Cyber News Rundown: Bank of America Breach Reveals PPP Info
Bank of America Breach Reveals PPP Information
After processing over 300,000 Paycheck Protection Program applications, Bank of America has revealed that a data breach occurred within the U.S. Small Business Administration’s program that allowed all other SBA-authorized lenders to view highly sensitive data. The data includes tax information and social security numbers relating to both businesses and their owners and could have extremely devastating effects in the wrong hands. Fortunately, the SBA secured the compromised data within a day of being notified and Bank of America has reached out to affected customers offering of two years of identity theft protection. null
Bank of Costa Rica Suffers Data Breach
Threat actors working for the Maze group recently claimed to have belonging to millions of Bank of Costa Rica customer accounts, a claim that was quickly refuted by the bank itself. Within a week, Maze began publishing proof of their bounty and promised to continue posting records if the bank fails to improve their current security. Maze also claimed to have accessed the bank’s systems on multiple occasions to determine if security had improved but chose not to encrypt their systems as the second breach occurred during the COVID-19 pandemic.
Old LiveJournal Breach Data Re-emerges
Researchers have been looking into a recent data dump that appears to have originated from the 2014 LiveJournal breach and contains over 33 million records up to 2017. It is hard to precisely date the breach, as LiveJournal is a Russian-owned journaling service and never reported it, though many LiveJournal users were targeted in a past spam extortion email campaign. More recently, users of Dreamwidth, which shares the LiveJournal codebase, has seen reports of compromised accounts.
Turla Hackers Grabbing Antivirus Logs to Check for Detection
One of the largest state-sponsored hacker groups, Turla, has turned their attention to accessing antivirus logs on infected systems to determine if their malicious activity has been discovered. With the use of ComRAT V1 (and later versions), Turla has been gaining highly sensitive information from major national organizations for over a decade and continues to improve on their methods. By viewing the logs created by local antivirus software, the attackers can adjust more quickly to avoid future detections.
New COVID-19 Tracker Drops [F]Unicorn Ransomware
The latest to capitalize on the public’s pandemic fears, a new fake COVID-19 tracing app has been targeting systems in Italy by dropping a new ransomware variant dubbed [F]Unicorn. The malicious payload comes disguised as a file from the Italian Pharmacist Federation. It then directs the victim to a beta version of the yet-to-be-released Immuni tracing app, showing a fake tracing dashboard as the encryption process begins. The ransomware demands a 300-Euro payment but displays an invalid email address, so users would be unable to prove payment to the attackers even if they choose to pay.
The Future of Work: Being Successful in the COVID Era and Beyond
Working from home is no longer something some of us can get away with some of the time. It’s become essential for our health and safety. So, what does the future of work look like in a post-COVID world?
We asked some of our cybersecurity and tech experts for their insights, which we’ll be presenting in a series entitled The Future of Work. In this installment, we’ll cover the qualities that will separate companies able to make smooth transitions to new ways of working from those that can’t. Plus, we’ll examine the effects the pandemic and our response to it have on workplace culture.
What are hallmarks of organizations that will successfully navigate our new workplace realities?
The COVID-19 crisis has forced employers to more fully consider the broader humanity of their employees. With parents becoming teachers and caretakers for ill, often elderly loved ones, greater levels of empathy are required of management. Now, with a lagging world economy and even experts unsure of what shape the current recession will take, financial stress will likely be added to the long list of anxieties facing the modern workforce.
As remote work continues to be a norm in industries like tech, boundaries between home and work life will continue to be murky. This, says Webroot product marketing manager George Anderson, presents opportunities for effective leaders to stand out from their peers.
“Leadership matters now more than ever,” says Anderson, “and being truthful matters even more. Your staff is worried, and platitudes won’t help. They need real communication based on real facts explaining why a company is making certain decisions. Being empathetic, sharing in employee concerns, involving and demonstrating how you value your staff—whether at executive or managerial level—will impact loyalty, dedication, and future business performance.”
Forbes notes that a more empathetic work culture is a silver lining arising from the pandemic that won’t be easily undone. We now know not just our coworkers’ personalities, but also their home office setups, their pets, children, and even their bookshelves. That fuller understanding of the person behind the position will hopefully lead to an enduring human-centric shift in the workplace.
Long-term, how will office culture change? What policies should change once everyone is physically back at work?
Relatedly, office cultures are likely to change in irreversible ways. Even as we return to physical offices, large events like company all-hands meetings may be attended virtually from personal workspaces, and large team lunches may become rarities. Companies may even choose to alternate days in and out of the office to keep the overall office population lower.
“People will become more comfortable with video calling, screen sharing, and online collaboration,” predicts Anderson, “even between colleagues present in the same office. Boundaries will become blurred and we will find new ways to stay in touch and maintain our human connections by leveraging advanced collaboration solutions in new but secure ways.”
Personal hygiene will also undoubtedly become a bigger aspect of physical office culture. In its guidelines for safely returning to work, the CDC recommends installing a workplace coordinator charged with implementing hygiene best practices office wide. Suggested measures include increasing the number of hand sanitizing stations available to workers, relaxing sick leave policies to discourage ill workers from coming to the office, modernizing ventilation systems, and even daily temperature checks upon entering the building.
“Some of these hygiene measures will be single events, not the future of office work,” notes Anderson. “Others will have more long-term impacts on the way we work together.”
Given the visible impact some measures will have around the office, it will be impossible for them to not affect culture. Because routines like temperature checks may be considered intrusive, it’s important the reasoning behind them be communicated clearly and often. Stressing a culture of cleanliness as a means of keeping all workers healthy and safe can enforce a common bond.
Cybersecurity remains imperative
Cyber resilience isn’t the only aspect of overall business resilience being tested by COVID-19, but it’s a significant one. The cyber threats facing today’s remote workforces differ in key ways from those faced in the past, so its important companies reevaluate their cyber defense strategies. To do our part to help, we’re extending free trials on select business products to 60 days for a limited time. Visit our free trials page or contact us for more information.
Why Your Cyber Resilience Plan Doesn’t Include Windows 7
Our 2020 Threat Report shows increasing risks for businesses and consumers still running Windows 7, which ceased updates, support and patches earlier this year. This creates security gaps that hackers are all too eager to exploit. In fact, according to the report, malware targeting Windows 7 increased by 125%. And 10% of consumers and 25% of business PCs are still using it.
Webroot Security Analyst Tyler Moffitt points out that a violation due to a data breach could cost a business $50 per customer per record. “For one Excel spreadsheet with 100 lines of records, that would be $50,000.” Compare that with the cost of a new workstation that comes pre-installed with Windows 10 at around $500, and you quickly realize the cost savings that comes with offloading your historic OS.
Windows 10 also has the added advantage of running automatic updates, which reduces the likelihood of neglecting software patches and security updates. Continuing to run Windows 7 effectively more than doubles the risk of getting malware because hackers scan for old environments to find vulnerable targets. Making matters worse, malware will often move laterally like a worm until it finds a Windows 7 machine to easily infect. And in a time when scams are on the rise, this simple OS switch will ensure you’re not the weakest link.
While businesses are most vulnerable to Windows 7 exploits, consumers can hardly breathe easy. Of all the infections tracked in the 2020 Threat Report, the majority (62%) were on consumer devices. This does, however, create an additional risk for businesses that allow workers to connect personal devices to the corporate network. While employees work from home in greater numbers due to COVID-19, this particular security risk will remain even higher than pre-pandemic levels.
Layers are key
As Moffitt points out, no solution is 100% safe, so layering solutions helps to ensure your cyber resilience is strong. But there is one precaution that is particularly helpful in closing security gaps. And that’s security awareness training. “Ninety-five percent of all infections are the result of user error,” Moffitt says. “That means users clicking on something they shouldn’t thus infecting their computer or worse, a entire network.” Consistent training – 11 or more courses or phishing simulations over a four- to six-month period – can significantly reduce the rate at which users click on phishing simulations.
Also, by running simulations, “you get to find out how good your employees are at spotting scams,” Moffitt says. “If you keep doing them, users will get better and they will increase their efficacy as time goes on.”
Fight cyber-risks with cyber resilience
The best way to close any gaps in protection you may have is to deploy a multi-layered cyber resilience strategy, also known as defense-in-depth. The first layer is perimeter security that leverages cloud-based threat intelligence to identify advanced, polymorphic attacks. But since cyber resilience is also about getting systems restored after an attack, it’s also important to have backups that enable you to roll back the clock on a malware infection.
With so many people working from home amid the global coronavirus pandemic, it’s increasingly critical to ensure cyber resilient home environments in addition to business systems. Find out what major threats should be on your radar by reading our complete 2020 Threat Report.
Pay Attention to the Hacker Behind the Hoodie
There’s a pretty common misconception among small businesses and medium-sized businesses (SMBs) that hackers only target large organizations. Unfortunately, this belief couldn’t be further from the truth. In fact, according to the most recent Verizon Data Breach Investigations Report, more than 70% of cyberattacks target small businesses. Additionally, many attacks are now shifting to target managed service providers (MSPs), specifically because breaching an MSP can give hackers access to their entire SMB customer base.
Why are hackers targeting SMBs?
Simply put— it’s easy money. First, the smaller the business is, the less likely it is to have adequate cyber defenses. Moreover, even larger SMBs typically don’t have the budgets or resources for dedicated security teams or state-of-the-art intrusion prevention. On top of that, smaller businesses often lack measures like strong security policies and cybersecurity education programs for end users, so common vulnerabilities like poorly trained users, weak passwords, lax email security, and out-of-date applications make SMBs prime targets.
What’s more: some hackers specialize in breaching specific business types or industries, refining their expertise with each new attack.
Which business types are in the cross hairs?
Realistically speaking, the majority of businesses face similar amounts of risk. However, some industries do tend to be targeted more often, such as finance or healthcare. Here are some of the business types that are currently topping hacking hit lists.
Managed Service Providers
MSPs hold a lot of valuable data for multiple customers across industries, which makes them desirable targets. Hackers use a technique known as “island hopping”, in which they jump from one business to another via stolen login credentials. MSPs and their SMB customers are both potential targets of these attacks.
Healthcare Organizations
Hospitals, physical therapy offices, pediatricians, chiropractors, and other healthcare practices are easy targets for cybercrime because they can have such chaotic day-to-day operations, and because they often lack solid security practices. In addition, medical data and research can extremely valuable. Patient records alone can sell for up to $1,000 or more on the dark web.
Government Agencies
There are many reasons that cybercriminals, particularly nation-state terrorists, might target local and national governments. In particular, small governments and local agencies generate troves of sensitive information, while large governments can be victims of nationwide disruption, either for financial gain or sheer destruction.
Financial Institutions
You probably aren’t surprised by this list item. Banks, credit unions, and other financial institutions have long been targets for hackers due to a wealth of data and money. Only a few years ago in 2018, over 25% of all malware attacks targeted banks––that’s more than any other industry. More recently, automation has further enabled cybercriminals to run advanced attacks on financial institutions at scale.
Celebrities, Politicians, and High-Profile Brands
Hacktivists, who are usually politically, economically, or socially motivated, like to seek out politicians, celebrities, and other prominent organizations as targets. They may even attempt to embarrass public figures or businesses by stealing and disseminating sensitive, proprietary, or classified data to cause public disruption, or for private financial gain via blackmail.
What are your next steps?
The only real requirement for becoming a hacking target is having something that hackers want, which means all businesses are at risk. Luckily, a few relatively straightforward tips can go a long way in keeping your business secure.
Think Like a Hacker
Cybersecurity awareness training with phishing simulations is a vital component of an effective protection strategy. In fact, Webroot’s own research found that regular training over just 4-6 months reduced clicks on phishing links by 65%. Understanding hacker practices and motivations can help you predict potential threats and thwart attacks.
Lock Down Your Business First
The right security layers can protect you from threats on all sides. If you haven’t already, check out our free Lockdown Lessons, which include a variety of guides, podcasts, and webinars designed to help MSPs and businesses stay safe from cybercrime.
Embrace Comprehensive Cyber Resilience
Being resilient in the face of cybercrime doesn’t just mean having powerful, automated endpoint threat detection in place. It also means having security layers that can protect your business and clients front and back. That includes layers like security awareness training, as well as network protection and strong backup and disaster recovery services. The best defense is prevention, and by preventing attacks and planning your recovery proactively, you’ll be ready to bounce back right away at the first sign of trouble.
Hackers have diverse means and motives, so it’s up to you to know their methods and prepare your business and customers to block advanced threats.
To get started on the road to cyber resilience, you can learn more about Webroot® Business Endpoint Protection or take a free trial here.
AI and ML in Cybersecurity: Adoption is Rising, but Confusion Remains
If you’ve been working in the technology space for any length of time, you’ve undoubtedly heard about the rising importance of artificial intelligence (AI) and machine learning (ML). But what can these tools really do for you? More specifically, what kinds of benefits do they offer for cybersecurity and business operations?
If you’re not so sure, you’re not alone. As it turns out, although 96% of global IT decision-makers have adopted AI/ML-based cybersecurity tools, nearly 7 in 10 admit they’re not sure what these technologies do.
We surveyed 800 global IT decision-makers across the U.S., U.K., Japan, and Australia/New Zealand about their thoughts on AI and ML in cybersecurity. The report highlighted a number of interesting (and contradictory) findings, all of which indicated a general confusion about these tools and whether or not they make a difference for the businesses who use them. Additionally, nearly 3 out of 4 respondents (74%) agreed that, as long as their protection keeps them safe from cybercriminals, they really don’t care if it uses AI/ML.
Here’s a recap of key findings based on responses from all 4 regions.
- 91% say they understand and research their security tools, and specifically look for ones that use AI/ML.
- Yet 68% say that, although their tools claim to use AI/ML, they aren’t sure what that means.
- 84% think their business has all it needs to successfully stop AI/ML-based cyberattacks.
- But 86% believe they could be doing more to prevent cyberattacks.
- 72% say it is very important that cybersecurity advertising mention the use of AI/ML.
- However, 70% of respondents believe cybersecurity vendors’ marketing is intentionally deceptive about their AI/ML-based services.
AI and ML matter because automation matters
As we’ve all had to adjust to “the new normal”, IT professionals have had to tackle a variety of challenges. Not only have they had to figure out how to support a massive shift to working from home, but they also have to deal with the onslaught of opportunistic online scams and other cyberattacks that have surged amidst the chaos around COVID-19.
With all of us working to adapt to these new working conditions, it’s become clear tools that enable automation and productivity are pretty important. That’s where I want to highlight AI and ML. In addition to how AI/ML-based cybersecurity can drastically accelerate threat detection—and even predict shifts and emerging threat sources—these technologies can also make your workforce more efficient, more effective, and more confident.
While many of our survey respondents weren’t sure if AI/ML benefits their cybersecurity strategy, a solid percentage saw notable improvements in workforce efficiency after implementing these tools. Let’s go over those numbers.
- 42% reported an increase in worker productivity
- 39% saw increases in automated tasks
- 39% felt they had more time for training, learning new skills, and other tasks
- 38% felt more effective in their jobs
- 37% reported a decrease in human error
As you can see, the benefits of AI and ML aren’t just hype, and they extend well beyond the cybersecurity gains. Real numbers around productivity, automation, time savings, and efficacy are pretty compelling at the best of times, let alone when we’re dealing with sudden and drastic shifts to the ways we conduct business. That’s why I can’t stress the importance of these technologies enough—not only in your security strategy, but across your entire toolset.
Where to learn more
Ultimately, AI and ML-based tools can help businesses of all sizes become more resilient against cyberattacks—not to mention increase automation and operational efficiencies—but it’s important to understand them better to fully reap the benefits they offer.
While there’s clearly still a lot of confusion about what these tools do, I think we’re going to see a continuation of the upward trend in AI/ML adoption. That’s why it’s important that IT decision-makers have the resources to educate themselves about the best ways to implement these tools, and also look to vendors who have the historical knowledge and expertise in the space to guide them.
“Realistically, we can’t expect to stop sophisticated attacks if more than half of IT decision makers don’t understand AI/ML-based cybersecurity tools. We need to do better. That means more training and more emphasis not only on our tools and their capabilities, but also on our teams’ ability to use them to their best advantage.”
– Hal Lonas, SVP and CTO for SMB and Consumer at OpenText.
For further details about how businesses around the world are using AI and ML, their plans for cybersecurity spending, and use cases, download a copy of the full AI/ML report.
And if you still aren’t sure about AI/ML-based cybersecurity, I encourage you to read our white paper, Demystifying AI in Cybersecurity, to gain a better understanding of the technology, myth vs. reality, and how it benefits the cybersecurity industry.
Cyber News Rundown: HMRC Takes Down COVID-19 Scam Sites
Adult Website Leaks Trove of Sensitive Data
An recently discovered unsecured database belonging to the adult streaming site Cam4 was found to contain nearly 11 billion unique records amounting to seven terabytes of data. For a site with billions of visitors each year, the exposed data could affect millions who have visited the site since March 16 of this year, and could be used to further harm individuals whose connection to the site could be politically or socially sensitive. While the database was quickly taken offline, an analysis of the data showed that, though much of the data belonged to U.S. citizens, millions of others were from South America and Europe.
Hundreds of COVID-19 Scam Sites Taken Down by HMRC
Her Majesty’s Revenue & Customs (HMRC) has recently taken down nearly 300 COVID-related scam sites and domains. Hackers are opportunistic and have taken to preying on people trying to get information on the current pandemic but are finding themselves as victims of financial scams and phishing attempts. Fortunately, many organizations have taken up the cause of identifying and removing these harmful sites.
Nearly One Million WordPress Sites Under Attack
At least 24,000 unique IP addresses have been identified in a series of on-going attacks targeting vulnerabilities in more than 900,00 WordPress sites. Many vulnerabilities have been patched in recent months, but some sites have yet to update their plugins and remain at risk. The attacks inject malicious scripts into website headers when the WordPress user is logged in. Otherwise, the victim is redirected to another malicious advertisement, in hopes of gaining some profitable information.
Tokopedia Breach Leaves 91 Million User Records Up for Grabs
Over 91 million user records belonging to Tokopedia, a major Indonesian e-commerce firm, were recently found for sale on a dark web. The sale offered records for 15 million individual, likely stolen during a security incident in March, for $5,000. With millions of users and merchants using the site regularly, the company has issued a notice for users to change passwords as they investigate the breach.
Ransomware Demanding More as Corporations Continue to Payout
In recent fiscal quarters, the earnings for Sodinokibi and Ryuk ransomware have been rising steadily as SMBs and corporations are increasingly paying ransoms for data. Over the first quarter of 2020, the average ransom payout hovered around $111,000. A year prior, the average neared only $12,000 for large companies, typically very willing to pay for the quick return of their data, so limiting the amount of downtime an attack may cause. The top earning ransomware variants, Ryuk and Sodinokibi, both have shifted their focus from service providers to carefully targeted large corporations and have even pushed ransom demands over $1 million in some instances.
Poor Password Practices: The Curse of the Cybersecurity Risk Index Score
Your password passing habit may not be as be as harmless as you think. And yes, that includes Netflix login info too.
That’s one finding to come out of our newly released study of 2020’s Most (and Least) Cyber-Secure States. In this year’s analysis of the cyber readiness of all 50 U.S. states, and in partnership with Wakefield Research, we created a “Cyber Risk Hygiene Index” based on 10 metrics meant to measure individual and state-level cyber resilience against adverse online events.
Unfortunately for many Americans, two of those cyber hygiene metrics involved questions about their password habits:
- Do you avoid sharing passwords with others?
- Do you avoid reusing passwords?
Now, these questions weren’t the only reason no American received a passing grade on our Cyber Risk Hygiene Index, or that no state scored higher than a D, but they didn’t help. In all, the report found that more than one-third (34%) of Americans admit to sharing passwords and login credentials with others. Nearly half (49%) report having more accounts than passwords, meaning passwords are being reused across accounts.
Perhaps even more troubling is the finding that sharing passwords for streaming services—that famously widespread and supposedly benign new-age habit—has a worrying correlation: Americans who share passwords for streaming services (38%) are twice as likely to say they have had their identity stolen than those who do not (18%).
This is alarming because sharing and reusing passwords is especially dangerous during this golden age of phishing attacks. It means that, as soon as a cybercriminal achieves success in one phishing attack, those pinched credentials are likely to work for several other popular sites. A single successful phishing expedition could yield catches on banking sites, credit card applications, online marketplaces, and in a host of other potentially lucrative instances.
Even by sharing passwords with those a smidge less than trustworthy—or just careless—you’re increasing your attack surface area. Now that network of individuals who now have access to your accounts are susceptible to giving your information away if they take the bait in a phishing attack.
“Instead of giving away the keys to the guest room when you share passwords, it’s more like giving away keys to the castle if they are reused across multiple accounts,” says Webroot threat analyst Tyler Moffitt, “you could begiving away the keys to the whole kingdom if that’s the only password you use.”
More password facts from the report
- Tech Experts, one of the riskiest categories of users studied in our report, are more likely to share passwords (66%) than the average American (44%). Clearly, we at Webroot are in no position to point fingers.
- On brand, 66 percent of so-called “Mile Markers” refrained from sharing passwords, compared to 63 percent for the average American. This group scored the highest on our index and is defined by having progressed through life markers such as earning a degree, owning a home, or having children.
- Home-based Very Small Businesses (VSBs) are less likely to work with a dedicated IT team. As a result, they are more likely to use their personal devices for work and share passwords. Of these, 71 percent use the same passwords for home and business accounts, potentially cross contaminating their work and personal lives with the same security gaps.
- By generation, Gen Z is most likely to share passwords (56%), followed by Millennials (47%), Gen X (33%), and Boomers (19%).
How to address poor password practices
In terms of a personal password policy, it’s important to set yourself up for success. Yes, it’s true the amount of passwords one is responsible for can be dizzying, 191 per business according to one popular study.
That, and the parameters for creating a sound password seemingly grow more complex by the day. It used to be enough just to have a password. But now, they must be x characters long, contain one number and one special characters and so-on… And did we mention we recommend it be a passphrase, not a traditional password?
You get the gist.
That’s why our single strongest piece of advice to users looking to upgrade their cyber resilience is to use a password manager. This allows you to create long, alphanumeric and otherwise meaningless passwords without the need to keep tabs on them all.
After you’ve created a strong bank of passwords, managed through a password management service, supplement your security by adding two-factor authentication (2FA). Measures like 2FA pair your login credentials—something you know—with something you have, like a biometric feature or a mobile phone. This will ensure lifting your password (a unique one for each account, no doubt) isn’t even enough to crack your account.
“Put simply, an account simply isn’t as secure as it could be without 2FA,” says Moffitt. “And that means your credit card info, home address, or bank accounts aren’t as safe as they could be.”
No more reusing passwords. And, hopefully, no more sharing passwords. But that part’s up to you. You just have to ask yourself, is Netflix access worth having your identity stolen?
Mental Health and Mindful Tech
Anyone who has spent late nights scrolling through their social media feed or grinding on video games knows one thing is true: Technology can be a good thing, but only in moderation. Like too much of anything, spending a lot of time on the internet or social media can lead to unhealthy consequences. Since May is mental health awareness month, we thought it would be a good time to remind ourselves of the importance finding a healthy balance when it comes to using technology.
Social distancing on social media
The global coronavirus pandemic continues to test our own personal resilience. While most of us are sheltering at home, we’re also relying more and more on technology for work and staying connected to family and friends via virtual conferencing and social media. But too much social media can be a bad thing, too.
The more scientists study social media use, the more they find negative side effects:
- Young people who use social media more than two hours a day tend to rate their mental health as fair or poor compared with less frequent users.
- Occasional users of social media are almost 3x less likely to be depressed than heavy users.
- People who restrict social media use to a half-hour a day have significantly lower depressive and anxiety symptoms.
If you’re someone who finds periods of abstention reinvigorating, you may want to add a digital detox to go along with New Year’s resolutions and Sober October.
Data loss blues
When you spend a lot of time on a computer, it’s only a matter of time before you lose something important. It could be financial documents, or an album of precious family photos, or maybe a big work presentation. Worse yet, you could have your entire system taken over by ransomware. Stressed yet? You’re not alone. We asked IT pros what they would rather lose than their data and here’s what they had to say:
Things IT pros would rather lose than data:
- Internet connection
- Cell service
- Internal organ
- Wedding ring
- Robot lawnmower
- Bacon
That’s right. Bacon! Kidding aside, losing data can be stressful. And many businesses don’t survive after major data loss. That’s why using strong cybersecurity solutions, like cloud-based antivirus, is so important, as is backing up the important files and folders on your computer. Do it for the sake of your data, or do it for the bacon, but just do it! You’ll thank us.
Technology never sleeps
If you think it’s hard for those just using technology, think of the people who have to work in technology. If you’ve ever thought about a career in tech, you better like the night shift. Technology never sleeps. The best time to perform upgrades or installations is late at night when most users are offline and there’s less traffic on the network. Want to launch a new website? Midnight is probably the best time. But all this late-night system testing and debugging can lead to loss of sleep and, in turn, an unhealthy dose of stress.
And it’s not just tech pros doing tech things late at night. If you’re up late scrolling your feed and posting comments, you may not be sleeping as well as you should. The blue light from phone screens and computers reduce your levels of melatonin, which is the hormone that controls your sleep. And lack of sleep can lead to several harmful side-effects, including:
- Anxiety, insomnia, depression, forgetfulness
- Impaired thinking and slow reaction time
- Increased risk for heart disease, high blood pressure, stroke and diabetes
- Sleep apnea, low testosterone and decreased sex drive
- Skin lines, dark circles under the eyes, weight gain
So, avoid using tech too close to bedtime if you can. Reduced stimulation works wonders for good sleep habits. The news will still be there in the morning.
There’s an app for that
It’s not all doom and gloom when it comes to technology and mental health. In fact, advancements in health technology are emerging at a rapid rate. One area of progress is apps that help people with mental health issues. The National Institute of Mental Health has identified several promising trends, including:
- Apps that provide tools for managing stress, anxiety and sleep problems
- Cognitive remediation apps that help people develop thinking and coping skills
- Illness management apps that put trained health care providers in touch with patients
- Mindfulness, meditation and relaxation apps
Resilience online and offline
It’s a measure of our personal resilience when we’re able to persevere through something as disruptive as coronavirus. Having social media and the internet can help. But we have to be mindful to avoid overdoing it. We also have to be careful to protect the digital devices we’ve come to rely on with appropriate cybersecurity. That’s cyber-resilience. And it can do wonders for your peace of mind and your overall mental health.
Cyber News Rundown: Hackers Aim at Oil Producers
As Oil Prices Drop, Hackers Take Aim at Producers
With the recent crash in oil prices, and supply rapidly piling up, a new spear phishing campaign has begun targeting executives at several major oil producers. A massive number of emails started being distributed in late March, without the telltale signs of amateur phishing like bad spelling and grammar. Furthermore, the emails appeared to be from a sender with knowledge of the oil and gas industry. Two documents within the emails posed as bid contracts and proposal forms but were used to deliver the final payload, a trojan called Agent Tesla, which is a malware-as-a-service that can perform a variety of malicious activities on a system.
Software Affiliates Sending Phony Expiration Notices
Several dubious third-party software affiliates have been spotted distributing a campaign targeting antivirus users, prompting them to renew their subscription through the affiliate’s link, thus netting them additional revenue. Most affiliate programs have strict guidelines as to how the company can promote the affiliated software, and purposely misleading customers can lead to major penalties. Emails displaying expiration notices for Norton and McAfee have both been identified. With a percentage commission, the affiliate could be earning up to 20% of the purchase price for each fraudulent sale.
Philadelphia Sandwich Chain Faces Data Breach
PrimoHoagies, a Philadelphia-based sandwich chain, was the unsuspecting victim to a data breach that went undetected from July 2019 until this February. The breach affected all online sales during that time period, though no in-store purchase data was compromised. By April, the company released an official statement regarding the breach. But the admission came only days before a data security lawsuit was filed by a customer who had seen fraudulent charges on his credit card.
Decryption Keys for Shade Ransomware Made Available
After nearly five years of operation, the creators of Shade ransomware have decided to close shop and give out nearly 750,000 decryption keys along with an apology for harm done. While most ransomware variants tend to purposely avoid Russia and Ukraine, Shade focused specifically on these two countries during its run. Though the many decryption keys and master keys have been made public, the instructions for recovering the actual files are not especially user-friendly and a full decryption tool has not yet been released.
ExecuPharm Hit with Ransomware Attack
One of the largest pharmaceutical companies in the U.S. recently suffered a ransomware attack that not only encrypted their systems but also gain access to a trove of highly sensitive personal information belonging to thousands of clients. It is believed that the attack started with in mid-March with phishing emails targeting specific employees with the widest access to internal systems. At this time, there is no confirmed decryption tool for the ransomware variant used and the company has begun contacting affected customers.
5 Ways to Improve Business Cyber-Resilience
A popular military maxim speaks to the need for redundancy and it goes like this: “Two is one and one is none.” Redundancy is also a key principle when it comes to cyber-resilience. A popular rule in data protection and disaster recovery is called the 3-2-1 backup rule. IT pros often borrow from military strategies when approaching cyber-resilience, including a strategy known as “defense in depth.”
Defense in depth is a useful framework for protecting IT environments. It acknowledges that hackers will often use evasive tactics or brute force to overrun the outer-most layer of defense. So, multiple layers of defense are necessary – or defense in depth – to anticipate and mitigate lost ground. Cyber-resilience is a very high priority for businesses. So, we put together these five tips for improving cyber-resilience based on a defense-in-depth approach.
Tip #1: Sharpen perimeter defenses
Cybercriminals are getting better at using evasive tactics to circumvent company firewalls and antivirus. Some of these evasive tactics include file-based, file-less, obfuscated and encrypted script attacks. To counter these tactics, we’re rolling out a new shield technology to detect, block and remediate evasive attacks much faster and more effectively than before. Webroot® Evasion Shield stops attacks that elude other endpoint protection solutions. Cloud-based threat intelligence further increases resilience at the perimeter.
Tip #2: Strengthen the first line of defense – people
The primary vector for malware distribution is phishing attacks. While cybercriminals find increasingly deceptive ways to trick employees into downloading malicious code, not enough businesses are countering by educating their workforces about identifying suspicious activity. With employees being the weakest link in the cyber-security chain, the solution is regular security awareness training, with phishing simulations and courses on best practices for identifying and reporting suspicious activity.
Tip #3: Secure your DNS connection
The domain name system (DNS) is what allows internet traffic to find your website. But DNS protocols were not designed for security. In fact, they’re highly vulnerable to cyberattacks, including cache poisoning, DDoS, DNS hijacking, botnets, Command-and-Control (C&C) and man-in-the-middle attacks. A cloud-based DNS security solution enables businesses to enforce web access policies and stop threats at the network’s edge before they ever hit the network or endpoints.
Tip #4: Create and deploy a backup strategy
Redundancy is essential for cyber-resilience. Businesses must consider a scenario where malware circumvents outer defenses. Since detecting and remediating malware infections can be time-consuming, it’s important to have copies of files and data for business continuity. Scheduled backup with file versioning is necessary for mitigating malware infections and other forms of data loss. The scheduling feature is crucial since leaving it up to users exposes backup policy to human error.
Tip #5: Test recovery strategy regularly
Backup and recovery go hand-in-hand. And backup is only effective if it enables rapid recovery with minimal disruption. It’s important to test disaster recovery practices and procedures before you experience a live disaster scenario. Disasters come in different shapes and sizes, so it’s important to test simple file and folder recovery as well as large-scale system restore. Also, some systems are more critical than others. Tier-one systems (the most critical) need high levels of uptime, approaching 100%. This traditionally requires a secondary data center that is very costly to acquire and maintain. This is no longer the case. Disaster recovery as a service reduces the cost of standing up a secondary environment. It also allows for frequent testing of disaster recovery protocols. Businesses should test once a quarter – or at least once a year – to ensure systems are cyber-resilient when necessary.
To get started on the road to cyber resilience, take a fee trial here.
Cyber News Rundown: Ransomware Hits LA Suburbs
Los Angeles Suburb Hit with Ransomware
Last month, the City of Torrance, California fell victim to a ransomware attack that shut down many of their internal systems and demanded 100 Bitcoins to not publish the stolen data. Along with the roughly 200GB of data it stole from the city, the DoppelPaymer ransomware also deleted all local backups and encrypted hundreds of workstations. At this time, it’s uncertain whether the City of Torrance has chosen to pay the ransom, as the malware authors seem to have diligently removed any means for the City to recuperate on their own.
Malicious Packages Hidden Within Popular File Repository
Over 700 malicious packages have been discovered within the RubyGems main program and file repository. These originated from just two accounts and were uploaded over a single week period in late February. Between them, the many packages have a combined download number of over 100,000, most of which included a cryptocurrency script that could identify and intercept cryptocurrency transactions being made on Windows® devices. While this isn’t the first time malicious actors have used open source file repositories to distribute malicious payloads, this infiltration of an official hub for such a long period of time speaks to the lack of security within these types of systems.
Maze Ransomware Targets Cognizant ISP
Late last week, the Maze Ransomware group took aim at New Jersey-based internet service provider, Cognizant, and took down a significant portion of their internal systems. The attack occurred just a day after the removal of a dark web post that offered access to an IT company’s systems for $200,000. It had been listed for nearly a week. While Cognizant has already begun contacting its customers about the attack, the true extent of the damage remains unclear.
COVID-19 Scams Net $13 Million
The Federal Trade Commission recently released statistics on the number of complaints they’ve received specifically related to the COVID-19 pandemic: it’s over 17,000 in just a three-month period. While this number is assuredly less than the actual number of COVID-19 related scams, these reported complaints have resulted in a sum of over $13 million in actual losses, ranging from fraudulent payments to travel cancellations and refunds. Additionally, the FTC was able to catalogue over 1,200 COVID-19 related scam calls reported by people on the Do Not Call list.
Customer Data Stolen from Fitness App
A database belonging containing 40GB of personally identifiable information on thousands of customers of the fitness app, Kinomap, was found unsecured. Containing a total of 42 million records, the database remained accessible for nearly 2 weeks after the company was informed. It was only secured at last after French data protection officials were notified. Kinomap API keys were also among the exposed data, which would have allowed malicious visitors to hijack user accounts and steal any available data.
The Truth about Hackers, in Black and White (and Grey)
Did you know there are three primary types of hacker—white hats, black hats, and grey hats—and that there are subcategories within each one? Despite what you may have heard, not all hackers have intrinsically evil goals in mind. In fact, there are at least 300,000 hackers throughout the world who have registered themselves as white hats.
Also known as ethical hackers, white hats are coders who test internet systems to find bugs and security loopholes in an effort to help organizations lock them down before black hat hackers, i.e. the bad guys, can exploit them. Black hats, on the other hand, are the ones we’re referring to when we use words like “cybercriminal” or “threat actor.” These are hackers who violate computer security and break into systems for personal or financial gain, destructive motives, or other malicious intent.
The last of the three overarching types, grey hat hackers, are the ones whose motives are, well, in a bit of a grey area. Similar to white hats, grey hats may break into computer systems to let administrators know their networks have exploitable vulnerabilities that need to be fixed. However, from there, there’s nothing really stopping them from using this knowledge to extort a fee from the victim in exchange for helping to patch the bug. Alternatively, they might request a kind of finder’s fee. It really depends on the hacker.
So, hackers can be “good guys”?
Yes, they absolutely can.
In fact, there’s even an argument that black hats, while their motivations may be criminal in nature, are performing a beneficial service. After all, each time a massive hack occurs, the related programs, operating systems, businesses, and government structures are essentially shown where and how to make themselves more resilient against future attacks. According to Keren Elezari, a prominent cybersecurity analyst and hacking researcher, hackers and hacktivists ultimately push the internet and technology at large to become stronger and healthier by exposing vulnerabilities to create a better world.
White hat hackers, also known as ethical hackers, are cybersecurity defenders who use their skills to protect organizations from cyber threats. They might just be your friendly IT colleague. White hat hackers conduct penetration tests (often known as pen testing) and vulnerability assessments to identify security weaknesses that could be exploited by malicious hackers. With a deep understanding of cyber threats, white hat hackers help organizations strengthen security measures, develop more secure systems, and ensure the safety of digital assets. Their work is crucial in maintaining the integrity and confidentiality of sensitive information. Ethical hacking is a respected field within the IT industry, and white hat hackers are often sought after for their expertise in safeguarding cyber environments.
Why do they hack?
The shortest, simplest answer: for the money.
While white and grey hat hackers have altruistic motives in mind and, at least in the former group, are invested in ensuring security for all, the fact of the matter is that there’s a lot of money to be made in hacking. The average Certified Ethical Hacker earns around $91,000 USD per year. Additionally, to help make their products and services more secure, many technology companies offer significant bounties to coders who can expose vulnerabilities in their systems. For example, Apple offered a reward of $1.5 million USD last year to anyone who could hack an iPhone to find a serious security flaw. There are even groups, such as HackerOne, which provide bug bounty platforms that connect businesses with ethical hackers and cybersecurity researchers to perform penetration testing (i.e. finding vulnerabilities). Multiple hackers on the HackerOne bug bounty platform have earned over $1 million USD each.
And for black hats, theft, fraud, extortion, and other crimes can pay out significantly more. In fact, some black hats are sponsored by governments (see the Nation-State category below).
You mentioned subtypes. What are they?
As with many groups, there’s a wide range of hacker personas, each with different motivations. Here are a few of the basic ones you’re likely to encounter.
Script Kiddies
When you picture the stereotypical “hacker in a hoodie”, you’re thinking of a Script Kiddie. Script Kiddies are programming novices who have at least a little coding knowledge but lack expertise. Usually, they get free and open source software on the dark web and use it to infiltrate networks. Their individual motives can place them in black, white, or grey hat territory.
Hacktivists
Ever hear of a group of hackers called Anonymous? They’re a very well-known example of a hacktivist group who achieved notoriety when they took down the CIA’s website. Hacktivists are grey hat hackers with the primary goal of bringing public attention to a political or social matter through disruption. Two of the most common hacktivist strategies are stealing and exposing sensitive information or launching a denial of service (DDoS) attack.
Red Hats
Red hats are sort of like grey hats, except their goal is to block, confound, or straight-up destroy the efforts of black hat hackers. Think of them like the vigilantes of the hacker world. Rather than reporting breaches, they work to shut down malicious attacks with their own tools.
Green Hats
Green hat hackers are hackers who are new to the hacking world. They lack the skills and knowledge of their fellow black or white hat hackers. But they cause just as much damage as black hat hackers, as they try to hone their hacking skills. Sadly, most of the time, green hat hackers cannot fix what they break.
Nation-State
Remember earlier in this post when we mentioned that some black hats are sponsored by governments? That would be this group. Nation-state hackers are ones who engage in espionage, social engineering, or computer intrusion, typically with the goal of acquiring classified information or seeking large ransoms. As they are backed by government organizations, they are often extremely sophisticated and well trained.
Malicious Insiders
Perhaps one of the more overlooked threats to a business is the malicious insider. An insider might be a current or former employee who steals or destroys information, or it might be someone hired by a competitor to infiltrate an organization and pilfer trade secrets. The most valuable data for a malicious insider is usernames and passwords, which can then be sold on the dark web to turn a hefty profit.
What are your next steps?
Now that you better understand the hacker subtypes, you can use this information to help your organization identify potential threats, as well as opportunities to actually leverage hacking to protect your business. And if you haven’t already, check out our Lockdown Lessons, which include a variety of guides, podcasts, and webinars designed to help MSPs and businesses stay safe from cybercrime.
Beyond the educational steps you’re taking, you also need to ensure your security stack includes a robust endpoint protection solution that uses real-time threat intelligence and machine learning to prevent emerging attacks. Learn more about Webroot® Business Endpoint Protection or take a free trial here.