Nearly five months after a breach, DoorDash has just now discovered that unauthorized access to sensitive customer information has taken place. Among the stolen data were customer names, payment history, and contact info, as well as the last four digits of both customer payment cards and employee bank accounts. The compromised data spans nearly 5 million unique customers and employees of the delivery service. DoorDash has since recommended all users change their passwords immediately.
American Express Employee Fraud
At least one American
Express employee was fired after it was revealed they had illicitly gained
access to customer payment card data and may have been using it to commit fraud
at other financial institutions. Following this incident, American Express began
contacting affected customers offering credit monitoring services to prevent misuse
of their data.
Hackers Target Airbus Suppliers
Several suppliers for Airbus
have recently been under cyber-attack by state-sponsored hackers that seem to
have a focus on the company’s VPN connections to Airbus. Both Rolls-Royce and
Expleo, European manufacturers of engines and technology respectively, have
been targeted for their technical documentation by Chinese aircraft
competitors. This type of attack has pushed many officials to urge for higher
security standards across all supply chains, as both large and small companies
are now being attacked.
Ransomware Law Passes Senate
A recently passed law mandates the Department of Homeland
Security support organizations affected by ransomware.
While focused on protecting students in New York state, the legislation follows
50 school districts across the U.S. falling victim to ransomware attacks in
2019 alone, compromising up to 500 schools overall. A similar bill recently
passed in the House of Representatives, which is expected to be combined with
this legislation.
Ransomware Targets Hospitals Around the Globe
Multiple hospitals in the U.S.
and Australia have fallen victim to ransomware attacks within the last
month. Some sites were so affected that they were forced to permanently close
their facilities after they weren’t able to rebuild patient records from encrypted
backups. Several offices in Australia have been unable to accept new patients
with only minimal systems for continuing operations.
“Antivirus programs use techniques to stop viruses that are very
“virus-like” in and of themselves, and in most cases if you try to
run two antivirus programs, or full security suites, each believes the other is
malicious and they then engage in a battle to the death (of system usability,
anyway).”
“…running 2 AV’s will most likely cause conflicts and slowness
as they will scan each other’s malware signature database. So it’s not
recommended.”
The above quotes come from top answers on a popular computer help site and
community forum in response to a question about “Running Two AVs”
simultaneously.
Seattle Times tech columnist Patrick Marshall has
similarly warned his readers about the dangers of antivirus products
conflicting on his own computers.
Historically, these comments were spot-on, 100% correct in
describing how competing AV solutions interacted on endpoints. Here’s why.
The (Traditional) Issues with Running Side-by-Side AV Programs
In pursuit of battling it out on your machine for security
supremacy, AV solutions have traditionally had a tendency to cause serious
performance issues.
This is because:
Each is convinced the other is an imposter. Antivirus programs tend to look a lot like viruses to other antivirus programs. The behaviors they engage in, like scanning files or scripts and exporting information about those data objects, can look a little shady to a program that’s sole purpose is to be on the lookout for suspicious activity.
Each wants to be the anti-malware star. Ideally both AV programs installed on a machine would be up to the task of spotting a virus on a computer. And both would want to let the user know when they’d found something. So while one AV number one may isolate a threat, you can bet AV number two will still want to alert the user to its presence. This can lead to an endlessly annoying cycle of warnings, all-clears, and further warnings.
Both are hungry for your computer’s limited resources. Traditional antivirus products store static lists of known threats on each user’s machine so they can be checked against new data. This, plus the memory used for storing the endpoint agent, CPU for scheduled scans, on-demand scans, and even resource use during idling can add up to big demand. Multiply it by two and devices quickly become sluggish.
Putting the Problem Into Context
Those of you reading this may be thinking, But is all of
this really a problem? Who wants to run duplicate endpoint security products
anyway?
Consider a scenario, one in which you’re unhappy with your
current AV solution. Maybe the management overhead is unreasonable and it’s
keeping you from core business responsibilities. Then what?
“Rip and replace”—a phrase guaranteed to make many an MSP
shudder—comes to mind. It suggests long evenings of after-hours work removing
endpoint protection from device after device, exposing each of the machines
under your care to a precarious period of no protection. For MSPs managing
hundreds or thousands of endpoints, even significant performance issues can
seem not worth the trouble.
Hence we’ve arrived at the problem with conflicting AV
software. They lock MSPs into a no-win quagmire of poor performance on the one
hand, and a potentially dangerous rip-and-replace operation on the other.
But by designing a no-conflict agent, these growing pains
can be eased almost completely. MSPs unhappy with the performance of their
current AV can install its replacement during working hours without breaking a
sweat. A cloud-based malware prevention architecture and “next-gen” approach to
mitigating attacks allows everyone to benefit from the ability to change and
upgrade their endpoint security with minimal effort.
Simply wait for your new endpoint agent to be installed,
uninstall its predecessor, and still be home in time for dinner.
Stop Wishing and Expect No-Conflict Endpoint Protection
Any modern endpoint protection worth its salt or designed
with the user in mind has two key qualities that address this problem:
It won’t conflict with other AV programs and
It installs fast and painlessly.
After all, this is 2019 (and over 30 years since antivirus
was invented) so you should expect as much. Considering the plethora of (often
so-called) next-gen endpoint solutions out there, there’s just no reason to get
locked into a bad relationship you can’t easily replace if something better
comes along.
So when evaluating a new cybersecurity tool, ask whether
it’s no conflict and how quickly it installs. You’ll be glad you did.
Many Instagram accounts were recently compromised after receiving a notice that their accounts would be suspended for copyright infringement if they didn’t complete an objection form within 24 hours. By setting a timeframe, the attackers are hoping that flustered victims would quickly begin entering account credentials into a phony landing page before being redirected to the authentic Instagram login page to appear legitimate.
WordPress Plugin Exploited
Rich Reviews, a vulnerable WordPress plugin that was removed from the main WordPress repository more than six months ago, has been found still active on thousands of websites. This vulnerability allows attackers to download malicious payloads, then redirect victims to phony websites that could further infect their systems. Fortunately, several security companies are working with the plugin’s creators to fix the current vulnerabilities, though these updates won’t reach users until it’s put back on the repository.
Banking Malware Campaign
Hundreds of malware
samples have been discovered that target ATMs and can be deployed to obtain
sensitive banking information from infected systems. Dtrack, the name of the
malware tools, can also be used to steal local machine information, such as
keystrokes and browser history, by using known vulnerabilities in network
security. This type of attack comes from the Lazarus Group, who have been known
to target nations and major financial institutions around the world.
Click2Gov Site Hacked
An online bill paying site used in dozens of cities across
the U.S. was recently hacked in at least eight cities, already compromising more
than 20,000 individuals from all 50 states. This will be the third breach affecting
Click2Gov,
all of which used an exploit allowing attackers to gain both remote access to
the system and upload any files they choose. Many of the cities that were
targeted recently were part of the prior attacks on the Click2Gov portal.
Wyoming Healthcare Hit with Ransomware
Campbell
County Health’s computer systems were brought to a halt after suffering a ransomware
attack this week. Nearly 1,500 computers were affected and all currently
scheduled surgeries and other medical care must be delayed or diverted to
another facility. Fortunately, CCH is working quickly to restore all of their
systems to normal and determine the exact infection point for the attack.
You have probably seen or heard news reports about STEM education (Science, Technology, Engineering, and Math), and how important STEM jobs are for the economy; or maybe you’ve heard reports on schools that are making strides to improve their STEM programs for kids. It’s important for parents with school-aged children to fully understand what a STEM education is and why access to STEM learning resources is so critical.
STEM education, which is rooted in a strong foundation in the disciplines of science and math, is traditionally a part of any student’s curriculum. But a truly effective STEM education focuses on the interdisciplinary layering of these disciplines into the larger educational picture. When applied appropriately, effective STEM learning is integrated across subject areas, which taps into a child’s natural curiosity, providing them with an outlet for their creative energy.
STEM isn’t just a buzzword acronym. The data shows a real impact when a child is exposed to STEM activities or programs. Here are just a few of ways kids are benefiting from STEM learning.
College Readiness: A recent study from ACT shows that teenagers with an expressed interest in STEM display significantly higher levels of college readiness than their uninterested cohort.
Workforce Opportunity: Humanity will always need engineers, and STEM workforce growth will always reflect that need. Since 1990, STEM employment has grown by nearly 80%, and the sector expects to see an additional 8.9% in growth before 2024. Even better, STEM workers earn around 26% higher salaries than others. Even if they don’t end up working in a traditionally STEM-focused field, people with STEM degrees tend to earn more on average across the board.
American Infrastructure: It’s no secret that we have a shortage of STEM workers in the United States. In fact, of the 970,532 STEM-interested students polled in the ACT survey, only 5,839 indicated a plan to pursue a degree in a STEM field. With less than one percent of STEM-interested students pursuing the field, this leaves the future of our country’s digital infrastructure in potential peril. Consider this: China has a ratio of roughly one STEM grad for every 293 citizens, while the United States has one STEM grad for every 573 citizens. As it stands, we have roughly half the engineering power as our main economic rival, with no sign of bridging the gap.
Getting kids involved in STEM
STEM may seem intimidating to introduce to a young child, but it’s such a diverse field in which you can find several points of entry. Many existing extracurricular activities have already integrated STEM initiatives. One notable example is the Girl Scouts of America’s pledge to bring 2.5 million young women into the STEM pipeline by infusing their existing programs with STEM education projects. Many local and national programs are also focused on engaging children in STEM. If you’re having trouble finding such programs in your area, don’t forget the valuable resource that is your local library. They can often help you find a few relevant activities around town.
STEM at Home
You don’t have to wait for a STEM program to begin encouraging your child’s curiosity. Many simple, safe, and fun STEM projects can be worked on at home, like fun games or building toys (like creating magnetic slime or the engineering of simple robots). Finding at-home STEM activities to do with your child is an excellent first step toward giving them a solid foundation in STEM principles and nurturing their interest.
Creating a new generation of scientists, engineers, and inventors is important for all of us. Here at Webroot, we partnered with the Air Force Association’s CyberPatriot program to engage with Denver-area students around the topics of STEM and cybersecurity awareness, and we’re continuing thisinitiative again this year in honor of National Cyber Security Awareness Month in October. By engagingwith students in our community, we hope to plant the seeds that will encourage students to explore future opportunities in cybersecurity and IT.
When you’re running a business, it’s important to stay connected, whether you’re in the office or not. Modern technology has made this easier than ever, ensuring you can answer emails and stay on top of tasks in hotels, coffee shops, wherever. Social media influencer and serial entrepreneur Gary Vaynerchuk has even said, “The airplane is disproportionately the place where I get the most tangible amount of work done.”
But if you’re going to get anything done outside the office or on the road, there are a few essentials to have on hand. Here are five must-haves to make sure you are prepared and productive.
#1 Protect Your Devices and Your Data
No, this is not at the top just because you’re reading this on a security blog. Anytime you’re accessing the internet in a hotel, coffee shop, or other public space, your data and devices are at risk. While security may not be at the top of your list of concerns, a whopping 58% of data breaches happen to SMBs, and 60% of those who are attacked fold within 6 months.
This is why security, at the very least endpoint security, should be your number one consideration when working on the go. But not all endpoint security solutions are created equal.
Modern endpoint security is cloud-based, lightweight (won’t slow your device down), and is powered by 24/7 threat intelligence to make sure you are protected against all known threats. In fact, some do what is known as “journaling” when they encounter an unknown threat so if it is deemed malicious, every action the malware took can be rolled back, step by step.
It’s also worth considering implementing a VPN to secure your connection to your office software and data as well as secure your communications with colleagues. Public WiFi is a favorite target of malicious attacks, including man-in-the-middle attacks, so the more you can anonymize your activity, the better.
#2 Stay Connected
When you’re on the road, there’s no guarantee that you’ll have reliable WiFi. Coffee shop WiFi can vary depending on how many people are using it, and hotel WiFi often costs money. To make sure you can always stay connected to high-quality WiFi, you’ll want to invest in a mobile WiFi device, which will work much better than using your smartphone as a hotspot. Plus, using a mobile WiFi device will help save your phone battery and will free it up for any phone calls you need to make.
The last thing you want when working on the go is for your devices to run out of battery. Of course, you must remember to bring your basic laptop and smartphone chargers. However, you might not always have convenient access to an outlet. In which case, you’re going to want to bring a portable charger. Smartphones and laptops have different battery needs so you might want to get a portable charger for each.
If you’re out of the office, chances are it might be more difficult to find some peace and quiet. Because of this, you’ll want to make sure you have a good set of headphones to help you get in the zone.
If you’re choosing headphones, you’ll need to consider whether you want to go with over-the-ear or in-ear models. Over-the-ear models tend to have higher sound quality and better noise canceling features, but there are a variety of high-quality earbuds these days that may be easier to travel with. Whichever you go with, they’ll be useless without productivity-enhancing music to go along with them.
Now that you have your laptop, smartphone, chargers, portable batteries, headphones, and WiFi hotspot, you’ll need a way to carry it all around. But not just any bag will do. Since you’re traveling, you’ll want something that is compact, organized, and comfortable to carry, even if it’s heavy.
While the briefcase is a classic, it is not very efficient and can be cumbersome when also trying to carry coffee or talk on the phone. Backpacks are definitely the way to go if you want to carry everything comfortably while keeping your hands free. Just make sure to choose a bag made of durable materials with adequately wide and cushioned straps. The last thing you want in a bag is one you wince at the thought of carrying again after a long day.
Ransomware
attacks seem to be earning larger payouts by focusing on
big businesses and governments, and a new variant dubbed TFlower might be no exception. TFlower has been proliferating by hacking
into compromised networks through various remote desktop services. Attackers can reportedly execute the
malware and begin encrypting most file types and removing all local backups. It is still
unclear how much the demanded ransom is, but researchers have
found that TFlower doesn’t append the encrypted files’
extensions.
More than 30
million customer records belonging to two Lion Air-owned
companies Malindo Air and Thai Lion Air were found in a publicly accessible database and
later on several underground forums earlier this month. Among the
available data are names, birthdates, and passport
information, all of which could easily be used to commit identity fraud. While
the data was available for nearly a month, it is still unclear how many individuals may have
obtained copies of the data.
White Hat Hackers Expose
Webcam Security Flaws
Over 15,000
unique webcams from several different
manufacturers have been found to be using default security settings while connected to
the internet. Many of the compromised devices have been identified
in the U.S., Europe, and
Southeast Asia. This recent discovery should prompt manufacturers
to implement additional security settings and require users to set their own
passwords.
Medical Patient
Images and Data Unprotected
In a recent research study of 2,300 healthcare systems, nearly
25 percent were
publicly accessible on the internet, containing a total of 24.3 million patient healthcare records
from at least 52 countries. Over 400 million medical images were available for
access or download through a system that allows medical workers to share
patient documents. These systems date back to the 1980s and need to be brought
up to current security standards, as the current system has virtually none.
Ecuadorian Data
Analytics Breach
An
Ecuadorian data analysis firm, Novaestrat, is under investigation after it was
discovered that the company left personally identifiable information for nearly
every Ecuadorian citizen exposed in an unsecured database. Records for
2.5 million car owners and nearly 7.5 million financial and banking
transactions were included in the records.
Immediately upon the revelation of the breach, Ecuadorian government officials
arrested the CEO for possessing the data illicitly.
An unfortunate reality of all smart devices is that, the smarter they get, and the more integrated into our lives they become, the more devastating a security breach can be. Smart cars are no exception. On the contrary, they come with their own specific set of vulnerabilities. Following high-profile incidents like the infamous Jeep hack, it’s more important than ever that smart car owners familiarize themselves with their inherent vulnerabilities. It may even save lives.
At a recent hacking competition, two competitors were able
to exploit a flaw in the Tesla Model 3 browser system and compromise
the car’s firmware. While the reported “Tesla hack” made waves in the industry,
it actually isn’t even one of the most common vulnerabilities smart car owners
should look out for. These, easier to exploit, vulnerabilities may be more
relevant to the average owner.
Car alarms, particularly aftermarket car alarms, are
one of the largest culprits in smart car security breaches. A recent study
found that at least three million vehicles are currently at risk
due to insecure smart alarms. By exploiting insecure direct object reference
(IDORS) issues within the alarm’s software, hackers can track the vehicle’s GPS
location, disable the alarm, unlock doors, and in some cases even kill the
engine while it is being used.
Key fobs are often used by hackers to gain physical
access to a vehicle. By using a relay attack, criminals are able to capture a
key fob’s specific signal with an RFID receiver and use it to unlock the car.
This high-tech version of a duplicate key comes with a decidedly low-tech
solution: Covering your key fob in aluminum foil will prevent the signal from
being skimmed.
On-Board diagnostic ports are legally required for all vehicles manufactured after 1996 in the United States. Traditionally used by mechanics, the on-board diagnostics-II (OBD-II) port allows direct communication with your vehicle’s computer. Because the OBD-II port bypasses all security measures to provide direct access to the vehicle’s computer for maintenance, it provides particularly tempting backdoor access for hackers.
Protecting Your
Smart Car from a Cybersecurity Breach
Precautions should always be taken after buying a new smart
device, and a smart car is no exception. Here are the best ways to protect your
family from a smart car hack.
Update your car’s firmware and keep it that way. Do
not skip an update because you don’t think it’s important or it will take too
much time. Car manufacturers are constantly testing and updating vehicle
software systems to keep their customers safe—and their brand name out of the
news. Signing up for vehicle manufacturer recalls and software patches will
help you stay on top of these updates.
Disable unused smart services. Any and all of your
car’s connectivity ports that you do not use should be turned off, if not
altogether disabled. This means that if you don’t use your car’s Bluetooth
connectivity, deactivate it. Removing
these access points will make your car less exposed to hacks.
Don’t be a beta tester. We all want the newest and
hottest technologies, but that doesn’t keep us at our most secure. Make sure
that you’re purchasing a vehicle with technology that has been field tested for
a few years, allowing time for any vulnerabilities to be exposed. Cutting-edge
technologies are good. But bleeding edge? Not so much.
Ask questions whenbuying your vehicle and
don’t be afraid to get technical. Ask the dealer or manufacturer which systems
can be operated remotely, which features are networked together, and how those
gateways are secured. If you’re not comfortable with the answers, take your
money elsewhere.
Advocate for your security. As smart cars become so
smart that they begin to drive themselves, consumers must demand that
manufacturers provide better security for autonomous and semi-autonomous
vehicles.
Only use a trusted mechanic and be mindful of who you
grant access to your car. OBD-II ports are vulnerable but necessary, so
skipping the valet may save you a costly automotive headache down the line.
Keep the Conversation
Going
As our cars get smarter, their vulnerabilities will change.
Check back here to keep yourself
updated on the newest trends in smart car technologies, and stay ahead of any potential
threats.
Do you remember the last time you’ve interacted with a
brand, political cause, or fundraising campaign via text message? Have you
noticed these communications occurring more frequently as of late?
It’s no accident. Whereas marketers and communications professionals can’t count on email opens or users accepting push notifications from apps, they’re well aware that around 98% of SMS messages are read within seconds of being received
As with any development in how we communicate, the rise in brand-related text messaging has attracted scammers looking to profit. Hence we arrive at a funny new word in the cybersecurity lexicon, “smishing.” Mathematical minds might understand it better represented by the following equation:
SMS + Phishing = Smishing
For the rest of us, smishing is the act of using text
messages to trick individuals into divulging sensitive information, visiting a
risky site, or downloading a malicious app onto a smartphone. These often
benign seeming messages might ask you to confirm banking details, verify
account information, or subscribe to an email newsletter via a link delivered by
SMS.
As with phishing emails, the end goal is to trick a user
into an action that plays into the hands of cybercriminals. Shockingly,
smishing campaigns often closely follow
natural disasters as scammers try to prey on the charitable to divert funds
into their own pockets.
Smishing vs Vishing vs Phishing
If
you’re at all concerned with the latest techniques cybercriminals are using to
defraud their victims, your vocabulary may be running over with terms for the
newest tactics. Here’s a brief refresher to help keep them straight.
Smishing,
as described above, uses text messages to extract the sought after information.
Different smishing techniques are discussed below.
Vishing is when a fraudulent actor calls a victim
pretending to be from a reputable organization and tries to extract personal
information, such as banking or credit card information.
Phishing
is any type of social engineering attack aimed at getting a victim to
voluntarily turn over valuable information by pretending to be a legitimate
source. Both smishing and vishing are variations of this tactic.
Examples of Smishing Techniques
Enterprising scammers have devised a number of methods for
smishing smartphone users. Here are a few popular techniques to be aware of:
Sending a
link that triggers the downloading of a malicious app. Clicks can trigger
automatic downloads on smartphones the same way they can on desktop internet
browsers. In smishing campaigns, these
apps are often designed to track your keystrokes, steal your identity, cede
control of your phone to hackers, or encrypt the files on your phone and hold
them for ransom.
Linking
to information-capturing forms. In the same way many email phishing
campaigns aim to direct their victims to online forms where their information
can be stolen, this technique uses text messages to do the same. Once a user
has clicked on the link and been redirected, any information entered into the
form can be read and misused by scammers.
Targeting
users with personal information. In a variation of spear
phishing, committed smishers may research a user’s social media activity in
order to entice their target with highly personalized bait text messages. The
end goal is the same as any phishing attack, but it’s important to know that
these scammers do sometimes come armed with your personal information to give
their ruse a real feel.
Referrals
to tech support. Again, this technique is a variation on the
classic tech support scam, or it could be thought of as the “vish via smish.”
An SMS message will instruct the recipient to contact a customer support line
via a number that’s provided. Once on the line, the scammer will try to pry
information from the caller by pretending to be a legitimate customer service representative.
How to Prevent Smishing
For all the conveniences technology has bestowed upon us,
it’s also opened us up to more ways to be ripped off. But if a text message
from an unknown number promising to rid you of mortgage debt (but only if you
act fast) raises your suspicion, then you’re already on the right track to
avoiding falling for smishing.
Here are a few other best practices for frustrating these
attacks:
Look for all the same signs you would if you were concerned an email was a phishing attempt: 1) Check for spelling errors and grammar mistakes, 2) Visit the sender’s website itself rather than providing information in the message, and 3) Verify the sender’s telephone address to make sure it matches that of the company it purports to belong to.
Never provide financial or payment information on anything other than the trusted website itself.
Don’t click on links from unknown senders or those you do not trust
Be wary of “act fast,” “sign up now,” or other pushy and too-good-to-be-true offers.
Always type web addresses in a browser rather than clicking on the link.
Install a mobile-compatible antivirus on your smart devices.
AI and machine learning offer tremendous promise for
humanity in terms of helping us make sense of Big Data. But, while the
processing power of these tools is integral for understanding trends and
predicting threats, it’s not sufficient on its own.
Thoughtful design of threat intelligence—design that accounts for the ultimate needs of its consumers—is essential too. There are three areas where thoughtful design of AI for cybersecurity increases overall utility for its end users.
Designing where your data comes from
To set the process of machine learning in motion, data
scientists rely on robust data sets they can use to train models that deduce
patterns. If your data is siloed, it relies on a single community of endpoints
or is made up only of data gathered from sensors like honeypots and crawlers. There
are bound to be gaps in the resultant threat intelligence.
A diverse set of real-world endpoints is essential to achieve
actionable threat intelligence. For one thing, machine learning models can be prone
to picking up biases if exposed to either too much of a particular threat or
too narrow of a user base. That may make the model adept at discovering one
type of threat, but not so great at noticing others. Well-rounded, globally-sourced
data provides the most accurate picture of threat trends.
Another significant reason real-world endpoints are essential is that some malware excels at evading traditional crawling mechanisms. This is especially common for phishing sites targeting specific geos or user environments, as well as for malware executables. Phishing sites can hide their malicious content from crawlers, and malware can appear benign or sit on a user’s endpoint for extended periods of time without taking an action.
Designing how to illustrate data’s context
Historical trends help to gauge future measurements, so
designing threat intelligence that accounts for context is essential. Take a
major website like www.google.com for example. Historical threat intelligence signals
it’s been benign for years, leading to the conclusion that its owners have put
solid security practices in place and are committed to not letting it become a
vector for bad actors. On the other hand, if we look at a domain that was only
very recently registered or has a long history of presenting a threat, there’s
a greater chance it will behave negatively in the future.
Illustrating this type of information in a useful way can
take the form of a reputation score. Since predictions about a data object’s
future actions—whether it be a URL, file, or mobile app—are based on
probability, reputation scores can help determine the probability that an
object may become a future threat, helping organizations determine the level of
risk they are comfortable with and set their policies accordingly.
Finally, how a threat intelligence provider classifies data
and the options they offer partners and users in terms of how to apply it can
greatly increase its utility. Protecting networks, homes, and devices from
internet threats is one thing, and certainly desirable for any threat
intelligence feed, but that’s far from all it can do.
Technology vendors designing a parental control product, for
instance, need threat intelligence capable of classifying content based on its
appropriateness for children. And any parent knows malware isn’t the only thing
children should be shielded from. Categories like adult content, gambling
sites, or hubs for pirating legitimate media may also be worthy of avoiding.
This flexibility extends to the workplace, too, where peer-to-peer streaming
and social media sites can affect worker productivity and slow network speeds,
not to mention introduce regulatory compliance concerns. Being able to classify
internet object with such scalpel-like precision makes thoughtfully designed
threat intelligence that is much more useful for the partners leveraging it.
Finally, the speed at which new threat intelligence findings
are applied to all endpoints on a device is critical. It’s well-known that
static threat lists can’t keep up with the pace of today’s malware, but updating
those lists on a daily basis isn’t cutting it anymore either. The time from initial
detection to global protection must be a matter of minutes.
This brings us back to where we started: the need for a robust, geographically diverse data set from which to draw our threat intelligence. For more information on how the Webroot Platform draws its data to protect customers and vendor partners around the globe, visit our threat intelligence page.
As many students began returning for the fall semester, classes
were cancelled in the Flagstaff Unified School District in Arizona after a ransomware
attack disabled some of the district’s computer systems. Officials haven’t
yet released any additional information on the ransom demanded or if any
sensitive employee or student documents was compromised. The attack is another
in a chain of ransomware campaigns affecting dozens of school districts around
the country in recent months.
Want more on the latest threats to your online security and privacy? Follow us on Facebook and Twitter to stay up to date.
BEC Scam Targets Toyota Corporation
A subsidiary company of Toyota
fell victim to a business email compromise (BEC) that could cost more than $37
million. Using social engineering to convince the victim to send the wire
transfer has become a common practice around the world and earned scammers an
estimated $1.3 billion in 2018 alone. Officials are still working to determine
the proper course of action to recover the stolen funds, though it is unlikely
they will be able to track down their present location.
International BEC Sting Nets 281 Arrests
With the cooperation of many law enforcement agencies around
the world, at least 281
individuals were taken into custody for their roles in various BEC scams.
Along with the arrests, officials seized $3.7 million in cash that had been stolen
by redirecting wire transfers while posing as a high-level executive. While the
majority of arrests came from Europe and Africa, nearly a quarter occurred in
the U.S.
LokiBot Campaign Affects U.S. Manufacturer
A poorly written email phishing campaign was recently discovered
with a rather malicious payload called LokiBot.
In the scam, once a victim would open the attachment (with assurances in the
email that it simply needs to be reviewed), an archive would unzip and allow the
payload to begin hunting for credentials and any other sensitive information stored
on the system. After reviewing the LokiBot sample, the IP address from which the
campaign originated from has been tied to several other, similar campaigns from
recent months.
Oklahoma State Trooper Pension Fund Stolen
Malicious hackers recently stole more than $4.2 million from
the Oklahoma State Trooper’s pension
fund, which was to be used to assist roughly 1,500 retired law enforcement
agents in the state. While most of the benefits programs should remain
unaffected, officials are confident that they will be able to recover the
funds, which would also be covered by insurance company if unable to be
recovered.
