Public Safety in a Connected World
The U.S. electrical grid is in “imminent danger” from cyberattacks according to a report from the U.S. Energy Department released earlier this year. Such an attack would put much of the infrastructure that we rely on for public safety and basic services in jeopardy—electricity, water, healthcare, and communications systems, among others.
Just last week, an email was sent to energy and industrial firms by the DHS and FBI warning of hacking groups targeting critical infrastructure in the “energy, nuclear, water, aviation, and critical manufacturing sectors.”
Great power, great responsibilty
While the networked technology behind this infrastructure empowers our society, it also exposes us to new risks. Most people are aware of the cyber threats facing our personal mobile devices, home computers, and smart appliances. But the risks to public safety on a larger scale are less well known. Commitment to securing this brave new world is critical if we are to avoid serious public safety problems.
Cyberattacks targeting our critical infrastructure reveal our shared responsibility in securing the networks we depend on each and every day in our connected world.
Ransomware attacks—when cybercriminals hack a computer, encrypt the files and hold them hostage—pose a particularly dangerous threat for public infrastructure. It is estimated that ransomware has resulted in billions of dollars of losses in the last year alone, according to our June 2017 Quarterly Threat Trend Report.
Already this year, we’ve seen several major ransomware attacks on government entities, including counties, cities and multiple police departments leading to major disruptions in services like emergency response times, video surveillance and emergency radio transmissions.
In June, an infamous cyberattack dubbed NotPetya hit Europe, affecting workplaces and public domains. This attack mirrored its predecessor named Petya (a type of ransomware), except this new incarnation used “EternalBlue to target Windows systems—the same exploit behind the infamous WannaCry attack.” It also differed from other popular ransomware attacks by denying user access and attacking low-level structures on the disk. This Petya-based attack targeted employees at one of the world’s largest advertising agencies, as well as oil companies, shipping companies and banks. A new ransomware attack that emerged this week named Bad Rabbit also appears to be linked to the NotPetya attack.
As advanced threats such as ransomware continue to evolve in sophistication, they present a more imminent threat to the systems and services we rely on for public safety. Cyberattacks targeting our critical infrastructure reveal our shared responsibility in securing the networks we depend on each and every day in our connected world.
Get tips on becoming a more proactive and prepared citizen with our “One Wrong Click” infographic.
Cyber News Rundown: Edition 10/20/17
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Swedish Trains Schedule Gets Derailed by Cyber Attack
In the last week, several computer systems belonging to the Sweden Transportation Administration were subjected to multiple DDoS attacks that forced the agency to halt some trains and delay others. While they were able to bring the services back online within a few hours, the delays affected transportation schedules for the remainder of the days. Unfortunately, the effects of the attacks were still noticeable within the transportation systems for several days, as the schedules all needed readjustment to accommodate their customers.
Adobe Flash Affected by Zero-Day Exploit
Researchers this week discovered a zero-day exploit within Adobe Flash Player that was used to install FinSpy, a malicious software used to steal user information. The software was hidden in an infected Word document, which the user received via email. FinSpy surveillance software is sold worldwide, but is often used maliciously to gain financial or political power through information gathering and extortion. Fortunately for Adobe Flash users, the latest update patches the exploit and is readily available from Adobe’s site.
Adult Themes Infest Roblox Computer Game
The open-source nature of games like Roblox can enable users to make custom additions to the game and make their experience their own. However, some users choose to take advantage of the system and abuse it. Unfortunately, many of the game’s younger user-base has recently been subjected to Nazi propaganda and other adult content. The vendors of such mods are usually banned from the servers, only to return a short while later.
IoT Takes Major Hit with Krack Attacks
Recently, a vulnerability was found within the WiFi encryption currently in use by hundreds of millions of IoT devices around the world. Fortunately, the vulnerability has been patched by dozens of vendors for quite some time now. However, there are still some devices that won’t likely receive an update in the near future: security cameras, routers, and other household wirelessly connected “things”.
Oracle Updates Large Number of Critical Patches
In their latest update, Oracle pushed out more than 250 different patches for bugs across hundreds of products. Some of the most critical patches involve SQL injection vulnerabilities in their E-Business Suite, which could be used maliciously to steal or alter sensitive financial data. Another area that received multiple patches was the Java Platform, which had 20 unique exploits that were available remotely without any user authentication.
Cyber News Rundown: Edition 10/13/17
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Rigzone Founder Caught Stealing Data
Over the last few months, officials have been piecing together the case against Rigzone founder, David Kent. After selling the Rigzone domain several years ago, Kent used several backdoors he’d implemented to access account information for over 700,000 customers, which he then attempted to sell back to Rigzone. By setting up several dummy accounts, Rigzone staff determined the specific IP address Kent used and apprehend him.
Criminals Hack Eastern Europe Bank for Millions
In the last year, banks in several Eastern European countries have seen a drastic rise in fraudulent charges at ATMs that have allowed hackers to make off with nearly $40 million dollars. Attackers start by manipulating the banks overdraft protection and setting up proxies to allow accomplices in other countries withdraw massive quantities of money from separate accounts. In addition to spoofing the overdraft system, the attackers also installed remote access software on bank computers to enable further intrusion to the institution’s systems.
Multiple Accenture Servers Left Exposed Online
A security researcher recently discovered four servers belonging to Accenture that were left publicly accessible on the internet for an undisclosed length of time. These servers contained data on thousands of Accenture’s clients, though the company’s statement on the issue assured customers that all data was from a retired system that contained no current data. Fortunately, server logs show that the researcher was the only unauthorized user to access them, which should help Accenture’s IT staff sleep a little better.
Latest Apple OS Gives Actual Password instead of Password Hint
A bug within Apple’s latest macOS, High Sierra, could allow a local attacker to request a password hint but receive the actual password. This bug occurred due to an issue with Apple’s file management system, which would have asked users to input a password hint in case they forgot their credentials. Unfortunately, the bug caused the hint request to display the legitimate password instead. Luckily for High Sierra users, Apple was quick to release a patch that fixed the issue.
Healthcare Service Records Found Online
Kromtech researchers discovered an unsecured Amazon S3 bucket belonging to a US healthcare services company that contained information on at least 150,000 patients. Although the company secured the server as soon as they were notified of this security oversight, it’s unclear how long the bucket was freely accessible.
Raising Cyber Savvy Kids
Over the last year, a handful of cyberattacks have made news headlines and affected families. High-tech toy maker Spiral Toys was the victim of a particularly cunning hacking scheme. The maker of CloudPets stuffed animals reportedly exposed more than two million private voice recordings and the login credentials of 800,000 accounts. While these “smart toys” are part of a wave of internet-connected devices providing fun and memorable experiences, they are also exposing millions of users to cyber threats. These toys may appear harmless on the surface, but their vulnerability to attack should be kept top-of-mind by any parent.
Educate your family
One of the best ways to ensure your children maintain a safe online presence is to start the conversation around the potential risks they face in our increasingly connected world early on.
When it comes to online safety, the U.S. Department of Homeland Security recommends looking for “teachable moments” that arise naturally during day-to-day computer use. For example, if you get a phishing message, show it to your kids so they can identify similar messages in the future and recognize they are not always what they seem.
BBC reported that “children aged five to 16 spend an average of six and a half hours a day in front of a screen compared with around three hours in 1995, according to market research firm Childwise.” With the amount of time kids and teens spend in front of a computer screen daily, and with hacking and cybercriminals becoming more advanced and sophisticated, it’s more important than ever to teach kids how to be cyber savvy.
One of the best ways to ensure your children maintain a safe online presence is to start the conversation around the potential risks they face in our increasingly connected world early on.
Tips for your cyber savvy kids
In addition to using tools like Webroot’s Parental Controls, CISO Gary Hayslip summarizes a few safety tips:
- Don’t give out financial account numbers, Social Security numbers, or other personal identity information unless you know exactly who’s receiving it.
- Remember to also protect other people’s information as you would your own.
- Never send personal or confidential information via email or instant messages as these can be easily intercepted.
Find more tips to keep your family safe online, wherever they connect.
Cyber News Rundown: Edition 10/06/17
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Yahoo Breach Expands to All 3 Billion Users
In a recent statement, Yahoo announced that its 2013 breach, which took nearly 4 years to investigate, has impacted all 3 billion of their site’s unique users. Along with this recent update, the company is still reeling from a separate 2014 breach, which holds the dubious title of 2nd largest data breach to date. This update to the total affected users isn’t surprising, given that the original breach left questions as to why some accounts were compromised, while others remained untouched and showed no signs of malicious activity.
Facebook Under Fire After Russia-Based Ads Overwhelm Users
Recently, Facebook founder Mark Zuckerberg issued an apology for the site’s lack of action in stopping Russian advertisements and fake news articles, which have been circulating heavily since the 2016 election season. His statement goes on to promise that additional safeguards will be implemented to ensure Facebook can continue to be a safe platform for users to voice their opinions.
Hackers Prove You Can Game the Gamers
In the past week, R6DB, an online stat tracking service for the popular game Rainbow Six Siege was shut down after several servers were wiped completely due to a cyber-attack. The attackers accessed the database remotely, as it was left unsecured during a recent data migration that hadn’t yet concluded. Unfortunately for many players, their information is completely gone, while company officials are still working to restore what information they can.
Apple’s About-Face
Face ID, the iPhone X’s highly-touted biometric device locking system, has been found to be less than secure in several scenarios. Some of the vulnerabilities relate to young users whose facial features may change as they age, and siblings with similar facial features being able to spoof the security measure. Fortunately, Face ID isn’t the only security precaution on the new device, as it will still require a passcode to be set.
NFL Player Data Found on Unsecure Server
Recently, researchers discovered that an unsecured database belonging to the NFL Players Association contained records on over 1,100 individual players and agents. The compromised data included everything from players’ personal info to team contracts and payee information. Even more worrisome, a ransom note with a bitcoin address was found among the data, though it appears the data itself wasn’t leaked to Dark Web sellers. Fortunately, the database was secured shortly after researchers notified the NFLPA, though no response was received from the association regarding the incident.
Why You Should Protect Your Mac from Viruses
“I use a Mac, so I don’t need to worry about malware, phishing, or viruses.” Many Mac users turn a blind eye to cybersecurity threats, often noting that most scams and attacks occur on PCs.
However, within the last few years, there has been a noted uptick in spyware (a type of software that gathers information about a person or organization without their knowledge), adware (software that automatically displays or downloads advertising material), and potentially unwanted applications (PUAs) on Macs and iOS devices.
While Macs are known to have strong security features, they are by no means bullet proof. In a recent interview with CSO Magazine, Webroot Vice President of Engineering David Dufour noted, “Many of these incidents are occurring through exploits in third-party solutions from Adobe, Oracle’s Java and others, providing a mechanism for delivering malicious software and malware.” Even the most internet-savvy users should be sure to install antivirus software on their Mac products.
Security tips for safe browsing on a Mac
Traditionally, because the Windows operating system is more widely used around the world, it is also more highly targeted by cybercriminals. However, Apple devices running macOS are still vulnerable to security threats, and protecting them should be a priority for anyone who owns them. Check out the following security recommendations to help ensure safety wherever you connect with your Mac, in addition to having an up-to-date antivirus installed:
- Try using a VPN
VPN stands for “virtual private network” and is a technology that adds an extra level of privacy and security while online, particularly when using public WiFi networks, which are often less secure. This recent Refinery29 article illustrates the benefits of VPNs for your work and personal life. - Secure your browser
You may be tempted to ignore messages about updating your browsers, but the minute an update is available, you should download and install it. This is good advice for all software being run on any devices—desktop, laptop, or mobile. - Secure backup
Be sure to regularly backup your computer and iOS devices so you can easily retrieve your data in case you get locked out of your device. - Use a strong login password
Use a unique combination of numbers and letters to password-protect your Mac. This is good advice in general for all of the passwords you create. For an added security step, check out the Webroot Password Manager tool to make it easier to manage and organize your passwords.
Cyber News Rundown: Edition 9/29/17
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Showtime Site Found Using Cryptocurrency Miner
Following the discovery last week that ThePirateBay has been using a Monero miner to experiment with revenue alternatives for the site, researchers have found that both Showtime.com and ShowtimeAnytime.com have embedded code for similar cryptocurrency mining. The code itself runs only while the user is on the site, and ceases once they navigate away. The main concern, however, was the high CPU usage users experienced. The script in question was removed after several days of testing, but Showtime has yet to comment on their implementation of the crypto-miner or its intended outcome.
Massive Stash of Credit Card Info Linked to Sonic Breach
In the past few days, researchers have found a trove of credit card data that could be tied to a recent breach at Sonic, the popular drive-in restaurant. The data is organized by the location of each card, and currently contains nearly 5 million unique card numbers and related info. While Sonic has not yet determined the cause of the breach, they have been working with their credit processing company to identify the compromised store locations and implement credit monitoring for affected customers.
Big Four Accounting Firm Breached
Deloitte, one of the world’s largest accounting firms, suffered a cyberattack that exposed sensitive emails to criminals. Researchers believe hackers gained access to the email system via an administrative account without 2-factor authentication. The attack appears to have only affected a limited number of the firm’s clients, though actual figures are still unknown. Unfortunately, Deloitte’s security is severely lacking overall. With any luck, this breach will be the impetus they need to step up their protection practices.
Irish National Teachers’ Organisation Hacked
A recent Irish National Teachers’ Organisation breach may affect up to 30,000 current and retired teachers across the Republic of Ireland and Northern Ireland. While the breach doesn’t appear to have been data-oriented, the compromised systems contained massive quantities of teacher information. Fortunately, both payroll data and user passwords were not exposed, as they are stored in an alternate location. With enforcement of the EU’s General Data Protection Regulation (GDPR) on the horizon, breaches like these will likely become very costly for victim companies.
Vehicle Tracking Data Available Online
In the last two weeks, researchers found an unsettling number of account records belonging vehicle tracking service SVR Tracking had been left completely unsecured online. The data includes account credentials and vehicle identification information for roughly 500,000 unique accounts. While it’s unclear how long the data was publicly available, SVR secured the server within several hours of being notified of the discovery.
Phishing: don’t take the bait
Another day, another phishing attack. From businesses to consumers, phishing attacks are becoming a more widespread and dangerous online threat every year. One wrong click could quickly turn into a nightmare if you aren’t aware of the current techniques cyber scammers are using to get access to your valuable personal information.
A phishing attack is a tactic cybercriminals use to bait victims with fake emails that appear to come from reputable sources. The attackers’ goal is to lure the user into opening an attachment, clicking on a malicious link, or responding with private information. These phony emails have become alarmingly realistic and sophisticated. A scam may come in the form of a banking inquiry, an email from a seemingly official government agency, or even a well-known brand with whom you’ve done business—maybe you even pay them a monthly subscription fee.
If you do take the bait, you’ll likely be directed to a malicious website, where you’ll be prompted to enter your account login details, a credit card number, or worse yet, your social security number. The end goal of these phishing attacks is solely to steal your private information.
According to the Webroot Quarterly Threat Trends Report, the first half of 2017 saw an average of more 46,000 new phishing sites being launched every single day, making it the number-one cause of cybersecurity breaches. As hackers devise new phishing tactics, traditional methods of detecting them quickly become outdated.
One of the most popular tricks criminals use to avoid detection is the short-lived attack. The Quarterly Threat Trends Report also revealed that these attacks, where a phishing site is live on the internet for as short as 4 to 8 hours, are seeing a continued rise. Short-lived attacks are so hard to catch because traditional anti-phishing techniques like black-lists are often 3-5 days behind, meaning the sites have already been taken down by the time they appear on the list.
You’re probably already aware of the primary phishing-avoidance tip: do not click on suspicious links or unknown emails. But, as the state of phishing becomes even more advanced, how can you best spot and avoid an attack?
Lesser-known phishing giveaways
Webroot recommends keeping an eye out for the following:
- Requests for confidential information via email or instant message
- Emails using scare tactics or urgent requests to respond.
- Lack of a personal message or greeting. Legitimate emails from banks and credit card companies will often include a personalized greeting or even a partial account number or user name.
- Misspelled words or grammatical mistakes. Call the company if you have suspicions about an email you’ve received.
- Directions to visit websites with misspelled URLs, or use of , which precede the normal domain (something like phishingsite.webroot.com).
Stay ahead of cybercriminals
If an email in your inbox does seem suspicious, here are a few things you can do:
- Contact the service or brand directly via another communication channel (i.e., look up their customer support phone number or email address), and ask them to verify whether the content of the email is legitimate.
- Avoid providing any personally identifiable information (PII) electronically, unless you are extremely confident the email is from the stated source.
- If you do click a link from an email, verify the site’s security before submitting any information. Make sure the site’s URL begins with “https” and that there’s a closed lock icon near the address bar. Also, be sure to check for the site’s security certificate.
Thoughts from Webroot’s new President & CEO, Mike Potts
I’m delighted to join the Webroot team officially today as CEO. We helped define the cybersecurity field in our first 20 years, but I believe our best days are ahead. With this introductory post, I thought I’d let you know where I intend to focus in my first months at Webroot, with the goal of taking our customers, partners, and company to the next level of success.
Thanks to an extraordinary team, Webroot is in a great place today. We lead the market with cloud-based solutions that set the standard for endpoint and network protection, threat intelligence, and now security awareness training. Our solutions provide essential protection for the connected world from an ever-growing number of malicious threats. We have the highest customer satisfaction ratings in the industry and achieved 14 consecutive months of double-digit growth.
That’s an outstanding foundation to build upon. Over the next several months, I’ll focus on People, Process, and Technology as I work to accelerate our momentum in innovation and customer success.
Our cyber community
People will always come first, both the Webroot team and our customers and partners. We’ll continue to invest in recruiting and developing the best talent. Our team has more experience in applying advanced machine learning to the challenges of cybersecurity than anyone, and we’ll continue to push the envelope on using that intelligence to solve the issues that are most impactful to our customers. I plan to visit many of our business customers in the coming weeks, to understand how we could be doing better today, and how we can build our businesses together.
Process at scale
My focus on process will be about scale. You’ll quickly find that I believe in the value and leverage of working with partners. We have a great footprint with MSPs serving small- and medium-sized businesses today that we will continue to strengthen. We also have strategic technology partners embedding our threat intelligence in their products, and there is potential for many more. Moreover, I’ll push the team to generate even more innovation, introduce it faster, and to more customers than we have before, while holding true to our core company values of integrity, innovation, excellence, and customer success.
Advancing technology
Finally, I will focus on technology. We disrupted the market with our revolutionary Webroot SecureAnywhere endpoint solutions and our threat intelligence. Since then, we’ve extended our protection to the network layer and added user training to address the last line of defense. I want to ensure we continue to build on this legacy, and just as importantly anticipate the next great market shift.
While new to Webroot, I’m not new to the cybersecurity and technology space. I have been leading companies in the application and security sectors for the past 25 years. Before Webroot, I served as an integration executive in the security business group at Cisco, following the acquisition of my company Lancope in 2015. As president and CEO of Lancope, my team and I led the transformation of the network security company, driving over 600 percent growth in five years. Prior to Lancope, I served as president and CEO of AirDefense and changed the game in wireless security. AirDefense was then acquired by Motorola. With this background and the great Webroot team, I feel we are prepared to do something truly special. Webroot is by far the healthiest company I’ve ever had a chance to lead from day one, so I foresee even greater potential for us!
I look forward to meeting our customers, partners, and advocates in the coming months, and have you all join in this next great chapter of Webroot history.
Regards,
Mike
Webroot Culture: Q&A with Systems Administrator Ann Roberts
Before chatting with Ann Roberts, systems administrator at Webroot, I had a pretty narrow view of what her role in the IT department required on a day-to-day basis. As it turns out, a systems administrator must wear many hats and support multiple areas of the business. Read on to learn more about this tech career path.
Webroot: Ann, tell me a bit about yourself.
Ann Roberts: I grew up in Boulder, went to the University of Colorado at Denver, and graduated with a degree in music business. I moved to New York and ended up working in the IT department at Carnegie Hall. I missed Colorado, so I moved back to Boulder after having my first child. I freelanced for a while, worked at a now defunct startup for a while, and then began my role at Webroot. I currently live in Lafayette, Colorado, with my husband, our two kids, and our dog, Max.
Carnegie Hall, that sounds amazing. Was this your entry into tech?
Yes, but by accident! I started as the assistant in the IT department at Carnegie, but there was only one technician, and I enjoyed filling in the gaps when he wasn’t around. We were a two-person team, which meant that I ended up learning a lot more than I expected, and discovered that I had an aptitude for understanding tech and systems. The rest is history!
What do you do at Webroot?
I am a systems administrator. I am responsible for the care and feeding of the systems that make up Webroot’s corporate infrastructure.
Take us through a ‘day in the life’ of a systems administrator.
It is different from day to day, but it all starts with a big cup of coffee. First thing in the morning, I check email to see if anything has gone haywire overnight. Next, I take care of any urgent requests that need attention. After that, I work on projects as time allows. One project I’ve done quite a bit of work with is with our vRealize Automation environment (Partly Cloudy, as we call it). This system allows people to create their own virtual machines on demand. It has proven especially useful for the quality assurance engineers, because it gives them a disposable platform on which to do their product testing. It has also been interesting to have a window into their role in the company.
Have you seen anything surprising or an unexpected in your field?
My previous company was the sort of environment where every time there was a technical problem, everyone flew into a grouchy panic. After the problem was resolved, inevitably there would be a rush to place blame on someone or something. The result was an environment that made you afraid of messing up. It was a great surprise after starting work at Webroot to find that when problems happen, as they do everywhere, everyone takes it in stride and works together to find solutions.
What has been your biggest challenge working in tech?
Because I found my profession by accident, I have not done any “formal” training. For much of my career, I’ve relied on what I’ve gleaned from coworkers, Google, and trial and error.
What is your biggest takeaway or lesson learned from working in the field?
Don’t panic! Keep a level head and you’ll figure it out.
Love that advice. What about students in your field, any guidance to share?
Get as much real-life experience as you can. There is only so much that can be learned by reading about a subject. The whole point of this job is to expect the unexpected, and the unexpected is what you encounter on the job.
What about professionals looking to get into tech?
If you find a subject you’re interested in, then just find a way to be around it. Take a class on it, do research on it, or set up the environment and play around with it.
What’s it like to work for Webroot?
Webroot is a fun company to work for. There is a strong emphasis on work/life balance, which is important to me.
Thanks, Ann. I think your great attitude on tackling challenges must be a great asset in your line of work.
If you’re interested in a career like Ann’s, check out our careers page at www.webroot.com/careers. You may be particularly interested in our openings for a QA Engineer.
Ransomware Spares No One: How to Avoid the Next Big Attack
With global ransomware attacks, such as WannaCry and not-Petya, making big headlines this year, it seems the unwelcomed scourge of ransomware isn’t going away any time soon. While large-scale attacks like these are most known for their ability to devastate companies and even whole countries, the often under-reported victim is the average home user.
We sat down with Tyler Moffit, senior threat research analyst at Webroot, to talk ransomware in plain terms to help you better understand how to stop modern cybercriminals from hijacking your most valuable data.
Webroot: For starters, how do you describe ransomware? What exactly is being ransomed?
Tyler Moffit: To put it simply, your files are stolen. Basically, any files that you would need on the computer, whether those are pictures, office documents, movies, even save files for video games, will be encrypted with a password that you need to get them back. If you pay the ransom, you get the password (at least, in theory. There’s no guarantee.)
How does the average home user get infected with ransomware?
“Malspam” campaigns are definitely the most popular. You get an email that looks like it’s from the local post office, saying you missed a package and need to open the attachment for tracking. This attachment contains malware that delivers the ransomware, infecting your computer. It is also possible to become infected with ransomware without clicking anything when you visit malicious websites. Advertisements on legitimate websites are the biggest target. Remote desktop protocol (RDP) is another huge attack vector that is gaining traction as well. While controlling desktops remotely is very convenient, it’s important to make sure your passwords are secure.
How is the data ? Is the ransomed data actually taken or transmitted?
When you mistakenly download and execute the ransomware, it encrypts your files with a password, then sends that password securely back to the attacker’s server. You will then receive a ransom demand telling you how to pay to get the password to unlock your files. This is a really efficient way to prevent you from accessing your files without having to send gigabytes of information back to their servers. In very simple terms, the files are scrambled using a complex algorithm so that they are unreadable by any human or computer unless the encryption key is provided.
What types of files do ransomware attacks usually target?
Most ransomware is specifically engineered to go after any type of file that is valuable or useful to people. Around 200 file extensions have been known to be targeted. Essentially, any file that you’ve saved or open regularly would be at risk.
How does the attacker release the encrypted files?
The attacker provides a decryption utility via the webpage where you make the payment. Once you receive the decryption key, all you have to do is input that key into the tool and it will decrypt and release the files allowing you to access them again. Keep in mind, however, that the criminal who encrypted your files is under no obligation to give them back to you. Even if you pay up, you may not get your files back.
Tips for protecting your devices:
- Use reliable antivirus software.
- Keep all your computers up-to-date. Having antivirus on your computer is a great step towards staying safe online; however, it doesn’t stop there. Keeping your Windows PCs and/or Mac operating systems up-to-date is equally important.
- Backup your data. Being proactive with your backup can help save your favorite vacation photos, videos of your kid’s first piano recital, not to mention sensitive information that could cost you thousands by itself.
Remember, being an informed and aware internet user is one of the best defenses against cyberattacks. Stay tuned in to the Webroot blog and follow us on your favorite social media sites to stay in-the-know on all things cybersecurity.
CISO to CISO: Combatting the Ever-Growing Phishing Threat Together
As a CISO, I think the cybersecurity community is beginning to realize that the threats we face as security professionals are consistently evolving, and, more importantly, that we must evolve just as quickly to combat them. Recent data collected by the Webroot® Threat Intelligence Platform on the acceleration of phishing attacks and the maturation of new, related criminal methodologies demonstrates that, to respond effectively, we must develop and leverage solutions that don’t just keep up with today’s threats, but predict their next moves.
Most CISOs, myself included, want solutions that can respond in real time and assist us in making critical decisions to not only protect our businesses, but reduce risk overall. A lot of the new solutions that might interest us can be integrated into a platform and allow us to consume different types of threat intelligence and data feeds so we can automate responses to attacks in real time.
3 Steps to Mitigate Phishing Risks
Phishing is the number one cause of breaches. Webroot BrightCloud® Web Reputation is one of the solutions I look to as a critical asset for any security team because it provides the knowledge, within milliseconds of selecting a URL, whether a site is malicious. This efficiency and accuracy allows security teams to be proactive in protecting their organizations—to prevent compromises, not react to them after the fact. In addition to leveraging this type of real-time intelligence technology, I recommend several steps to reduce the phishing risk to any organization and its employees.
Social Media Security Awareness
Social media is increasingly used by cybercriminals to research their targets. As such, CISOs should add social media security awareness training to their corporate security awareness curriculum. Personnel should be trained on the risks and given insight into how the data they publish in their profiles could be used to target them, their families, and the organizations they represent. In my experience, the majority of people on social media don’t take even the most basic security precautions, such as only connecting with people whom they know, or not allowing their profiles to be searched or viewed publicly.
Executive Exposure Prevention
Additionally, I recommend directing threat intelligence toward executive staff and assistants. An organization can provide a list of executive staff, board members, executive assistants, and other company VIPs to a threat intelligence service. The service can then scan the dark web and watch for anything related to the client organization and the list of provided personnel. This gives the organization’s security team advanced notice of possible phishing attacks against specific employees, and allows them to warn employees to mitigate risk, change passwords, and even shut down compromised accounts.
Real-Time Anti-Phishing
Given that the number of new unique phishing sites averages over one million per month, and that the lifespans of many such sites can be measured in mere hours, it’s clear we need new techniques to stop modern attacks. With this in mind, I recommend CISOs employ real-time threat intelligence feeds with data specific to their industry, and that the data be contextual, meaning it should apply to the technology, applications, and security controls the CISO has deployed.
I also recommend engaging real-time URL filtering, since phishing emails typically drop a ransomware payload, which can significantly impact an organization’s business operations. Since phishing websites are active for an average of 4-8 hours, and given the new methods cybercriminals use to hide malicious sites in plain view, I believe it’s critical to be proactive and use real-time URL filtering. The methods of bygone years, in which we deployed domain block lists and IP address block lists, have been outpaced by the innovative phishing techniques cybercriminals use today. As threats have adapted, we too need to adapt.
The Bottom Line
The latest quarterly threat report focuses on phishing specifically, and is an informative read for all of my fellow CISOs, and a primer to help support and maintain the security of your own organizations. As CISOs, it’s time to level the online playing field to proactively detect and respond to threats in real time. The first step is by arming ourselves with the right threat intelligence to make more timely and better-informed cybersecurity decisions.