CIO reports that women in tech remain underpaid, underrepresented and more likely to be discriminated against. Despite holding 57 percent of professional positions in the U.S., women hold only 26 percent of positions in tech. Half of all women in STEM fields report experiencing workplace discrimination. The percentage of female computer scientists is actually falling in America.
September 14 kicks off National
Coding Week and the third Tuesday of September (September 15 this calendar
year) is National
IT Professionals day. In celebration, we’ve asked some of the female IT professionals
within our organization about representation in IT, what drew them to the field
and advice for other women interested in STEM.
What led you to a career in STEM?
“After starting my career as a web design and
developer, I became more involved in the web development which led me to where
I am today, a principal UI engineer. I’ve always had a passion for making flat
designs come to life and find it very exciting when I see my work go
live.” – Christiane Evans, Principal UI Engineer
What makes you proud to be a woman in STEM?
“Realizing there are no wrong questions and no one
knows everything, I resolved to challenge myself to learn something new every
day. If being a woman in tech makes me different, then I am proud to be
different. So, I say follow your passion. That passion and talent will take you
miles, and don’t let anyone tell you otherwise.” – Kirupha Balasubramian,
Sr. Devops Engineer
What advice would you give to women looking to join a
STEM field?
“Be curious. Don’t be afraid to ask questions. Challenge
yourself to solve problems. Never stop learning; continue learning new
technologies to buil your skills and toolset. Put in the hard work, know your
work inside out and you’ll feel confident in your abilities.” – Krystie
Shetye, Director of Software Development
What would you say is one of the greatest challenges for
women working in STEM?
“Working in engineering is its own constant learning
curve. I think women should look for support everywhere we can to assure
ourselves. We can and should do whatever we want to – no matter the barriers.
Technology changes so fast, we have to constantly adapt. Though that’s part of
the reason I love it here and why I love engineering as a career.” – Mingyan
Qu, VP of Quality Engineering
Putting our values to work
The skills
gap in cybersecurity is real and a detriment to businesses of all
sizes. We believe there’s room enough for everyone in STEM, and the industry
needs all the help it can get.
Webroot and its parent company OpenText are
committed to diversity in hiring. In its 2020
Corporate Citizenship Report, OpenText reaffirmed its support of the 30% Club and
committed to the goal of 30% of board seats and executive roles to be held by
women by 2022.
To see what positions are available for you at OpenText, visit our careers page here.
This year more than others, for many of us, it’s gaming
that’s gotten us through. Lockdowns, uncertainty, and some
pretty darn good releases have kept our computers and consoles switched on
in 2020. GamesIndustry.biz,
a website tracking the gaming sector, reported a record number of concurrent
users on the gaming platform Steam for several weeks as the lockdown went into
effect.
According to NationalToday.com,
the authority for such days, video games are an $18 billion industry that trace
their origins to the halls of prestigious educational institutions like Oxford
University and MIT. Not surprisingly given, the nature of our work, they’ve
captured the hearts and imaginations of a good number of here at Webroot. But again,
due to the nature our work, we’re well attuned to video game-related hacks and
scams.
This March, 66 malicious gaming apps were discovered to have evaded reviewers and found their way into the Google Play store. In April, just as coronavirus was beginning to keep most of us indoors, Nintendo was breached and the accounts of more than 300,000 gamers were compromised. Phishing attacks posing as gaming platforms have risen significantly during this time period.
But too often we hear from gamers that they don’t use an
antivirus. With all the time gamers spend online, especially PC gamers, this is
a big risk. Many of the reasons we hear for not using an antivirus, in fact,
are based on misconceptions.
So, to clear up some of those misconceptions, and to provide
some tips for spending National Video Games Safely, we sat down with
cybersecurity expert and resident gamer Tyler Moffitt to get his advice.
What kinds of security threats do gamers face?
Not running any security is the main one. It’s a big problem
within the gaming community. There are also tailored phishing attempts for
online games where accounts can be worth over $100. The happen on platforms
including Blizzard, Steam, Epic, Riot and others.
Why do cybercriminals target gamers?
They can be a niche target when big things happen like major
game releases. Halo, World of Warcraft, Grand Theft Auto, and Call of Duty have
all been targets for scams. But PC gamers not running any antivirus solution other
than built-in or free protection are asking for trouble.
Either by game or gaming type, what tends to be the
biggest target for hackers?
The way most players are infected with actual malware and
not just giving up account info is by downloading game hacks. These are usually
aim bots or other ways to cheat at the game. In addition to making games less
fun for other players, they endanger the cybersecurity of the individuals doing
the cheating. Also, trying to download games for free on torrent sites is just
asking for trouble…or a trojan
Any misconceptions about gaming security?
I’d the biggest one is that all antiviruses today
will cause problems with gameplay. Many players imagine they’ll have issues
with latency, or their frame rate will drop off significantly, and that’s just
not true. While years ago this may have been the case with heavy installation
suites and large daily definition updates, many anti-viruses has changed
throughout the years to do all the heavy lifting in the cloud while still being
lightning fast and accurate with threats. The amount of CPU, RAM and bandwidth
usage of AVs while idle and during a scan are significantly lighter than they
used to be.
What can gamers do to improve online security?
As I mentioned, running an antivirus is essential. There are
lightweight options available that won’t impact gameplay. Also, I recommend enabling
two-factor authentication on all accounts for online games whenever possible to
reduce the risk of falling victim to a malicious hacker.
As a gamer yourself, anything else to consider or personal
best practice to share?
Trying to cheat or download premium games for free, especially
when prompted to by clickbait-type ads, will almost always lead to a scam or
malware. There’s no such thing as a free lunch.
Today’s work-from-home environment has
created an abundance of opportunities for offering new cybersecurity services in
addition to your existing business. With cyberattacks increasing in frequency
and sophistication, business owners and managers need protection now more than
ever.
MSPs are ideally positioned to deliver the
solutions businesses need in order to adapt to the current environment. In this
post, we’ll briefly summarize four ways to fine-tune your cybersecurity GTM
strategy for capitalizing on the shifting demands of today’s market.
1. Build an Offering That Aligns with Your Customer’s Level of Cyber Resilience
A cybersecurity GTM strategy is not a one-size-fits-all
proposition. Each customer has unique needs. Some operate with higher levels of
remote workers than others. Some may have more sensitive data than others. And some
will have lower tolerances to the financial impact of a data breach than others.
So, understand the current state of your customer’s ability to adequately
protect against, prevent, detect and respond to modern cyberthreats, and then
focus on what aspects of cybersecurity are important to them.
2. Leverage Multi-Layered Security
Today’s businesses need a cybersecurity
strategy that defends against the methods and vectors of attack employed by
today’s cybercriminals. This includes highly deceptive and effective tactics
like Ransomware, phishing and business email compromise (BEC). These methods
require a layered approach, where each layer addresses a different vulnerability
within the larger network topology:
Perimeter – This is the
logical edge of your customer’s network where potentially malicious data may
enter or exit. Endpoints (wherever they reside), network connectivity points,
as well as email and web traffic all represent areas that may need to be secured.
User – The
employee plays a role when they interact with potentially malicious content. They
can either be an unwitting victim or actually play a role in stopping attacks.
This makes it necessary to address the user as part of your GTM strategy.
Endpoint – Consider
the entire range of networked devices, including corporate and personal
devices, laptops, tablets and mobile phones. Every endpoint needs to be
protected.
Identity – Ensuring
the person using a credential is the credential owner is another way to keep
customers secure.
Privilege – Limiting
elevated access to corporate resources helps reduce the threat surface.
Applications – These are
used to access information and valuable data. So, monitoring their use by those
with more sensitive access is critical.
Data – inevitably,
it’s the data that is the target. Monitoring who accesses what provides
additional visibility into whether an environment is secure.
For each layer, there’s a specific tactic or
vector that can form the basis of an attack, as well as specific solutions that
address vulnerabilities at that layer.
3. Determine the Right Pricing Model
Pricing can make or break a managed service.
Too high and the customer is turned off. Too low and there’s not enough
perceived value. Pricing is the Goldilocks of the MSP world. It needs to be
just right.
Unlike most of your other services,
cybersecurity is a constantly moving target, which can make pricing a
challenge. After all, a predictable service offering equates to a profitable
one. The unpredictability of trying to keep your customers secure can therefore
impact profitability. So, it’s imperative that you get pricing correct. Your
pricing model needs to address a few things:
It needs to
be easy to understand – Like your other services, pricing should be straightforward.
It should demonstrate
value –
The customer needs to see how the service justifies the expense.
It needs to
focus on protection – Because you have no ability to guess the scope and
frequency of attacks, it’s important to keep the services centered around
preventive measures.
Consider all
your costs – Cost is always a factor for profitability. As you
determine pricing, keep every cost factor in mind.
4. Rethink How You Engage Prospects
Assuming you’re going to be looking for new
customers with this service offering (in addition to selling it to existing
customers), it’s important to think about how to engage prospects. The days of
cold outreach are long gone as 90% of buyers don’t respond to cold calls3. Instead,
today’s buyer is looking to establish connections with those they believe can
assist their business. Social media sites have become the primary vehicle for a
number of aspects of the buyer’s journey:
The biggest challenge with bringing a
cybersecurity service to market is meeting the expectations of the prospective
customer. Demonstrate value from the very first touch through social media engagement
and content. Meet their unique needs with comprehensive solutions that address all
their security vulnerabilities. And finally, make sure your pricing is simple,
straightforward and easy to understand.
Imagine a thief walks into
your home and rummages through your personal belongings. But instead of
stealing them, he locks all your valuables into a safe and forces you to pay a
ransom for the key to unlock the safe. What choice do you have?
Substitute your digital space
for your home and encryption for the safe and you have what’s known as
ransomware. Ransomware is a type of malware. After the initial infection, your
files are encrypted, and a note appears demanding payment, which is usually in
the form of cryptocurrency such as bitcoin because transactions can’t be
stopped or reversed. Once your files are encrypted, you can’t access them until
you pay the ransom.
The roots of ransomware can
be traced back to 1989. The virus, known as PS Cyborg, was spread through
diskettes given to attendees of a World Health Organization International AIDS
conference. Victims of PS Cyborg were to mail $189 to a P.O. box in Panama to restore
access to their data.
Historically, ransomware was
mass distributed indiscriminately which happened to be mostly personal machines
that ended up getting infected. Today, the big money is in attacking
businesses. Most of these infections go unreported because companies don’t want
to expose themselves to further attacks or reputational damage.
Criminals know the value of
business data and the cost of downtime. Because they service multiple SMB
customers simultaneously, managed service providers (MSPs) are now an
especially attractive target. A successful attack on an MSP magnifies the
impact of attacks and the value of the ransom.
Primary ransomware attack
vectors – with more detailed descriptions below – include:
Ninety percent of all
Ransomware infections are delivered through email. The most common way to receive ransomware
from phishing is from a Microsoft Office attachment. Once opened the victim is
asked to enable macros. This is the trick. If the user clicks to enable the
macro, then ransomware will be deployed to the machine. Phishing remains a
significant and persistent threat to businesses and individuals. The Webroot 2020 Threat Report showed a 640% increase in the number of active
phishing sites since 2019.
Cryptoworms
Cryptoworms are a form of
ransomware that able to gain a foothold in an environment by moving laterally
throughout the network to infect all other computers for maximum reach and
impact. The most spectacular incarnation of a cryptoworm was WannaCry in 2017, where more than 200,000 computers were affected in 150 countries
causing hundreds of millions in damages.
Polymorphic malware
One of the more notorious
forms of ransomware circulating today is polymorphic malware, which makes small
changes to its signature for each payload dropped on machine – effectively
making it a brand new, never before seen file. Its ability to morph into a new
signature enables it to evade many virus detection methodologies. Studies show
that 95% of malware is now unique to a single PC. This is largely due to the shape-shifting abilities
of polymorphic malware code. Today, nearly all ransomware is polymorphic,
making it more difficult to detect with signature-based, antivirus
technologies.
Ransomware as a Service (RaaS)
Ransomware has become so
lucrative and popular that it’s now available as a “starter kit” on the dark
web. This allows novice cybercriminals to build automated
campaigns. Many of these kits are available free of charge for the payload, but
criminals owe a cut (around
30% but this can vary based on how many people you infect)
to the author for a ransom payment using their payload. Grandcab, also known as
Sodinokibi, was perhaps the most famous to use this tactic.
Targeted attacks
Cybercriminals are moving
away from mass distribution in favor of highly focused, targeted attacks. These
attacks are typically carried out by using tools to automatically scan the
internet for weak IT systems. They are usually opportunistic, thanks to the
vulnerability scanners used. Targeted attacks often work by attacking computers
with open RDP ports. Common targets include businesses with lots of computers
but not a lot of IT staff or budget. This usually means education, government
municipality, and health sectors are the most vulnerable.
Stay cyber resilient with multi-layered defense
As you can see, ransomware authors
have a full quiver of options when it comes to launching attacks. The good news
is, there are as many solutions for defending systems against them. The best
way to secure your data and your business is to use a multi-layered cyber
resilience strategy, also known as defense in depth. This approach uses
multiple layers of security to protect the system. We encourage businesses of
all sizes to deploy a defense-in-depth strategy to secure business data from
ransomware and other common causes of data loss and downtime. Here’s what that
looks like.
Backup
Backup with point-in-time
restore gives you multiple recovery points to choose from. It lets you roll
back to a prior state before the ransomware virus began corrupting the system.
Advanced threat intelligence
Antivirus protection is still
the first line of defense. Threat intelligence, identification and mitigation in the form of antivirus is still
essential for preventing known threats from penetrating your system.
Security awareness training
Your biggest vulnerability is
your people. Employees need to be trained on how to spot suspicious emails and
what to do in case they suspect an email is malicious. According our research, regular
user training can reduce malware clickthrough rates by 220%.
Patch and update applications
Cybercriminals are experts at
identifying and exploiting security vulnerabilities. Failing to install
necessary security patches and update to the latest version of applications and
operating systems can leave your system exposed to an attack.
Disable what you’re not using
Disable macros for most of
the organization as only a small percentage will need them. This can be done by
user or at the group policy level in the registry. Similarly, disabling scripts
like HTA, VBA, Java, and Powershell will also stop these powerful tools that
criminals use to sneak infections into an environment.
Ransomware mitigation
Make sure your IT staff and
employees know what to do when a ransomware virus penetrates your system. The
affected device should immediately be taken offline. If it’s a networked
device, the entire network should be taken down to prevent the spread of the
infection.
Thousands of Android Users fall Victim to Giveaway Fraud
Upwards of 65,000
Android users were potentially compromised after installing a malicious app
promising free giveaways. Over the year the scam was in effect, roughly 5,000
apps were spoofed to lure victims into downloading in exchange for a phony
giveaway. In reality, the infection pushes silent background ads which generate
ad revenue for the scammers and decrease device performance.
North American Real Estate Firm Hit by Ransomware
A new ransomware variant known as DarkSide
claimed its first victim, Brookfield Residential, after operating for nearly two weeks. The
North American real estate developer recently noticed unauthorized access to
several systems and was left a ransom note stating that over 200GB of data had
been stolen. The data has since been published to DarkSide’s leak site, which
has prompted many to speculate the ransom was not paid by Brookfield
Residential.
Cryptominers Caught Using AI
Researchers have been at work creating an AI
algorithm to detect malicious cryptocurrency miners while avoiding
legitimate ones. The detection method compares currently running miners to
graphs of both legitimate and illegitimate miners and monitors changes between
the processes being used and the scheduling of mining activity. This type of
detection may be put to use to decrease the overall use of malicious code that
can often tax the system’s CPU usage to max capacity.
Los Angeles School District Suffers Cyber Attack
Just weeks after the FBI issued a warning about the threat
of cyberattacks against school districts, the Rialto
School District in California has fallen victim to just such an attack. These
setbacks have made the return to online schooling particularly difficult. The extent
of the attack remains unclear and officials are still working to determine the
effects on the 25,000 enrolled students.
Maze Ransomware Cartel Adds New Variant Team
The authors of the lesser-known ransomware variant SunCrypt
have recently joined forces with the Maze ransomware cartel. It’s believed the new
cartel members were brought in to assist with the high volume of attacks that
the Maze Group is handling and are being paid with a portion of its profits. In
addition to new revenue streams from its partnership with the organization, cartel
members also benefit from access to the Maze Group’s resources including
obfuscation techniques and posting cartel member’s stolen data to their dedicated
leak site.
If you’ve
landed on this blog, then there’s a good chance you’re already aware that DNS is undergoing a major overhaul. DNS 2.0—aka encrypted DNS, DNS
over HTTPS, or DoH—is a method for encrypting DNS requests with the same HTTPS
standard used by numerous websites, such as online banking, to protect your
privacy when dealing with sensitive information display.
While
there’s no doubt that DoH offers incredible privacy benefits, it also has the potential to be
a major security risk for businesses. That’s because DoH effectively wraps DNS
requests in encryption protocols, which prevent traditional DNS or web filtering
security solutions from being able to filter requests to malicious, risky, or
otherwise unacceptable or inappropriate websites.
Although
some DNS filtering solutions are now making moves to modernize, many of them
simply provide the option to either allow or block all DoH requests, rather
than offering any sort of nuanced control.
“That’s
really where Webroot® DNS Protection differs from the competition,” says George
Anderson, product marketing director at Webroot, an OpenText company. “Ours is
currently the only DNS security product that lets businesses fully leverage DoH
and its privacy benefits. Our solution encrypts data using HTTPS to route DNS
requests through secure Webroot resolvers to prevent eavesdropping,
manipulation, or exploitation of data.”
How
a Commercial DNS Filtering Service is a Game Changer
According to George, the cyber resilience benefits of using a private, commercial DNS security service that fully supports DoH are numerous. When we asked him to narrow down to his top 10, here’s what he had to say.
First, it provides a very secure, reliable, multi-point of presence connection to the internet with high availability.
Second, trusted DNS resolvers process ALL of your internet requests—we are talking any user, server, or application using the internet with a single, tamperproof choke point for admin and policy request controls.
Third is confidentiality. It keeps your organization’s internet requests private and invisible to malicious actors, your ISP, and so-called “free” DNS resolvers—all of whom can abuse this data.
It then gives your organization full visibility and log access to all of your internet traffic requests, allowing for security analysis and management through reports or ingestion via a SIM/SIEM.
With Webroot, you also get transparent security policy filtering of both encrypted (DoH) and clear text (DNS) requests.
Webroot BrightCloud® threat intelligence data automatically applies the latest and most accurate internet domain security in real time to every outbound request, regardless of source, meaning we stop the majority of malicious and suspicious request responses that could have led to a breach.
A commercial service also provides the flexibility to manage internet access for guest/public WiFi networks, IP address ranges, user groups down to individual user, and lets you filter using a wide range of domain categories.
In the context of WFH, if the user is connected to the internet via VPN or a local DNS agent on their device, then a DNS filtering solution protects them no matter where they connect.
Also, from a WFH perspective, you need your DNS security service to integrate with the majority of VPNs and work easily with your other security and network technologies.
Lastly, and definitely key your organization, a commercial DNS security service can offer great visibility into internet usage with scheduled executive reporting that lets you oversee internet use, assist with HR initiatives, and help ensure compliance.
As DoH continues to grow in adoption, George advises all businesses to be proactive about their cyber resilience strategies. Particularly as more work is conducted outside of more traditional office settings, it’s critical to understand and embrace the value that a flexible cloud gateway—whose protection is not confined to a physical network—can offer.
“Ultimately, in a world where many companies continue to support remote workers, businesses really can’t afford not to use a filtering solution that provides both privacy and security control.”
– George Anderson, product marketing director at Webroot, an OpenText company
Learn more about Webroot’s answer to
DNS filtering or take a free trial of Webroot DNS Protection here.
Officials for Carnival
Cruises have confirmed that a portion of their IT systems were encrypted
following a cyberattack identified over the weekend. The company also revealed
that sensitive information for both employees and customers was illicitly
accessed, though they did not admit to what extent.
Millions of Social Media Profiles Exposed
More than 235 million social media profiles belonging to
several major platforms, which contained personally identifiable information
including names, locations and contact data, were publicly exposed due to a
misconfigured database. Social
Data, an online data marketing broker, seems to be the owner of the data,
though it is unclear how they obtained it since data scraping for profit is
generally not tolerated by Facebook or other platforms. According to Social
Data, the database was exposed for up to three hours after initially spotted. It
remains unknown how long the data was accessible without authentication.
Wine and Spirits Conglomerate Suffers Ransomware Attack
Brown-Forman,
the parent company of many major liquor brands, recently fell victim to a
ransomware attack that appears to be the work of the REvil ransomware authors.
While the company was able to detect and thwart the attack before encryption, upwards
of 1TB of highly sensitive internal information on employees, clients, and
financial statements was stolen. Though no formal ransom was delivered, the
attackers are likely to auction the data imminently.
File-less Worms Creates Linux Crypto-mining Botnet
Linux
systems are on the lookout for a new infection that has been silently
creating a botnet to employ target machines as crypto miners. Since the start
of the year, over 500 SSH servers have been infected around the world by a worm
creating additional backdoors to allow attackers to return to the systems
later. Due to the file-less nature of this infection, a simple reboot of the
system can temporarily remove the malicious processes, but because the login
credentials have already been exported the system can be quickly re-infected.
Canadian COVID-19 Relief Sites Breached
Several Canadian
government websites connected to healthcare relief funds were breached with
the intent to steal COVID-19 relief fund payments. Though only a small portion
of the 12 million total accounts, 9,000 GCKey accounts were directly affected
after being breached via credential-stuffing. Credential-stuffing uses brute
force attacks with employs previously leaked credentials in the hopes victims use
the same login info for multiple sites. Since the websites affected don’t use
multi-factor authentication, the odds of a successful credential-related attack
were increased.
Cyber resilience is being put to the test during the coronavirus pandemic. As more and more users work from home, it’s becoming increasingly difficult for IT teams to ensure uniform cyber security on home devices and networks that they don’t own or control. At the same time, cybercriminals are using the pandemic to launch more deceptive attacks. In this post, we’ll break down a few steps you can take to add resilience to your home network, so you don’t have to sacrifice security for convenience during the global pandemic. We cover all of these tips and more in our Work From Home Playbook.
The secure tunnel
We lose a measure of security
the minute we step outside the protective shell of our corporate network. The
average home network is significantly less secure than corporate networks. This
leaves remote workers more vulnerable to attacks anytime they’re not connected
to the corporate network.
Luckily, you can easily
improve your at-home security by using a virtual private network (VPN). With a VPN,
you can establish a secure tunnel between your home network and your corporate
environment, making your home connection more immune to outsider attacks. A VPN
extends your home network – or connection from the local coffee shop – across a
public network, allowing you to interact with your corporate system as if you
were connected directly to it. This allows applications to operate securely and
encryption to be enabled within the connection, ultimately privatizing any data
being shared or input.
Handshake hygiene
A clean handshake is healthier
in the physical world. And it’s the same with the digital handshake between
your home devices and your corporate network. Anytime someone from outside the
network attempts to log on, there’s a risk the person isn’t who they say they
are. Login credentials are stolen all the time. In many scenarios, all it takes
is a username and password to gain access to the company network. Once inside,
cyberthieves can unload malicious payloads or find additional user credentials
to launch even more pernicious attacks. But by adding just one extra layer of
security in the form of an additional checkpoint, it’s possible to thwart most
attacks that rely on only a username and password.
That’s why multi-factor
authentication (MFA) has become the go-to method for adding extra verification
steps to confirm that the person logging on is truly who they say they are.
With MFA, the user verifies their identity using knowledge only they have, like
a password or answers to challenge questions. As an additional verification
step, the user supplies an item, like a YubiKey or a one-time password sent to
a mobile device. Lastly is an inherited characteristic unique to who the
person, such as a fingerprint, retina scan, or voice recognition. In today’s
highly regulated business environment, most businesses make MFA mandatory for
employees logging in from outside the network.
First, second and third lines of defense
Cybercriminals have a full quiver
of options when it comes to launching attacks. But the good news is that there
are also multiple solutions for defending home systems against them. The best
way to secure the home network is to use a multi-layered cyber resilience
strategy, also known as defense in depth.
This approach uses multiple
layers of security to protect home devices and the networks they’re connected
to. Here’s what that looks like:
Backup – Backup with point-in-time restore gives you multiple
recovery points to choose from. It ensures you can roll back to a prior state
before the ransomware virus began corrupting the system.
Advanced
threat intelligence – Premium antivirus
protection is still the first line of defense. And antivirus that is backed by
advanced threat intelligence, identification and mitigation is essential for
preventing known threats from penetrating your system.
Patch and
update applications – Cybercriminals
are experts at identifying and exploiting security vulnerabilities. Failing to
install necessary security patches and update to the latest version of
applications and operating systems can leave your devices exposed to an attack.
Learn more
Cyber resilience while working from home is every bit as critical as working on-site. For more tips on how to add resilience to your home environment, and how to prepare your space for working from home long-term, download the Work from Home Playbook.
The town of Lafayette,
Colorado, fell victim to a ransomware
attack last week without the capability to recover from the attack without
paying a ransom of $45,000 in cryptocurrency. The attack disabled many city
services for a number of days until officials determined they would not be able
to recover without paying for systems to be decrypted. This attack was another
example of how having data backed up, even if somewhat dated, is less expensive
and more secure in the long run.
Illinois Healthcare Data Breach
The Illinois
healthcare system suffered a multi-month data breach stemming from several compromised
email accounts earlier this year. The breach does not affect all IHS clients, but
those who were affected had much of their sensitive information, including
social security numbers and personal health documents, leaked. The breach began
in early February, but victims were not informed until the end of July, when
they were offered credit and identity monitoring services to protect against
illicit use of their data.
Cyberattack Strikes InfoSec Training Organization
One of the largest cybersecurity
training organizations was recently targeted by a phishing attack against an
internal email account. The compromised account was then used to install an
illicit Office365 add-on to maintain control of the account and to forward over
500 emails to a third-party account, many of which contained sensitive
information on customers. Affected customers have been contacted and warned to
be vigilant against future phishing attacks.
Pace Center Data Compromised Following Blackbaud Breach
Some donor data for the Florida-based non-profit Pace
Center for Girls was leaked after a data breach targeted its software
provider, Blackbaud, in May. The breach affected over 200 organizations relying
on Blackbaud for cloud-computing services and contained personally identifiable
information on thousands of donors. Fortunately, no payment card data was
included in the breach and the Pace organization has begun improving security
protocols to avoid further attacks.
Payment Card Data Stolen from MSU Website
At least 2,600 individuals were possibly affected by a
payment card leak after the Michigan
State University online shop was infiltrated through a known website
vulnerability. The attack used a card-skimming technique and remained active on
the site for nearly a year, leaving many customer’s data vulnerable to other
possible attacks. This would be the second cybersecurity-related incident to
target MSU in the last year. In May, the university was hit with a ransomware
attack that resulted in the publishing of stolen data.
Even though the 2020 Back to School
season may look very different from those in years past, there are a few things
that will remain the same. First, since Back to School is often when parents
and caregivers stock up on new clothes, tech, and school supplies for students,
it’s also when lots of stores (especially online retailers) run huge sales.
Second, there will be the customary
spike in cyberattacks. In fact, the attacks on the Education sector are already
up. The latest
data from Microsoft shows that the Education sector has recently suffered
more encounters with malware (over 5,000,000 in the last 30 days) than any
other industry!
Since a lot of children and teens will be attending school
virtually, either part-time or full-time, they’ll be spending even more time on
the internet than they currently do. The more time they spend online, the
higher the risk they face.
Here are the top threats to watch out for, as well as tips for how to help keep
young learners safe during Back to (Virtual) School.
Phishing
According to Tyler Moffitt, security
analyst at Webroot, “phishing isn’t going to go away any time soon. As tactics
go, it’s an oldie, but goodie. Times of year when people do more shopping, like
Back to School or Christmas, are a big draw for cybercriminals. We always see a
spike in phishing during those times. And with more people shopping and
streaming online during COVID-19, I’m betting we’ll see even more activity this
year than we would normally expect.”
To underscore Tyler’s point, the latest intelligence from the Webroot BrightCloud® Real-Time Anti-Phishing service shows that phishing URLs targeting global streaming services have increased significantly. In March 2020 alone, we saw the following increases in phishing URLs, broken out by service:
Netflix – 525% increase
YouTube – 3,064% increase
Twitch – 337% increase
HBO – 525% increase
Not only should you and your young learner keep an eye out for email scams, but also bear in mind that phishing can happen through a variety of channels. Because many students will end up communicating mostly via online chat, text message (SMS), or social media, it’s important for us all to be extra vigilant about what we click, what we download, and what information we transmit.
Zoom-bombing
The rise in the use of Zoom and other videoconferencing platforms has also paved the way for malicious actors to cause trouble. While it’s named after Zoom, zoom-bombing as a term refers to the act of intruding on a video conference on any platform and creating a disruption, such as spreading hate speech, displaying pornography, and more.
Additionally, Webroot threat researchers have seen videoconference executable files (i.e. the file you run to launch the program) either faked or manipulated so that unwitting victims end up downloading malware.
Fake Websites and Spoofing
Webroot researchers have seen huge jumps in the number of fake websites out there, particularly those with “COVID” and related terms in their domain names. Tyler also warns us to be on our guard for website spoofing, which is when malicious actors create a fake version of a website that looks like the real thing.
“A lot of people will have to access specific websites and online systems for school and related activities,” he says. “Criminals will effectively set traps, so that a mistyped URL or a fake search result could land you on a fake page that looks completely real, only to steal your info or install malware on your system.”
How to Keep Yourself and Your Family Safe
Here are Tyler’s top tips for
staying safe online through Back to School and beyond.
Use internet security software.
If you haven’t already, install internet security with antivirus on all your devices, especially
those that will be used for schoolwork. Don’t forget about using a VPN to protect kids’ internet activity from prying eyes.
Update videoconferencing software.
Make sure children and teens are always using the most up-to-date versions of
Zoom (or any other videoconferencing software) to ensure they have the latest
patches to prevent malware distribution and disruptions.
Watch out for phishing in all its
forms.
Talk to kids about phishing. Make sure you all know to look before you click.
And remember, phishing scams can look just like a text message from a best
friend, classmate, or teacher, so always be wary of messages that ask you to
click a link or download a file. Use a secondary means of communication, like a
phone call, to verify that these are legitimate.
Use your bookmarks. Bookmark all required
distance learning pages. Criminals may try to spoof these for phishing,
especially if there is a popular portal that many schools use. Using a
bookmark, instead of Googling and clicking a search result, will help ensure
that your kids are on the right page.
Just say ‘no’ to macros.
If you or your kids download a document and it asks you
to enable macros or enable content, DO NOT DO IT. This is very likely to be a
malicious file that will infect your computer.
Use a secure backup. When we’re all so reliant
on our computers and other internet-connected devices to work and study, it’s
extra important to make sure they’re backed up. Nobody wants to lose a term
paper or other important documents to a malware infection, hardware failure,
damage, loss, or theft. Save yourself the hassle and heartache by investing in backup software.
This Back to School season, it’s especially
vital that we all do what we can to ensure children and teens have the skills,
awareness, and security protocols to stay safe. By following these tips, you
can help make sure they stay safe today, tomorrow, and beyond.