Apps and devices tab, which will show all of the apps connected to your account. You can see the specific permissions that each app has under the app name and description. To disconnect an app from your account, click the Revoke access button next to the app icon. 

Instagram 

From a web browser, log in to your account and click the gear icon next the Edit Profile button. Select Authorized Apps to see all of the apps connected to your account. Click the Revoke Access button under an app to remove it from your account. 

Building Secure Social Media Habits 

Monitoring the access levels of your connected apps is a good start to keeping yourself and your loved ones secure, but it’s not always enough. 

“It must be assumed that all third-party apps are collecting all of the information on the platform, regardless of privacy settings,” warns Abrams. 

Establishing secure social media habits will continue to help keep you secure after you’ve reviewed your app permissions. This means conducting regular audits of the third-party app permissions associated with all of your social media accounts and — slightly more arduously — thoroughly reading the privacy policies of any third party apps before you connect them. 

“If a person is going to use apps in conjunction with social media platforms, it’s important to understand their privacy policies,” say Abrams. “Unfortunately, with many apps, the privacy policy may not be shown until the app has been installed, and may not even be visible on the developer’s website. When the policy can be located, you’ll often find the user’s friends’ privacy is collateral damage in the agreement. It is up to the individual choosing to decide if their friends’ privacy is acceptable collateral damage. Unfortunately, few know how to obtain the information required to make an informed decision. 

“Without reading the privacy policies you cannot know to what extent your friends’ private information will be shared, “adds Abrams. “Remember, it isn’t just their names you are sharing, it is part of the data aggregation they are already subjected to. Simply letting an app know you are friends provides more information than just their names. It helps app companies build more robust profiles.” 

Stay Vigilant and Informed 

Don’t allow your data or your network to be used beyond your wishes or against your will. Take charge of your data security, and protect your friends by conducting regular audits of your third-party app permissions. Before you connect any new apps, settle down with a little light reading and thoroughly vet their privacy policy. Given how intertwined our digital lives have become, the cybersecurity of our closest friends and loved ones could well depend on it. 

The post How To Keep Better Tabs on Your Connected Apps appeared first on Webroot Blog.

Four Tips to Help Tidy Up Your Tech

Reading Time: ~4 min.

This spring, many of us will roll up our sleeves and get down to business decluttering our homes. Garage sales will be held, basement storage rooms will be re-organized, and donations will be made. 

Shouldn’t the same thing happen in our digital lives? After all, the average American will spend the bulk of their waking hours parked in front of some sort of screen—flipping , swiping, and clicking away. A little tidying up of data and online habits can go a long way toward enhancing your digital security andpeace of mind. 

So here are a few tips for tidying up your tech designed to make you ask not only: “Does this bring me joy?” but also, “does this make me more secure?”  If not, consider purging apps, connections, and permissions that could leave you more susceptible to a breach. If you answer yes, make sure you’re taking the necessary steps to protect it.

Turn off Bluetooth when it’s not in use

Since the Blueborne family of vulnerabilities was discovered in 2017, deactivating Bluetooth when not in use has become standard security advice. With the increasing adoption of home IoT devices, the consequences of ignoring that advice have only risen. 

Bluetooth connections are like a lonely person on a dating site; they’re in constant search of a connection. When Bluetooth-enabled devices seek out the wrong sources—that of a cybercriminal, say—they are vulnerable to exploitation.

“Smart speakers and other IoT devices may introduce convenience to our daily lives,” says Webroot Security Analyst Tyler Moffitt. “But they’re also a calculated risk, and even more so for knock-off devices whose manufacturers don’t pay proper attention to security. Minimizing the time Bluetooth is on helps to manage that risk.”

Or, as Webroot VP of engineering David Dufour put it to Wired magazine soon after the discovery of Blueborne, “For attackers, it’s Candyland.”

Use a VPN to cloak your digital footprint

Shrouding your connection in a virtual private network (VPN) is especially important when accessing public or unsecured WiFi networks. Again, we make a trade-off between convenience and security when logging on to these “free” networks. 

Without additional protection, cybercriminals can spy on these unencrypted connections either by commandeering the router or by creating their own spoof of a legitimate WiFi hotspot, in a variation of a man-in-the-middle attack. From here, they’re free to monitor the data flowing between your device and the network. 

“It’s more than just the privacy violation of being able to see what you’re doing and where you’re going online,” Moffitt explains. “Cybercriminals can lift sensitive data like banking login credentials and drop ransomware or other malicious payloads like cryptojackers.”

A VPN encrypts the traffic between your device and the router, ensuring your digital footprint is shielded from prying eyes. 

Keep apps updated with the latest software

While some apps are inherently sketchy, and users shouldn’t expect the app creators behind them to prioritize security, others introduce vulnerabilities inadvertently. When responsibly run, app developers address these security gaps through software updates.

Take the cultural phenomenon Fortnite, for example. The game that drove its parent company, Epic Games, to an $8 billion valuation was found at the beginning of the year to contain multiple vulnerabilities that would have allowed malicious actors to take over player accounts, make in-game purchases, and join conversations. Epic Games was quick to issue “a responsibly deployed” fix, but in this and similar instances, users are only protected after installing the suggested updates.

“I always recommend users keep both their apps and their mobile operating systems up to date,” says Moffit. “This is made easier by turning on automatic updates wherever possible and only downloading apps from reputable app stores, so you increase the chances that updates are timely.”

For more tips on protecting your smartphone from mobile malware, see our complete list of recommendations here.

Set up automatic cloud backups

Purging unused apps is a good principle for spring cybersecurity cleaning – like a box of old clothes you haven’t worn in decades, unused apps represent digital data containers you no longer need. But what about all that data you’d hate to lose—the pictures, videos, documents, and other files you’d be devastated to see disappear? Protecting that trove of data is another core tenant for tidying up your tech. 

Ransomware is one prime reason for keeping up-to-date backups of valuable data. It can strike anyone from college students to cities, and the list of those who’ve been burned is long and distinguished.

“The combination of an antivirus and a cloud backup and recovery solution is an effective one-two punch against ransomware,” Moffit says. “On the one hand, you make your device more difficult to infect. On the other, you become a less attractive target because you’re unlikely to pay a ransom to recover data that’s already backed up to the cloud and out of reach for ransomware.”

Natural disasters and device theft—two contingencies even the tightest cybersecurity can’t account for—are prime reasons to make sure backups are in place sooner, rather than later. Cloud backup is more secure and affordable than ever, so it makes sense to back up anything you couldn’t stand to lose, before it’s too late. Want more tips for cybersecurity spring cleaning? Download Webroot’s full checklist for tidying up your tech.

The post Four Tips to Help Tidy Up Your Tech appeared first on Webroot Blog.

Hijacked Email Reply Chains

Reading Time: ~4 min.

Although phishing has been around in various forms since the 1980s, our research shows it continues to evolve—and remains a major threat. These days, phishing tactics have gotten so sophisticated, it can be difficult to spot a scam—particularly in the case of hijacked email reply chains. Let’s look at a concrete example.

Imagine you’re a purchaser for a concrete supplier, and you get an email from a regular client about an order. In that email, you can see this client, Michael, has been exchanging messages with your colleague, Jill. The email addresses, corporate logos, and everything about the email chain look 100% legitimate. You’ve even met Michael in person, so you know he’s trustworthy.

In this case, the conversation details are convincing to you—because they’re real. Someone gained access to your colleague’s email and took over a legitimate conversation about purchases, then forwarded it to you with a malicious payload attached.

A message like this is very likely to get through any email filtering, and you’d probably open it, since it looks like it’s from a trusted sender.

Had you opened the file in this hypothetical scenario, you might have gotten infected with Emotet or another banking Trojan, such as Ursnif / Gozi.

This image is an example of a malicious word document asking you to “enable macros.” This is a common malware tactic that convinces a victim to disable their own security.

“Phishing attacks increased 36%, with the number of phishing sites growing 220 percent over the course of 2018.” – Webroot Inc. “2019 Webroot Threat Report.” (March 2019)

Ursnif / Gozi Campaigns

The difference between an ordinary phishing attack and a hijacked email chain really comes down to believability. The criminals behind these campaigns take their time breaking into email accounts, watching business conversations, negotiations, and transactions, then launching their attempts at plausible moments when the recipient’s guard is most likely to be down. Most commonly, these attacks have been attributed to Ursnif/Gozi campaigns. Webroot has seen quite a few cases of these hijacked emails with the same style of phishing text and nearly identical payloads. There are numerous reports online as well. 

In a malware campaign like this one, it really doesn’t matter whose account the malicious actors have broken into. If you receive an email from your project manager, a sales colleague, the finance department, a particular client, or anyone else that bears the markers of a legitimate, ongoing email conversation, the attack is highly likely to succeed.

Samples

Seen since last November: all email bodies had a long list of replies, but all had the following message.

This would suggest they are all samples that can be attributed to the same gang. Each had .zip files attached with convincing names related to the business at hand, which contained Microsoft® Word documents with filenames that started with “request”.

What You Can Do

Faced with such plausible attacks, it might seem impossible to stay safe. But there are a few tips that can keep you protected. First, never turn macros on, and never trust a document that asks you to turn macros on, especially if it’s a Microsoft® Office file that wants you to show hidden content. Macros are a very common attack vector.

Second, always make sure to keep your operating system up to date, especially Microsoft Office programs. 

Third, you likely already mistrust emails from people you don’t know. Now, it’s time to turn that suspicion onto trusted senders too. Attackers commonly try to spoof email addresses to look like those you’re familiar with, and may even gain control of an email account belonging to a person you know. Always err on the side of caution when it comes to emails asking you to download attachments. 

Fourth, it’s important to protect your own email account from being hijacked. Attackers can use techniques like alternate inboxing to send messages from your account without your knowledge. Be sure to secure your account with strong passwords, 2-factor authentication, or use a secure password manager. Encourage friends and colleagues to do the same.Finally, if you’re suspicious of an email, the best way to check its legitimacy is to pick up the phone. If you know the sender personally, ask them about the message in person or via phone. Or, if you receive a message from a company, look up their publicly listed phone number (do not use the number provided in the email) and call them.

How Webroot Protection Can Keep You Safe

  • Webroot security for computers, smartphones, and tablets blocks malicious scripts, downloads, and executables. (However, you should still exercise caution and common sense, regardless which internet security solutions you use.)
  • For businesses and managed service providers, our portfolio of integrated, next-generation security includes Endpoint ProtectionDNS Protection, and Security Awareness Training for end users.

For more information on these types of attacks, you can read the following articles:

The post Hijacked Email Reply Chains appeared first on Webroot Blog.