Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

Employee Spotlight: Nurul Mohd-Reza, Customer Retention Specialist

Nurul Mohd-Reza knows how to empathize with the customers she serves. Her work with marginalized groups as a college student, she says, helped prepare her for when the pandemic turned many of her customers’ businesses upside down last March.

Here she discusses what she’s learned after just 10 months in the industry and provides some advice for those looking to dive headfirst into something new.

Tell us a little bit about your career background. How did you get to where you are today?

I started working at Webroot back in January, so my time here hasn’t been long. For most of my collegiate career I worked in the Division of Student Affairs at CU Boulder, focusing specifically on leadership and development. I served as a student advisor to university officials and local businesses. And so, as time went on, I became very interested in the dynamic between people and business. From there, I knew I wanted to dive deeper into this realm but was unsure on how to get started. So after college I began working in healthcare operations.

I believe what got me interested in this career path was when I attended Denver Start Up Week, which was a phenomenal experience. It opened my eyes to the unfamiliar world of customer success. Seeing how companies used technology and data to proactively understand their customer persona, and on top of that, scale engagements to fit their customer’s needs was truly insane. I thought what better way of molding my interests than being on the front lines serving as an advocate between people and product.

And how did you land at Webroot specifically?

It’s a funny story. I had come across this position and halfway through filling out the application I thought I might not be well-equipped for the role, so I actually ended up not finishing the application. And then a recruiter reached out to me and said they were interested in starting a conversation. It was unconventional, but I’m very grateful she reached out because it gave me an opportunity to explain my transition and why I wanted to make that jump into tech. 

From there, I ended up interviewing here at Webroot and it was a great experience overall. Being early on in my career, I knew I wanted to work in an environment that obviously fostered growth, professionally and personally. After speaking with my current boss, I was very optimistic about the trajectory of Webroot, as well as the vision for Customer Success and this team specifically.

What are your core responsibilities as a customer retention specialist?

I would say my time is split between two main responsibilities. My primary role is to oversee the renewal process for a subset of SMBC contracts projected for the quarter. On the other hand, we are a customer facing role. So handling business customer inquiries as they arise. This involves everything from advising customers on certain buying decisions to providing in-product guides.

However, we are starting to shift our focus on how to effectively connect with customers throughout their lifecycle. Previously, we’ve concentrated on the renewal period which is 90 days before expiration. Now, we’re starting to expand our scope and engage with customers to create those smooth onboarding workflows, as well as push early-on adoption of the product. 

At the end of the day, it’s really about strategy—how do we effectively educate and guide the customer to build depth behind the product in hopes of retaining that relationship for the long haul.

What would you say has been the most significant challenge of your career so far?

I think one of the most significant challenges was switching to an industry I’d never worked in before. The learning curve was steep in terms of familiarizing myself with the products we offer, our workflow with all the various systems we use, and the dynamic relationships between our various partners.

In Customer Success, it’s not simply about securing renewals. The process involves having to solve roadblocks in order to help a customer achieve their goal. We have to work with a range of departments to solve issues the customer is facing—whether it be from a product standpoint or a billing redundancy. So being able to learn each player’s role and then manage those relationships was obviously a challenge to begin with. It’s exciting, though. It keeps you on your feet and you get to meet a lot of new people from diverse backgrounds. 

Another obvious challenge was COVID-19. I had only been working in the office for about two months when the pandemic hit. Learning how to onboard remotely was new and something I had to juggle with most definitely.

What skills do you feel have carried over well from your work in public affairs?

I believe Customer Success is focused on building relationships with our customers—which to my advantage was a valuable skill I carried over from my work in public affairs. In this role, it’s very important to enjoy solving problems and addressing issues head-on. You have to be incredibly flexible and create some sense of fluidity in the midst of a growing que of customer requests.

In my previous role, I worked with marginalized communities to combat an array of social issues. So learning how to communicate with empathy, while also moving with focus and intent was crucial and very much transcends into my current role now.

Do you have a favorite part of the job after 10 months with the company?

I’m optimistic about being able to refine the customer journey. I believe the beauty behind Customer Success is it’s still an unknown territory. Everywhere you look, companies have a different way and methodology on how they interact with the customer. Not to mention, the type of technology and automation coming into play is fascinating.

In addition to that, our team is fairly new, which gives us a range of autonomy to create the structure and the formatting that we believe will best deliver value to our customers throughout their lifecycle. Although we are now part of a 15,000-person organization, it still feels like a start-up environment. We are constantly working to strategize and envision how we want the customer experience to evolve. To me, it’s very exciting to be at the intersection of all these moving parts. 

Any advice for someone in your same situation, looking to cross over into the tech industry?

Well, given my experience, I’d say don’t doubt your capabilities. No experience is wasted experience. Even if you might not be the absolute perfect fit for a position, you have a breadth of skills you’ve developed over the past couple of years that will help mold you into whatever new role you’re interested in.

I believe one of the best pieces of advice I was ever given was don’t close a door on yourself before the opportunity even presents itself. By saying you can’t do this, or you don’t have the skills for that, you’ve already blocked out all these great possibilities. So be open to new experiences and don’t hold back.

To see what positions are available for you at OpenText, visit our careers page here.

The Nastiest Malware of 2020

For the third year running, we’ve examined the year’s biggest cyber threats and ranked them to determine which ones are the absolute worst. Somewhat unsurprisingly, phishing and RDP-related breaches remain the top methods we’ve seen cybercriminals using to launch their attacks. Additionally, while new examples of malware and cybercriminal tactics crop up each day, plenty of the same old players, such as ransomware, continue to get upgrades and dominate the scene.

For example, a new trend in ransomware this year is the addition of a data leak/auction website, where criminals will reveal or auction off data they’ve stolen in a ransomware attack if the victim refuses to pay. The threat of data exposure creates a further incentive for victims to pay ransoms, lest they face embarrassing damage to their personal or professional reputations, not to mention hefty fines from privacy-related regulatory bodies like GDPR.

But the main trend we’ll highlight here is that of modularity. Today’s malicious actors have adopted a more modular malware methodology, in which they combine attack methods and mix-and-match tactics to ensure maximum damage and/or financial success.

Here are a few of nastiest characters and a breakdown of how they can work together.

  • Emotet botnet + TrickBot Trojan + Conti/Ryuk ransomware
    There’s a reason Emotet has topped our list for 3 years in a row. Even though it’s not a ransomware payload itself, it’s the botnet that is responsible for the most ransomware infections, making it pretty darn nasty. It’s often seen with TrickBot, Dridex, QakBot, Conti/Ryuk, BitPaymer and REvil.

    Here’s how an attack might start with Emotet and end with ransomware. The botnet is used in a malicious spam campaign. An unwitting employee at a company receives the spam email, accidentally downloads the malicious payload. With its foot in the door, Emotet drops TrickBot, an info-stealing Trojan. TrickBot spreads laterally through the network like a worm, infecting every machine it encounters. It “listens” for login credentials (and steals them), aiming to get domain-level access. From there, attackers can perform recon on the network, disable protections, and drop Conti/Ryuk ransomware at their leisure.
  • Ursnif Trojan + IcedID Trojan + Maze ransomware
    Ursnif, also known as Gozi or Dreambot, is a banking Trojan that has resurfaced after being mostly dormant for a few years. In an attack featuring this troublesome trio, Ursnif might land on a machine via a malicious spam email, botnet, or even TrickBot, and then drop the IcedID Trojan to improve the attackers’ chances of getting the credentials or intel they want. (Interestingly, IcedID has been upgraded to use steganographic payloads. Steganography in malware refers to concealing malicious code inside another file, message, image or video.) Let’s say the Trojans obtain the RDP credentials for the network they’ve infected. In this scenario, the attackers can now sell those credentials to other bad actors and/or deploy ransomware, typically Maze. (Fun fact: Maze is believed to have “pioneered” the data leak/auction website trend.)
  • Dridex/Emotet malspam + Dridex Trojan + BitPaymer/DoppelPaymer ransomware

Like TrickBot, Dridex is another very popular banking/info-stealing Trojan that’s been around for years. When Dridex is in play, it is either dropped via Emotet or its authors’ own malicious spam campaign. Also like TrickBot, Dridex spreads laterally, listens for credentials, and typically deploys ransomware like BitPaymer/DoppelPaymer.

As you can see, there are a variety of ways the attacks can be carried out, but the end goal is the more or less the same. The diverse means just help ensure the likelihood of success.

The characters mentioned above are, by no means, the only names on our list. Here are some of the other notable contenders for Nastiest Malware.

  • Sodinokibi/REvil/GandCrab ransomware – all iterations of the same ransomware, this ransomware as a service (RaaS) payload is available for anyone to use, as long as the authors get a cut of any successful ransoms.
  • CrySiS/Dharma/Phobos ransomware – also RaaS payloads, these are almost exclusively deployed using compromised RDP credentials that are either brute-forced or easily guessed.
  • Valak – a potent multi-functional malware distribution tool. Not only does it commonly distribute nasty malware such as IcedID and Ursnif, but it also has information stealing functionalities built directly into the initial infection.
  • QakBot – an info-stealing Trojan often dropped by Emotet or its own malspam campaigns with links to compromised websites. It’s similar to TrickBot and Dridex and may be paired with ProLock ransomware.

Combine protections to combat combined attacks.

If businesses want to stay safe, they need to implement multiple layers of protection against these types of layered attacks. Here are some tips from our experts.

  • Lock down RDP. Security analyst Tyler Moffitt says unsecured RDP has risen over 40% since the COVID-19 pandemic began because more businesses are enabling their workforce to work remotely. Unfortunately, many are not doing so securely. He recommends businesses use RDP solutions that encrypt the data and use multi-factor authentication to increase security when remoting into other machines.
  • Educate end users about phishing. Principal product manager Phil Karcher points out that many of the attack scenarios listed above could be prevented with stronger phishing/spam awareness among end users. He recommends running regular security training and phishing simulations with useful feedback. He also says it’s critical that employees know when and how to report a suspicious message.
  • Install reputable cybersecurity software. Security intelligence director Grayson Milbourne can’t stress enough the importance of choosing a solution that uses real-time threat intelligence and offers multi-layered shielding to detect and prevent multiple kinds of attacks at different attack stages.
  • Set up a strong backup and disaster recovery plan. VP of product management Jamie Zajac says that, particularly with a mostly or entirely remote workforce, businesses can’t afford not to have a strong backup. She strongly recommends regular backup testing and setting alerts and regular reporting so admins can easily see if something’s amiss.

Discover more about the 2020’s Nastiest Malware on the Webroot Community.

Hone Your Cybersecurity Superpowers with Tips from Wonder Woman

October 21 is Wonder Woman Day. It commemorates Wonder Woman’s first appearance in All Star Comics #8. With the upcoming release of Wonder Woman 1984, we took the opportunity to talk superheroes, superpowers and protecting data with our very own Briana Butler, Engineering Services Manager at Webroot.

Q: Wonder Woman got her powers from her divine mother, Queen Hippolyta. How did you get your data protection superpowers?

I had a reboot in life. I was previously a retail buyer then I went back to school for computer science and ended up switching to the business school. I was hired at Webroot to be a bridge between engineering and business – you have to have people that can speak both languages – and that’s exactly what I wanted to do and what I was trying to forge with my new career.

I first began as a data analyst, which meant working on privacy compliance, GDPR, CCPA, and data mapping, understanding where data is stored and processed, and who has access to it. My latest role is as an Engineering Services Manager, meaning I help engineering and product with personnel and hiring needs, ISO certification and making sure our development teams receive the training they need to stay up to date with the fast pace of tech.

Q: Wonder Woman had several superpowers, or super powerful gadgets, like indestructible bracelets and a lasso that forced people to tell the truth. Is cyber resilience a superpower?

Every superhero has different talents or powers. When we think of cyber resilience, it’s sort of like our own personal toolbox of powers that we can use against malicious actors who want to take our data and make money off it.

Our toolbox of cyber resilience includes basic best practices like knowing how to create a strong password, not clicking every link that comes into your email inbox and daily behaviors of how to navigate and defend yourself online. The goal is to live your best digital life confidently, without disruption.

Q: What about our data? Does that give us any powers that we wouldn’t have without it?

I think it’s more about understanding the power data has if we give it away. When we give people access to our data, that’s when it becomes powerful. Whether it’s corporations or malicious actors, when we willingly hand out our data, that gives it power because then, they know things about us. I talk a lot about privacy and why everyone should be more critical and cognizant of the data they’re sharing. We share a lot more than we realize. It’s time for all of us to understand what we’re sharing and then decide if we, personally, really want to share it.

Q: Wonder Woman encountered her fair share of comic strip villains, like the Duke of Deception, Doctor Psycho and Cheetah. Who are the villains in the digital world?

They’re the malicious actors and cybercriminals who would take your data and sell it on the open market. It could even be the person trying to get access to your Hulu account. There are also nation-state actors and the companies you buy things from. There’s a huge spectrum of villains, and they all want your data. There’s big money in data. So, it’s important that you’re aware of what’s being shared.

I’ve started reading privacy policies – those long, convoluted legal documents – to see if I can understand where I’m going to be sharing my information and make a more conscious decision.

For one large social platform, when I went through it, I started asking myself, am I really okay sharing this information? Do I really need this service or platform? Is it necessary in exchange for what I’m about to share with them? In the end, I didn’t sign up for it.

I’ve also gone through the frustrating and somewhat time-consuming act of cleaning up all my passwords and using a password manager. Most people say they have anywhere from 15 to 20 password-protected accounts. But when I went through all the places I’ve shared my password, it was upwards of 100!

One of my favorite topics is password strength. We recently did an analysis of password configurations with Maurice Schmidtler, our head data scientist, who created a Monte Carlo simulation. We took what you usually see when you’re told to create a password – like using uppercase and lowercase letters or special symbols – and applied those within the simulation. What we found was that the more constraints you put on a password, the fewer viable options you have for a strong password, meaning it decreases the number of good password options. Whereas if you focus on creating a strong password, where length is more important than the various character-type constraints, you’ll end up with a much stronger password. Length is strength because it takes more computing power to break.

Q: Wonder Woman was a founding member of the Justice League. So, even she needed the help of a squad to defeat the villains. Do we need help from a squad to be more cyber resilient?

We all need assistance because as humans, we are fallible. Inevitably, someone might click on a malicious link, or some unforeseen event might happen where you need a backup that’s going to allow you to recover data instead of losing it permanently.

When it comes to ransomware, or really any other attack, you need awareness. That’s why we encourage proactive education and regular security awareness training, so people truly understand the threat landscape and how to identify the most prevalent types of attacks. 

Q: At one point in the story, Wonder Woman surrendered her superpowers and used fighting skills instead. In what ways do we surrender our powers when it comes to cyber resilience?

Oversharing content or data about yourself, your name or address are surefire ways to surrender power in the digital age. All these things identify you and allow criminals to gain insight that can be used against you through social engineering.

You’re also surrendering power when you practice poor cyber hygiene, like repeating passwords across multiple logins. Once a cybercriminal gains access to one login, they can discover more details about you and use it elsewhere. For example, you may not be worried about a criminal getting access to your Netflix account, but if you use the same password there as you do with your bank, then the situation just became much more serious.

You also surrender power by not protecting your home network and not using VPN when you’re on public Wi-Fi. People often think “it won’t happen to me,” until it’s too late. And recovery can be costly and time-consuming. That’s why implementing layers of protection up front strengthens cyber resilience and helps keep your digital life easy, secure and free of complications.

Q: Are you going to watch the new Wonder Woman movie?

Oh sure! I will because I’ve seen all the other ones. I’m a big fan of Guardians of the Galaxy. And, of course, I love Iron Man. And I was a big fan of Black Panther, too. Doctor Strange is also one of my faves.

Q: If cybercriminals were villains from Wonder Woman, who would they be?

The Duke of Deception! Hackers, cybercriminals and nation-state actors are constant antagonists, and that’s exactly who we defend our users against.

What DoH Can Really Do

Fine-tuning privacy for any preference

A DNS filtering service that accommodates DNS over HTTPS (DoH) can strengthen an organization’s ability to control network traffic and turn away threats. DoH can offer businesses far greater control and flexibility over their privacy than the old system.

The most visible use of DNS is typically the browser, which is why all the usual suspects are leading the charge in terms of DoH adoption. This movement has considerable steam behind it and has extended beyond just applications as Microsoft, Apple and Google have all announced their intent to support DoH.

Encrypting DNS requests is an indisputable win for privacy-minded consumers looking to prevent their ISPs from snooping on and monetizing their browsing habits. Businesses, on the other hand, should not easily surrender this visibility since managing these requests adds value, helping to keep users from navigating to sites known to host malware and other threats.

Here are three examples of how.

1.  By enhancing DNS logging control

Businesses have varying motivations for tracking online behavior. For persistently troublesome users—those who continuously navigate to risky sites—it’s beneficial to exert some control over their network use or even provide some training on what it takes to stay safe online. It can also be useful in times of problematic productivity dips by helping to tell if users are spending inordinate amounts of time on social media, say.

On the other hand, for CEOs and other strategic business units, tracking online activity can be cause for privacy concerns. Too much detail into the network traffic of a unit tasked with investigating mergers and acquisitions may be unwanted, for example.

“If I’m the CEO of a company, I don’t want people paying attention to where I go on the internet,” says Webroot DNS expert Jonathan Barnett. “I don’t want people to know of potential deals I’m investigating before they become public.”

Logging too much user information can also be problematic from a data privacy perspective. Collecting or storing this information in areas with stricter laws, as in the European Union, can unnecessarily burden organizations with red tape.

“Essentially it exposes businesses to requirements concerning how they’re going to use that data, who has access to it and how long that data is preserved” says Barnett.

By optionally never logging user information and backing off DNS logging except when a request is deemed a security threat, companies maintain both privacy and security.

2. By allowing devices to echo locally

With DoH, visibility of DNS requests is challenging. The cumulative DNS requests made on a network help to enhance its security as tools such as SIEMs and firewalls leverage these requests by controlling access as well as corelating the requests with other logs and occurrences on the network. 

“Let’s say I’m on my network at the office and I make a DNS request,” explains Barnett. “I may want my DNS request to be seen by the network as well as fielded by my DNS filtering service. The network gets value out of DNS. If I see inappropriate DNS requests I can go and address the user or fix the device.”

Continuing to expose these DNS requests through an echo to the local network provides this, while the actual requests are secure and encrypted by the DNS protection agent using DoH. This option achieves the best of both worlds by adding the security of DoH to the security of the local network.

3. By allowing agents to fail open

DNS is instrumental to the functionality of the internet. So, the question is, what do we do when a filtered answer is not available? By failing over to the local network, it’s assured that the internet continues to function. However, there are times when filtering and privacy are more important than connectivity. Being able to choose if DNS requests can leak out to the local network helps you stay in control by choosing which is a priority.

 “Fail open functionality essentially allows admins to make a tradeoff between the protection offered by DNS filtering and the productivity hit that inevitably accompanies a lack of internet access,” says Barnett.

Privacy your way

The encryption of DoH enables options for fine-tuning privacy preferences while preserving the security benefits of DNS filtering. Those that must comply with the needs of privacy-centric users now have control over what is revealed and what is logged, while maintaining the benefits of communicating using DoH.

Click here to read related blogs covering the transition to DNS over HTTPS.

Cyber News Rundown: Child Smartwatch Backdoored

Backdoor Found in Children’s Smartwatch

Researchers have discovered that the X4, made by Norwegian smartwatch seller Xplora, contains a backdoor that could allow for information to be stolen. The X4 watch is designed specifically for children with a limited number of capabilities, mostly for children’s security. The backdoor, however, could allow attackers to take snapshots, view messages, call records, and access geolocational data from the wearer. The watches are designed and built in China and it remains unclear who has access to data created and stored on the devices.

Ransomware Strikes London Borough

The London borough of Hackney recently fell victim to a ransomware attack, taking several of the council’s primary services offline. While still little is known about the attack, it’s likely that encrypted files were also stolen for auctioning to the highest bidder. Council officials are working with law enforcement to determine the initial attack vector and information that may have been targeted.

Carnival Reveals Updates to Recent Cyberattack

Nearly two months after a ransomware attack compromised a third-party vendor for the Carnival Corporation, the company announced sensitive passenger information has indeed been exposed. An undetermined number of customers and employees may be affected across three Carnival cruise lines. With 150,000 employees worldwide, and upwards of 13 million customers, this data breach could be affect millions of individuals.

Ransomware Takes Aim at International Law Firm

International law firm Seyfarth Shaw has confirmed a ransomware attack targeted their systems over the weekend. While the extent of the attack remains unclear, several systems were forced offline after encryption was executed to stop additional spreading. Firm officials stated that no client information was stolen or illicitly accessed, but they are still operating without email or a live website. Some systems were saved from the attack but officials have yet to confirm if customers were affected by the breach.

Software AG Suffers Major Data Breach

German IoT specialist Software AG suffered a ransomware attack that was able to exfiltrate significant amounts of data. Officials have confirmed that, while they have been able to maintain online services throughout the attack, the malicious downloading of an unknown amount of sensitive data did take place. The attacking group has not yet been identified, but other attacks of similar scale have cost companies anywhere from $20 to $70 million in ransoms for the return of their data.

Cyber News Rundown: COVID-related Attacks Target Canadian Companies

New Jersey Hospital Pays Massive Ransom

Officials have decided to pay roughly $670,000 in ransom following a ransomware attack on the University Hospital in New Jersey. The hospital was likely forced into this decision after being unable to restore from backups the 240GB of data stolen in the attack on their systems. It’s not entirely clear what information was stolen, but given the haste of payment it was likely highly sensitive patient data.

COVID-Related Cyberattacks Target Canadian Companies

A recent survey revealed that over 25% of all Canadian business organizations had been targeted by a COVID-19-themed cyberattack since the beginning of the year. Most of the organizations surveyed also reported seeing a significant rise in overall cyberattacks since the pandemic began. Worrisome findings also revealed that 38% of organizations surveyed were unsure if they had fallen victim to any type of cyberattack, which could mean the amount of customer information for sale on black markets could be significantly higher.

Boom! Mobile Website Compromised

Customer data has been compromised for users of the Boom! Mobile website, which was infiltrated by malicious JavaScript. It’s still unclear how the unauthorized code got onto the site or how long was active. Officials for the mobile company have confirmed they do not store payment card data and that no Boom! Mobile accounts were compromised.

Major Ransomware Attacks Increase Through Q3

Researchers have reported a massive increase in ransomware attacks in Q3 of 2020, with the Maze group being responsible for 12% of all attacks. They also reported that Ryuk ransomware variants were responsible for an average of 20 attacks per week. With the ongoing neglect of cybersecurity in major corporations, ransomware attacks will likely continue as long as their authors find them profitable.

Chicago Food Delivery Service Stricken with Data Breach

Nearly 800,000 customer records were compromised following a data breach at ChowBus, a Chicago-based food delivery service. With roughly 440,000 unique email addresses exposed, many individuals are now more susceptible to additional phishing attacks or identity theft. Fortunately, however, ChowBus does not store payment card information on its site.

It’s Time to Talk Seriously About Deepfakes and Misinformation

Like many of the technologies we discuss on this blog—think phishing scams or chatbots—deepfakes aren’t necessarily new. They’re just getting a whole lot better. And that has scary implications for both private citizens and businesses alike.

The term “deepfakes,” coined by a Reddit user in 2017, was initially most often associated with pornography. A once highly trafficked and now banned subreddit was largely responsible for developing deepfakes into easily created and highly believable adult videos.

“This is no longer rocket science,” an AI researcher told Vice’s Motherboard in an early story on the problem of AI-assisted deepfakes being used to splice celebrities into pornographic videos.

The increasing ease with which deepfakes can be created also troubles Kelvin Murray, a senior threat researcher at Webroot.

“The advancements in getting machines to recognize and mimic faces, voices, accents, speech patterns and even music are accelerating at an alarming rate,” he says. “Deepfakes started out as a subreddit, but now there are tools that allow you to manipulate faces available right there on your smartphone.”

While creating deepfakes used to require good hardware and a sophisticated skillset, app stores are now overflowing with options creating them. In terms of technology, they’re simply a specific application of machine learning technology, says Murray.

“The basics of any AI system is that if you throw enough information at it, itcan pick it up. It can mimic it. So, if you give it enough video, it can mimic a person’s face. If you give it enough recordings of a person, it can mimic that person’s voice.”

There are several ways deepfakes threaten to redefine the way we live and conduct business online.

Deepfakes as a threat to privacy

A stolen credit card can be cancelled. A stolen identity, especially when it’s a mimicked personal attribute, is much more difficult to recover. The hack of a firm dedicated to developing facial recognition technology, for instance, could be a devastating source of deepfakes.

“So many apps, sites and platforms host so many videos and recordings today. What happens when they get hacked? Will the breach of a social media platform allow a hacker to impersonate you,” asks Murray.

Businesses must be especially careful about the data they collect from customers or users, asking both if it’s necessary to collect and if it can be stored safely afterwards. If personal data must be collected, security must be a top priority, and not only for ethical reasons. Governments are starting to enact some strict regulations and doling out some stiff fines for data breaches.

Ultimately, Murray thinks those governments may need to weigh in more heavily on the threat of deepfakes as they become even more indistinguishable from reality.

“We’re not going to stop this technology. It’s here. But people need to have the discussion about where we’re heading. In the same way GDPR was created to protect people’s data, we’re going to need to have a similar conversation about deepfakes leading to a different kind of identity theft.”

Deepfakes as a cybersecurity threat to businesses

It’s important to note the ways in which deepfakes can be used to target businesses, not just to spoof individuals.

“These business-related instances aren’t too common yet,” says Murray. “But we’re at the beginning of a wave right now in terms of AI-enabled threats against businesses.

A late 2019 attack against a U.K. energy firm could be a sign of scary things to come. Rather than video, this attack took advantage of voice-spoofing technology to pose as an executive’s manager, insisting he wire nearly $250 thousand to a “supplier” immediately. In the aftermath of the scam, the victim reported being convinced by both the accent and the rhythm of the fake speech pattern.

To safeguard against what could be a rising attack method, Murray recommends businesses understand what deepfakes are capable of and follow best practices for avoiding fraud, no matter the technology.

“Have well-defined protocol for changing account details and signing off on any invoices,” he advises “Train financial and accounting teams especially rigorously on these protocols and encourage them to pick up the phone and double-check when anything seems strange or off. In these days of increased working from home it’s also tougher for financial staff to walk up to other finance or sales colleagues and make informal double checks.”

Deepfakes and misinformation campaigns

Soon after deepfakes went mainstream, implications for politics and the weaponization of misinformation became clear, prompting the U.S. Senate to address the issue in 2018.

While initially used to humiliate or extort people, mostly women, malicious actors began to see them as a way to sway public opinion or sow chaos. Deeptrace, a company dedicated to uncovering deepfakes, has noted instances where manipulated video was used to promote social discord and scandal across the globe.

“Deepfakes further undermine our ability to believe what we read, and now even watch, on the internet,” says Murray. This leads to widespread distrust, especially on issues where understanding is crucial, like the coronavirus pandemic, where misinformation is bountiful.

To combat misinformation, Murray advises to keep in mind how much of it is out there. Always consider the source of the information you’ve received before acting on it, especially if it makes you angry or elicits some other strong emotional response.

Deepfakes will likely make the internet even more difficult to rely on as a source of information in the years to come. But reducing their impact starts with understanding how far they’ve come and what they’re capable of.

Cyber News Rundown: Ryuk Wreaks Healthcare Havoc

Ryuk Shuts Down Universal Health Services

Computer systems for all 400 Universal Health Services facilities around the globe have reportedly been shut down following an attack by the Ryuk ransomware group. Ryuk is known for targeting large organizations, but the healthcare industry has been gaining popularity among these groups due to high volumes of sensitive information and typically low levels of security. It’s unknown if the healthcare firm has paid ransoms for the encrypted data or if they are restoring systems from available backups.

Global Insurance Firm Targeted by Ransomware

The Fortune 500 insurance firm AJG was forced to take several computer systems offline over the weekend after identifying a cyber-attack. It’s still unclear which ransomware variant was responsible for the attack and officials with the firm haven’t revealed if customer or employee information was stolen. Third-party researchers confirmed multiple AJG servers, unpatched for a serious vulnerability, could have been the entry point for the attack.

French Shipping Company Knocked Offline by Ransomware

All computer systems and websites belonging to CMA CGM, a French shipping giant, were knocked offline by a crippling ransomware attack. This attack on CMA CGM makes them the fourth international shipping company to fall victim to a cyberattack, which have proven profitable, in as many years. The company has verified that the Ragnar Locker ransomware group was behind the attack, though they have not revealed the ransom asked.

Cyber Attack Forces Swatch to Disconnect Online Services

Though not confirmed by Swatch, the Swiss watchmaker was reportedly forced to take many of their systems offline after likely falling victim to a ransomware attack. While the company did not verify the type of attack, ransomware’s prevalence this year makes it a likely culprit. Swatch has announced they plan to seek legal action against the attackers.

DDoS Attacks See Substantial Rise in 2020

There were over 4.8 million DDoS attacks during the first half of 2020, a 15% rise over the same period last year. May alone saw more than 900,000 DDoS attacks, a record for most in a single month. Ninety percent of these attacks lasted for under an hour, marking another shift from previous years’ attacks. They have also increased in complexity, leaving victims and researchers with little time to defend themselves.

False Confidence is the Opposite of Cyber Resilience

Have you ever met a person who thinks they know it all? Or maybe you’ve occasionally been that person in your own life? No shame and no shade intended – it’s great (and important) to be confident about your skills. And in cases where you know your stuff, we encourage you to keep using your knowledge to help enhance the lives and experiences of the people around you.

But there’s a big difference between being reasonably confident and having false confidence, as we saw in our recent global survey. Featured in the report COVID-19 Clicks: How Phishing Capitalized on a Global Crisis, the survey data shows that, all over the world, people are pretty confident about their ability to keep themselves and their data safe online. Unfortunately, people are also still getting phished and social engineering tactics aimed at employees are still a major way that cybercriminals successfully breach businesses. These data points strongly suggest that we aren’t all being quite as cyber-safe as we think.

Overconfidence by the Numbers

Approximately 3 in 5 people (59%) worldwide think they know enough to stay safe online.

You may think 59% doesn’t sound high enough to earn the label of “false confidence”. But there were two outliers in our survey who dragged the average down significantly (France and Japan, with only 44% and 26% confidence, respectively). If you only take the average of the five other countries surveyed (the US, UK, Australia/New Zealand, Germany and Italy), it’s a full ten percentage points higher at 69%. UK respondents had the highest level of confidence out of all seven regions surveyed with 75%.

8 in 10 people say they take steps to determine if an email message is malicious.

Yet 3 in 4 open emails and click links from unknown senders.

When so many of us claim to know what to do to stay safe online (and even say we take steps to determine the potential sketchiness of our emails), why are we still getting phished? We asked Dr. Prashanth Rajivan, assistant professor at the University of Washington and expert in human behavior and technology, for his take on the matter. He had two important points to make.

Individualism

According to Dr. Rajivan, it’s important to note that Japan had the lowest level of confidence about their cybersecurity know-how (only 26%), but the survey showed they also had the lowest rate of falling victim to phishing (16%). He pointed out that countries with more individualistic cultures seem to align with countries who ranked themselves highly on their ability to keep themselves and their data safe.

“When people adopt a less individualistic mindset and, instead, perceive themselves to have a greater responsibility to others, their average level of willingness to take risks decreases. This is especially important to note for businesses that want to have a cyber-aware culture.”

– Prashanth Rajivan, Ph.D.

The Dunning-Kruger Effect

Another factor Dr. Rajivan says may contribute to overconfidence in one’s ability to spot phishing attacks might be a psychological phenomenon called the “Dunning-Kruger Effect”. The Dunning-Kruger Effect refers to a cognitive bias in which people who are less skilled at a given task tend to be overconfident in their ability, i.e. we tend to overestimate our capabilities in areas where we are actually less capable.

How These Numbers Affect Businesses

Only 14% of workers feel that a company’s cyber resilience is a responsibility all employees share.

The correlations between overconfidence and individualism may also translate into a mentality that workers are not responsible for their own cybersecurity during work hours. While 63% of workers surveyed agree that a cyber resilience strategy that includes both security tools and employee education should be a top priority for any business, only 14% felt that cyber resilience was a shared responsibility for all employees.

How to Create a Cyber Aware Culture

The short answer: a strong combination of employee training and tools.

The long answer: when asked what would help them feel better prepared to avoid phishing and prevent cyberattacks, workers worldwide agreed that their employers need to invest more heavily in training and education, in addition to strong cybersecurity tools. Dr. Rajivan also agrees, stating that, if employers want to build cybersecurity awareness into their business culture, then they need to invest heavily in their people.

“By creating a feeling of personal investment in the individuals who make up a company, you encourage the employees to return that feeling of investment toward their workplace. That’s a huge part of ensuring that cybersecurity is part of the culture. Additionally, if we want to enable employees to assess risk properly, we need to cut down on uncertainty and blurring of context lines. That means both educating employees and ensuring we take steps to minimize the ways in which work and personal life get intertwined.”

– Prashanth Rajivan, Ph.D.

Additionally, he tells us, “Human behavior is shaped by past experiences, consequences and reinforcement. To see a real change in human behavior related to phishing and online risk-taking habits in general, people need frequent and varied experiences PLUS appropriate feedback that incentivizes good behavior.”

Ultimately, the importance of training can’t be emphasized enough. According to real-world data from customers using Webroot® Security Awareness Training, which provides both training courses and easy-to-run, customizable phishing simulations, consistent training can reduce click rates on phishing scams by up to 86.5%.

It’s clear a little training can go a long way. If you want to increase cyber resilience, you have to minimize dangerous false confidence. And to do that, you need to empower your workforce with the tools and training they need to confidently (and correctly) make strong, secure decisions about what they do and don’t click online.

Learn more about Security Awareness Training programs.

Cyber News Rundown: LokiBot Attacks Increase

DHS Announces Massive Increase in LokiBot Attacks

By monitoring and tracking of cyberattacks over 2020, U.S. Department of Homeland Security (DHS) officials have uncovered a significant increase in cyberattacks being carried out by LokiBot, a malicious info-stealer of stored passwords and cryptocurrency information. The increase in LokiBot attacks can likely be attributed to its ability to steal credentials from hundreds of applications, and its range of other features that make it appealing to a wide variety of cyber criminals.

Long Island Hospital Suffers Data Breach

Blackbaud, a third-party vendor for a Long Island hospital, may have exposed sensitive patient information after it suffered a data breach this summer. In a July statement, Blackbaud revealed personally identifiable information for a number of patients was stolen but claimed it was destroyed shortly afterwards. Affected patients have been contacted regarding the breach and stolen information.

Thousands of Customers Exposed in Town Sports Breach

A database containing highly sensitive information belonging to over 600,000 customers and employees of Town Sports International was found publicly exposed on the internet. Town Sports recently filed for bankruptcy and was notified of this breach roughly a week later. While the company did not publically respond to the findings, the information secured the following day included everything from physical addresses to payment card info and other billing data. Past clients of the fitness chain should be wary of any emails they receive regarding their Town Sports memberships.

Global Operation Takes Down Major Dark Web Drug Network

In a major collaboration between Europol and other global intelligence organizations, 179 individuals across six countries have been arrested in relation to drug trafficking through Dark Web markets. Officials also revealed that this bust allowed them to seize $6.5 million in cash and hundreds of kilograms of illicit drugs. The operation is another setback for anonymous marketplaces allowing for the buying and selling of illegal goods and services as law enforcement continues to target rogue online bazaars.

Data from Over 200 Merchants Leaked in Shopify Breach

Data from at least 200 merchants was compromised after an internal support employee for Shopify was found to be stealing data. While the data included only basic contact information on customers and no payment card or social security info was taken, officials for Shopify are still working to determine the extent of the theft and if it has further changed hands. The employees involved with this breach have since been fired and all access to Shopify systems has been revoked to prevent further incident.

Cyber Resilience for Business Continuity

“Ten years ago, you didn’t see state actors attacking [small businesses]. But it’s happening now,” warns George Anderson, product marketing director at Carbonite + Webroot, OpenText companies.

Sadly, many of today’s managed service providers who serve small and medium-sized businesses now have to concern themselves with these very threats. Independent and state-sponsored hacking groups use sophisticated hacking tools (advanced persistent threats or APTs), to gain unauthorized access to networks and computers, often going undetected for months or even years at a time. In fact, according to the 2020 Verizon Data Breach Investigations Report, cyber-espionage is among the top patterns associated with breaches targeting businesses worldwide.

These attacks can be difficult even for highly sophisticated enterprise security teams to detect, stop or recover from. But all businesses, no matter their size, must be ready for them. As such, MSPs, themselves ranging in size from a few techs to a few hundred professionals, may find they need help protecting their SMB customers from APTs; that’s on top of the consistent onslaught of threats from ordinary, profit-motivated cyberattackers. That’s where the concept of cyber resilience comes in.

What does cyber resilience look like?

“Being [cyber] resilient – knowing that even if you’re knocked offline you can recover quickly – is essential for today’s businesses,” George says.

The reality is that today’s organizations have to accept a breach is pretty much inevitable. Their level of cyber resilience is the measure of the organization’s ability to keep the business running and get back to normal quickly. “It’s being able to absorb punches and get back on your feet, no matter what threatens,” as George put it in a recent podcast with Joe Panettieri, co-founder MSSP Alert & ChannelE2E.

Read more about how businesses can build a cyber resilient company culture.

How can businesses and MSPs achieve cyber resilience?

Because cyber resilience is about both defending against attacks and preparing for their inescapability,  a major component in a strong resilience strategy is the breadth of coverage a business has. In particular, having tested and proven backup and disaster recovery solutions in place is the first step in surviving a breach. If a business has reliable, real-time (or near real-time) recovery capabilities, then in the event of an attack, they could make it through barely skipping a beat.

Now, George has clarified that “no single solution can offer complete immunity against cyberattacks on its own.” To reduce the risk of events like data loss from accidental deletion, device theft or hardware failure, your clients need multiple layers of protection that secure their devices and data from multiple angles. Here are George’s top data protection tips:

  • All data must be continuously backed up and available.
  • Data stored within collaboration tools, such as Microsoft® Teams or SharePoint, should be backed up too.
  • A full cyber resilience strategy should include cybersecurity and threat prevention features, network protection and end user education, in addition to backup and recovery solutions.
  • Choose vendors who are known within the channel for their easy management, integrations with RMMs and/or their reputation with your fellow MSPs.

Ultimately, George says ensuring business continuity for MSPs and the businesses they serve through comprehensive cyber resilience solutions is the primary goal of the Carbonite + Webroot division of OpenText.

“We want to up the advocacy and stop attacks from happening as much as we possibly can.  At  the  same time, when they inevitably do happen, we want to be able to help MSPs recover and limit lost time, reputation damage, and financial impact so businesses can keep functioning.”

To learn more about cyber resilience, click here.

MSP Insight: Netstar Shares Cyber Resilience Strategies for Remote Work

Guest blog by Mit Patel, Managing Director of London based IT Support company, Netstar.

In this article, Webroot sits down with Mit Patel, Managing Director of London-based MSP partner, Netstar, to discuss the topic of remote work during a pandemic and tips to stay cyber resilient.

Why is it important to be cyber resilient, specifically when working remote?

It’s always important to be cyber resilient, but a lot has changed since the start of the COVID-19 lockdown that needs to be taken into consideration.

Remote work has posed new problems for businesses when it comes to keeping data secure. Since the start of lockdown, there has been a significant increase in phishing scams, ransomware attacks and malicious activity. Scammers now have more time to innovate and are using the widespread anxiety of coronavirus to target vulnerable people and businesses.

Moreover, the sudden shift in working practices makes the pandemic a prime time for cyber-attacks. Employees can no longer lean over to ask a colleague if they are unsure about the legitimacy of an email or web page. Instead, they need to be confident in their ability to spot and avoid potential security breaches without assistance.

Remote work represents a significant change that can’t be ignored when it comes to the security of your business. Instead, businesses need to be extra vigilant and prioritise their cyber resilience.

What does cyber resilience mean to you?

It’s important to differentiate between cyber resilience and cyber security. Cyber security is a component of cyber resilience, referring to the technologies and processes designed to prevent cyber-attacks. Whereas, I believe cyber resilience goes a step further, referring to the ability to prevent, manage and respond to cyber threats. Cyber resilience recognises that breaches can and do happen, finding effective solutions that mean businesses recover quickly and maintain functionality. The main components of cyber resilience include, training, blocking, protecting, backing up and recovering. When all these components are optimised, your cyber resilience will be strong, and your business will be protected and prepared for any potential cyber threats.

Can you share some proactive methods for staying cyber resilient when working remote?

Absolutely. But it’s important to note that no solution is 100% safe and that a layered approach to IT security is necessary to maximise protection and futureproof your business.

Get the right antivirus software. Standard antivirus software often isn’t enough to fully protect against viruses. Businesses need to consider more meticulous and comprehensive methods. One of our clients, a licensed insolvency practitioner, emphasized their need for software that will ensure data is protected and cyber security is maximised. As such, we implemented Webroot SecureAnywhere AnitVirus, receiving excellent client feedback, whereby the client stressed that they can now operate safe in the knowledge that their data is secure.

Protect your network. DNS Protection is a critical layer for your cyber resilience strategy. DNS will protect you against threats such as malicious links, hacked legitimate websites, phishing attacks, CryptoLocker and other ransomware attacks. We have implemented DNS Protection for many of our clients, including an asset management company that wanted to achieve secure networks with remote working capability. In light of the current remote working situation, DNS Protection should be a key consideration for any financial business looking to enhance their cyber resilience.

Ensure that you have a strong password policy. Keeping your passwords safe is fundamental for effective cyber resilience, but it may not be as simple as you think. Start by making sure that you and your team know what constitutes a strong password. At Netstar, we recommend having a password that:

  • Is over 10 characters long
  • Contains a combination of numbers, letters and symbols
  • Is unpredictable with no identifiable words (even if numbers or symbols are substituted for letters)

You should also have different passwords for different logins, so that if your security is compromised for any reason, hackers can only access one platform. To fully optimise your password policy, you need to consider multi-factor authentication. Multi-factor authentication goes a step further than the traditional username-password login. It requires multiple forms of identification in order to access a certain email account, website, CRM etc. This will include at least two of the following:

  • Something you know (e.g. a password)
  • Something you have (e.g. an ID badge)
  • Something you are (e.g. a fingerprint)

Ensure that you have secure tools for communication. Collaboration tools, like Microsoft Teams, are essential for remote working. They allow you to communicate with individuals, within teams and company-wide via audio calls, video calls and chat.

When it comes to cyber resilience, it’s essential that your team know what is expected of them. You should utilise collaboration tools to outline clear remote working guidance to all employees. For example, we would recommend discouraging employees from using personal devices for work purposes. The antivirus software installed on these devices is unlikely to be of the same quality as the software installed on work devices, so it could put your business at risk.

Furthermore, you need to be confident that your employees can recognise and deal with potential security threats without assistance. Individuals can no longer lean across to ask a colleague if they’re unsure of the legitimacy of something. They need to be able to do this alone. Security awareness training is a great solution for this. It will teach your team about the potential breaches to look out for and how to deal with them. This will cover a range of topics including, email phishing, social media scams, remote working risks and much more. Moreover, courses are often added and updated, meaning that your staff will be up to date with the latest scams and cyber threats.

Implement an effective backup and disaster recovery strategy

Even with every preventive measure in place, things can go wrong, and preparing for disaster is crucial for effective cyber resilience.

In fact, a lot of companies that lose data because of an unexpected disaster go out of business within just two years, which is why implementing an effective backup and disaster recovery strategy is a vital layer for your cyber resilience strategy.

First, we advise storing and backing up data using an online cloud-based system. When files are stored on the cloud, they are accessible from any device at any time. This is particularly important for remote working; it means that employees can collaborate on projects and access necessary information quickly and easily. It also means that, if your device is wiped or you lose your data, you can simply log in to your cloud computing platform and access anything you might need. Thus, data can easily be restored, and you’re protected from potential data loss.

Overall, disaster recovery plans should focus on keeping irreplaceable data safe. Consider what would happen to your data in the event of a disaster. If your office burned down, would you be confident that all your data would be protected?

You should be working with an IT support partner that can devise an effective and efficient disaster recovery plan for your business. This should set out realistic expectations for recovery time and align with your insurance policy to protect any loss of income. Their goal should be to get your business back up and running as quickly as possible, and to a high standard (you don’t want an IT support partner that cuts corners). Lastly, your IT support provider should regularly test your strategy, making sure that if disaster did occur, they could quickly and effectively restore the functionality of your business.

What else should fellow MSPs keep in mind during this trying time?

In the last four years, cyber resilience has become increasingly important; there are so many more threats out there, and so much valuable information that needs protecting.

We have happy clients because their machines run quickly, they experience less IT downtime, and they rarely encounter viruses or malicious activity. We know that we need to fix customers’ problems quickly, while also ensuring that problems don’t happen in the first place. Innovation is incredibly important to us, which is why we’ve placed a real focus on proactive client advisory over the last 24 months.

That’s where a strong cyber resilience strategy comes into play. MSPs need to be able to manage day-to-day IT queries, while also focusing on how technology can help their clients grow and succeed in the future.There is plenty of advice around the nuts and bolts of IT but it’s the advisory that gives clients the most value. As such, MSPs should ensure they think like a customer and make technological suggestions that facilitate overall business success for their clients.