Cyber News Rundown: Edition 9/29/17
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Showtime Site Found Using Cryptocurrency Miner
Following the discovery last week that ThePirateBay has been using a Monero miner to experiment with revenue alternatives for the site, researchers have found that both Showtime.com and ShowtimeAnytime.com have embedded code for similar cryptocurrency mining. The code itself runs only while the user is on the site, and ceases once they navigate away. The main concern, however, was the high CPU usage users experienced. The script in question was removed after several days of testing, but Showtime has yet to comment on their implementation of the crypto-miner or its intended outcome.
Massive Stash of Credit Card Info Linked to Sonic Breach
In the past few days, researchers have found a trove of credit card data that could be tied to a recent breach at Sonic, the popular drive-in restaurant. The data is organized by the location of each card, and currently contains nearly 5 million unique card numbers and related info. While Sonic has not yet determined the cause of the breach, they have been working with their credit processing company to identify the compromised store locations and implement credit monitoring for affected customers.
Big Four Accounting Firm Breached
Deloitte, one of the world’s largest accounting firms, suffered a cyberattack that exposed sensitive emails to criminals. Researchers believe hackers gained access to the email system via an administrative account without 2-factor authentication. The attack appears to have only affected a limited number of the firm’s clients, though actual figures are still unknown. Unfortunately, Deloitte’s security is severely lacking overall. With any luck, this breach will be the impetus they need to step up their protection practices.
Irish National Teachers’ Organisation Hacked
A recent Irish National Teachers’ Organisation breach may affect up to 30,000 current and retired teachers across the Republic of Ireland and Northern Ireland. While the breach doesn’t appear to have been data-oriented, the compromised systems contained massive quantities of teacher information. Fortunately, both payroll data and user passwords were not exposed, as they are stored in an alternate location. With enforcement of the EU’s General Data Protection Regulation (GDPR) on the horizon, breaches like these will likely become very costly for victim companies.
Vehicle Tracking Data Available Online
In the last two weeks, researchers found an unsettling number of account records belonging vehicle tracking service SVR Tracking had been left completely unsecured online. The data includes account credentials and vehicle identification information for roughly 500,000 unique accounts. While it’s unclear how long the data was publicly available, SVR secured the server within several hours of being notified of the discovery.
Phishing: don’t take the bait
Another day, another phishing attack. From businesses to consumers, phishing attacks are becoming a more widespread and dangerous online threat every year. One wrong click could quickly turn into a nightmare if you aren’t aware of the current techniques cyber scammers are using to get access to your valuable personal information.
A phishing attack is a tactic cybercriminals use to bait victims with fake emails that appear to come from reputable sources. The attackers’ goal is to lure the user into opening an attachment, clicking on a malicious link, or responding with private information. These phony emails have become alarmingly realistic and sophisticated. A scam may come in the form of a banking inquiry, an email from a seemingly official government agency, or even a well-known brand with whom you’ve done business—maybe you even pay them a monthly subscription fee.
If you do take the bait, you’ll likely be directed to a malicious website, where you’ll be prompted to enter your account login details, a credit card number, or worse yet, your social security number. The end goal of these phishing attacks is solely to steal your private information.
According to the Webroot Quarterly Threat Trends Report, the first half of 2017 saw an average of more 46,000 new phishing sites being launched every single day, making it the number-one cause of cybersecurity breaches. As hackers devise new phishing tactics, traditional methods of detecting them quickly become outdated.
One of the most popular tricks criminals use to avoid detection is the short-lived attack. The Quarterly Threat Trends Report also revealed that these attacks, where a phishing site is live on the internet for as short as 4 to 8 hours, are seeing a continued rise. Short-lived attacks are so hard to catch because traditional anti-phishing techniques like black-lists are often 3-5 days behind, meaning the sites have already been taken down by the time they appear on the list.
You’re probably already aware of the primary phishing-avoidance tip: do not click on suspicious links or unknown emails. But, as the state of phishing becomes even more advanced, how can you best spot and avoid an attack?
Lesser-known phishing giveaways
Webroot recommends keeping an eye out for the following:
- Requests for confidential information via email or instant message
- Emails using scare tactics or urgent requests to respond.
- Lack of a personal message or greeting. Legitimate emails from banks and credit card companies will often include a personalized greeting or even a partial account number or user name.
- Misspelled words or grammatical mistakes. Call the company if you have suspicions about an email you’ve received.
- Directions to visit websites with misspelled URLs, or use of , which precede the normal domain (something like phishingsite.webroot.com).
Stay ahead of cybercriminals
If an email in your inbox does seem suspicious, here are a few things you can do:
- Contact the service or brand directly via another communication channel (i.e., look up their customer support phone number or email address), and ask them to verify whether the content of the email is legitimate.
- Avoid providing any personally identifiable information (PII) electronically, unless you are extremely confident the email is from the stated source.
- If you do click a link from an email, verify the site’s security before submitting any information. Make sure the site’s URL begins with “https” and that there’s a closed lock icon near the address bar. Also, be sure to check for the site’s security certificate.
Thoughts from Webroot’s new President & CEO, Mike Potts
I’m delighted to join the Webroot team officially today as CEO. We helped define the cybersecurity field in our first 20 years, but I believe our best days are ahead. With this introductory post, I thought I’d let you know where I intend to focus in my first months at Webroot, with the goal of taking our customers, partners, and company to the next level of success.
Thanks to an extraordinary team, Webroot is in a great place today. We lead the market with cloud-based solutions that set the standard for endpoint and network protection, threat intelligence, and now security awareness training. Our solutions provide essential protection for the connected world from an ever-growing number of malicious threats. We have the highest customer satisfaction ratings in the industry and achieved 14 consecutive months of double-digit growth.
That’s an outstanding foundation to build upon. Over the next several months, I’ll focus on People, Process, and Technology as I work to accelerate our momentum in innovation and customer success.
Our cyber community
People will always come first, both the Webroot team and our customers and partners. We’ll continue to invest in recruiting and developing the best talent. Our team has more experience in applying advanced machine learning to the challenges of cybersecurity than anyone, and we’ll continue to push the envelope on using that intelligence to solve the issues that are most impactful to our customers. I plan to visit many of our business customers in the coming weeks, to understand how we could be doing better today, and how we can build our businesses together.
Process at scale
My focus on process will be about scale. You’ll quickly find that I believe in the value and leverage of working with partners. We have a great footprint with MSPs serving small- and medium-sized businesses today that we will continue to strengthen. We also have strategic technology partners embedding our threat intelligence in their products, and there is potential for many more. Moreover, I’ll push the team to generate even more innovation, introduce it faster, and to more customers than we have before, while holding true to our core company values of integrity, innovation, excellence, and customer success.
Advancing technology
Finally, I will focus on technology. We disrupted the market with our revolutionary Webroot SecureAnywhere endpoint solutions and our threat intelligence. Since then, we’ve extended our protection to the network layer and added user training to address the last line of defense. I want to ensure we continue to build on this legacy, and just as importantly anticipate the next great market shift.
While new to Webroot, I’m not new to the cybersecurity and technology space. I have been leading companies in the application and security sectors for the past 25 years. Before Webroot, I served as an integration executive in the security business group at Cisco, following the acquisition of my company Lancope in 2015. As president and CEO of Lancope, my team and I led the transformation of the network security company, driving over 600 percent growth in five years. Prior to Lancope, I served as president and CEO of AirDefense and changed the game in wireless security. AirDefense was then acquired by Motorola. With this background and the great Webroot team, I feel we are prepared to do something truly special. Webroot is by far the healthiest company I’ve ever had a chance to lead from day one, so I foresee even greater potential for us!
I look forward to meeting our customers, partners, and advocates in the coming months, and have you all join in this next great chapter of Webroot history.
Regards,
Mike
Webroot Culture: Q&A with Systems Administrator Ann Roberts
Before chatting with Ann Roberts, systems administrator at Webroot, I had a pretty narrow view of what her role in the IT department required on a day-to-day basis. As it turns out, a systems administrator must wear many hats and support multiple areas of the business. Read on to learn more about this tech career path.
Webroot: Ann, tell me a bit about yourself.
Ann Roberts: I grew up in Boulder, went to the University of Colorado at Denver, and graduated with a degree in music business. I moved to New York and ended up working in the IT department at Carnegie Hall. I missed Colorado, so I moved back to Boulder after having my first child. I freelanced for a while, worked at a now defunct startup for a while, and then began my role at Webroot. I currently live in Lafayette, Colorado, with my husband, our two kids, and our dog, Max.
Carnegie Hall, that sounds amazing. Was this your entry into tech?
Yes, but by accident! I started as the assistant in the IT department at Carnegie, but there was only one technician, and I enjoyed filling in the gaps when he wasn’t around. We were a two-person team, which meant that I ended up learning a lot more than I expected, and discovered that I had an aptitude for understanding tech and systems. The rest is history!
What do you do at Webroot?
I am a systems administrator. I am responsible for the care and feeding of the systems that make up Webroot’s corporate infrastructure.
Take us through a ‘day in the life’ of a systems administrator.
It is different from day to day, but it all starts with a big cup of coffee. First thing in the morning, I check email to see if anything has gone haywire overnight. Next, I take care of any urgent requests that need attention. After that, I work on projects as time allows. One project I’ve done quite a bit of work with is with our vRealize Automation environment (Partly Cloudy, as we call it). This system allows people to create their own virtual machines on demand. It has proven especially useful for the quality assurance engineers, because it gives them a disposable platform on which to do their product testing. It has also been interesting to have a window into their role in the company.
Have you seen anything surprising or an unexpected in your field?
My previous company was the sort of environment where every time there was a technical problem, everyone flew into a grouchy panic. After the problem was resolved, inevitably there would be a rush to place blame on someone or something. The result was an environment that made you afraid of messing up. It was a great surprise after starting work at Webroot to find that when problems happen, as they do everywhere, everyone takes it in stride and works together to find solutions.
What has been your biggest challenge working in tech?
Because I found my profession by accident, I have not done any “formal” training. For much of my career, I’ve relied on what I’ve gleaned from coworkers, Google, and trial and error.
What is your biggest takeaway or lesson learned from working in the field?
Don’t panic! Keep a level head and you’ll figure it out.
Love that advice. What about students in your field, any guidance to share?
Get as much real-life experience as you can. There is only so much that can be learned by reading about a subject. The whole point of this job is to expect the unexpected, and the unexpected is what you encounter on the job.
What about professionals looking to get into tech?
If you find a subject you’re interested in, then just find a way to be around it. Take a class on it, do research on it, or set up the environment and play around with it.
What’s it like to work for Webroot?
Webroot is a fun company to work for. There is a strong emphasis on work/life balance, which is important to me.
Thanks, Ann. I think your great attitude on tackling challenges must be a great asset in your line of work.
If you’re interested in a career like Ann’s, check out our careers page at www.webroot.com/careers. You may be particularly interested in our openings for a QA Engineer.
Ransomware Spares No One: How to Avoid the Next Big Attack
With global ransomware attacks, such as WannaCry and not-Petya, making big headlines this year, it seems the unwelcomed scourge of ransomware isn’t going away any time soon. While large-scale attacks like these are most known for their ability to devastate companies and even whole countries, the often under-reported victim is the average home user.
We sat down with Tyler Moffit, senior threat research analyst at Webroot, to talk ransomware in plain terms to help you better understand how to stop modern cybercriminals from hijacking your most valuable data.
Webroot: For starters, how do you describe ransomware? What exactly is being ransomed?
Tyler Moffit: To put it simply, your files are stolen. Basically, any files that you would need on the computer, whether those are pictures, office documents, movies, even save files for video games, will be encrypted with a password that you need to get them back. If you pay the ransom, you get the password (at least, in theory. There’s no guarantee.)
How does the average home user get infected with ransomware?
“Malspam” campaigns are definitely the most popular. You get an email that looks like it’s from the local post office, saying you missed a package and need to open the attachment for tracking. This attachment contains malware that delivers the ransomware, infecting your computer. It is also possible to become infected with ransomware without clicking anything when you visit malicious websites. Advertisements on legitimate websites are the biggest target. Remote desktop protocol (RDP) is another huge attack vector that is gaining traction as well. While controlling desktops remotely is very convenient, it’s important to make sure your passwords are secure.
How is the data ? Is the ransomed data actually taken or transmitted?
When you mistakenly download and execute the ransomware, it encrypts your files with a password, then sends that password securely back to the attacker’s server. You will then receive a ransom demand telling you how to pay to get the password to unlock your files. This is a really efficient way to prevent you from accessing your files without having to send gigabytes of information back to their servers. In very simple terms, the files are scrambled using a complex algorithm so that they are unreadable by any human or computer unless the encryption key is provided.
What types of files do ransomware attacks usually target?
Most ransomware is specifically engineered to go after any type of file that is valuable or useful to people. Around 200 file extensions have been known to be targeted. Essentially, any file that you’ve saved or open regularly would be at risk.
How does the attacker release the encrypted files?
The attacker provides a decryption utility via the webpage where you make the payment. Once you receive the decryption key, all you have to do is input that key into the tool and it will decrypt and release the files allowing you to access them again. Keep in mind, however, that the criminal who encrypted your files is under no obligation to give them back to you. Even if you pay up, you may not get your files back.
Tips for protecting your devices:
- Use reliable antivirus software.
- Keep all your computers up-to-date. Having antivirus on your computer is a great step towards staying safe online; however, it doesn’t stop there. Keeping your Windows PCs and/or Mac operating systems up-to-date is equally important.
- Backup your data. Being proactive with your backup can help save your favorite vacation photos, videos of your kid’s first piano recital, not to mention sensitive information that could cost you thousands by itself.
Remember, being an informed and aware internet user is one of the best defenses against cyberattacks. Stay tuned in to the Webroot blog and follow us on your favorite social media sites to stay in-the-know on all things cybersecurity.
CISO to CISO: Combatting the Ever-Growing Phishing Threat Together
As a CISO, I think the cybersecurity community is beginning to realize that the threats we face as security professionals are consistently evolving, and, more importantly, that we must evolve just as quickly to combat them. Recent data collected by the Webroot® Threat Intelligence Platform on the acceleration of phishing attacks and the maturation of new, related criminal methodologies demonstrates that, to respond effectively, we must develop and leverage solutions that don’t just keep up with today’s threats, but predict their next moves.
Most CISOs, myself included, want solutions that can respond in real time and assist us in making critical decisions to not only protect our businesses, but reduce risk overall. A lot of the new solutions that might interest us can be integrated into a platform and allow us to consume different types of threat intelligence and data feeds so we can automate responses to attacks in real time.
3 Steps to Mitigate Phishing Risks
Phishing is the number one cause of breaches. Webroot BrightCloud® Web Reputation is one of the solutions I look to as a critical asset for any security team because it provides the knowledge, within milliseconds of selecting a URL, whether a site is malicious. This efficiency and accuracy allows security teams to be proactive in protecting their organizations—to prevent compromises, not react to them after the fact. In addition to leveraging this type of real-time intelligence technology, I recommend several steps to reduce the phishing risk to any organization and its employees.
Social Media Security Awareness
Social media is increasingly used by cybercriminals to research their targets. As such, CISOs should add social media security awareness training to their corporate security awareness curriculum. Personnel should be trained on the risks and given insight into how the data they publish in their profiles could be used to target them, their families, and the organizations they represent. In my experience, the majority of people on social media don’t take even the most basic security precautions, such as only connecting with people whom they know, or not allowing their profiles to be searched or viewed publicly.
Executive Exposure Prevention
Additionally, I recommend directing threat intelligence toward executive staff and assistants. An organization can provide a list of executive staff, board members, executive assistants, and other company VIPs to a threat intelligence service. The service can then scan the dark web and watch for anything related to the client organization and the list of provided personnel. This gives the organization’s security team advanced notice of possible phishing attacks against specific employees, and allows them to warn employees to mitigate risk, change passwords, and even shut down compromised accounts.
Real-Time Anti-Phishing
Given that the number of new unique phishing sites averages over one million per month, and that the lifespans of many such sites can be measured in mere hours, it’s clear we need new techniques to stop modern attacks. With this in mind, I recommend CISOs employ real-time threat intelligence feeds with data specific to their industry, and that the data be contextual, meaning it should apply to the technology, applications, and security controls the CISO has deployed.
I also recommend engaging real-time URL filtering, since phishing emails typically drop a ransomware payload, which can significantly impact an organization’s business operations. Since phishing websites are active for an average of 4-8 hours, and given the new methods cybercriminals use to hide malicious sites in plain view, I believe it’s critical to be proactive and use real-time URL filtering. The methods of bygone years, in which we deployed domain block lists and IP address block lists, have been outpaced by the innovative phishing techniques cybercriminals use today. As threats have adapted, we too need to adapt.
The Bottom Line
The latest quarterly threat report focuses on phishing specifically, and is an informative read for all of my fellow CISOs, and a primer to help support and maintain the security of your own organizations. As CISOs, it’s time to level the online playing field to proactively detect and respond to threats in real time. The first step is by arming ourselves with the right threat intelligence to make more timely and better-informed cybersecurity decisions.
Cyber News Rundown: Edition 9/15/17
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
German Voting Software Raises Concerns
With German elections only a couple weeks away, researchers have been working to determine how secure the voting systems really are. Per a recent study, the software being used contains multiple vulnerabilities that could lead to devastating results if the election is compromised. Meanwhile, the software creator maintains there is nothing wrong with the system and any tampering would only lead to confusion, rather than truly affecting the vote’s outcome.
Upgraded Android OS Slows Tide of Overlay Attacks
While overlay attacks are nothing new to Android™ users, the Toast window is a surprisingly fresh take on this technique. Google has already patched the issue being exploited, but many users unintentionally fell victim and gave permissions to a malicious app using the Toast window overlay on a legitimate page to spoof the users input. This type of attack can range from simply installing an annoying piece of malware on the device, all the way up to locking the device down and demanding a ransom.
Apple Implements Even More Security for iOS 11
In recent years, the security surrounding smartphones and other portable devices has been under scrutiny by both users and law enforcement. In its latest iOS® version, Apple is introducing new features that will make unauthorized access to their devices even more challenging. The first is only a minor change, which request the device’s password/code when connecting it to a new computer (like those used by law enforcement for forensic analysis.) This change puts the power back in the device owner’s hands, as they aren’t required to divulge that type of information, nor would a potential thief be likely to know or guess the locking combination. The second feature allows the device to be put into SOS mode, which also requires a passcode to unlock, rather than using the TouchID, which can be falsified.
Equifax Hack Could Be Largest Ever
As you’ve probably heard, Equifax was recently compromised, leaving over 143 million Americans’ social security numbers and other highly sensitive information vulnerable and likely for sale. The original point of access would seem to be their main Argentinian employee portal page, which, through simple HTML viewing, can show both the username and password for nearly 14,000 customers who had filed a complaint, along with their social security number equivalent, all stored in plain text.
WordPress Plugin Removed Again for Malicious Activity
After 4 unprecedented takedowns, WordPress has finally removed the Display Widgets plugin from its repository after being implicated in malicious activity yet again. The plugin was sold several years ago and has since been installed on over 200,000 PCs, though it is hard to tell how many users have upgraded to more secure plugin versions. Even more worrisome is that backdoors became part of the plugin’s payload, and could be actively running on any of the 200,000 known devices.
Fending Off Privacy Invasion
Internet users in the U.S. have seen internet privacy protections diminish significantly in the post-9/11 era. In just March of this year, Congress swiftly (and quietly) did away with federal privacy regulations that prevented internet service providers from selling their customers’ browsing histories without consent.
In recent years, products intended to deliver conveniences directly to our doorsteps have begun to present tacit privacy intrusions into the modern home. Always-on smart speakers from online retailers make it easier than ever to order products, but they also enable those companies to listen to our every word. Those same companies are monitoring our behaviors across the web.
“Google knows quite a lot about all of us,” said cybersecurity expert Bruce Schneier in a recent interview with the Harvard Gazette. “No one ever lies to a search engine. I used to say that Google knows more about me than my wife does, but that doesn’t go far enough. Google knows me even better, because Google has perfect memory in a way that people don’t.”
Giant corporations aren’t the only ones intruding into our daily lives to collect our personal data for financial gain—cybercriminals are intent on doing the same. Crimes such as identity theft and extortion can be carried out with stealthy malware, such as remote access tools (RATs) used to spy on users via laptop webcams.
We asked people in downtown Denver, CO what they are doing to protect their privacy. Their answers were rather bleak:
While public awareness of this ominous trend has mounted somewhat since 2013, when revelations of America’s government surveillance surfaced via the Snowden leaks, virtually nothing has been done to reverse it. Faced with this constant barrage of privacy invasion, pulling the plugs and disconnecting entirely may seem like the only way out—but rejecting “the way things are” is a pill most people are unlikely to swallow.
Until there’s a major shift in our society’s attitudes (and public policies) toward internet privacy, the duty falls on individual users to safeguard their own private data, identities, and other sensitive information. Follow and share the tips below to take back control over your privacy.
Tips for protecting your online privacy
- Configure your web browser to delete cookies after closing. You can also take control of other advanced privacy features in your web browser to have greater control of what you’re sharing with websites you visit.
- Cover your webcam with tape, a sticker, or something else that can block the camera lens and also be easily removed when you need to use it. (Webroot SecureAnywhere® solutions protect against webcam spying and other potentially unwanted applications.)
- Don’t share sensitive information on social media. Check your privacy settings on sites like Facebook and Twitter and make sure only your trusted followers can see your complete profile. For instance, do your Facebook friends really need to know your real birthday? Deliberately sharing a fake birthday on social media can be a crafty way to enhance your privacy.
- Lock your screens. All of them. Losing a device like your laptop or smartphone could spell disaster if they were to end up in the wrong hands. Strong, uncommon PINs and passwords can lock down your devices from would-be thieves.
- Use fake answers for password security questions. Honest answers to security questions can often be found with just a little online digging. Why can’t your mother’s maiden name be “7O7F1@!3kgBj”? This brings us to our next tip…
- Use a password manager app to generate and store strong, unique passwords for all of your accounts. (A password manager can also safely store those fake security answers mentioned above.)
- Use security software to monitor and protect your digital devices from threats like malware, spyware, and phishing attacks, which can steal your private data.
For more videos related to cybersecurity and staying safe online, subscribe to our YouTube channel.
Cyber News Rundown: Edition 9/8/17
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Consumer Credit Reporting Agency Equifax Suffers Cyberattack Affecting 143 Million Customers
Equifax announced hackers gained access to sensitive company data that potentially compromised information for 143 million American consumers, including Social Security numbers, driver’s license information, and credit card details. This is the third major cybersecurity incident for the agency since 2015. Most concerning, Equifax knew of the breach on June 29 but waited until September 7 to disclose the information.
Instagram Hack Exposes Millions of Accounts
A group of hackers recently gained access to a large number of Instagram accounts for high-profile celebrities and other victims. The attackers were able to use an exploit in the Insta app to retrieve the email addresses and phone numbers for millions of account holders. They then used this information to take control of more valuable accounts and posted the credentials for sale on the dark web. While Instagram was quick to fix the bug, it is still unclear just how many accounts were compromised.
Customer Databases Belonging to Time Warner Cable Publicly Exposed
In the last week, officials have been working to trace the cause of a data breach that could affect nearly 4 million Time Warner Cable customers. The breach appears to have stemmed from two databases, managed by Broadsoft Inc. (a partner of TWC), that were left fully accessible to the public. The data in question spans millions of transactions and communications with customers who have used the MyTWC mobile app in the last 7 years.
PrincessLocker Ransomware Uses Exploit Kit to Spread
While PrincessLocker may not be the newest or most dangerous ransomware variant currently making the rounds, it propagates through an unusual method: exploit kits. Along with a less expensive ransom demand, PrincessLocker has been spotted as the payload for a fully automated exploit kit known as RIG, which uses drive-by attacks to exploit system vulnerabilities.
Energy Grid Hackers Play Waiting Game
As cyberattacks focus more and more on infrastructure, rather than financial gain, they leave the future of many cities and countries uncertain. Many modern hackers have managed to work their way into countries’ infrastructures by easily bypassing the poor security used by numerous largescale energy facilities around the world. They’ve left backdoors into systems that could cause major disruption to the surrounding geographical areas, and, unfortunately, many of these very systems have never been updated appropriately. Meanwhile, attackers have nothing but time on their side to determine how and when it would benefit them to exploit these vulnerabilities.
Poker Site DDoSed, Then Ransomed
Late last week, America’s Cardroom and Winning Poker Network fell victim to the latest in a long string of DDoS attacks that have plagued such sites for years. This latest attack, however, brought with it a ransom demand to stop the attacks. The sites claim to have mitigated the DDoS attacks, though that comes after nearly 2 days of cancelling poker tournaments due to the insufficient bandwidth for their players.
An update from the CEO
Over the past eight years, I’ve been honored to work alongside a world-class group of professionals—including the Webroot team, and our growing network of partners and customers. Our security community has grown into something special, and powerful. With tremendous gratitude for that experience, I am sharing my plan to retire as CEO of Webroot. Mike Potts will be joining Webroot as CEO and a member of the Board of Directors on September 25, 2017, and I will continue to serve on Webroot’s Board of Directors.
As I look back and think about the highlights of the past 8 years, a few stand out for me:
- Introducing the first “next gen” endpoint solution, built in the cloud and leveraging contextual threat analysis for greater efficacy against zero day threats than was possible before.
- Establishing Webroot as a highly innovation company and expanding our portfolio from endpoint protection to network protection, threat intelligence and security awareness training.
- Winning the prestigious Thomas J. Edison Award for Innovation, the first ever awarded to a security company.
- Building out a team of almost 600 talented Webrooters across the world, including outstanding teams from our acquisitions of BrightCloud, PrevX, CyberFlow Analytics and Securecast.
- Achieving #1 status in the major markets where we compete, like consumer retail in North America, and managed service providers and embedded threat intelligence worldwide.
- Growing our customer base to millions of consumers, over 9,000 managed service providers and 210,000 businesses.
- And, achieving with the close of this last fiscal year 14 consecutive quarters of double-digit growth.
What stands out most for me, though, is the extraordinary people. My years at Webroot were the most satisfying of my 52 years in business, and I’ve never worked with a finer group of people—employees, customers and partners alike. We created a uniquely collaborative relationship with our customers and partners, which led to not only the highest satisfaction rates in the industry, but also a great source of inspiration for how our products could evolve to solve new problems. The success of Webroot is our shared accomplishment.
It’s time for me to pass the baton, and I am confident Mike Pott’s is the right person to lead Webroot going forward. Mike’s passion, vision, and industry knowledge paired with the talented team in place means you have just seen the beginning of innovation from Webroot. I can’t wait to see what this team accomplishes in the coming years and hear about all of the successful implementations from our customers and partners.
Thank you,
Dick Williams
Why You Should be Using a Password Manager
From streaming entertainment to social media to our online bank accounts and software, we are inundated every day with the need to create and remember new passwords. In fact, one study revealed that Americans have an average of 130 online accounts registered to a single email address. And what are the chances that those 130 passwords are each unique and difficult to crack? Slim to none.
You’ve probably heard about the infamous Yahoo breach that came to light last year, in which hackers stole the credentials and other sensitive information of more than 1 billion users. For people who used their Yahoo password for other sites, those accounts were also compromised.
Unfortunately, many people admit their passwords are less secure than they should be. See for yourself:
So how, exactly, can we all be expected to create and remember an average of 130 unique passwords?
The best solution available today, offering both convenience and security, is a password manager.
What exactly is a password manager?
It is a type of application that can address all the above issues. Password managers come in the form of lightweight plugins for web browsers such as Google Chrome or Mozilla Firefox and can automatically fill in your credentials after saving them in an encrypted database.
The major benefit of using a password manager is that you only need to remember a single master password. This allows you to easily use unique, strong passwords chosen for each of your online accounts. Just remember one strong password and the manager will take care of the rest.
Avoid these common password security risks:
- Typing passwords to login each time can be dangerous in itself. Malicious keyloggers designed to secretly monitor keystrokes can record your passwords as you type them. (You can eliminate these with good antivirus software.)
- Remembering multiple passwords, especially if you have carefully picked a password that is complicated. Most people tend to use the same or similar passwords for different accounts, which means that if one password is exposed, criminals can log into all those accounts.
- Storing passwords in a document or writing them down, which creates a very high risk of being affected by a breach or simply losing the information.
For more videos related to cybersecurity and staying safe online, subscribe to our YouTube channel.
UPDATE: The Webroot Password Manager upgrade is here—now powered by LastPass, the most trusted password manager! Get access to quality-of-life features including the password vault, access on ALL devices, auto-fill and save, emergency access, and more.
Current users, learn how to switch to LastPass here: https://wbrt.io/577b2
New users, learn how to set up your LastPass account here: https://wbrt.io/snbmz
Cyber News Rundown: Edition 9/1/17
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
IRS-Themed Ransomware Using Old-School Tactics
Over the past week, researchers have discovered a new ransomware variant that attempts to impersonate both the IRS and the FBI, similar to the FBI lockscreen malware that was popular several years ago. By tricking the victim into opening a link to a fake FBI questionnaire, the ransomware is downloaded onto the machine and begins encrypting. Fortunately, both the FBI and the IRS are taking great measures to alert possible victims and to catalog any scam emails that are being sent out.
History Repeats Itself at UK NHS District
Back in May, the UK’s National Health Services fell victim to a large WannaCry ransomware attack. While most of the districts have since regained full functionality, the district of Lanarkshire has once again been targeted. A cyberattack on its staffing and telephone systems left the district with only emergency services for several days. This event just reinforces the importance of updating security on critical systems before an attack, and even more so after one as devastating as WannaCry.
Worldwide Spread of Android DDoS Malware
A recent study found that hundreds of thousands of Android mobile devices had been compromised by a malware variant designed to turn them into a large-scale DDoS botnet. With hundreds of apps carrying the malicious code, it’s unsurprising that devices in more than 100 different countries have been linked to this WireX botnet, which was recently dismantled by security researchers from several different companies.
Hurricane Harvey Brings Out Scammers
As donations have poured in to support the victims of Hurricane Harvey, so too have stories of scammers looking to profit from their tragedy. Many fraudulent non-profit websites have already been registered and are seeing an exponential increase in traffic, along with large donations that will never reach the intended recipients. Phone scams have also been on the rise, with people impersonating relief organizations and other assistance groups to get information and money from victims of the storm.
Payment Records Compromised at UK Tech Retailer
In more tough news for UK citizens, officials at CeX have confirmed unauthorized access to payment records of nearly two million user accounts on their online site, webuy.com. Fortunately for many of the site’s users, CeX stopped storing customer payment information back in 2009, so most of the cards on file are likely expired. Customers have been advised to watch their accounts for any suspicious activity in the coming months, and to change their passwords as a precaution.