Business + Partners

Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

Evasive Scripts: What They Are, and What We’re Doing About Them

“What’s an evasive attack? At a very basic level, it’s exactly what it sounds like; it’s a cyberattack that’s designed to hide from you,” says Grayson Milbourne, Security Intelligence Director at Webroot, an OpenText company.

Based on Grayson’s initial explanation, you can imagine that evasive tactics are pretty common throughout cybercriminal activities. But they’re especially prevalent in the context of scripts. Scripts are pieces of code that can automate processes on a computer system. They have tons of legitimate uses, but, when used maliciously, they can be extremely effective and difficult to detect or block.

With Grayson’s help, we’ll talk you through some of the common script evasion techniques that criminals use.

LolBins

Living off the Land Binaries (“LoLBins”) are applications that a Windows® system already has on it by default. Funny name aside, they’re extremely useful for attackers because they provide a way to carry out common steps of an attack without having to download anything new onto the target system. For example, criminals can use them to create persistency (i.e. enable the infection to continue operating after a reboot), spread throughout networked devices, bypass user access controls, and extracting passwords or other sensitive information.

There are dozens of LoLBins for criminals to choose from that are native to the Windows OS, such as powershell.exe, certutil.exe, regsr32.exe, and many more. Additionally, there are a variety of common third party applications that are pretty easy to exploit if present, such as java.exe, winword.exe, and excel.exe.

According to Grayson, this is one of the ways malicious hackers disguise their activities, because default OS applications are unlikely to be detected or blocked by an antimalware solution. He warns, “unless you have strong visibility into the exact commands that these processes are executing, then it can be very hard to detect malicious behavior originating from LoLBins.

Script Content Obfuscation

Like LoLBins and scripting overall, hiding the true content or behavior of a script—or content “obfuscation”—has completely legitimate purposes. But, in terms of malicious hacking, it’s pretty self-explanatory why obfuscation would lend itself to criminal activities. The whole point is not to get caught, right? So it makes sense that you’d take steps to hide bad activities to avoid detection. The screenshots below show an example of obfuscated code (top), with its de-obfuscated version (bottom).

Fileless and Evasive Execution

Using scripts, it’s actually possible to execute actions on a system without needing a file. Basically, a script can be written to allocate memory on the system, then write shellcode to that memory, then pass control to that memory. That means the malicious functions are carried out in memory, without a file, which makes detecting the origin of the infection (not to mention stopping it) extremely difficult.

Grayson explains, “one of the issues with fileless execution is that, usually, the memory gets cleared when you reboot your computer. That means a fileless infection’s execution could be stopped just be restarting the system. Persistence after a reboot is pretty top-of-mind for cybercriminals, and they’re always working on new methods to do it.”

Staying Protected

The Windows® 10 operating system now includes Microsoft’s Anti-Malware Scan Interface (AMSI) to help combat the growing use of malicious and obfuscated scripts. That means one of the first things you can do to help keep yourself safe is to ensure any Windows devices you own are on the most up-to-date OS version.

Additionally, there are several other easy steps that can help ensure an effective and resilient cybersecurity strategy.

  • Keep all applications up to date
    Check all Windows and third party apps regularly for updates (and actually run them) to decrease the risk of having outdated software that contains vulnerabilities criminals could exploit.
  • Disable macros and script interpreters
    Although enabling macros has legitimate applications, the average home or business user is unlikely to need them. If a file you’ve downloaded gives you a warning that you need to enable macros, DON’T. This is another common evasive tactic that cybercriminals use to get malware onto your system. IT admins should ensure macros and script interpreters are fully disabled to help prevent script-based attacks. You can do this relatively easily through Group Policy.
  • Remove unused 3rd party apps
    Applications such as Python and Java are often unnecessary. If present and unused, simply remove them to help close a number of potential security gaps.
  • Educate end users
    End users continue to be a business’ greatest vulnerability. Cybercriminals specifically design attacks to take advantage of their trust, naiveté, fear, and general lack of technical or security expertise. By educating end users on the risks, how to avoid them, and when and how to report them to IT personnel, businesses can drastically improve their overall security posture.
  • Use endpoint security that includes evasive script protection
    In a recent update to Webroot® Business Endpoint Protection, we released a new Evasion Shield policy. This shield leverages AMSI, as well as new, proprietary, patented detection capabilities to detect, block, and quarantine evasive script attacks, including file-based, fileless, obfuscated, and encrypted threats. It also works to prevent malicious behaviors from executing in PowerShell, JavaScript, and VBScript files, which are often used to launch evasive attacks

Malicious hackers are always looking to come up with new ways to outsmart defenses. Grayson reminds us, “It’s up to all of us in cybersecurity to research these new tactics and innovate just as quickly, to help keep today’s businesses and home users safe from tomorrow’s threats. There’s always more work to be done, and that’s a big part of what drives us here at Webroot.”


To learn more about evasive scripts and what Webroot is doing to combat them, we recommend the following resources:

DoH Is Here to Stay: Why Businesses Should Embrace It

While the proliferation of encrypted DNS is being driven by consumer privacy, businesses will want to take notice. Encrypted DNS – also known as DNS over HTTPS, or DoH – obscures internet traffic from bad actors. But it also has the potential to decrease visibility for IT admins whose responsibility it is to manage DNS requests for their organizations. So, what’s the solution? Strangely, DoH.

As previously mentioned, DoH is now the default for Mozilla Firefox. It’s also available in Google Chrome and other Chromium-based browsers. This is a win for consumers, who have newfound control over who can see where they’re going on the internet.

DNS over HTTPS (DoH) offers amazing privacy benefits, but can also bring security drawbacks. Hear what businesses and MSPs need to know about DNS 2.0.

However, by surrendering control over DNS requests to the browser, IT administrators lose the ability to apply filtering to DNS requests. Encrypted DNS that skirts the operating system eliminates the visibility that IT admins need to ensure security for internet traffic on their networks. It also prevents the business from being able to run threat intelligence against DNS requests and identify dynamic malware that could circumvent consumer DoH implementations. This leads to gaps in security that businesses can’t afford.

Staying ahead of the curve

There is a way to ensure privacy over DNS requests while maintaining control and visibility into network activity. The solution is to apply DoH across the entire system, not just browser activity. By wresting control over DNS requests from the browser, the agent can instruct Firefox not to engage its DoH feature. The same holds true for Chrome users running DoH. These requests are passed back through the operating system, where the DNS solution can manage them directly. This helps support both filtering and visibility.

An advanced agent will manage DNS requests on the device securely through DoH so the requests go directly to the server with no other entity having visibility into them. At the same time, the agent can apply threat intelligence to ensure requests aren’t resolving to malicious destinations. Admins have visibility into all DNS requests, and the requests are encrypted.

When the agent detects a prohibited resource, it returns the IP address of a block page. So, if there’s a virus on the system and it’s trying to access a command and control server to deliver a malicious payload, it won’t be able to. It also prevents botnets from being able to connect since they also leverage DNS. For any process that requests something from the internet, if it doesn’t get the resource that it’s requesting, it’s not going to be able to act on it.

Privacy plus security

The novel coronavirus didn’t start the mobile workforce phenomenon, but it certainly has accelerated it. The traditional perimeter firewall with all systems and devices living behind it no longer exists. Modern networks extend to wherever users connect to the internet. This includes the router someone bought from a kid down the street, and the home network that was set up by a consulting company 10 years ago and hasn’t been patched or updated since.

When someone on their home network opens a browser and goes to their favorites, they’re not expecting to get phished. But if they’re resolving to an alternative IP address because DNS is not being managed, is broken or is being redirected, they may be exposed to phishing sites. Enter encrypted DNS as another layer of protection within your cyber resilience portfolio. It starts working against a higher percentage of threats when you stack it with other layers, reducing the likelihood of being infected. It also addresses a blind spot that allows exploits to go undetected.

Embracing DoH

Privacy is the main driver for DoH adoption by consumers, while business agendas are generally driven by security. As a business, controlling DNS requests allows you to protect both the business and the user. If you don’t have that control and visibility, the user is potentially more exposed. And, if you don’t apply threat intelligence and filtering to DNS requests, a user can more easily click on malware or land on a phishing site.

To learn more about encrypted DNS read the whitepaper or review the FAQs.

Old Habits vs. New Normal in the Time of Coronavirus

It didn’t take long for COVID-19 to completely alter the way we work. Businesses that succeed in this rapidly changing environment will be the ones that adapt with the same velocity. In our second installment from The Future of Work series, you’ll hear from Webroot Product Marketing Director George Anderson, who shares his perspective on how businesses will need to adapt and evolve to stay on course during and after the global coronavirus pandemic.

How has COVID-19 changed cybersecurity and cyber resilience planning? What will be the most important steps to take moving forward?

In some ways not at all. We were already existing in a fairly perimeter-less network world. There was already a hybrid between on- and off-network staff, and reviewing where data was being worked upon, accessed and secured, and asking how data was being processed and secured during its journey. Many businesses data was already split between user devices and the cloud.

Confidentiality, integrity and availability in the case of cyber-attacks or other forms of potential data loss need to be clearly understood as before, and any weaknesses addressed. The imperative is to have a safe data cloud in place both in terms of security and recovery.

The steps to take include:

  • Setting up regular and if practical continuous risk assessment to get visibility of data risks
  • Understanding where the greatest risks and weaknesses exist in people, process and technology
  • Investing and allocating appropriate budget to address where the greatest data loss and compromises could and would now occur

What could the future look like after the coronavirus? Specifically, what will change in IT and business?

Not everyone will want to choose to continue working from home. While the savings in closing offices down are attractive to businesses, they are not necessarily the same for an employee whose home environment is not conducive to work. These employees may seek alternative employment to remove the burden of working from home if an office option is not available. IT has already, for the most part, moved to the cloud where it can, and remained on-prem where it needs to be because of security, compliance and control. The main IT imperatives will be factors like secure 5G and faster communications for better collaboration.

In business, people buy from people. And face-to-face interaction is the norm. While this will reduce in the near-term, in the long run, peoples’ wellness depends on social interaction. Businesses that ignore that will not thrive. However, businesses are generally going to be more open to remote working roles and a lot better positioned to recruit staff for remote work, without them necessarily being close to physical offices.

IT investments will shift in the coming months, what will take precedence for companies as they go back to ‘business as usual’?

The pandemic will make companies look, in broader terms, at the all the risks to their business. And they’ll use IT where practical to put protections and assistance in place. More holistic Disaster Recovery springs to mind as benefiting from this pandemic, as does better backup of user desktops that particularly among MSPs and SMBS has not been a priority in the past.

What advice do you have for SMBs who will need time and a renewed economy to recover?

There will be many opportunities as the economy comes back and many holes where competitors and others have failed. An approach that is flexible and can react to those opportunities is essential. So, look to business arrangements in IT, Finance, HR and other key areas that will let you maximize your ability to take advantage of new opportunities. If you have not looked to an MSP to help you in the past then now is the time to look at how experts in remote management an remote working like an MSP can help?

For a step by step guide on how to improve business cyber resilience click here.

We Need the Security Benefits of AI and Machine Learning Now More Than Ever

As these times stress the bottom lines of businesses and SMBs alike, many are looking to cut costs wherever possible. The problem for business owners and MSPs is that cybercriminals are not reducing their budgets apace. On the contrary, the rise in COVID-related scams has been noticeable.

It’s simply no time to cut corners in terms of cybersecurity. But there is hope. Cybersecurity, traditionally suffering from a lack of qualified and experienced professionals, can be a source of savings for businesses. How? Through the automation and efficiency that artificial intelligence (AI) and machine learning can offer.

AI & ML in Today’s Cybersecurity Landscape

By way of background, Webroot has been collecting IT decision makers’ opinions on the utility of AI and machine learning for years now. Results have been…interesting. We’ve seen a steady rise in adoption not necessarily accompanied by an increase in understanding.

For instance, during a 2017 survey of IT decision makers in the United States and Japan, we discovered that approximately 74 percent of businesses were already using some form of AI or ML to protect their organizations from cyber threats. In 2018, 74 percent planned even further investments.

And by 2019, of 800 IT professional cybersecurity decisionmakers across the globe, a whopping 96 percent reported using AI/ML tools in their cybersecurity programs. But, astonishingly, nearly seven out of ten (68%) of them agreed that, although their tools claim to use AI/ML, they aren’t sure what that means.

Read the full report: “Do AI and Machine Learning Make a Difference in Cybersecurity?”

So, are these tools really essential to securing the cyber resilience of small businesses? Or are they unnecessary luxuries in an age of tightening budgets?

AI and ML in the Age of Covid-19

Do AI and ML have something unique to offer businesses—SMBs and MSPs alike—in this age of global pandemic and remote workforces?

We asked the topically relevant question to it to one of the most qualified individuals on the planet to answer it: literal rocket scientist, BrightCloud founder, and architect behind the AI/ML engine known as the Webroot Platform, Hal Lonas.

Can AI and machine learning tools help people do their jobs more effectively now that they’re so often remote?

Put directly, the Carbonite and Webroot CTO and senior VP’s response was bullish.

“AI and machine learning tools can absolutely help people do their jobs more effectively now more than ever,” said Lonas. “Security professionals are always in short supply, and now possibly unavailable or distracted with other pressing concerns. Businesses are facing unprecedented demands on their networks and people, so any automation is welcome and beneficial.”

In machine learning, a subset of AI, algorithms self-learn and improve their findings and results without being explicitly programmed to do so. This means a business deploying AI/ML is improving its threat-fighting capabilities without allocating additional resources to the task– something that should excite cash-strapped businesses navigating tough economic realities.

Our AI/ML report backs up Lonas’s assertion that these technologies make a welcome addition to most business security stacks. In fact, 94 percent of respondents in our survey reported believing that AI/ML tools make them feel more comfortable in their role.

“People who use good AI/ML tools should feel more comfortable in their role and job,” he asserts. “Automation takes care of the easy problems, giving them time to think strategically and look out for problems that only humans can solve. In fact, well-implemented tools allow security workers to train them to become smarter—in effect providing the ‘learning’ part of machine learning. Each new thing the machine learns makes more capable.”

AI/ML adopters also reported:

  • An increase in automated tasks (39%)
  • An increase in effectiveness at their job/role (38%)
  • A decrease in human error (37%).
  • Strongly agreeing that the use of AI/ML makes them feel more confident in performing their roles as cybersecurity professionals. (50%)

So despite some confusion about the role these technologies play in cybersecurity (which we think vendors could help demystify for their clients), their effects are clearly felt. And because cybercriminals are willing to adopt AI/ML for advanced attacks, they may force the hands of SMBs and MSPs if they want to keep up in the cybersecurity arms race.

Given today’s limited budgets, dispersed workforces, and increasingly sophisticated attacks, the time may never be better to empower professionals to do more with less by automating defenses and freeing them to think about big-picture cybersecurity.

Your Data, Their Devices: Accounting for Cybersecurity for Personal Computers

Nestled within our chapter on malware in the 2020 Webroot Threat Report is a comparison of infection rates between business and personal devices. The finding that personal devices are about twice as likely as business devices to become infected was always significant, if not surprising.

But the advent of the novel coronavirus—a development that followed the publication of the report—has greatly increased the importance of that stat.

According to a joint study by MIT, Stanford, and the National Bureau of Economic Research (NBER), more than a third (34%) of Americans transitioned to working from home as a result of COVID-19. They join approximately 14.6% of workers already working from home to bring the total to nearly half the entire American workforce.

During remote work many employees are forced or simply able to use personal devices for business-related activities. This presents unique security concerns according to Webroot threat analyst Tyler Moffitt.

“In a business setting,” he says, “when you’re given a corporate laptop it comes pre-configured based on what the IT resource considers best practices for cybersecurity. This often includes group policies, mandatory update settings, data backup, endpoint security, a VPN, et cetera.”

Individuals, on the other hand, have much more freedom when it comes to device security. They can choose to put off updates to browser applications like Java, Adobe, and Silverlight, which often patch exploits that can push malvertising. They can opt to not install an antivirus solution or use a free version. They can ignore the importance of backing up data altogether.

These risky practices threaten small and medium-sized businesses (SMBs) both immediately and when workers gradually return to their shared office spaces as the virus abates.

As our report notes, “With a higher prevalence of malware and generally fewer security defenses in place, it’s easier for malware to slip into the corporate network via an employee’s personal device.”

What’s at stake, for SMBs, is the loss of mission-critical business data due to device damage, data theft via phishing and ransomware, and GDPR and CCPA fines for data breaches. Any of these threats on their own could be existential for SMBs.

What can businesses do to prevent BYOD-enabled data loss?

“Super small businesses may not have the luxury of outlawing all use of personal devices,” says Moffitt. “BYOD is a fact of life now, especially with so many individuals at home, using home computers.”

But employers aren’t out of luck entirely. They can still purchase for their employees, and encourage the use of, several essential security tools. These include:

  • Endpoint security software – Employers should provide endpoint security for home devices when necessary. When it comes to free solutions, you get what you pay for in terms of protection. Currently, there’s the expectation, especially among younger people, that built-in antivirus solutions are enough for blocking advanced threats. In reality, layered security is essential.
  • Backup and recovery software­­ – Many SMBs rely on online shared drives for collaborating. This is dangerous because a single successful phishing attack can unlock all the data belonging to a company. GDPR and CCPA fines don’t differentiate between data stolen from personal or business devices, so this level of risk is untenable. Make sure data is backed up off-site and encrypted.
  • A VPN – IT admins or contractors should ensure that any sensitive company data requires a secure VPN connection. Especially with employees connecting on public or unsecure networks, it’s important to guard against snooping for data in transit.
  • Secure RDPs – Remote access can be a great option when working from home, but it must be done securely. Too often unsecured RDP ports are the source of attacks. But, when encrypted and protected by two-factor authentication, they can be used to access secure environments from afar. Many are even free for fewer than five computers.
  • User education – Security awareness training is one of the most cost-effective ways of protecting employees from attack on their own devices. Phishing attacks can be simulated and users in need of additional training provided it at very little additional cost. When compared to a data breach, the cost of a few licenses for security training is miniscule.

Collaboration over coercion

It’s difficult to mandate security solutions on personal devices, but managers need to at least have this conversation. Short of installing “tattleware,” this has to be a collaborative rather than a coercive effort.

“You can’t enforce a group policy on a computer or a network that you don’t own,” reminds Moffitt. “Ideally, yes, give each employee a corporate laptop to work at home that’s securely configured. But if that’s not possible, work with employees to ensure the right steps are taken to secure corporate data.”

Companies should work with IT consultants to source high-performing versions of the solutions mentioned above and cover their cost if it’s understood that personal devices should be used during this period of working from home. If taken advantage of, it can be an opportunity to foster a culture of cyber resilience and your organization will come out stronger, wherever your employees are located.

The Future of Work: Being Successful in the COVID Era and Beyond

Working from home is no longer something some of us can get away with some of the time. It’s become essential for our health and safety. So, what does the future of work look like in a post-COVID world?

We asked some of our cybersecurity and tech experts for their insights, which we’ll be presenting in a series entitled The Future of Work. In this installment, we’ll cover the qualities that will separate companies able to make smooth transitions to new ways of working from those that can’t. Plus, we’ll examine the effects the pandemic and our response to it have on workplace culture.

What are hallmarks of organizations that will successfully navigate our new workplace realities?

The COVID-19 crisis has forced employers to more fully consider the broader humanity of their employees. With parents becoming teachers and caretakers for ill, often elderly loved ones, greater levels of empathy are required of management. Now, with a lagging world economy and even experts unsure of what shape the current recession will take, financial stress will likely be added to the long list of anxieties facing the modern workforce.

As remote work continues to be a norm in industries like tech, boundaries between home and work life will continue to be murky. This, says Webroot product marketing manager George Anderson, presents opportunities for effective leaders to stand out from their peers.

“Leadership matters now more than ever,” says Anderson, “and being truthful matters even more. Your staff is worried, and platitudes won’t help. They need real communication based on real facts explaining why a company is making certain decisions. Being empathetic, sharing in employee concerns, involving and demonstrating how you value your staff—whether at executive or managerial level—will impact loyalty, dedication, and future business performance.”

Forbes notes that a more empathetic work culture is a silver lining arising from the pandemic that won’t be easily undone. We now know not just our coworkers’ personalities, but also their home office setups, their pets, children, and even their bookshelves. That fuller understanding of the person behind the position will hopefully lead to an enduring human-centric shift in the workplace. 

Long-term, how will office culture change? What policies should change once everyone is physically back at work?

Relatedly, office cultures are likely to change in irreversible ways. Even as we return to physical offices, large events like company all-hands meetings may be attended virtually from personal workspaces, and large team lunches may become rarities. Companies may even choose to alternate days in and out of the office to keep the overall office population lower.

“People will become more comfortable with video calling, screen sharing, and online collaboration,” predicts Anderson, “even between colleagues present in the same office. Boundaries will become blurred and we will find new ways to stay in touch and maintain our human connections by leveraging advanced collaboration solutions in new but secure ways.”

Personal hygiene will also undoubtedly become a bigger aspect of physical office culture. In its guidelines for safely returning to work, the CDC recommends installing a workplace coordinator charged with implementing hygiene best practices office wide. Suggested measures include increasing the number of hand sanitizing stations available to workers, relaxing sick leave policies to discourage ill workers from coming to the office, modernizing ventilation systems, and even daily temperature checks upon entering the building.

“Some of these hygiene measures will be single events, not the future of office work,” notes Anderson. “Others will have more long-term impacts on the way we work together.”

Given the visible impact some measures will have around the office, it will be impossible for them to not affect culture. Because routines like temperature checks may be considered intrusive, it’s important the reasoning behind them be communicated clearly and often. Stressing a culture of cleanliness as a means of keeping all workers healthy and safe can enforce a common bond.

Cybersecurity remains imperative

Cyber resilience isn’t the only aspect of overall business resilience being tested by COVID-19, but it’s a significant one. The cyber threats facing today’s remote workforces differ in key ways from those faced in the past, so its important companies reevaluate their cyber defense strategies. To do our part to help, we’re extending free trials on select business products to 60 days for a limited time. Visit our free trials page or contact us for more information.

Why Your Cyber Resilience Plan Doesn’t Include Windows 7

Our 2020 Threat Report shows increasing risks for businesses and consumers still running Windows 7, which ceased updates, support and patches earlier this year. This creates security gaps that hackers are all too eager to exploit. In fact, according to the report, malware targeting Windows 7 increased by 125%. And 10% of consumers and 25% of business PCs are still using it.

Webroot Security Analyst Tyler Moffitt points out that a violation due to a data breach could cost a business $50 per customer per record. “For one Excel spreadsheet with 100 lines of records, that would be $50,000.” Compare that with the cost of a new workstation that comes pre-installed with Windows 10 at around $500, and you quickly realize the cost savings that comes with offloading your historic OS. 

Windows 10 also has the added advantage of running automatic updates, which reduces the likelihood of neglecting software patches and security updates. Continuing to run Windows 7 effectively more than doubles the risk of getting malware because hackers scan for old environments to find vulnerable targets. Making matters worse, malware will often move laterally like a worm until it finds a Windows 7 machine to easily infect. And in a time when scams are on the rise, this simple OS switch will ensure you’re not the weakest link.

While businesses are most vulnerable to Windows 7 exploits, consumers can hardly breathe easy. Of all the infections tracked in the 2020 Threat Report, the majority (62%) were on consumer devices. This does, however, create an additional risk for businesses that allow workers to connect personal devices to the corporate network. While employees work from home in greater numbers due to COVID-19, this particular security risk will remain even higher than pre-pandemic levels.

Layers are key

As Moffitt points out, no solution is 100% safe, so layering solutions helps to ensure your cyber resilience is strong. But there is one precaution that is particularly helpful in closing security gaps. And that’s security awareness training. “Ninety-five percent of all infections are the result of user error,” Moffitt says. “That means users clicking on something they shouldn’t thus infecting their computer or worse, a entire network.” Consistent training – 11 or more courses or phishing simulations over a four- to six-month period – can significantly reduce the rate at which users click on phishing simulations.

Also, by running simulations, “you get to find out how good your employees are at spotting scams,” Moffitt says. “If you keep doing them, users will get better and they will increase their efficacy as time goes on.”

Fight cyber-risks with cyber resilience

The best way to close any gaps in protection you may have is to deploy a multi-layered cyber resilience strategy, also known as defense-in-depth. The first layer is perimeter security that leverages cloud-based threat intelligence to identify advanced, polymorphic attacks. But since cyber resilience is also about getting systems restored after an attack, it’s also important to have backups that enable you to roll back the clock on a malware infection.

With so many people working from home amid the global coronavirus pandemic, it’s increasingly critical to ensure cyber resilient home environments in addition to business systems. Find out what major threats should be on your radar by reading our complete 2020 Threat Report.

Pay Attention to the Hacker Behind the Hoodie

There’s a pretty common misconception among small businesses and medium-sized businesses (SMBs) that hackers only target large organizations. Unfortunately, this belief couldn’t be further from the truth. In fact, according to the most recent Verizon Data Breach Investigations Report, more than 70% of cyberattacks target small businesses. Additionally, many attacks are now shifting to target managed service providers (MSPs), specifically because breaching an MSP can give hackers access to their entire SMB customer base.

Why are hackers targeting SMBs?

Simply put— it’s easy money. First, the smaller the business is, the less likely it is to have adequate cyber defenses. Moreover, even larger SMBs typically don’t have the budgets or resources for dedicated security teams or state-of-the-art intrusion prevention. On top of that, smaller businesses often lack measures like strong security policies and cybersecurity education programs for end users, so common vulnerabilities like poorly trained users, weak passwords, lax email security, and out-of-date applications make SMBs prime targets.

What’s more: some hackers specialize in breaching specific business types or industries, refining their expertise with each new attack.

Which business types are in the cross hairs?

Realistically speaking, the majority of businesses face similar amounts of risk. However, some industries do tend to be targeted more often, such as finance or healthcare. Here are some of the business types that are currently topping hacking hit lists.

Managed Service Providers

MSPs hold a lot of valuable data for multiple customers across industries, which makes them desirable targets. Hackers use a technique known as “island hopping”, in which they jump from one business to another via stolen login credentials. MSPs and their SMB customers are both potential targets of these attacks.

Healthcare Organizations

Hospitals, physical therapy offices, pediatricians, chiropractors, and other healthcare practices are easy targets for cybercrime because they can have such chaotic day-to-day operations, and because they often lack solid security practices. In addition, medical data and research can extremely valuable. Patient records alone can sell for up to $1,000 or more on the dark web.

Government Agencies

There are many reasons that cybercriminals, particularly nation-state terrorists, might target local and national governments. In particular, small governments and local agencies generate troves of sensitive information, while large governments can be victims of nationwide disruption, either for financial gain or sheer destruction.

Financial Institutions

You probably aren’t surprised by this list item. Banks, credit unions, and other financial institutions have long been targets for hackers due to a wealth of data and money. Only a few years ago in 2018, over 25% of all malware attacks targeted banks––that’s more than any other industry. More recently, automation has further enabled cybercriminals to run advanced attacks on financial institutions at scale.

Celebrities, Politicians, and High-Profile Brands

Hacktivists, who are usually politically, economically, or socially motivated, like to seek out politicians, celebrities, and other prominent organizations as targets. They may even attempt to embarrass public figures or businesses by stealing and disseminating sensitive, proprietary, or classified data to cause public disruption, or for private financial gain via blackmail.

What are your next steps?

The only real requirement for becoming a hacking target is having something that hackers want, which means all businesses are at risk. Luckily, a few relatively straightforward tips can go a long way in keeping your business secure.

Think Like a Hacker

Cybersecurity awareness training with phishing simulations is a vital component of an effective protection strategy. In fact, Webroot’s own research found that regular training over just 4-6 months reduced clicks on phishing links by 65%. Understanding hacker practices and motivations can help you predict potential threats and thwart attacks.

Lock Down Your Business First

The right security layers can protect you from threats on all sides. If you haven’t already, check out our free Lockdown Lessons, which include a variety of guides, podcasts, and webinars designed to help MSPs and businesses stay safe from cybercrime.

Embrace Comprehensive Cyber Resilience

Being resilient in the face of cybercrime doesn’t just mean having powerful, automated endpoint threat detection in place. It also means having security layers that can protect your business and clients front and back. That includes layers like security awareness training, as well as network protection and strong backup and disaster recovery services. The best defense is prevention, and by preventing attacks and planning your recovery proactively, you’ll be ready to bounce back right away at the first sign of trouble.

Hackers have diverse means and motives, so it’s up to you to know their methods and prepare your business and customers to block advanced threats.

To get started on the road to cyber resilience, you can learn more about Webroot® Business Endpoint Protection or take a free trial here.

AI and ML in Cybersecurity: Adoption is Rising, but Confusion Remains

If you’ve been working in the technology space for any length of time, you’ve undoubtedly heard about the rising importance of artificial intelligence (AI) and machine learning (ML). But what can these tools really do for you? More specifically, what kinds of benefits do they offer for cybersecurity and business operations?

If you’re not so sure, you’re not alone. As it turns out, although 96% of global IT decision-makers have adopted AI/ML-based cybersecurity tools, nearly 7 in 10 admit they’re not sure what these technologies do.

We surveyed 800 global IT decision-makers across the U.S., U.K., Japan, and Australia/New Zealand about their thoughts on AI and ML in cybersecurity. The report highlighted a number of interesting (and contradictory) findings, all of which indicated a general confusion about these tools and whether or not they make a difference for the businesses who use them. Additionally, nearly 3 out of 4 respondents (74%) agreed that, as long as their protection keeps them safe from cybercriminals, they really don’t care if it uses AI/ML.

Here’s a recap of key findings based on responses from all 4 regions.

  • 91% say they understand and research their security tools, and specifically look for ones that use AI/ML.
  • Yet 68% say that, although their tools claim to use AI/ML, they aren’t sure what that means.
  • 84% think their business has all it needs to successfully stop AI/ML-based cyberattacks.
  • But 86% believe they could be doing more to prevent cyberattacks.
  • 72% say it is very important that cybersecurity advertising mention the use of AI/ML.
  • However, 70% of respondents believe cybersecurity vendors’ marketing is intentionally deceptive about their AI/ML-based services.

AI and ML matter because automation matters

As we’ve all had to adjust to “the new normal”, IT professionals have had to tackle a variety of challenges. Not only have they had to figure out how to support a massive shift to working from home, but they also have to deal with the onslaught of opportunistic online scams and other cyberattacks that have surged amidst the chaos around COVID-19.

With all of us working to adapt to these new working conditions, it’s become clear tools that enable automation and productivity are pretty important. That’s where I want to highlight AI and ML. In addition to how AI/ML-based cybersecurity can drastically accelerate threat detection—and even predict shifts and emerging threat sources—these technologies can also make your workforce more efficient, more effective, and more confident.

While many of our survey respondents weren’t sure if AI/ML benefits their cybersecurity strategy, a solid percentage saw notable improvements in workforce efficiency after implementing these tools. Let’s go over those numbers.

  • 42% reported an increase in worker productivity
  • 39% saw increases in automated tasks
  • 39% felt they had more time for training, learning new skills, and other tasks
  • 38% felt more effective in their jobs
  • 37% reported a decrease in human error

As you can see, the benefits of AI and ML aren’t just hype, and they extend well beyond the cybersecurity gains. Real numbers around productivity, automation, time savings, and efficacy are pretty compelling at the best of times, let alone when we’re dealing with sudden and drastic shifts to the ways we conduct business. That’s why I can’t stress the importance of these technologies enough—not only in your security strategy, but across your entire toolset.

Where to learn more

Ultimately, AI and ML-based tools can help businesses of all sizes become more resilient against cyberattacks—not to mention increase automation and operational efficiencies—but it’s important to understand them better to fully reap the benefits they offer.

While there’s clearly still a lot of confusion about what these tools do, I think we’re going to see a continuation of the upward trend in AI/ML adoption. That’s why it’s important that IT decision-makers have the resources to educate themselves about the best ways to implement these tools, and also look to vendors who have the historical knowledge and expertise in the space to guide them.

“Realistically, we can’t expect to stop sophisticated attacks if more than half of IT decision makers don’t understand AI/ML-based cybersecurity tools. We need to do better. That means more training and more emphasis not only on our tools and their capabilities, but also on our teams’ ability to use them to their best advantage.”

– Hal Lonas, SVP and CTO for SMB and Consumer at OpenText.

For further details about how businesses around the world are using AI and ML, their plans for cybersecurity spending, and use cases, download a copy of the full AI/ML report.

And if you still aren’t sure about AI/ML-based cybersecurity, I encourage you to read our white paper, Demystifying AI in Cybersecurity, to gain a better understanding of the technology, myth vs. reality, and how it benefits the cybersecurity industry.

5 Ways to Improve Business Cyber-Resilience

A popular military maxim speaks to the need for redundancy and it goes like this: “Two is one and one is none.” Redundancy is also a key principle when it comes to cyber-resilience. A popular rule in data protection and disaster recovery is called the 3-2-1 backup rule. IT pros often borrow from military strategies when approaching cyber-resilience, including a strategy known as “defense in depth.”

Defense in depth is a useful framework for protecting IT environments. It acknowledges that hackers will often use evasive tactics or brute force to overrun the outer-most layer of defense. So, multiple layers of defense are necessary – or defense in depth – to anticipate and mitigate lost ground. Cyber-resilience is a very high priority for businesses. So, we put together these five tips for improving cyber-resilience based on a defense-in-depth approach.

Tip #1: Sharpen perimeter defenses

Cybercriminals are getting better at using evasive tactics to circumvent company firewalls and antivirus. Some of these evasive tactics include file-based, file-less, obfuscated and encrypted script attacks. To counter these tactics, we’re rolling out a new shield technology to detect, block and remediate evasive attacks much faster and more effectively than before. Webroot® Evasion Shield stops attacks that elude other endpoint protection solutions. Cloud-based threat intelligence further increases resilience at the perimeter.

Tip #2: Strengthen the first line of defense – people

The primary vector for malware distribution is phishing attacks. While cybercriminals find increasingly deceptive ways to trick employees into downloading malicious code, not enough businesses are countering by educating their workforces about identifying suspicious activity. With employees being the weakest link in the cyber-security chain, the solution is regular security awareness training, with phishing simulations and courses on best practices for identifying and reporting suspicious activity.

Tip #3: Secure your DNS connection

The domain name system (DNS) is what allows internet traffic to find your website. But DNS protocols were not designed for security. In fact, they’re highly vulnerable to cyberattacks, including cache poisoning, DDoS, DNS hijacking, botnets, Command-and-Control (C&C) and man-in-the-middle attacks. A cloud-based DNS security solution enables businesses to enforce web access policies and stop threats at the network’s edge before they ever hit the network or endpoints.

Tip #4: Create and deploy a backup strategy 

Redundancy is essential for cyber-resilience. Businesses must consider a scenario where malware circumvents outer defenses. Since detecting and remediating malware infections can be time-consuming, it’s important to have copies of files and data for business continuity. Scheduled backup with file versioning is necessary for mitigating malware infections and other forms of data loss. The scheduling feature is crucial since leaving it up to users exposes backup policy to human error.

Tip #5: Test recovery strategy regularly

Backup and recovery go hand-in-hand. And backup is only effective if it enables rapid recovery with minimal disruption. It’s important to test disaster recovery practices and procedures before you experience a live disaster scenario. Disasters come in different shapes and sizes, so it’s important to test simple file and folder recovery as well as large-scale system restore. Also, some systems are more critical than others. Tier-one systems (the most critical) need high levels of uptime, approaching 100%. This traditionally requires a secondary data center that is very costly to acquire and maintain. This is no longer the case. Disaster recovery as a service reduces the cost of standing up a secondary environment. It also allows for frequent testing of disaster recovery protocols. Businesses should test once a quarter – or at least once a year – to ensure systems are cyber-resilient when necessary.

To get started on the road to cyber resilience, take a fee trial here.

The Truth about Hackers, in Black and White (and Grey)

Did you know there are three primary types of hacker—white hats, black hats, and grey hats—and that there are subcategories within each one? Despite what you may have heard, not all hackers have intrinsically evil goals in mind. In fact, there are at least 300,000 hackers throughout the world who have registered themselves as white hats.

Also known as ethical hackers, white hats are coders who test internet systems to find bugs and security loopholes in an effort to help organizations lock them down before black hat hackers, i.e. the bad guys, can exploit them. Black hats, on the other hand, are the ones we’re referring to when we use words like “cybercriminal” or “threat actor.” These are hackers who violate computer security and break into systems for personal or financial gain, destructive motives, or other malicious intent.

The last of the three overarching types, grey hat hackers, are the ones whose motives are, well, in a bit of a grey area. Similar to white hats, grey hats may break into computer systems to let administrators know their networks have exploitable vulnerabilities that need to be fixed. However, from there, there’s nothing really stopping them from using this knowledge to extort a fee from the victim in exchange for helping to patch the bug. Alternatively, they might request a kind of finder’s fee. It really depends on the hacker.

So, hackers can be “good guys”?

Yes, they absolutely can.

In fact, there’s even an argument that black hats, while their motivations may be criminal in nature, are performing a beneficial service. After all, each time a massive hack occurs, the related programs, operating systems, businesses, and government structures are essentially shown where and how to make themselves more resilient against future attacks. According to Keren Elezari, a prominent cybersecurity analyst and hacking researcher, hackers and hacktivists ultimately push the internet and technology at large to become stronger and healthier by exposing vulnerabilities to create a better world.

White hat hackers, also known as ethical hackers, are cybersecurity defenders who use their skills to protect organizations from cyber threats. They might just be your friendly IT colleague. White hat hackers conduct penetration tests (often known as pen testing) and vulnerability assessments to identify security weaknesses that could be exploited by malicious hackers. With a deep understanding of cyber threats, white hat hackers help organizations strengthen security measures, develop more secure systems, and ensure the safety of digital assets. Their work is crucial in maintaining the integrity and confidentiality of sensitive information. Ethical hacking is a respected field within the IT industry, and white hat hackers are often sought after for their expertise in safeguarding cyber environments.

Why do they hack?

The shortest, simplest answer: for the money.

While white and grey hat hackers have altruistic motives in mind and, at least in the former group, are invested in ensuring security for all, the fact of the matter is that there’s a lot of money to be made in hacking. The average Certified Ethical Hacker earns around $91,000 USD per year. Additionally, to help make their products and services more secure, many technology companies offer significant bounties to coders who can expose vulnerabilities in their systems. For example, Apple offered a reward of $1.5 million USD last year to anyone who could hack an iPhone to find a serious security flaw. There are even groups, such as HackerOne, which provide bug bounty platforms that connect businesses with ethical hackers and cybersecurity researchers to perform penetration testing (i.e. finding vulnerabilities). Multiple hackers on the HackerOne bug bounty platform have earned over $1 million USD each.

And for black hats, theft, fraud, extortion, and other crimes can pay out significantly more. In fact, some black hats are sponsored by governments (see the Nation-State category below).

You mentioned subtypes. What are they?

As with many groups, there’s a wide range of hacker personas, each with different motivations. Here are a few of the basic ones you’re likely to encounter.

Script Kiddies

When you picture the stereotypical “hacker in a hoodie”, you’re thinking of a Script Kiddie. Script Kiddies are programming novices who have at least a little coding knowledge but lack expertise. Usually, they get free and open source software on the dark web and use it to infiltrate networks. Their individual motives can place them in black, white, or grey hat territory.

Hacktivists

Ever hear of a group of hackers called Anonymous? They’re a very well-known example of a hacktivist group who achieved notoriety when they took down the CIA’s website. Hacktivists are grey hat hackers with the primary goal of bringing public attention to a political or social matter through disruption. Two of the most common hacktivist strategies are stealing and exposing sensitive information or launching a denial of service (DDoS) attack.

Red Hats

Red hats are sort of like grey hats, except their goal is to block, confound, or straight-up destroy the efforts of black hat hackers. Think of them like the vigilantes of the hacker world. Rather than reporting breaches, they work to shut down malicious attacks with their own tools.

Green Hats

Green hat hackers are hackers who are new to the hacking world. They lack the skills and knowledge of their fellow black or white hat hackers. But they cause just as much damage as black hat hackers, as they try to hone their hacking skills. Sadly, most of the time, green hat hackers cannot fix what they break.

Nation-State

Remember earlier in this post when we mentioned that some black hats are sponsored by governments? That would be this group. Nation-state hackers are ones who engage in espionage, social engineering, or computer intrusion, typically with the goal of acquiring classified information or seeking large ransoms. As they are backed by government organizations, they are often extremely sophisticated and well trained.

Malicious Insiders

Perhaps one of the more overlooked threats to a business is the malicious insider. An insider might be a current or former employee who steals or destroys information, or it might be someone hired by a competitor to infiltrate an organization and pilfer trade secrets. The most valuable data for a malicious insider is usernames and passwords, which can then be sold on the dark web to turn a hefty profit.

What are your next steps?

Now that you better understand the hacker subtypes, you can use this information to help your organization identify potential threats, as well as opportunities to actually leverage hacking to protect your business. And if you haven’t already, check out our Lockdown Lessons, which include a variety of guides, podcasts, and webinars designed to help MSPs and businesses stay safe from cybercrime.

Beyond the educational steps you’re taking, you also need to ensure your security stack includes a robust endpoint protection solution that uses real-time threat intelligence and machine learning to prevent emerging attacks. Learn more about Webroot® Business Endpoint Protection or take a free trial here.

DNS is on the Verge of a Major Overhaul

One of the things about working in internet technology is nothing lasts forever… [Students] come to me and they say, ‘I want to do something that has an impact 20, 50, or 100 years from now.’ I say well maybe you should compose music because none of this technology stuff is going to be around that long. It all gets replaced.” -Paul Mockapetris, co-inventor of the domain name system (DNS)

As foresighted as he may have been, the DNS inventor Paul Mockapetris got one thing wrong in a retrospective interview about his contribution to internet history. Namely, some aspects of technology do have at least 20-year staying power. In this case, his own invention: the domain name system.

But DNS, just three years shy of its fortieth birthday, is on the cusp of a major reimagining. One that could enhance the privacy of business and private users alike for some time to come. According to some experts, it may even be worthy of the title “DNS 2.0.”

The Problem with DNS Today

While DNS has evolved significantly in the more than 35 years since originally conceived, the skeletal structure remains much the same. DNS is the internet’s protocol for translating the URLs humans understand into the IP addresses machines do.

The problem is that this system never meant to consider privacy or security. With DNS today, requests are made and resolved in plain text, providing intrusive amounts of information to whomever may be resolving or inspecting them. That is most likely an internet service provider (ISP), but it may be a government entity or some other source. In authoritarian countries, governments can use this information to prosecute individuals for visiting sites with outlawed content. In the United States, it’s more likely to be monetized for its advertising value.

“The problem with DNS is it exposes what you’re doing,” says Webroot product manager and DNS expert Jonathan Barnett. “If I can log a user’s DNS requests, I can see when they work, when they don’t, how often they use Facebook, the Sonos Speakers and Google Nests on their network, all of that. From a privacy perspective, it shows what on the internet is associating with me and my network.”

This can be especially problematic in terms of home routers. Whereas business networks tend to be relatively secure—patched, up-to-date, and modern—”everyone’s home router tends to be set up by someone’s brother-in-law or an inexperienced ISP technician,” warns Barnett. In this case, malicious hackers can change DNS settings to redirect to their own resolvers.

“If you bring a device onto this network and try to navigate to one of your favorite sites, you may never wind up where you intended,” says Barnett.

In the age of COVID-19, it’s becoming an even bigger problem for employers. With a larger workforce working from home than perhaps ever before, traditional defenses at the network perimeter no longer remain.

“To maintain resilience,” says Barnett, “companies need to extend protection beyond the business network perimeter. One of the best ways to do that is through DNS protection that ensures requests are resolved through a trusted resolver and not a potentially misconfigured home network.”

DoH: The Second Coming of DNS

In response to these concerns, DNS over HTTPS (DoH) offers a method for encrypting DNS requests. Designed by the Internet Engineering Task Force, it leverages HTTPS privacy standard to mask these requests from those who may seek to use the information improperly. The same encryption standards used by banks, credit monitoring services, and other sites dealing in sensitive information display to prove their legitimacy is also used with DoH.

It does this by effectively ‘wrapping’ DNS requests with the HTTPS encryption protocols to ensure the server you connect with is the server you intended to connect with and that no one is listening in those requests, because all the traffic is encrypted.

“It makes sure no one is messing with a user by changing the results of a request before it’s returned,” says Barnett.

In addition to improving privacy around device usage—remember any internet-connected device needs to “phone home” occasionally, therefore initiating a DNS request—DoH also addresses several DNS-enabled attack methods. This includes DNS spoofing, also called DNS hijacking, whereby cybercriminals redirect a DNS request to their own servers in order to spy on or alter communications. By encrypting this traffic, it essentially becomes worthless as a target.

So, while the domain name system has served the internet and its users well for decades, the time may have come for a change.

“The creators of DNS, in their wildest dreams, imagined the system may be able to accommodate up to 50 million domains. We’re at 330 million now. It’s amazing what they achieved,” says Barnett. “But DNS needs to evolve. It’s been a great tool, but it wasn’t designed with privacy or security as a priority. DoH represents the logical evolution of DNS.”

Toward A DoH-Enabled Future

Several major tech players, like Mozilla with its Firefox browser, have already made the leap to using DoH as its preferred method of resolving requests. Many companies, however, would prefer to retain control of DNS and are concerned about applications making independent rogue DNS requests. Losing this control can compromise security as it limits the ability of a business to filter and process these requests.

As application creators strive for better privacy for their users and business always look improve security, a balance must be found. By limiting whether applications can enable DoH, Webroot® DNS Protection has designed its agent to retain control of DNS requests, and while also running each request through Webroot’s threat intelligence platform, both privacy and security is improved.

It’s next release, expected in the coming months, will be fully compatible with the new DoH protocol in service to the security and privacy of its users.