Since launching our web
classification service in 2006, we’ve seen tremendous interest in our threat
and web classification services, along with an evolution of the types and sizes
of cybersecurity vendors and service providers looking to integrate this type
of curated data into their product or service. Over the years, we’ve had the good
fortune to work with partners of all sizes, from global networking and security
vendors to innovative and dynamic start-ups across the world.
With the end-of-life of Broadcom’s Symantec RuleSpace OEM Web Classification service, we’ve received numerous inquiries from their former customers evaluating alternative solutions. Here we’ll outline the things to consider in a replacement. For more on why Webroot is poised to fill the gap left by the Broadcom, you can read the complete whitepaper here.
Your use case: how well does it align
with the vendor?
Each use case is
unique. Every vendor or service provider brings its own benefit to market and
has its own idea about how their service or solution adds value for customers,
clients or prospects. That’s why our adaptive business model focuses on
consulting with partners on technical implementation options, spending the time
to understand each business and how it may benefit from a well-architected
integration of classification and/or intelligence services.
Longevity and track record
A key factor
influencing change on the internet is innovation. Every service provider is continuously
enhancing and improving its services to keep pace with changes in the threat
landscape, and with general changes to the internet itself. As well as keeping up
with this change, it’s important that a vendor brings a historical perspective to
the partnership. This experience will come in handy in many ways. Scalability,
reliability and overall business resilience should be expected from a well-established
vendor.
Industry recognition
Fair comparative
evaluations of web classification and threat intelligence providers are difficult
to achieve. We can offer guidance to prospective partners, but it’s often more reassuring
to simply see the strong partner relationships we have today. Many of these we’ve
worked with for well over a decade. When evaluating a vendor, we recommend looking
closely at current partners and imagining the investments each have made in
their integrated solutions. This speaks volumes about integration performance and
the quality of the partnership.
Technology platform
A classification or
threat dataset is only as good its sources and the analytics used to parse it. Many
companies offer classification and/or threat intelligence data, but the quality
of that data varies significantly.
Threat Intelligence Capabilities
Not all our partners’ use
cases require threat intelligence, but for those that do it’s critical they
understand where their threat data comes from. There are now a great many sources
of threat data, but again these are far from equal. Worse still, comparing
source is often no simple task.
Ease of integration
As mentioned, every
use case is unique. So are the platforms into which web classification, malware
detection and threat intelligence services are integrated. It’s therefore crucial
that a vendor provide flexible integration options to accommodate any
pioneering partner, service provider or systems integrator. Simply providing
data via an API is useful, but will it always deliver the performance required
for real-time applications? Delivering a
local database of threats or classifications may help with performance, but
what about new threats? Achieving a balance of flexible delivery, performance
and security is crucial, so take time to discuss with potential vendors how
they plan to deliver.
Phishing detection
Phishing sites are
some of the most dynamic and short-lived attack platforms on the web, so intelligence
sources must be capable of detecting and tracking them in real-time. Most
phishing intelligence sources depend on manual submissions of phishing sites by
end users. This is far from ideal. Users are prone to error, and for every 10,000
users who click on a phishing site only one will report it to an authority or
tracking service, leading to massive under-reporting of this threat vector.
Category coverage: beware category overload
There are various
approaches to classifying the web and different vendors specialize in different
areas. In many cases, this is determined by the data sources they have access
to or the markets in which they operate. Again, it’s important to evaluate the
partners to whom the vendor is delivering services and to consider how the
vendor may or may not add value to the partnership.
Efficacy and performance
Efficacy is
fundamental to web classification or threat detection capabilities, so it
should be a core criterion when evaluating a vendor. Depending on the use case,
false positives or false negatives may be the primary concern when making
determinations. Potential vendors should be evaluated for performance in these
areas and asked how they approach continuous improvement.
Reliability
Building any
third-party service or solution into a product, platform or service entails
risk. There’s always the chance the new dependency negatively affects the
performance or user experience of a service. So it’s importance to ensure a
vendor can reliably deliver consistent performance. Examine each’s track record
and customers base, along with the use cases they’ve previously implemented. Do
the vendor’s claims match the available evidence? Can current customers be
contacted about their experiences with the vendor?
Scalability
In assessing vendors,
it can be difficult to determine the level of scalability possible with their
platform. It helps to ask questions about how they build and operate their
services and looking for examples where they’ve responded to unexpected growth
events that can help demonstrate the scaling capabilities of their platform. Be
wary of smaller or upstart vendors that may have difficulty when their platform
is heavily loaded or when called upon to grow faster than their existing
implementation allows.
Flexibility
Some solutions may look
technically sound, easily accessible and well-documented while a mutually
agreeable business model remains elusive. Conversely, an agreeable business
model may not be backed by the efficacy or quality of service that desired from
a chosen vendor.
Feedback loops: making the best
better
We’re often approached
by contacts asking us for a “feed” of some kind. It may be a feed of threat
data, malware information or classifications. In fact, many of our competitors simply
push data for customers or partners to consume as their “product.” But this
approach has inherent weaknesses.
Partnership: not just a customer relationship
As mentioned, we seek to
build strong partnerships with mutual long-term benefit. Look for this approach
when considering a vendor, knowing you’ll likely be working with them for a
long time and fewer changes to your vendor lineup mean more time optimizing your
products and services. Ask yourself: Who will we be working with? Do we trust them?
How easy are they to get ahold of? These are critical considerations when
selecting a vendor for your business.
Summary
We hope to have provided some food for thought when it comes to selecting an integration partner. To read the full whitepaper version of this blog, please click here. We’re always standing by to discuss prospective clients’ needs and to provide any possible guidance regarding our services. We’re here to help you craft the best possible solutions and services. Please contact us to take the next step towards an even more successful
CIO reports that women in tech remain underpaid, underrepresented and more likely to be discriminated against. Despite holding 57 percent of professional positions in the U.S., women hold only 26 percent of positions in tech. Half of all women in STEM fields report experiencing workplace discrimination. The percentage of female computer scientists is actually falling in America.
September 14 kicks off National
Coding Week and the third Tuesday of September (September 15 this calendar
year) is National
IT Professionals day. In celebration, we’ve asked some of the female IT professionals
within our organization about representation in IT, what drew them to the field
and advice for other women interested in STEM.
What led you to a career in STEM?
“After starting my career as a web design and
developer, I became more involved in the web development which led me to where
I am today, a principal UI engineer. I’ve always had a passion for making flat
designs come to life and find it very exciting when I see my work go
live.” – Christiane Evans, Principal UI Engineer
What makes you proud to be a woman in STEM?
“Realizing there are no wrong questions and no one
knows everything, I resolved to challenge myself to learn something new every
day. If being a woman in tech makes me different, then I am proud to be
different. So, I say follow your passion. That passion and talent will take you
miles, and don’t let anyone tell you otherwise.” – Kirupha Balasubramian,
Sr. Devops Engineer
What advice would you give to women looking to join a
STEM field?
“Be curious. Don’t be afraid to ask questions. Challenge
yourself to solve problems. Never stop learning; continue learning new
technologies to buil your skills and toolset. Put in the hard work, know your
work inside out and you’ll feel confident in your abilities.” – Krystie
Shetye, Director of Software Development
What would you say is one of the greatest challenges for
women working in STEM?
“Working in engineering is its own constant learning
curve. I think women should look for support everywhere we can to assure
ourselves. We can and should do whatever we want to – no matter the barriers.
Technology changes so fast, we have to constantly adapt. Though that’s part of
the reason I love it here and why I love engineering as a career.” – Mingyan
Qu, VP of Quality Engineering
Putting our values to work
The skills
gap in cybersecurity is real and a detriment to businesses of all
sizes. We believe there’s room enough for everyone in STEM, and the industry
needs all the help it can get.
Webroot and its parent company OpenText are
committed to diversity in hiring. In its 2020
Corporate Citizenship Report, OpenText reaffirmed its support of the 30% Club and
committed to the goal of 30% of board seats and executive roles to be held by
women by 2022.
To see what positions are available for you at OpenText, visit our careers page here.
This year more than others, for many of us, it’s gaming
that’s gotten us through. Lockdowns, uncertainty, and some
pretty darn good releases have kept our computers and consoles switched on
in 2020. GamesIndustry.biz,
a website tracking the gaming sector, reported a record number of concurrent
users on the gaming platform Steam for several weeks as the lockdown went into
effect.
According to NationalToday.com,
the authority for such days, video games are an $18 billion industry that trace
their origins to the halls of prestigious educational institutions like Oxford
University and MIT. Not surprisingly given, the nature of our work, they’ve
captured the hearts and imaginations of a good number of here at Webroot. But again,
due to the nature our work, we’re well attuned to video game-related hacks and
scams.
This March, 66 malicious gaming apps were discovered to have evaded reviewers and found their way into the Google Play store. In April, just as coronavirus was beginning to keep most of us indoors, Nintendo was breached and the accounts of more than 300,000 gamers were compromised. Phishing attacks posing as gaming platforms have risen significantly during this time period.
But too often we hear from gamers that they don’t use an
antivirus. With all the time gamers spend online, especially PC gamers, this is
a big risk. Many of the reasons we hear for not using an antivirus, in fact,
are based on misconceptions.
So, to clear up some of those misconceptions, and to provide
some tips for spending National Video Games Safely, we sat down with
cybersecurity expert and resident gamer Tyler Moffitt to get his advice.
What kinds of security threats do gamers face?
Not running any security is the main one. It’s a big problem
within the gaming community. There are also tailored phishing attempts for
online games where accounts can be worth over $100. The happen on platforms
including Blizzard, Steam, Epic, Riot and others.
Why do cybercriminals target gamers?
They can be a niche target when big things happen like major
game releases. Halo, World of Warcraft, Grand Theft Auto, and Call of Duty have
all been targets for scams. But PC gamers not running any antivirus solution other
than built-in or free protection are asking for trouble.
Either by game or gaming type, what tends to be the
biggest target for hackers?
The way most players are infected with actual malware and
not just giving up account info is by downloading game hacks. These are usually
aim bots or other ways to cheat at the game. In addition to making games less
fun for other players, they endanger the cybersecurity of the individuals doing
the cheating. Also, trying to download games for free on torrent sites is just
asking for trouble…or a trojan
Any misconceptions about gaming security?
I’d the biggest one is that all antiviruses today
will cause problems with gameplay. Many players imagine they’ll have issues
with latency, or their frame rate will drop off significantly, and that’s just
not true. While years ago this may have been the case with heavy installation
suites and large daily definition updates, many anti-viruses has changed
throughout the years to do all the heavy lifting in the cloud while still being
lightning fast and accurate with threats. The amount of CPU, RAM and bandwidth
usage of AVs while idle and during a scan are significantly lighter than they
used to be.
What can gamers do to improve online security?
As I mentioned, running an antivirus is essential. There are
lightweight options available that won’t impact gameplay. Also, I recommend enabling
two-factor authentication on all accounts for online games whenever possible to
reduce the risk of falling victim to a malicious hacker.
As a gamer yourself, anything else to consider or personal
best practice to share?
Trying to cheat or download premium games for free, especially
when prompted to by clickbait-type ads, will almost always lead to a scam or
malware. There’s no such thing as a free lunch.
Today’s work-from-home environment has
created an abundance of opportunities for offering new cybersecurity services in
addition to your existing business. With cyberattacks increasing in frequency
and sophistication, business owners and managers need protection now more than
ever.
MSPs are ideally positioned to deliver the
solutions businesses need in order to adapt to the current environment. In this
post, we’ll briefly summarize four ways to fine-tune your cybersecurity GTM
strategy for capitalizing on the shifting demands of today’s market.
1. Build an Offering That Aligns with Your Customer’s Level of Cyber Resilience
A cybersecurity GTM strategy is not a one-size-fits-all
proposition. Each customer has unique needs. Some operate with higher levels of
remote workers than others. Some may have more sensitive data than others. And some
will have lower tolerances to the financial impact of a data breach than others.
So, understand the current state of your customer’s ability to adequately
protect against, prevent, detect and respond to modern cyberthreats, and then
focus on what aspects of cybersecurity are important to them.
2. Leverage Multi-Layered Security
Today’s businesses need a cybersecurity
strategy that defends against the methods and vectors of attack employed by
today’s cybercriminals. This includes highly deceptive and effective tactics
like Ransomware, phishing and business email compromise (BEC). These methods
require a layered approach, where each layer addresses a different vulnerability
within the larger network topology:
Perimeter – This is the
logical edge of your customer’s network where potentially malicious data may
enter or exit. Endpoints (wherever they reside), network connectivity points,
as well as email and web traffic all represent areas that may need to be secured.
User – The
employee plays a role when they interact with potentially malicious content. They
can either be an unwitting victim or actually play a role in stopping attacks.
This makes it necessary to address the user as part of your GTM strategy.
Endpoint – Consider
the entire range of networked devices, including corporate and personal
devices, laptops, tablets and mobile phones. Every endpoint needs to be
protected.
Identity – Ensuring
the person using a credential is the credential owner is another way to keep
customers secure.
Privilege – Limiting
elevated access to corporate resources helps reduce the threat surface.
Applications – These are
used to access information and valuable data. So, monitoring their use by those
with more sensitive access is critical.
Data – inevitably,
it’s the data that is the target. Monitoring who accesses what provides
additional visibility into whether an environment is secure.
For each layer, there’s a specific tactic or
vector that can form the basis of an attack, as well as specific solutions that
address vulnerabilities at that layer.
3. Determine the Right Pricing Model
Pricing can make or break a managed service.
Too high and the customer is turned off. Too low and there’s not enough
perceived value. Pricing is the Goldilocks of the MSP world. It needs to be
just right.
Unlike most of your other services,
cybersecurity is a constantly moving target, which can make pricing a
challenge. After all, a predictable service offering equates to a profitable
one. The unpredictability of trying to keep your customers secure can therefore
impact profitability. So, it’s imperative that you get pricing correct. Your
pricing model needs to address a few things:
It needs to
be easy to understand – Like your other services, pricing should be straightforward.
It should demonstrate
value –
The customer needs to see how the service justifies the expense.
It needs to
focus on protection – Because you have no ability to guess the scope and
frequency of attacks, it’s important to keep the services centered around
preventive measures.
Consider all
your costs – Cost is always a factor for profitability. As you
determine pricing, keep every cost factor in mind.
4. Rethink How You Engage Prospects
Assuming you’re going to be looking for new
customers with this service offering (in addition to selling it to existing
customers), it’s important to think about how to engage prospects. The days of
cold outreach are long gone as 90% of buyers don’t respond to cold calls3. Instead,
today’s buyer is looking to establish connections with those they believe can
assist their business. Social media sites have become the primary vehicle for a
number of aspects of the buyer’s journey:
The biggest challenge with bringing a
cybersecurity service to market is meeting the expectations of the prospective
customer. Demonstrate value from the very first touch through social media engagement
and content. Meet their unique needs with comprehensive solutions that address all
their security vulnerabilities. And finally, make sure your pricing is simple,
straightforward and easy to understand.
Imagine a thief walks into
your home and rummages through your personal belongings. But instead of
stealing them, he locks all your valuables into a safe and forces you to pay a
ransom for the key to unlock the safe. What choice do you have?
Substitute your digital space
for your home and encryption for the safe and you have what’s known as
ransomware. Ransomware is a type of malware. After the initial infection, your
files are encrypted, and a note appears demanding payment, which is usually in
the form of cryptocurrency such as bitcoin because transactions can’t be
stopped or reversed. Once your files are encrypted, you can’t access them until
you pay the ransom.
The roots of ransomware can
be traced back to 1989. The virus, known as PS Cyborg, was spread through
diskettes given to attendees of a World Health Organization International AIDS
conference. Victims of PS Cyborg were to mail $189 to a P.O. box in Panama to restore
access to their data.
Historically, ransomware was
mass distributed indiscriminately which happened to be mostly personal machines
that ended up getting infected. Today, the big money is in attacking
businesses. Most of these infections go unreported because companies don’t want
to expose themselves to further attacks or reputational damage.
Criminals know the value of
business data and the cost of downtime. Because they service multiple SMB
customers simultaneously, managed service providers (MSPs) are now an
especially attractive target. A successful attack on an MSP magnifies the
impact of attacks and the value of the ransom.
Primary ransomware attack
vectors – with more detailed descriptions below – include:
Ninety percent of all
Ransomware infections are delivered through email. The most common way to receive ransomware
from phishing is from a Microsoft Office attachment. Once opened the victim is
asked to enable macros. This is the trick. If the user clicks to enable the
macro, then ransomware will be deployed to the machine. Phishing remains a
significant and persistent threat to businesses and individuals. The Webroot 2020 Threat Report showed a 640% increase in the number of active
phishing sites since 2019.
Cryptoworms
Cryptoworms are a form of
ransomware that able to gain a foothold in an environment by moving laterally
throughout the network to infect all other computers for maximum reach and
impact. The most spectacular incarnation of a cryptoworm was WannaCry in 2017, where more than 200,000 computers were affected in 150 countries
causing hundreds of millions in damages.
Polymorphic malware
One of the more notorious
forms of ransomware circulating today is polymorphic malware, which makes small
changes to its signature for each payload dropped on machine – effectively
making it a brand new, never before seen file. Its ability to morph into a new
signature enables it to evade many virus detection methodologies. Studies show
that 95% of malware is now unique to a single PC. This is largely due to the shape-shifting abilities
of polymorphic malware code. Today, nearly all ransomware is polymorphic,
making it more difficult to detect with signature-based, antivirus
technologies.
Ransomware as a Service (RaaS)
Ransomware has become so
lucrative and popular that it’s now available as a “starter kit” on the dark
web. This allows novice cybercriminals to build automated
campaigns. Many of these kits are available free of charge for the payload, but
criminals owe a cut (around
30% but this can vary based on how many people you infect)
to the author for a ransom payment using their payload. Grandcab, also known as
Sodinokibi, was perhaps the most famous to use this tactic.
Targeted attacks
Cybercriminals are moving
away from mass distribution in favor of highly focused, targeted attacks. These
attacks are typically carried out by using tools to automatically scan the
internet for weak IT systems. They are usually opportunistic, thanks to the
vulnerability scanners used. Targeted attacks often work by attacking computers
with open RDP ports. Common targets include businesses with lots of computers
but not a lot of IT staff or budget. This usually means education, government
municipality, and health sectors are the most vulnerable.
Stay cyber resilient with multi-layered defense
As you can see, ransomware authors
have a full quiver of options when it comes to launching attacks. The good news
is, there are as many solutions for defending systems against them. The best
way to secure your data and your business is to use a multi-layered cyber
resilience strategy, also known as defense in depth. This approach uses
multiple layers of security to protect the system. We encourage businesses of
all sizes to deploy a defense-in-depth strategy to secure business data from
ransomware and other common causes of data loss and downtime. Here’s what that
looks like.
Backup
Backup with point-in-time
restore gives you multiple recovery points to choose from. It lets you roll
back to a prior state before the ransomware virus began corrupting the system.
Advanced threat intelligence
Antivirus protection is still
the first line of defense. Threat intelligence, identification and mitigation in the form of antivirus is still
essential for preventing known threats from penetrating your system.
Security awareness training
Your biggest vulnerability is
your people. Employees need to be trained on how to spot suspicious emails and
what to do in case they suspect an email is malicious. According our research, regular
user training can reduce malware clickthrough rates by 220%.
Patch and update applications
Cybercriminals are experts at
identifying and exploiting security vulnerabilities. Failing to install
necessary security patches and update to the latest version of applications and
operating systems can leave your system exposed to an attack.
Disable what you’re not using
Disable macros for most of
the organization as only a small percentage will need them. This can be done by
user or at the group policy level in the registry. Similarly, disabling scripts
like HTA, VBA, Java, and Powershell will also stop these powerful tools that
criminals use to sneak infections into an environment.
Ransomware mitigation
Make sure your IT staff and
employees know what to do when a ransomware virus penetrates your system. The
affected device should immediately be taken offline. If it’s a networked
device, the entire network should be taken down to prevent the spread of the
infection.
Thousands of Android Users fall Victim to Giveaway Fraud
Upwards of 65,000
Android users were potentially compromised after installing a malicious app
promising free giveaways. Over the year the scam was in effect, roughly 5,000
apps were spoofed to lure victims into downloading in exchange for a phony
giveaway. In reality, the infection pushes silent background ads which generate
ad revenue for the scammers and decrease device performance.
North American Real Estate Firm Hit by Ransomware
A new ransomware variant known as DarkSide
claimed its first victim, Brookfield Residential, after operating for nearly two weeks. The
North American real estate developer recently noticed unauthorized access to
several systems and was left a ransom note stating that over 200GB of data had
been stolen. The data has since been published to DarkSide’s leak site, which
has prompted many to speculate the ransom was not paid by Brookfield
Residential.
Cryptominers Caught Using AI
Researchers have been at work creating an AI
algorithm to detect malicious cryptocurrency miners while avoiding
legitimate ones. The detection method compares currently running miners to
graphs of both legitimate and illegitimate miners and monitors changes between
the processes being used and the scheduling of mining activity. This type of
detection may be put to use to decrease the overall use of malicious code that
can often tax the system’s CPU usage to max capacity.
Los Angeles School District Suffers Cyber Attack
Just weeks after the FBI issued a warning about the threat
of cyberattacks against school districts, the Rialto
School District in California has fallen victim to just such an attack. These
setbacks have made the return to online schooling particularly difficult. The extent
of the attack remains unclear and officials are still working to determine the
effects on the 25,000 enrolled students.
Maze Ransomware Cartel Adds New Variant Team
The authors of the lesser-known ransomware variant SunCrypt
have recently joined forces with the Maze ransomware cartel. It’s believed the new
cartel members were brought in to assist with the high volume of attacks that
the Maze Group is handling and are being paid with a portion of its profits. In
addition to new revenue streams from its partnership with the organization, cartel
members also benefit from access to the Maze Group’s resources including
obfuscation techniques and posting cartel member’s stolen data to their dedicated
leak site.
If you’ve
landed on this blog, then there’s a good chance you’re already aware that DNS is undergoing a major overhaul. DNS 2.0—aka encrypted DNS, DNS
over HTTPS, or DoH—is a method for encrypting DNS requests with the same HTTPS
standard used by numerous websites, such as online banking, to protect your
privacy when dealing with sensitive information display.
While
there’s no doubt that DoH offers incredible privacy benefits, it also has the potential to be
a major security risk for businesses. That’s because DoH effectively wraps DNS
requests in encryption protocols, which prevent traditional DNS or web filtering
security solutions from being able to filter requests to malicious, risky, or
otherwise unacceptable or inappropriate websites.
Although
some DNS filtering solutions are now making moves to modernize, many of them
simply provide the option to either allow or block all DoH requests, rather
than offering any sort of nuanced control.
“That’s
really where Webroot® DNS Protection differs from the competition,” says George
Anderson, product marketing director at Webroot, an OpenText company. “Ours is
currently the only DNS security product that lets businesses fully leverage DoH
and its privacy benefits. Our solution encrypts data using HTTPS to route DNS
requests through secure Webroot resolvers to prevent eavesdropping,
manipulation, or exploitation of data.”
How
a Commercial DNS Filtering Service is a Game Changer
According to George, the cyber resilience benefits of using a private, commercial DNS security service that fully supports DoH are numerous. When we asked him to narrow down to his top 10, here’s what he had to say.
First, it provides a very secure, reliable, multi-point of presence connection to the internet with high availability.
Second, trusted DNS resolvers process ALL of your internet requests—we are talking any user, server, or application using the internet with a single, tamperproof choke point for admin and policy request controls.
Third is confidentiality. It keeps your organization’s internet requests private and invisible to malicious actors, your ISP, and so-called “free” DNS resolvers—all of whom can abuse this data.
It then gives your organization full visibility and log access to all of your internet traffic requests, allowing for security analysis and management through reports or ingestion via a SIM/SIEM.
With Webroot, you also get transparent security policy filtering of both encrypted (DoH) and clear text (DNS) requests.
Webroot BrightCloud® threat intelligence data automatically applies the latest and most accurate internet domain security in real time to every outbound request, regardless of source, meaning we stop the majority of malicious and suspicious request responses that could have led to a breach.
A commercial service also provides the flexibility to manage internet access for guest/public WiFi networks, IP address ranges, user groups down to individual user, and lets you filter using a wide range of domain categories.
In the context of WFH, if the user is connected to the internet via VPN or a local DNS agent on their device, then a DNS filtering solution protects them no matter where they connect.
Also, from a WFH perspective, you need your DNS security service to integrate with the majority of VPNs and work easily with your other security and network technologies.
Lastly, and definitely key your organization, a commercial DNS security service can offer great visibility into internet usage with scheduled executive reporting that lets you oversee internet use, assist with HR initiatives, and help ensure compliance.
As DoH continues to grow in adoption, George advises all businesses to be proactive about their cyber resilience strategies. Particularly as more work is conducted outside of more traditional office settings, it’s critical to understand and embrace the value that a flexible cloud gateway—whose protection is not confined to a physical network—can offer.
“Ultimately, in a world where many companies continue to support remote workers, businesses really can’t afford not to use a filtering solution that provides both privacy and security control.”
– George Anderson, product marketing director at Webroot, an OpenText company
Learn more about Webroot’s answer to
DNS filtering or take a free trial of Webroot DNS Protection here.
Officials for Carnival
Cruises have confirmed that a portion of their IT systems were encrypted
following a cyberattack identified over the weekend. The company also revealed
that sensitive information for both employees and customers was illicitly
accessed, though they did not admit to what extent.
Millions of Social Media Profiles Exposed
More than 235 million social media profiles belonging to
several major platforms, which contained personally identifiable information
including names, locations and contact data, were publicly exposed due to a
misconfigured database. Social
Data, an online data marketing broker, seems to be the owner of the data,
though it is unclear how they obtained it since data scraping for profit is
generally not tolerated by Facebook or other platforms. According to Social
Data, the database was exposed for up to three hours after initially spotted. It
remains unknown how long the data was accessible without authentication.
Wine and Spirits Conglomerate Suffers Ransomware Attack
Brown-Forman,
the parent company of many major liquor brands, recently fell victim to a
ransomware attack that appears to be the work of the REvil ransomware authors.
While the company was able to detect and thwart the attack before encryption, upwards
of 1TB of highly sensitive internal information on employees, clients, and
financial statements was stolen. Though no formal ransom was delivered, the
attackers are likely to auction the data imminently.
File-less Worms Creates Linux Crypto-mining Botnet
Linux
systems are on the lookout for a new infection that has been silently
creating a botnet to employ target machines as crypto miners. Since the start
of the year, over 500 SSH servers have been infected around the world by a worm
creating additional backdoors to allow attackers to return to the systems
later. Due to the file-less nature of this infection, a simple reboot of the
system can temporarily remove the malicious processes, but because the login
credentials have already been exported the system can be quickly re-infected.
Canadian COVID-19 Relief Sites Breached
Several Canadian
government websites connected to healthcare relief funds were breached with
the intent to steal COVID-19 relief fund payments. Though only a small portion
of the 12 million total accounts, 9,000 GCKey accounts were directly affected
after being breached via credential-stuffing. Credential-stuffing uses brute
force attacks with employs previously leaked credentials in the hopes victims use
the same login info for multiple sites. Since the websites affected don’t use
multi-factor authentication, the odds of a successful credential-related attack
were increased.
Cyber resilience is being put to the test during the coronavirus pandemic. As more and more users work from home, it’s becoming increasingly difficult for IT teams to ensure uniform cyber security on home devices and networks that they don’t own or control. At the same time, cybercriminals are using the pandemic to launch more deceptive attacks. In this post, we’ll break down a few steps you can take to add resilience to your home network, so you don’t have to sacrifice security for convenience during the global pandemic. We cover all of these tips and more in our Work From Home Playbook.
The secure tunnel
We lose a measure of security
the minute we step outside the protective shell of our corporate network. The
average home network is significantly less secure than corporate networks. This
leaves remote workers more vulnerable to attacks anytime they’re not connected
to the corporate network.
Luckily, you can easily
improve your at-home security by using a virtual private network (VPN). With a VPN,
you can establish a secure tunnel between your home network and your corporate
environment, making your home connection more immune to outsider attacks. A VPN
extends your home network – or connection from the local coffee shop – across a
public network, allowing you to interact with your corporate system as if you
were connected directly to it. This allows applications to operate securely and
encryption to be enabled within the connection, ultimately privatizing any data
being shared or input.
Handshake hygiene
A clean handshake is healthier
in the physical world. And it’s the same with the digital handshake between
your home devices and your corporate network. Anytime someone from outside the
network attempts to log on, there’s a risk the person isn’t who they say they
are. Login credentials are stolen all the time. In many scenarios, all it takes
is a username and password to gain access to the company network. Once inside,
cyberthieves can unload malicious payloads or find additional user credentials
to launch even more pernicious attacks. But by adding just one extra layer of
security in the form of an additional checkpoint, it’s possible to thwart most
attacks that rely on only a username and password.
That’s why multi-factor
authentication (MFA) has become the go-to method for adding extra verification
steps to confirm that the person logging on is truly who they say they are.
With MFA, the user verifies their identity using knowledge only they have, like
a password or answers to challenge questions. As an additional verification
step, the user supplies an item, like a YubiKey or a one-time password sent to
a mobile device. Lastly is an inherited characteristic unique to who the
person, such as a fingerprint, retina scan, or voice recognition. In today’s
highly regulated business environment, most businesses make MFA mandatory for
employees logging in from outside the network.
First, second and third lines of defense
Cybercriminals have a full quiver
of options when it comes to launching attacks. But the good news is that there
are also multiple solutions for defending home systems against them. The best
way to secure the home network is to use a multi-layered cyber resilience
strategy, also known as defense in depth.
This approach uses multiple
layers of security to protect home devices and the networks they’re connected
to. Here’s what that looks like:
Backup – Backup with point-in-time restore gives you multiple
recovery points to choose from. It ensures you can roll back to a prior state
before the ransomware virus began corrupting the system.
Advanced
threat intelligence – Premium antivirus
protection is still the first line of defense. And antivirus that is backed by
advanced threat intelligence, identification and mitigation is essential for
preventing known threats from penetrating your system.
Patch and
update applications – Cybercriminals
are experts at identifying and exploiting security vulnerabilities. Failing to
install necessary security patches and update to the latest version of
applications and operating systems can leave your devices exposed to an attack.
Learn more
Cyber resilience while working from home is every bit as critical as working on-site. For more tips on how to add resilience to your home environment, and how to prepare your space for working from home long-term, download the Work from Home Playbook.
The town of Lafayette,
Colorado, fell victim to a ransomware
attack last week without the capability to recover from the attack without
paying a ransom of $45,000 in cryptocurrency. The attack disabled many city
services for a number of days until officials determined they would not be able
to recover without paying for systems to be decrypted. This attack was another
example of how having data backed up, even if somewhat dated, is less expensive
and more secure in the long run.
Illinois Healthcare Data Breach
The Illinois
healthcare system suffered a multi-month data breach stemming from several compromised
email accounts earlier this year. The breach does not affect all IHS clients, but
those who were affected had much of their sensitive information, including
social security numbers and personal health documents, leaked. The breach began
in early February, but victims were not informed until the end of July, when
they were offered credit and identity monitoring services to protect against
illicit use of their data.
Cyberattack Strikes InfoSec Training Organization
One of the largest cybersecurity
training organizations was recently targeted by a phishing attack against an
internal email account. The compromised account was then used to install an
illicit Office365 add-on to maintain control of the account and to forward over
500 emails to a third-party account, many of which contained sensitive
information on customers. Affected customers have been contacted and warned to
be vigilant against future phishing attacks.
Pace Center Data Compromised Following Blackbaud Breach
Some donor data for the Florida-based non-profit Pace
Center for Girls was leaked after a data breach targeted its software
provider, Blackbaud, in May. The breach affected over 200 organizations relying
on Blackbaud for cloud-computing services and contained personally identifiable
information on thousands of donors. Fortunately, no payment card data was
included in the breach and the Pace organization has begun improving security
protocols to avoid further attacks.
Payment Card Data Stolen from MSU Website
At least 2,600 individuals were possibly affected by a
payment card leak after the Michigan
State University online shop was infiltrated through a known website
vulnerability. The attack used a card-skimming technique and remained active on
the site for nearly a year, leaving many customer’s data vulnerable to other
possible attacks. This would be the second cybersecurity-related incident to
target MSU in the last year. In May, the university was hit with a ransomware
attack that resulted in the publishing of stolen data.
