Cyber News Rundown: Edition 5/19/17
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
WannaCry Ransomware Tackles Globe
In the past week, organizations in over 150 different countries have been dealing with the WannaCry ransomware that spread like wildfire across at least 150,000 individual endpoint devices. By propagating like a worm, the infection was able to spread quickly, exploiting a largely unpatched vulnerability in several Windows operating systems. While a patch for un-updated systems has been publicly available since March, many organizations have struggled to roll it out to their endpoints, or can’t do so without rendering their proprietary software unusable.
Restaurant Listing Service Zamato Hacked
Researchers have discovered a Dark Web vendor with a listing for 17 million Zamato user accounts, along with samples of the data to prove its legitimacy. In response to the hack, Zamato has issued a forced password reset for all affected users, and strongly recommends a password change for the remaining users as added precaution. Fortunately, no credit card information was compromised, as it is stored in an alternate location.
Pirates Pirate “Pirates”
As the official release of the new Pirates of the Caribbean movie looms ever closer, hackers have threatened to leak five minutes of a stolen, unreleased film, followed by 20-minute chunks if Disney doesn’t pay their Bitcoin ransom demand. (It’s unclear if the stolen movie is truly the new PotC, but that’s the rumor.) Piracy is hardly new in the film industry, and a case much like this one happened last month with Netflix and episodes from the upcoming season of Orange Is the New Black. From the sound of it, most production companies agree that a few leaks to dodgy download sites so close to release aren’t significant enough to consider paying up.
Dangerous Flaw Found in the Google Chrome Browser
A recently discovered flaw in Google Chrome has allowed researchers to download a malicious shell command file to a user’s computer, which then executes when the user opens the folder where the file was saved. Upon execution, the file retrieves the user’s login credentials for accessing other network drives or local files. Fortunately, Google is aware of the issue and is working to resolve the vulnerability.
Bell Canada User Data Leaked
In their public statement earlier this week, Bell Canada revealed that a large number of users’ email addresses had been compromised, along with several thousand names and phone numbers. The breach is currently under investigation, and all affected users have been notified to be on the lookout for resulting email phishing scams.
Clavister Partners with Webroot for IP Reputation
Webroot recently announced a new collaboration with Clavister, a leader in the network security market. Clavister selected Webroot’s BrightCloud® IP Reputation Service. The solution detects malicious activity within users’ IT infrastructure and delivers actionable threat intelligence. We sat down with Mattias Nordlund, product manager for Enterprise at Clavister to get the scoop on the new offering and also the importance of IP reputation.
Webroot: Give readers a brief overview of Clavister.
Mattias Nordlund: Clavister is a Swedish security vendor founded in 1997 in the very improbable location of Örnsköldsvik, on the border of Lapland, far in the North of the country. We always joke – because it’s cold and dark so much of the year – our developers don’t have any distractions from making the best security code out there. Our “Swedishness” is a big source of company pride.
The development of our proprietary software – first cOS core and later our cOS stream solution – made the product into an award-winning and industry-respected leader in cybersecurity and digital threat deterrence. We’ve managed to grow the business internationally to an installed base of 20,000 customers with a 95 percent satisfaction rate, which drove Clavister to be one of the few Swedish technology companies listed on the NASDAQ OMX Nordic Exchange. Clavister also has acquired a formidable client list that includes Nokia, Canon ITS, and D-Link, as well as collaborations with Intel, Redhat, and VMware, among others.
I love the source of pride in your heritage. Putting on your security hat, do you see a difference in cyber preparedness in Europe versus the United States?
Of course. The US is a very advanced market when it comes to threat protection and development with some of the biggest vendors operating within its borders. But, if you think of EU legislation, like GDPR, with a more independent tradition that doesn’t appreciate the surveillance and backdoors built by both US and Chinese actors, then you see that Europe is quite advanced in cybersecurity. In Sweden, just as an example, we use a two-factor authentication app for not only our banking but logging into public websites, checking your kid’s daycare schedule, etc. So identity management and using VPNs is far more advanced in the EU than in the US.
That’s great. We are always pushing two-factor authentication, but it isn’t required by many sites here. Switching gears, why is IP reputation important?
For us, it’s important as a tool to help our customers stop Command & Control and Botnet communications, alleviate load on servers from attacks from known Denial of Service (DoS) IPs, or help limit the load on mail servers by stopping known spam sources on the edge. IP reputation in a way becomes a proactive mitigation technique rather than a reactive one. That’s where we see the market for Next-Generation Firewalls (NGFW) going.
Being proactive in your cyber defense is key. What do you hope your customers will gain by including Webroot BrightCloud IP Reputation intelligence in your solutions?
For our customers, it’s one more piece of the puzzle in how to understand traffic flowing through our products. The customer will get insights on the behavior of users. Coupled with other features like web content filtering and application control, it will indicate the behavior of a user and how “risky” it is.
What advice can you share with businesses struggling with their security plans today?
Having a holistic approach to how the company behaves – BYOD, its cloud-based work, endpoint, identity access management (IAM), VPNs, etc. – is really critical. It no longer works to take a partial approach. And then there’s the human firewall factor. Keep in mind, 85 percent of network breaches come from employees hitting phishing emails. That’s very important to bear in mind, as much as the hardware and software solutions.
Wise words, Mattias. Thank you for taking the time to talk cyber.
If you want to learn more about this new collaboration, check out the media release.
Second WannaCry wave spreads the globe
As the second wave of WannaCry spreads across the globe, the latest estimate from the leading European police agency Europol suggests the malware has hit over 200,000 victims over 150 countries. You can catch up on some of the latest news here.
New kill switch detected ! https://t.co/sMyyGWbgnF #WannaCry – Just pushed for an order ! pic.twitter.com/cV6i8DpaF4
— Matthieu Suiche (@msuiche) May 14, 2017
Although a second kill switch has been identified and registered today, there is no certainty that this second kill switch will address all malware variants. Europol continues to recommend that one of the best defenses is to take advantage of the patches released by Microsoft.
Webroot currently has strong protection in place for WannaCry, and has already reviewed and fortified its protection and detection routines to protect its users against future variants that may appear.
As Webroot sees every new executable file introduced on systems where Webroot SecureAnywhere is installed, we get rapid insight into all types of new malware. This allows us to quickly create and/or improve upon our best-in-class detection mechanisms for zero day threats.
WannaCry Ransomware: Webroot protects you.
Ransomware attacks continue to spread around the world this weekend, after the initial damage inflicted on healthcare organizations in Europe on Friday.
The criminals responsible for exploiting the Eternal Blue flaw haven’t yet been identified, but up to 100 countries have hit with WannaCry ransomware, with Russia, Ukraine and Taiwan among the top targets.
The ransomware first appeared in March, and is using the NSA 0-day Eternal Blue and Double Pulsar exploits first made available earlier this year by a group called the Shadow Brokers. The initial spread of the malware was through email, including fake invoices, job offers and other lures with a .zip file that initiates the WannaCry infection. The worm-like Eternal Blue can exploit a flaw in the Server Message Block (SMB) in Microsoft Windows, which can allow remote code execution. This flaw was patched in Microsoft’s March 2017 update cycle, but many organizations had not run the patch or were using unsupported legacy technology like XP.
What’s New
Today, Microsoft has released emergency security patches to defend against the malware for unsupported versions of Windows, including XP and Server 2003.
Overnight and today, it has become clear that a kill switch was included in the code. When it detects a specific web domain exists—created earlier today—it halts the spread of malware. You can learn more at The Register.
As a Webroot customer, are you protected? YES.
Webroot SecureAnywhere does currently protect you from WannaCry ransomware.
In simple terms, although this ransomware is currently causing havoc across the globe, the ransomware itself is similar to what we have seen before. It’s the advanced delivery mechanism that has unfortunately caught many organizations off guard.
In addition to deploying Webroot SecureAnywhere as part of a strong endpoint protection strategy, it is essential you continue to keep your systems up-to-date on the latest software versions, and invest in user education on the dangers of phishing, ransomware, social engineering and other common attack vectors.
If you have any questions about your Webroot deployment, reach out to our Support Team now.
And, if you are not a Webroot customer, we encourage you to trial Webroot SecureAnywhere now.
Cyber News Rundown: Edition 5/12/17
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
UK Dating Site Exposes User Info
Recently, users of the UK-based dating site, Soulmates, reported receiving explicit emails that contained info available on their dating profiles. After what appeared to be a third-party data leak, Soulmates revealed that both usernames and corresponding email addresses had been compromised. Soulmates has since confirmed that the cause of the leak has been resolved, but declined to provide further detail.
Dangerous Microsoft Security Bug Found
In the past week, a Google researcher discovered a bug in the Microsoft® Windows Defender that exploits the program’s high-level permissions to cause chaos on the system—without the user having to take any action. The bug occurred when Windows Defender scanned a malicious email, which then enabled the remote code execution to further take control of the affected device. Fortunately, Microsoft releases automatic updates, so this should be resolved for most systems, or will be soon.
Ireland Falls Victim to Multiple Email Scams
In recent weeks, thousands of Irish citizens have received scam emails from Tesco Bank and Bank of Ireland, all requesting that they confirm personal information via a link to the site’s login page. (As if we needed yet another reason to avoid links in emails…) Recognizing that many users will be savvy enough to delete the obvious phishing attempt without clicking the link, attackers are likely measuring success based solely on the relatively small percentage of recipients who fall for the scam.
Healthcare Providers Leave Medical Records Accessible to All
Researchers have recently uncovered a flaw in several healthcare providers’ websites, which allows any user to view the medical records of other patients. By logging into one site, the researcher was able to successfully load another patient’s records by simply changing a single digit in the PDF download link. Another site allowed users to view records without a login that would verify their identity.
SS7, Major Security Flaw in International Telecomm
For years now, researchers have been documenting flaws inherent in SS7, the signal protocol that allows 800+ telecomm service providers to work together efficiently. By taking control of a rogue telecomm company, attackers have been able to successfully reroute incoming messages and calls to a compromised device to monitor activity. SS7 has also been blamed for multiple other security incidents over the years, from device tracking to full internet usage and communication monitoring.
Intern Q&A with Software Engineer Clarence Tan
A computer is only as good as the information that feeds it. This belief nourishes the computer programming and engineering field, encouraging scores of youth to dive into the relatively nascent field–software programming and engineering have only been a widespread occupation since the 1980s. It’s no wonder there is an explosion of jobs in the field as new technology such as cloud, Big Data, and mobile are embraced. According to SC Magazine, the Bureau of Labor Statistics reported that in February 2017 there was a net increase of 13,000 information technology jobs.
So what is the next generation doing to prepare for this exciting field? They’re seeking out internships.
This semester, Webroot was lucky enough to have 8 interns. I sat down with Clarence Tan, a senior at the University of California, San Diego studying computer science, to get a snapshot into the mind of the next generation of computer greats.
Webroot: Tell me a bit about yourself?
Clarence Tan: I’m a 4th year studying Computer Science at UCSD. For me, I really enjoy software development, because I appreciate problem-solving and building things in general. Outside of coding, some of my interests include watching sports, playing board/video games, and traveling.
Those hobbies sound like a checklist for a lot of the technical folks around here! Besides the obvious overlap of interests, how did you learn about the Webroot internship?
I learned about the Webroot internship through UCSD’s job page (PortTriton). My university has great connections with area businesses like Webroot.
What was enticing about an internship at Webroot?
For me, I wanted to gain more industry experience and further my knowledge in software development to become a better engineer. While I do learn a lot of interesting things at school, I feel I have grown the most through my experiences as an intern.
Wise words, Clarence. There is nothing like “real-world” experience. Take us through a day in the life for you in our San Diego office?
As a software intern, the majority of my time is spent coding, doing research, and having technical discussions regarding the features I am working on. Outside of that, I have scrum meetings every other day, bi-weekly engineering meetings, and one-on-one meetings with Tom Caldwell, my manager. Otherwise, I have a few larger group meetings addressing more general Webroot or office business.
It sounds like you get to be in the weeds on projects. Knowing what you do now, what is your biggest takeaway or lesson learned from this semester?
I think one of the biggest takeaways for me is time management. Since I am still in college, I have to balance my coursework with my internship and other school activities. It was definitely a challenge for me initially, but I feel I’ve learned a lot through this experience and worked through how to balance it all.
While I do learn a lot of interesting things at school, I feel I have grown the most through my experiences as an intern.
If it’s any consolation, I also struggle with time management and balance. There is always one more thing to do! What advice can you share with students in your field?
I’d recommend doing side projects or pursuing an internship. As I mentioned earlier, I feel I’ve grown the most as a developer by applying the knowledge and theory I learned in school to real-world situations. It has allowed me to understand technology better through the application of it. Also, I’d recommend students pursue a part of software development that interests them in particular, which can range from full-stack to DevOps to mobile. These are all very different, but equally important, aspects of development and I believe it is important to do what you enjoy.
Solid advice, Clarence! Now on the flipside, any advice for Webroot?
Continue to rock on with those great snacks.
Thanks, Clarence. I appreciate you taking the time to chat.
If you’re interested in an internship at Webroot, check out our careers page, www.webroot.com/careers.
Cyber News Rundown: Edition 5/5/17
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Apple Threatens to Remove Uber App
In recent weeks, Apple has threatened to remove Uber from its App Store after a New York Times article revealed the app was tracking iPhones, even after having been uninstalled. Uber’s response was that the tracking was implemented to identify fraudulent trips and ensure untrustworthy users were blocked from the service, though this type of monitoring is expressly forbidden by Apple. While the issue has only been spotted on iOS® devices so far, it’s possible that Android® devices are also being tracked.
List of IoT Medical Devices Grows, Along with the List of Threats
Many of us may remember hearing that internet-connected pacemakers were potentially susceptible to cyberattacks. Now, several imaging sensors, prosthetics, and other connected medical devices, which are either currently available or in production, don’t appear to have proper security precautions. In addition to the possibility that these devices could be accessed remotely, there’s also a chance they could be used to steal any personal medical data they record.
Chipotle Payment Processing Systems Compromised
In the last week, Chipotle’s CFO released a statement about unauthorized activity on their internal payment processing network. While it appears their security measures did stop the attack, the company is working with its payment processor to monitor customer accounts for any suspicious activity over the 3-week period in which the breach occurred.
Mole Ransomware Brings Two Forms of Encryption
As ransomware continues to evolve, the tactics to ensure a successful attack have improved right along with them. With the Mole variant, criminals use RC4 encryption and RSA for decryption, leaving victims with no way to decrypt their files or even tell them apart. The infection begins by executing a javascript file that pretends to be a Flash update, then changes all file extensions to .MOLE. It finishes by scrambling all of the filenames with hexadecimal values.
FalseGuide Android Malware Reaches 2 Million Victims
In a recent study, researchers discovered the prevalent Android malware FalseGuide has affected over 2 million individual devices. The malware proliferates by disguising itself as game guides for dozens of popular mobile games, and, after being installed, requests admin privileges to remove any options for the user to delete the app. After gaining admin access, the malware registers itself on a cloud messaging service to receive remote commands.
Creating Strong Passwords on World Password Day
Update: World Password Day will officially be observed on May 3, 2018. While the the rules for creating tough-to-crack passwords remain true, additional layers of password security such as two-factor authentication and password manager tools are giving users even stronger security for their online accounts. Follow the advice below and have some fun crafting strong passwords to keep you safe online in 2018.
We’ve heard the same advice over and over when it comes to passwords—make it strong. But how many of us actually follow this advice? Would you believe that some of the most popular passwords are still “password”, “123456”, “qwerty”, and “abc123”? For World Password Day, we’ve want to offer a few tips to make sure your passwords are up to snuff.
Tips for securing passwords
- Create a strong password that uses numbers, caps, and special characters
- Use unique passwords for each account
- Enable two-factor authentication
- Set up a secure password manager
You’re probably thinking “it’s hard to remember multiple strong passwords.” To help you out, here’s how you can choose something easy to remember, but hard to crack.
- Start with your favorite song, movie, or book. Use the first letter of each word. So, if your jam is “Guardians of the Galaxy Vol. 2”, that would make it “Gotgv2”.
- You could then increase the complexity by changing out any vowels with numbers. That makes it “G0tgv2”.
- Now add a special character, such as “!” or “$”. Your password would now be “G0tgv2!”.
- Turn it into a passphrase for good measure. Something like “G0t7gv2! is my jam!”.
- Make sure it’s at least 16 letters long. This one is, but you may need to add another number or symbol to make the password long enough.
If this is still too much to remember, you can use the first letter of one of your favorite phrases from a song, movie, or book until you reach 12 or so characters, mix up capitalization, then add in a few special characters.
Otherwise, go with option 4 from my original list: get yourself a password manager. There are a number of free and low-cost password manager applications out there, which will generate and store secure passwords for all of your accounts. Many Webroot subscribers already have one, depending on their Webroot subscription type.
Note: If you do use this option, you will still need a strong password for the password management program itself.
Mobile reminder
If you don’t have a password on your mobile phone or tablet, you should reread part about following security advice. Most smartphones offer the option of a 4-digit PIN or a pattern. When creating your PIN, be sure to use a unique string of numbers, and one that isn’t easy to guess (e.g. don’t use your birthday.)
Join Webroot and hundreds of other organizations worldwide on May 4th to take the pledge to build stronger password habits.
Critical Service Announcement
UPDATE 4/28/17 2:11 p.m. MDT
As a reminder, the repair utility to address the false positive issue that arose on Monday, April 24, is available. The utility will release and restore quarantined applications to working order on the affected endpoints.
Please note, the utility was built to address only this specific false positive issue. It will be deactivated in the future.
If applications are operating normally on your systems, you do not need to implement the utility.
To obtain the repair utility, open a support ticket, or reply to your existing support ticket related to this issue. Please include your phone number in the ticket.
I want to thank each of our customers and partners for their patience during this time, and we are committed to earning your trust going forward.
UPDATE 4/27/17 2:47 p.m. MDT:
We have 0 calls in queue on our phone line, and are working through about 130 tickets related to the False Positive repair utility. A good portion of those are simply awaiting customer verification.
If you haven’t yet submitted a support ticket and you need the repair utility, please do so here. Include your phone number as well with the support ticket.
Our sincerest thanks to the MSP beta customers who worked with us to further test and validate this repair. We truly appreciate the support of our customers and thank you for your patience.
Update (Business) April 26, 10:25am MDT:
In addition to the manual fix issued Monday, April 24, we have now issued a standalone repair utility that provides a streamlined fix for business customers. It will release and restore quarantined applications to working order on the impacted endpoints.
For access to the repair utility, customers should open a support ticket, or reply to your existing support ticket related to this issue. Please include your phone number within the support ticket.
Our sincerest thanks to the MSP beta customers who worked with us to test and validate this repair. We appreciate the support of our customers and thank you for your patience.
Update (Business) April 25, 9:41pm MDT:
We created a comprehensive repair utility, and have successfully completed QA. We are currently rolling out the utility to a group of beta customers to ensure it works for our broader customer base. We expect to complete that work soon, and then will make it available incrementally to the entire customer base to ensure a successful deployment.
You also can look to our Community for ongoing updates.
Our Support team remains available to those of you who need urgent assistance, and we thank you for working with us through this challenging issue.
On April 24, Webroot experienced a technical issue affecting some business and consumer customers. Webroot incorrectly identified multiple files as malware. Webroot was not breached. Actual malicious files are being identified and blocked as normal.
We recognize that we have not met the expectations of some customers, and are committed to resolving this complex issue as quickly as possible.
For Business
Webroot is making progress on a resolution and will update you when it is available. In the meantime:
- Do not uninstall the product or delete the quarantine. This will make quarantined files unrecoverable.
- We have rolled back the false positives. Once the fix is deployed, the agent should pick up the re-determinations and perform as normal.
- Customers should ensure endpoints are powered on and connected to the internet to receive the fix. Once files have been restored from quarantine, some endpoints may require rebooting.
Those who wish to address the issue manually should follow the instructions posted on Webroot Support.
We are conducting a thorough technical review to ensure we have a complete understanding of the root cause. A summary will be posted in the Webroot Community, and Webroot account representatives will be prepared to discuss the findings in greater detail with you.
For Home
To resolve the issue, customers need to restore the quarantined file(s). Please follow the steps on the Webroot Community and restore the file(s). Webroot offers free 24/7 support for consumers, and can open a ticket for any questions here.
We apologize for the inconvenience this has caused our customers and are taking the actions to earn your trust going forward.
Cyber News Rundown: Edition 4/21/17
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Neiman Marcus Breach Bigger than Initially Believed
Following the 2015 Neiman Marcus breach, the company only recently disclosed that the impact is far greater than originally believed. The latest findings come on the heels of a January attack that copied the original 2015 hack, during which the information for over 350,000 unique credit cards was compromised. The recent attack exposed an unknown quantity of user’s data, though it focused more on the company’s loyalty card program, InCircle.
Chinese Video Service Accounts for Sale on Dark Web
As the list of data breaches continues to grow, several prominent Chinese companies have seen massive breaches, reaching well into the hundreds of millions range as far as individual accounts affected. Recently, a database belonging to Chinese streaming service Youku was found for sale on the Dark Web for a paltry $300. The database contains the usernames and passwords for nearly 100 million users, most of which have already been decrypted or even found in multiple, previously leaked databases.
Ransomware-as-a-Service, Surprisingly Affordable
The newest trend taking the malware world by storm: cheap ransomware-as-a-service that comes with a user-friendly dashboard, so launching a ransomware campaign is now easier than ever. For the low, low price of $175, aspiring cybercriminals gain access to a fully customizable interface to monitor the infections from start to end. Fortunately for potential victims of this particular variant family, security researchers have been successful in creating decryption keys to remove the malware for free.
Indian Hackers Strike at Snapchat over CEO Comments
In another case of cybercriminals turned hacktivisits, attacks have been launched following a PR nightmare in which Snapchat’s CEO allegedly made comments that the Snapchat platform is meant for “rich people”, not for “poor countries” like India. The hackers claim to have stolen user data for over 1.7 million accounts, though Snapchat has yet to confirm that any leak actually occurred.
International Hotels Group Finds Malware in Payment Systems
Following an investigation that began in the second half of 2016, officials for the International Hotels Group have confirmed that multiple locations had suffered significant credit card breaches. Even more worrisome is that the latest breach was only discovered by the card providers monitoring suspicious activity on the accounts, which suggests that the IHG’s internal security measures aren’t up to snuff.
Cyber News Rundown: Edition 4/14/17
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Microsoft Patches Critical Zero-day Vulnerability
On Tuesday of this week, Microsoft released a patch for a relatively unknown zero-day vulnerability that allowed attackers to distribute malware through malicious Word documents. Opening the infected document allows it to contact a remote server to begin downloading malware to a victim’s system via a script file embedded in the document. While the Microsoft patch does resolve the issue, we still encourage you to use caution when opening any documents attached to emails, even if they appear to be from a trusted sender.
Legit IRS Online Tool Used Illegitimately
In the past few months, investigators have been looking into some fraudulent activity that was occurring in their Data Retrieval Tool. By using the tool as intended, criminals were able to impersonate legitimate users to begin a tax return form and access that user’s data, thereby creating fraudulent returns. From the initial investigation, it appears nearly 100,000 different user accounts have been tied to this method of identity theft. The scam itself has cost the IRS over $30 million.
Sneaky CIA Malware Uses Pop Culture References
When the Wikileaks Vault 7 post revealed numerous spying tools from a CIA dump, many researchers began digging through the treasure trove of information. Researchers at Kaspersky Lab found several malware programs with code referencing Star Trek, Flash Gordon, and other recent pop culture icons. The malware in question has been linked to a long-standing malware campaign that hit multiple targets across Europe and Asia.
Ex-Employee Hacks Hotel System, Slashes Room Rates
Ever daydream about getting back at a bad boss? One NYC Marriott hotel found itself on the receiving end of a disgruntled ex-employee’s revenge. A few weeks after being fired from his job, Juan Rodriguez hacked into the hotel’s reservation systems and cut prices down by up to 95%, costing Marriott over $50,000 before the intrusion was discovered. Unfortunately for Juan, while he was smart enough to infiltrate their network, he forgot to mask his own IP, which led authorities straight to his apartment.
Patient Records Available Online
As prices for medications and health treatment continue to rise, a lot of people are looking for cheaper ways to obtain prescriptions and services. Unfortunately, this leads to increased risk, particularly in the case of elderly citizens on a fixed income. Recently, a researcher found a database with the medical and personal records for nearly 1 million senior citizens, freely available to the public. But the database in question didn’t belong to a healthcare facility. Instead, it was owned by a telemarketing firm who had gathered a large quantity of sensitive information on the promise of providing cheaper deals on medication.
Gary Hayslip Chats About the Internet of Everything, the Strategic Role of Cybersecurity, and Becoming Webroot’s New CISO
When you meet Gary Hayslip, don’t let his calm demeanor fool you — underneath is a deep passion for and understanding of the “Internet of Everything” or IoE. To say his 25-year career in information security is impressive would be an understatement. From serving as Command Information Security Officer in the United States Navy to his more recent position as the City of San Diego CISO and deputy director, Gary has become attuned to the ever-evolving role of a CISO in organizations.
As I chatted with him across a boardroom table, I began to picture how IoE has the potential to create abundant opportunity and new risks. Imagine this: smart parking meters making your urban commute easier. Communications between your car’s GPS and parking meters in the vicinity help you find a vacant spot and pay the meter all from an app on your phone. Now imagine the adverse — a powerful DDoS attack using those same smart parking meters to send a flood of communications to an area internet service provider, overloading its network bandwidth, and debilitating internet service for its customers. It can be scary to think about.
According to the FBI, “deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness, provide cyber actors with opportunities to exploit these devices.” For the record, this is why more organizations need the Gary’s of the world.
I caught up with Gary at the Webroot World Headquarters in Broomfield, Colorado, to talk about his decision to join Webroot, his views on IoT, and more.
Webroot: What made you decide to join the Webroot team?
Gary Hayslip: I had been working in the IoT and cybersecurity space around smart cities and smart communities for a while when I came across Webroot. Seeing the Webroot FlowScape® capabilities coupled with how their product suite leverages the power of machine learning to predict and protect against threats in the connected world we live in had me sold. At the end of the day, a forward-leaning company that can offer Webroot’s level of protection to both consumers and partners intrigues me.
Webroot: As an InfoSec leader, what will be your main area of focus at Webroot?
GH: To me, cybersecurity is a business critical function. The Office of the CISO provides enterprise risk management through current state assessments and forecasting. Ultimately, our consistent question to solve is “how can we better support departments across the organization?” I think I’ll bring a unique point-of-view to that question considering I was recently a customer. Along those lines, my insight from the customer point of view will offer an advantage with product strategy to reduce the risk for customers. As Webroot grows, I want to ensure the programs and strategies my teams create are flexible enough to grow alongside the company.
Webroot: What opportunity do you think Webroot can fill in the market?
GH: I see a significant amount of movement in getting IoT devices to market, but not a lot of readiness to make sure these devices can be scanned, monitored, or protected. FlowScape bridges the gap and allows you to see the devices communicating within your networks and gives context around what devices are doing. The Webroot product portfolio truly does protect users across devices, networks, and perimeters. Delivering comprehensive security solutions that detect, defend, and provide analysis to businesses and individuals is our sweet spot.
Webroot: What difference do you want to make in your new role?
GH: The biggest thing for me is making a resilient program ever better. Cybersecurity is a life cycle and breaches are part of that life cycle. It’s never lost on me that threats are constantly emerging and evolving. It’s only fitting for a best-in-industry organization to meet the threats where they live with constant preparation.
In addition to sitting on numerous boards and being an active member of ISSA, ISACA, OWASP, and InfraGard, Gary holds the certifications of CISSP, CISA, and CRISC. Be sure to check out his book CISO Desk Reference Guide.