All Posts - Page 20 of 148

Mental Health and Mindful Tech

by Rich Sarko | May 1, 2020 | Home + Mobile

Anyone who has spent late nights scrolling through their social media feed or grinding on video games knows one thing is true: Technology can be a good thing, but only in moderation. Like too much of anything, spending a lot of time on the internet or social media can lead to unhealthy consequences. Since May is mental health awareness month, we thought it would be a good time to remind ourselves of the importance finding a healthy balance when it comes to using technology.

Social distancing on social media

The global coronavirus pandemic continues to test our own personal resilience. While most of us are sheltering at home, we’re also relying more and more on technology for work and staying connected to family and friends via virtual conferencing and social media. But too much social media can be a bad thing, too.

The more scientists study social media use, the more they find negative side effects:

Young people who use social media more than two hours a day tend to rate their mental health as fair or poor compared with less frequent users.
Occasional users of social media are almost 3x less likely to be depressed than heavy users.
People who restrict social media use to a half-hour a day have significantly lower depressive and anxiety symptoms.

If you’re someone who finds periods of abstention reinvigorating, you may want to add a digital detox to go along with New Year’s resolutions and Sober October.

Data loss blues

When you spend a lot of time on a computer, it’s only a matter of time before you lose something important. It could be financial documents, or an album of precious family photos, or maybe a big work presentation. Worse yet, you could have your entire system taken over by ransomware. Stressed yet? You’re not alone. We asked IT pros what they would rather lose than their data and here’s what they had to say:

Things IT pros would rather lose than data:

Internet connection
Cell service
Internal organ
Wedding ring
Robot lawnmower
Bacon

That’s right. Bacon! Kidding aside, losing data can be stressful. And many businesses don’t survive after major data loss. That’s why using strong cybersecurity solutions, like cloud-based antivirus, is so important, as is backing up the important files and folders on your computer. Do it for the sake of your data, or do it for the bacon, but just do it! You’ll thank us.

Technology never sleeps

If you think it’s hard for those just using technology, think of the people who have to work in technology. If you’ve ever thought about a career in tech, you better like the night shift. Technology never sleeps. The best time to perform upgrades or installations is late at night when most users are offline and there’s less traffic on the network. Want to launch a new website? Midnight is probably the best time. But all this late-night system testing and debugging can lead to loss of sleep and, in turn, an unhealthy dose of stress.

And it’s not just tech pros doing tech things late at night. If you’re up late scrolling your feed and posting comments, you may not be sleeping as well as you should. The blue light from phone screens and computers reduce your levels of melatonin, which is the hormone that controls your sleep. And lack of sleep can lead to several harmful side-effects, including:

Anxiety, insomnia, depression, forgetfulness
Impaired thinking and slow reaction time
Increased risk for heart disease, high blood pressure, stroke and diabetes
Sleep apnea, low testosterone and decreased sex drive
Skin lines, dark circles under the eyes, weight gain

So, avoid using tech too close to bedtime if you can. Reduced stimulation works wonders for good sleep habits. The news will still be there in the morning.

There’s an app for that

It’s not all doom and gloom when it comes to technology and mental health. In fact, advancements in health technology are emerging at a rapid rate. One area of progress is apps that help people with mental health issues. The National Institute of Mental Health has identified several promising trends, including:

Apps that provide tools for managing stress, anxiety and sleep problems
Cognitive remediation apps that help people develop thinking and coping skills
Illness management apps that put trained health care providers in touch with patients
Mindfulness, meditation and relaxation apps

Resilience online and offline

It’s a measure of our personal resilience when we’re able to persevere through something as disruptive as coronavirus. Having social media and the internet can help. But we have to be mindful to avoid overdoing it. We also have to be careful to protect the digital devices we’ve come to rely on with appropriate cybersecurity. That’s cyber-resilience. And it can do wonders for your peace of mind and your overall mental health.

Cyber News Rundown: Hackers Aim at Oil Producers

by Connor Madsen | May 1, 2020 | Industry Intel

As Oil Prices Drop, Hackers Take Aim at Producers

With the recent crash in oil prices, and supply rapidly piling up, a new spear phishing campaign has begun targeting executives at several major oil producers. A massive number of emails started being distributed in late March, without the telltale signs of amateur phishing like bad spelling and grammar. Furthermore, the emails appeared to be from a sender with knowledge of the oil and gas industry. Two documents within the emails posed as bid contracts and proposal forms but were used to deliver the final payload, a trojan called Agent Tesla, which is a malware-as-a-service that can perform a variety of malicious activities on a system.

Software Affiliates Sending Phony Expiration Notices

Several dubious third-party software affiliates have been spotted distributing a campaign targeting antivirus users, prompting them to renew their subscription through the affiliate’s link, thus netting them additional revenue. Most affiliate programs have strict guidelines as to how the company can promote the affiliated software, and purposely misleading customers can lead to major penalties. Emails displaying expiration notices for Norton and McAfee have both been identified. With a percentage commission, the affiliate could be earning up to 20% of the purchase price for each fraudulent sale.

Philadelphia Sandwich Chain Faces Data Breach

PrimoHoagies, a Philadelphia-based sandwich chain, was the unsuspecting victim to a data breach that went undetected from July 2019 until this February. The breach affected all online sales during that time period, though no in-store purchase data was compromised. By April, the company released an official statement regarding the breach. But the admission came only days before a data security lawsuit was filed by a customer who had seen fraudulent charges on his credit card.

Decryption Keys for Shade Ransomware Made Available

After nearly five years of operation, the creators of Shade ransomware have decided to close shop and give out nearly 750,000 decryption keys along with an apology for harm done. While most ransomware variants tend to purposely avoid Russia and Ukraine, Shade focused specifically on these two countries during its run. Though the many decryption keys and master keys have been made public, the instructions for recovering the actual files are not especially user-friendly and a full decryption tool has not yet been released.

ExecuPharm Hit with Ransomware Attack

One of the largest pharmaceutical companies in the U.S. recently suffered a ransomware attack that not only encrypted their systems but also gain access to a trove of highly sensitive personal information belonging to thousands of clients. It is believed that the attack started with in mid-March with phishing emails targeting specific employees with the widest access to internal systems. At this time, there is no confirmed decryption tool for the ransomware variant used and the company has begun contacting affected customers.

5 Ways to Improve Business Cyber-Resilience

by George Anderson | Apr 28, 2020 | Business + Partners

A popular military maxim speaks to the need for redundancy and it goes like this: “Two is one and one is none.” Redundancy is also a key principle when it comes to cyber-resilience. A popular rule in data protection and disaster recovery is called the 3-2-1 backup rule. IT pros often borrow from military strategies when approaching cyber-resilience, including a strategy known as “defense in depth.”

Defense in depth is a useful framework for protecting IT environments. It acknowledges that hackers will often use evasive tactics or brute force to overrun the outer-most layer of defense. So, multiple layers of defense are necessary – or defense in depth – to anticipate and mitigate lost ground. Cyber-resilience is a very high priority for businesses. So, we put together these five tips for improving cyber-resilience based on a defense-in-depth approach.

Tip #1: Sharpen perimeter defenses

Cybercriminals are getting better at using evasive tactics to circumvent company firewalls and antivirus. Some of these evasive tactics include file-based, file-less, obfuscated and encrypted script attacks. To counter these tactics, we’re rolling out a new shield technology to detect, block and remediate evasive attacks much faster and more effectively than before. Webroot® Evasion Shield stops attacks that elude other endpoint protection solutions. Cloud-based threat intelligence further increases resilience at the perimeter.

Tip #2: Strengthen the first line of defense – people

The primary vector for malware distribution is phishing attacks. While cybercriminals find increasingly deceptive ways to trick employees into downloading malicious code, not enough businesses are countering by educating their workforces about identifying suspicious activity. With employees being the weakest link in the cyber-security chain, the solution is regular security awareness training, with phishing simulations and courses on best practices for identifying and reporting suspicious activity.

Tip #3: Secure your DNS connection

The domain name system (DNS) is what allows internet traffic to find your website. But DNS protocols were not designed for security. In fact, they’re highly vulnerable to cyberattacks, including cache poisoning, DDoS, DNS hijacking, botnets, Command-and-Control (C&C) and man-in-the-middle attacks. A cloud-based DNS security solution enables businesses to enforce web access policies and stop threats at the network’s edge before they ever hit the network or endpoints.

Tip #4: Create and deploy a backup strategy

Redundancy is essential for cyber-resilience. Businesses must consider a scenario where malware circumvents outer defenses. Since detecting and remediating malware infections can be time-consuming, it’s important to have copies of files and data for business continuity. Scheduled backup with file versioning is necessary for mitigating malware infections and other forms of data loss. The scheduling feature is crucial since leaving it up to users exposes backup policy to human error.

Tip #5: Test recovery strategy regularly

Backup and recovery go hand-in-hand. And backup is only effective if it enables rapid recovery with minimal disruption. It’s important to test disaster recovery practices and procedures before you experience a live disaster scenario. Disasters come in different shapes and sizes, so it’s important to test simple file and folder recovery as well as large-scale system restore. Also, some systems are more critical than others. Tier-one systems (the most critical) need high levels of uptime, approaching 100%. This traditionally requires a secondary data center that is very costly to acquire and maintain. This is no longer the case. Disaster recovery as a service reduces the cost of standing up a secondary environment. It also allows for frequent testing of disaster recovery protocols. Businesses should test once a quarter – or at least once a year – to ensure systems are cyber-resilient when necessary.

To get started on the road to cyber resilience, take a fee trial here.

Cyber News Rundown: Ransomware Hits LA Suburbs

by Connor Madsen | Apr 24, 2020 | Industry Intel

Los Angeles Suburb Hit with Ransomware

Last month, the City of Torrance, California fell victim to a ransomware attack that shut down many of their internal systems and demanded 100 Bitcoins to not publish the stolen data. Along with the roughly 200GB of data it stole from the city, the DoppelPaymer ransomware also deleted all local backups and encrypted hundreds of workstations. At this time, it’s uncertain whether the City of Torrance has chosen to pay the ransom, as the malware authors seem to have diligently removed any means for the City to recuperate on their own.

Malicious Packages Hidden Within Popular File Repository

Over 700 malicious packages have been discovered within the RubyGems main program and file repository. These originated from just two accounts and were uploaded over a single week period in late February. Between them, the many packages have a combined download number of over 100,000, most of which included a cryptocurrency script that could identify and intercept cryptocurrency transactions being made on Windows® devices. While this isn’t the first time malicious actors have used open source file repositories to distribute malicious payloads, this infiltration of an official hub for such a long period of time speaks to the lack of security within these types of systems.

Maze Ransomware Targets Cognizant ISP

Late last week, the Maze Ransomware group took aim at New Jersey-based internet service provider, Cognizant, and took down a significant portion of their internal systems. The attack occurred just a day after the removal of a dark web post that offered access to an IT company’s systems for $200,000. It had been listed for nearly a week. While Cognizant has already begun contacting its customers about the attack, the true extent of the damage remains unclear.

COVID-19 Scams Net $13 Million

The Federal Trade Commission recently released statistics on the number of complaints they’ve received specifically related to the COVID-19 pandemic: it’s over 17,000 in just a three-month period. While this number is assuredly less than the actual number of COVID-19 related scams, these reported complaints have resulted in a sum of over $13 million in actual losses, ranging from fraudulent payments to travel cancellations and refunds. Additionally, the FTC was able to catalogue over 1,200 COVID-19 related scam calls reported by people on the Do Not Call list.

Customer Data Stolen from Fitness App

A database belonging containing 40GB of personally identifiable information on thousands of customers of the fitness app, Kinomap, was found unsecured. Containing a total of 42 million records, the database remained accessible for nearly 2 weeks after the company was informed. It was only secured at last after French data protection officials were notified. Kinomap API keys were also among the exposed data, which would have allowed malicious visitors to hijack user accounts and steal any available data.

The Truth about Hackers, in Black and White (and Grey)

by Grayson Milbourne | Apr 23, 2020 | Managed Service Providers

Did you know there are three primary types of hacker—white hats, black hats, and grey hats—and that there are subcategories within each one? Despite what you may have heard, not all hackers have intrinsically evil goals in mind. In fact, there are at least 300,000 hackers throughout the world who have registered themselves as white hats.

Also known as ethical hackers, white hats are coders who test internet systems to find bugs and security loopholes in an effort to help organizations lock them down before black hat hackers, i.e. the bad guys, can exploit them. Black hats, on the other hand, are the ones we’re referring to when we use words like “cybercriminal” or “threat actor.” These are hackers who violate computer security and break into systems for personal or financial gain, destructive motives, or other malicious intent.

The last of the three overarching types, grey hat hackers, are the ones whose motives are, well, in a bit of a grey area. Similar to white hats, grey hats may break into computer systems to let administrators know their networks have exploitable vulnerabilities that need to be fixed. However, from there, there’s nothing really stopping them from using this knowledge to extort a fee from the victim in exchange for helping to patch the bug. Alternatively, they might request a kind of finder’s fee. It really depends on the hacker.

So, hackers can be “good guys”?

Yes, they absolutely can.

In fact, there’s even an argument that black hats, while their motivations may be criminal in nature, are performing a beneficial service. After all, each time a massive hack occurs, the related programs, operating systems, businesses, and government structures are essentially shown where and how to make themselves more resilient against future attacks. According to Keren Elezari, a prominent cybersecurity analyst and hacking researcher, hackers and hacktivists ultimately push the internet and technology at large to become stronger and healthier by exposing vulnerabilities to create a better world.

White hat hackers, also known as ethical hackers, are cybersecurity defenders who use their skills to protect organizations from cyber threats. They might just be your friendly IT colleague. White hat hackers conduct penetration tests (often known as pen testing) and vulnerability assessments to identify security weaknesses that could be exploited by malicious hackers. With a deep understanding of cyber threats, white hat hackers help organizations strengthen security measures, develop more secure systems, and ensure the safety of digital assets. Their work is crucial in maintaining the integrity and confidentiality of sensitive information. Ethical hacking is a respected field within the IT industry, and white hat hackers are often sought after for their expertise in safeguarding cyber environments.

Why do they hack?

The shortest, simplest answer: for the money.

While white and grey hat hackers have altruistic motives in mind and, at least in the former group, are invested in ensuring security for all, the fact of the matter is that there’s a lot of money to be made in hacking. The average Certified Ethical Hacker earns around $91,000 USD per year. Additionally, to help make their products and services more secure, many technology companies offer significant bounties to coders who can expose vulnerabilities in their systems. For example, Apple offered a reward of $1.5 million USD last year to anyone who could hack an iPhone to find a serious security flaw. There are even groups, such as HackerOne, which provide bug bounty platforms that connect businesses with ethical hackers and cybersecurity researchers to perform penetration testing (i.e. finding vulnerabilities). Multiple hackers on the HackerOne bug bounty platform have earned over $1 million USD each.

And for black hats, theft, fraud, extortion, and other crimes can pay out significantly more. In fact, some black hats are sponsored by governments (see the Nation-State category below).

You mentioned subtypes. What are they?

As with many groups, there’s a wide range of hacker personas, each with different motivations. Here are a few of the basic ones you’re likely to encounter.

Script Kiddies

When you picture the stereotypical “hacker in a hoodie”, you’re thinking of a Script Kiddie. Script Kiddies are programming novices who have at least a little coding knowledge but lack expertise. Usually, they get free and open source software on the dark web and use it to infiltrate networks. Their individual motives can place them in black, white, or grey hat territory.

Hacktivists

Ever hear of a group of hackers called Anonymous? They’re a very well-known example of a hacktivist group who achieved notoriety when they took down the CIA’s website. Hacktivists are grey hat hackers with the primary goal of bringing public attention to a political or social matter through disruption. Two of the most common hacktivist strategies are stealing and exposing sensitive information or launching a denial of service (DDoS) attack.

Red Hats

Red hats are sort of like grey hats, except their goal is to block, confound, or straight-up destroy the efforts of black hat hackers. Think of them like the vigilantes of the hacker world. Rather than reporting breaches, they work to shut down malicious attacks with their own tools.

Green Hats

Green hat hackers are hackers who are new to the hacking world. They lack the skills and knowledge of their fellow black or white hat hackers. But they cause just as much damage as black hat hackers, as they try to hone their hacking skills. Sadly, most of the time, green hat hackers cannot fix what they break.

Nation-State

Remember earlier in this post when we mentioned that some black hats are sponsored by governments? That would be this group. Nation-state hackers are ones who engage in espionage, social engineering, or computer intrusion, typically with the goal of acquiring classified information or seeking large ransoms. As they are backed by government organizations, they are often extremely sophisticated and well trained.

Malicious Insiders

Perhaps one of the more overlooked threats to a business is the malicious insider. An insider might be a current or former employee who steals or destroys information, or it might be someone hired by a competitor to infiltrate an organization and pilfer trade secrets. The most valuable data for a malicious insider is usernames and passwords, which can then be sold on the dark web to turn a hefty profit.

What are your next steps?

Now that you better understand the hacker subtypes, you can use this information to help your organization identify potential threats, as well as opportunities to actually leverage hacking to protect your business. And if you haven’t already, check out our Lockdown Lessons, which include a variety of guides, podcasts, and webinars designed to help MSPs and businesses stay safe from cybercrime.

Beyond the educational steps you’re taking, you also need to ensure your security stack includes a robust endpoint protection solution that uses real-time threat intelligence and machine learning to prevent emerging attacks. Learn more about Webroot® Business Endpoint Protection or take a free trial here.

DNS is on the Verge of a Major Overhaul

by Kyle Fiehler | Apr 21, 2020 | Business + Partners, Managed Service Providers

“One of the things about working in internet technology is nothing lasts forever… [Students] come to me and they say, ‘I want to do something that has an impact 20, 50, or 100 years from now.’ I say well maybe you should compose music because none of this technology stuff is going to be around that long. It all gets replaced.” -Paul Mockapetris, co-inventor of the domain name system (DNS)

As foresighted as he may have been, the DNS inventor Paul Mockapetris got one thing wrong in a retrospective interview about his contribution to internet history. Namely, some aspects of technology do have at least 20-year staying power. In this case, his own invention: the domain name system.

But DNS, just three years shy of its fortieth birthday, is on the cusp of a major reimagining. One that could enhance the privacy of business and private users alike for some time to come. According to some experts, it may even be worthy of the title “DNS 2.0.”

The Problem with DNS Today

While DNS has evolved significantly in the more than 35 years since originally conceived, the skeletal structure remains much the same. DNS is the internet’s protocol for translating the URLs humans understand into the IP addresses machines do.

The problem is that this system never meant to consider privacy or security. With DNS today, requests are made and resolved in plain text, providing intrusive amounts of information to whomever may be resolving or inspecting them. That is most likely an internet service provider (ISP), but it may be a government entity or some other source. In authoritarian countries, governments can use this information to prosecute individuals for visiting sites with outlawed content. In the United States, it’s more likely to be monetized for its advertising value.

“The problem with DNS is it exposes what you’re doing,” says Webroot product manager and DNS expert Jonathan Barnett. “If I can log a user’s DNS requests, I can see when they work, when they don’t, how often they use Facebook, the Sonos Speakers and Google Nests on their network, all of that. From a privacy perspective, it shows what on the internet is associating with me and my network.”

This can be especially problematic in terms of home routers. Whereas business networks tend to be relatively secure—patched, up-to-date, and modern—”everyone’s home router tends to be set up by someone’s brother-in-law or an inexperienced ISP technician,” warns Barnett. In this case, malicious hackers can change DNS settings to redirect to their own resolvers.

“If you bring a device onto this network and try to navigate to one of your favorite sites, you may never wind up where you intended,” says Barnett.

In the age of COVID-19, it’s becoming an even bigger problem for employers. With a larger workforce working from home than perhaps ever before, traditional defenses at the network perimeter no longer remain.

“To maintain resilience,” says Barnett, “companies need to extend protection beyond the business network perimeter. One of the best ways to do that is through DNS protection that ensures requests are resolved through a trusted resolver and not a potentially misconfigured home network.”

DoH: The Second Coming of DNS

In response to these concerns, DNS over HTTPS (DoH) offers a method for encrypting DNS requests. Designed by the Internet Engineering Task Force, it leverages HTTPS privacy standard to mask these requests from those who may seek to use the information improperly. The same encryption standards used by banks, credit monitoring services, and other sites dealing in sensitive information display to prove their legitimacy is also used with DoH.

It does this by effectively ‘wrapping’ DNS requests with the HTTPS encryption protocols to ensure the server you connect with is the server you intended to connect with and that no one is listening in those requests, because all the traffic is encrypted.

“It makes sure no one is messing with a user by changing the results of a request before it’s returned,” says Barnett.

In addition to improving privacy around device usage—remember any internet-connected device needs to “phone home” occasionally, therefore initiating a DNS request—DoH also addresses several DNS-enabled attack methods. This includes DNS spoofing, also called DNS hijacking, whereby cybercriminals redirect a DNS request to their own servers in order to spy on or alter communications. By encrypting this traffic, it essentially becomes worthless as a target.

So, while the domain name system has served the internet and its users well for decades, the time may have come for a change.

“The creators of DNS, in their wildest dreams, imagined the system may be able to accommodate up to 50 million domains. We’re at 330 million now. It’s amazing what they achieved,” says Barnett. “But DNS needs to evolve. It’s been a great tool, but it wasn’t designed with privacy or security as a priority. DoH represents the logical evolution of DNS.”

Toward A DoH-Enabled Future

Several major tech players, like Mozilla with its Firefox browser, have already made the leap to using DoH as its preferred method of resolving requests. Many companies, however, would prefer to retain control of DNS and are concerned about applications making independent rogue DNS requests. Losing this control can compromise security as it limits the ability of a business to filter and process these requests.

As application creators strive for better privacy for their users and business always look improve security, a balance must be found. By limiting whether applications can enable DoH, Webroot® DNS Protection has designed its agent to retain control of DNS requests, and while also running each request through Webroot’s threat intelligence platform, both privacy and security is improved.

It’s next release, expected in the coming months, will be fully compatible with the new DoH protocol in service to the security and privacy of its users.

Cyber News Rundown: Ransomware Wrecks Florida City

by Connor Madsen | Apr 17, 2020 | Industry Intel

Florida City Sees Lasting Effects of Ransomware Attack

Nearly three weeks after the City of Jupiter, Florida suffered a ransomware attack that took many of their internal systems offline, the city has yet to return to normal. City officials announced they would be working to rebuild their systems from backups, rather than paying any ransom, and were able to get their main website up and running again, along with many essential services. The timing of the attack couldn’t have been worse, as most of the City’s staff were under lockdown and unable to access compromised machines in a quick and safe manner.

Hackers Breach San Francisco International Airport

Late last Month, Russia-based hackers attempted to breach the internal networks of San Francisco International Airport using a simple injection script to obtain employee credentials. By forcing the use of the SMB file-sharing protocol, the hackers could quickly grab the usernames and hashed passwords, which would then allow them to deploy any number of malicious payloads or access extremely sensitive information. Shortly after the attack was detected and subsequently ended, the IT staff issued a forced password reset for all staff in hopes of minimizing any further damage.

Critical Exploits Patched by Microsoft

Recently, Microsoft patched three zero-day exploits that could allow remote code execution, privilege increases, and even creating new accounts with full OS permissions. Two of the patched flaws related to the Adobe Type Manager Library and were functional on multiple Windows® operating systems, but performed different tasks based on the environment in which they were deployed.

DDoS Suspect Arrested in Netherlands

Two Dutch government websites that were created to distribute information related to the COVID-19 pandemic fell victim to a DDoS attack for several hours. Dutch authorities, who have been heavily involved in many cybersecurity operations, have arrested at least one suspect and shut down 15 sites offering DDoS services. Hopefully, the shutdowns will help reduce the number of these types of attacks going forward.

RagnarLocker Takes Down Portuguese Energy

One of the largest energy providers in Europe, Energias de Portugal (EDP), became the victim of a ransomware attack that used the RagnarLocker variant. In exchange for the estimated 10TB of data stolen during the attack, attackers demanded a ransom of $10.9m to be paid in cryptocurrency. The authors behind RagnarLocker have already begun posting segments of the stolen data to their main website, along with the promise to release the rest and make their entire client list aware of the breach, if the ransom isn’t met.

What’s Behind the Surge in Phishing Sites? Three Theories

by Tyler Moffitt | Apr 16, 2020 | Industry Intel

One of the most notable findings to come from the Webroot 2020 Threat Report was the significant rise in the number of active phishing sites over 2019—a 640% rise, to be exact. This reflects a year-over-year rise in active phishing sites, but it’s important to keep this (dangerous) threat in context.

“Of all websites that host malicious content, phishing historically has been a minority,” says Webroot Security Analyst Tyler Moffitt. “While it’s growing quite a bit and a significant threat, it’s still not a large percentage of the websites being used for malicious content. Those would be things like botnets or malware hosting.”

This traditional low instance rate is likely one explanation—or at least a portion of an explanation—that’s led to such a gaudy increase in the number of active sites.

Here are three other factors that may have contributed to the rise.

The diversification of attacks

Since first being described in a 1987 paper, phishing attacks have diversified considerably. While it was once reliably email-based with a broad scope, it now entails malware phishing, clone phishing, spear phishing, smishing, and many more specialized forms. Inevitably, these strains of attack require landing pages and form fields in for users to input the information to be stolen, helping to fuel the rise in active phishing sites.

Spear phishing—a highly targeted form of phishing requiring cybercriminals study their subject to craft more a realistic lure—has turned out to be a lucrative sub-technique. This has likely contributed to more cybercriminals adopting the technique over mass-target emails pointing to a single source. More on profitability later.

Check out this infographic for 5 tips on recognizing a phishing email.

Opportunism

After years of studying phishing data, it’s clear that the number of active phishing sites rises predictably during certain times of the year. Large online shopping holidays like Prime Day and Cyber Monday inevitably precipitate a spike in phishing attacks. In another example, webpages spoofing Apple quadrupled near the company’s March product release date, then leveled off.

Uncertainty also tends to fuel a rise in phishing sites.

“Not only do we always see a spike in phishing attacks around the holidays,” says Moffitt, “It also always happens in times of crisis. Throughout the COVID-19 outbreak we’ve followed a spike in phishing attacks in Italy and smishing scams promising to deliver your stimulus check if you click. Natural disasters also tend to bring these types of attacks out of the woodwork.”

The year 2019 was not without its wildfires, cyclones, and typhoons, but it’d be safe to suspect the number of phishing sites will grow again next year.

Short codes and HTTPs represent more phishing opportunities for cyber criminals. Malicious content is now often hosted on good domains (up to a quarter of the time, according to our Threat Report). Short codes also have the unintended consequence of masking a link’s destination URLs. Both these phenomena make it more difficult to identify a phishing attack.

“All of sudden these mental checks that everyone was told to use to sniff out phishing attacks, like double-checking URLs, no longer hold,” says Moffitt.

Profitability

Let’s face it, this is the big one. The rise in popularity of shared drives makes it more likely that any single phishing success will yield troves of valuable data. Compromising a corporate Dropbox account could easily warrant a six-figure ransom, or more, given the looming threat of GDPR and CCPA compliance violations.

“A few years ago, most of the targets were financial targets like PayPal and Chase,” according to Moffitt. “But now they are tech targets. Sites like Facebook, Google, Microsoft, and Apple. Because shared drives offer a better return on investment.”

Even for private individuals, shared drives are more bang for the buck. Credentials which can easily lead to identity theft can be sold on the dark web and, given the rampant rates of password re-use in the U.S., these can be cross-checked against other sites until the compromise spirals.

Finally, phishing is profitable as an initial entry point. Once a cybercriminal has accessed a business email account, for instance, he or she is able to case the joint until the most valuable next move has been determined.

“It’s a really lucrative first step,” says Moffitt.

Don’t take the bait

Installing up-to-date antivirus software is an essential first step in protecting yourself from phishing attacks. Features like Webroot’s Real-Time Anti-Phishing Shield can help stop these attacks before a user has the chance to fall for it. Continual education is equally as important. Webroot data shows that ongoing phishing simulations can lower click-through rates significantly.

The Problem with HTTPS

by Cathy Yang | Apr 14, 2020 | Business + Partners, Threat Intelligence

Despite the intent of ensuring safe transit of information to and from a trusted website, encrypted protocols (usually HTTPS) do little to validate that the content of certified websites is safe.

With the widespread usage of HTTPS protocols on major websites, network and security devices relying on interception of user traffic to apply filtering policies have lost visibility into page-level traffic. Cybercriminals can take advantage of this encryption to hide malicious content on secure connections, leaving users vulnerable to visiting malicious URLs within supposedly benign domains.

This limited visibility affects network devices that are unable to implement SSL/TLS decrypt functionality due to limited resources, cost, and capabilities. These devices are typically meant for home or small business use, but are also found in the enterprise arena, meaning the impact of this limited visibility can be widespread.

With 25% of malicious URLs identified by Webroot hosted within benign domains in 2019, a deeper view into underlying URLs is necessary to provide additional context to make better, more informed decisions when the exact URL path isn’t available.

Digging Deeper with Advanced Threat Intel

The BrightCloud® Web Classification and Web Reputation Services offers technology providers the most effective way to supplement domain-level visibility. Using cloud-based analytics and machine learning with more than 10 years of real-world refinement, BrightCloud® Threat Intelligence services have classified more than 842 million domains and 37 billion URLs to-date and can generate a predictive risk score for every domain on the internet.

The Domain Safety Score, available as a premium feature with BrightCloud® Web Classification and Reputation services, can be a valuable metric for filtering decisions when there is lack of path-level visibility on websites using HTTPs protocols. Even technology partners who do have path-level visibility can benefit from using the Domain Safety Score to avoid the complexity and compliance hurdles of deciding when to decrypt user traffic.

The Domain Safety Score is available for every domain and represents the estimated safety of the content found within that domain, ranging from 1 to 100, with 1 being the least safe. A domain with a low score has a higher predictive risk of having content within its pages that could compromise the security of users and systems, such as phishing forms or malicious downloads.

Using these services, organizations can implement and enforce effective web policies that protect users against web threats, whether encrypted through HTTPs or not.

Devising Domain Safety Scores

As mentioned, a Domain Safety Score represents the estimated safety of the content found within that domain. This enables better security filtering decisions for devices with minimal page-level visibility due to increasing adoption of HTTPS encryption.

How do we do it?

BrightCloud uses high-level input features to help determine Domain Safety Scores, including:

Domain attribute data, including publicly available information associated with the domain, such as registry information, certificate information, IP address information, and the domain name itself.
Behavioral features obtained from historical records of known communication events with the domain, gathered from real-world endpoints.
A novel deep-learning architecture employing multiple deep, recurrent neural networks to extract sequence information, feeding them into a classification network that is fully differentiable. This allows us to use the most cutting-edge technology to leverage as much information possible from a domain to determine a safety score.
Model training using a standard backpropagation through time algorithm, fully unrolling all sequences to calculate gradients. In order to train such a network on a huge dataset, we have developed a custom framework that optimizes the memory footprint to run efficiently on GPU resources in a supercomputing cluster. This approach allows us to train models faster and iterate quickly so we can remain responsive and adapt to large changes in the threat landscape over time.

A secure connection doesn’t have to compromise your privacy. That’s why Webroot’s Domain Safety Scores peek below the domain level to the places where up to a quarter of online threats lurk.

Learn more about Domain Safety Scores, here.

Cyber News Rundown: Malicious COVID-19 Websites Surge

by Connor Madsen | Apr 10, 2020 | Industry Intel

Malicious COVID-19 Websites Surge

In recent months, more than 136 thousand new domains have been registered that reference the current COVID-19 outbreak, many of which have yet to be flagged. A large portion of these sites are distributing phishing campaigns with fake bank login forms and inaccurate URLs, including any number of pandemic buzz words. Hopefully, some of the domain registrars will implement stricter detection for these sites to avoid the preying on of people seeking information during the outbreak.

NASA Employees Face Spike in Cyberattacks

NASA and many other federal departments are among those moving to telework and they are seeing an alarming rise in cyberattacks. These attacks include several variations of phishing campaigns designed to seek sensitive data or login credentials through requests for tax forms or disinformation about the current pandemic. NASA employees are especially seeing these types of attacks targeting mobile devices directly, since they often have fewer active security measures in place when compared to other devices.

Fingerprint Security Still Not Foolproof

A group of researchers that recently spent time studying various mobile devices’ fingerprint security measures found a shockingly high success rate from fake prints. By testing a variety of mobile devices, they learned that creating a continuously-successful print mold, while requiring a significant amount of time, could easily unlock a device before wiping features would be triggered. Advancements in fingerprint technology and better biosecurity implementations are clearly necessary.

Medical Testing Company Suffers Data Breach

After a ransomware attack by Maze authors, a major medical testing firm has had a large portion of stolen data published on the Maze “news” site. The data was leaked nearly a week after the initial attack, which the company refused to pay ransom for. While the stolen data only included victims with surnames beginning with D, G, I, and J, the testing company recommends all clients monitor their financials for any signs of fraud. This attack comes during a time where several ransomware authors pledged to avoid attacking healthcare or medical establishments, though they claim this campaign was started prior to the current outbreak.

Philippines Law Enforcement Arrests Fake News Distributors

At least 32 individuals were arrested in the Philippines for spreading fake COVID-19 information across several social media platforms. Some of the accused were reported to have instigated raids of food storage facilities after making false claims of regional shortages. The country, with over 3,000 confirmed cases of COVID-19, will maintain lockdown procedures to limit the spread of the disease until the end of April.