No one can say that Senior Software Manager Michael Balloni isn’t a team player. Because Michael is constantly tasked with tackling multiple advanced technical projects at once, he relies on his top-notch engineering team to prioritize and keep projects moving while he orchestrates the collective.
Loyal to the end, Michael Balloni has seen a promising career as a software developer under the tutelage of Webroot CTO, Hal Lonas. This is the second company he’s worked at with Hal, and he’s found the Webroot culture of innovation and teamwork unparalleled.
What are some projects you are currently working on and how do you
prioritize them?
I’m
on the DNS team and we’re currently improving the security and scalability of
the product. The team strives to provide DNS protection in all networking
situations: in the office, home, coffee shop, airport, you name it. With any project,
prioritization is key. You have to pick your battles, and work with the product manager
to stay informed of business trends and needs. We also have bi-weekly “sprint planning”
where our team goes over what we had set out to do in the previous two weeks and
decides what to
finish it in the next two weeks, and what new work to take on.
How do you promote technical leadership?
Technical leadership involves staying up to date on our industry
and technical craft, then sharing that information with the broader team. It
also involves staying current on the development of the products and steering in
that direction as needed. Most of the time, there’s no need to change direction
but sometimes there is, and can be tough to identify. I’ve learned that getting
clarification and input should happen before prescribing a fix to what may not
be a problem at all.
What is your greatest accomplishment in your career at Webroot so far?
There was a misunderstanding
between a development team and their management. Management did not think the
development team had a plan to move forward with a pressing need in an area,
and created their own plan for getting it across the goal line. Unaware of
this, development went ahead and made their own plan for solving the problem. I
put together a meeting for development and later met with the product manager
from the team’s management. We took everyone’s perspective into account, and both
teams proceeded informed and respected from there. It helped me hone my cross-team
management skills a lot.
What brought you to Webroot after your last job?
I had fun working with Webroot’s CTO Hal Lonas in the 2000s at a
previous company. He’s such a clear-headed individual. He really listens to
your ideas and excels at communication. He was able to teach me about
prioritizing pretty early on. He taught me to identify if something isn’t going
to work early and to know where to focus. We luckily haven’t had many projects
where that has happened here, but it’s a good skill to have. There’s a reason
he’s a CTO—he’s technical, but also a people person for sure.
How did you get into the technology field?
When I was a little kid I used to work on these electronic kits
that would come with wires and springs. It was a circuit board with different
electronic pieces like restrictors and capacitors. I would wire them together
to make circuits that all did different things. In high school, I would build
loudspeakers and amplifiers, I was always attracted to tech in that way.
What is your favorite thing about working at Webroot?
Everybody says it, but it’s the people. Everyone is sharp,
hardworking, and friendly. We have a good thing here. It’s an environment of
good intentions and backing each other up. Simply put, this is a great place to
work!
In a recent report by the firm 451 Research, 62 percent of SMBs reported having a security awareness training program in place for their employees, with half being “homegrown” training courses. The report also found that most complained their programs were difficult to implement, track, and manage.
Like those weights in the garage you’ve been meaning to lift
or the foreign language textbook you’ve been meaning to study, even our most
well-intentioned efforts flounder if we’re not willing to put to use the tools
that can help us achieve our goals.
So it goes with cybersecurity training. If it’s cumbersome
to deploy and manage, or isn’t able to clearly display its benefits, it will be
cast aside like so many barbells and Spanish-language dictionaries. But
unfortunately, until now, centralized management and streamlined workflows
across client sites have eluded the security awareness training industry.
The Importance of Effective Security Awareness Training
The effectiveness of end user cybersecurity training in
preventing data breaches and downtime has been demonstrated repeatedly.
Webroot’s own research found security
awareness training cut clicks on phishing links by 70 percent, when
delivered with regularity. And according to the 2018 Data Breach
Investigation Report by Verizon, 93 percent of all breaches were the result
of social engineering attacks like phishing.
With the average cost of a breach at around $3.62
million, low-overhead and effective solutions should be in high demand. But
while 76 percent of MSPs reported using some type of security awareness tool,
many still rely on in-house solutions that are siloed from the rest of their
cybersecurity monitoring and reporting.
“MSPs should consider security awareness training from
vendors with cybersecurity focus and expertise, and who have deep visibility
and insights into the changing threat landscape,” says 451 Research Senior
Analyst Aaron Sherrill.
“Ideally, training should be integrated into the
overall security services delivery platform to provide a unified and cohesive
approach for greater efficacy.”
Simple Security Training is Effective Security Training
Security awareness training that integrates with other cybersecurity solutions—like DNS and endpoint protection—is a good first step in making sure the material isn’t brushed aside like other implements of our best intentions.
Global management of security awareness training—the ability
to initiate, monitor, and report on the effectiveness of these programs from a
single pane of glass across all of your customers —is the next.
When MSPs can save time by say, rolling out a simulated
phishing campaign or training course to one, many or allclient’s sites across
the globe with only a few clicks, they both save time and money in management
overhead, and are more likely to offer it as a service to their clients.
Everyone wins.
With a console that delivers intuitive monitoring of
click-through rates for phishing campaigns or completion rates for courses like
compliance training, across all client sites, management is simplified. And
easily exportable phishing and campaign reports help drive home a client’s
progress.
“Automation and orchestration are the force multipliers MSPs
need to keep up with today’s threats and provide the best service possible to
their clients,” says Webroot SVP of Product Strategy and Technology Alliances
Chad Bacher.”
Like many Americans, you might think your online habits are
safe enough—or, at least, not so risky as to put you in danger for cybercrime.
As it happens, most of us in the U.S. are nowhere near as secure as we think we
are.
As part of our recent survey to better understand people’s attitudes, perspectives, and behaviors relating to online cyber-safety (or “cyber-hygiene”), we calculated each state’s cyber-hygiene score, which you can think of like a test score on people’s understanding and practice of good online habits. I’ve repaired computers and worked in the cybersecurity business for almost 15 years now, and I was shocked by some of the results.
Cut to the chase: just how bad were the results?
Bad. The average across all 50 states was only 60% (that’s a D in letter grades) on our scale. In fact, only 10% of Americans got a 90% or higher (i.e. an A). The riskiest states—Mississippi, Louisiana, California, Alaska, and Connecticut— combined for an average score of 56%. So what made their scores so low?
In Mississippi, almost 1 in 4 people don’t use any kind of antivirus and don’t know if they’ve ever been infected by malware.
Only 44% of Louisiana residents take any precautions before clicking links in emails leaving themselves vulnerable. (This is a great way to get scammed by a phishing email and end up with a nasty infection on your computer.)
Over 43% of Californians and Alaskans share their passwords with friends or family.
What does people’s perception vs. reality look like?
Americans in every state were overconfident. An astounding 88% feel they take the right steps to protect themselves. But remember, only 10% of people scored an A on our test, and the highest scoring state (New Hampshire) still only got an average of 65% (that’s still only a D).
While the average American has a surface level understanding of common cyber threats, there’s a lot of room for education. Many of those interviewed have heard of malware (79%), phishing (70%), and ransomware (49%), but few could explain them. Defending against the most common online threats in today’s landscape requires a basic understanding of how they work. After all, the more cyber aware you are of an attack such as phishing, the greater chance you have to spot and avoid it.
Along with understanding common cyberattacks, it’s also important to recognize threats to your online privacy. An alarming amount of Americans don’t keep their social media accounts private (64%) and reuse their passwords across multiple accounts (63%).
Given the number of news reports involving major companies getting breached, huge worldwide ransomware attacks, etc., we were pretty surprised by these numbers. As you’re reading these, you might be checking off a mental list of all the things you do and don’t know, the actions you do and don’t take when it comes to cybersecurity. What’s important here is that this report should act as a reminder that understanding what kinds of threats are out there will help you take the proper precautions. And, following a few simple steps can make a huge difference in your online safety.
How about some good news?
There is good news. There are some who scored a 90% or above on our test. We call them Cyber-Hygiene Superstars, because they not only take all the basic steps to protect themselves and their data online, but they go above and beyond. Cyber-Hygiene Superstars are evenly spread across the entirety of the U.S., and they help demonstrate to the rest of us that it’s easy to raise our own cyber-hygiene scores.
Some of the standout behavior of superstars included regularly backing up their data in multiple ways, always using antivirus, and using a VPN when connecting to public WiFi hotspots.
Superstars can also explain common attacks and are less
likely to fall victim of phishing attacks and identity theft. They frequently monitor
their bank and credit card statements and regularly check their credit scores.
What can you do to improve your cyber-hygiene score?
All in all, it’d be pretty easy for the average American to
take their score from a D to at least a B, if not higher. You won’t have to do
anything drastic. But just making a few small tweaks to your regular online
behavior could work wonders to keep you and your family safe from cybercrime.
Use
antivirus/antimalware software.
There are a lot of free solutions out there. While you typically get what you
pay for in terms of internet security, even a free solution is better than no
protection at all.
Keep all
your software and your operating system up to date.
This one’s super easy. Most applications and operating systems will tell you
when they need an update. All you have to do is click OK instead of delaying
the update to a later date.
Don’t
share or reuse passwords, and make sure to use strong ones.
You might think password sharing is no big deal, especially when it comes to
streaming or gaming sites, but the more you share, the more likely it is that
your passwords could end up being misused. And if the password to just one of
your accounts is compromised, then any of your other accounts that use that
password could also become compromised. If you’re concerned about having to
create and remember a lot of unique passwords, use a secure
password manager.
Lock down
your social media profiles.
Making your posts and personal details public and searchable means scammers can
find your details and increase their chances of successfully stealing your
identity or tricking you into handing over money or sensitive personal
information.
If you
connect to public WiFi, use a VPN.
Antivirus software protects the device, but a VPN
protects your actual connection to the internet, so what you do and
information you send online stays private.
Back up your data.
Cloud storage is a great solution. But it’s a good idea to do a regular
physical backup to an external drive, too, particularly for important files
like tax documents.
Don’t
enable macros in Microsoft® Office documents.
If you’re ever trying to open a document and it tells you to enable macros,
don’t do it. This is a common tactic for infections.
Use
caution when opening email attachments.
Only open attachments from people you know and trust, and, even then, be extra
careful. If you’re really not sure, call the person and confirm that they
really sent the file.
Test
your knowledge and see where the Webroot Community stacks up against the rest
of America: Join
our daily contest for a chance to win prizes! Contest ends at 4:00pm MT on
May 21, 2019.
Methodology Webroot partnered with Wakefield Research to survey 10,000 Americans, ages 18 and up, with 200 interviews in each of the 50 states. This survey was conducted between February 11 and February 25, 2019, using an email invitation and an online survey instrument. The margin of error is +/- 0.98 percentage points for the total audience of this study and +/- 6.9 percentage points for each state at the 95% confidence level.
A new email phishing
campaign has been making its way around the web that claims to be
from “FBI Director Christopher Wray,” who would love to assist with a massive
wire transfer to the victim’s bank account. Unfortunately for anyone hoping for
a quick payday, the $10 million check from Bank of America won’t be arriving
anytime soon, unless they are willing to enter more personal information and
send it to a Special FBI agent using a Yahoo email address. While most phishing
campaigns use scare tactics to scam victims, taking the opposite approach of
offering a large payout seems less likely to get results.
Magecart Skimming Script Works on Dozens of Sites
Following the many Magecart
attacks of recent years, a new payment skimming script has been
found that allows attackers to compromise almost any online checkout page without
the need to customize it for the specific site. The script currently works on
57 unique payment card gateways from around the world and begins injecting both
the loader and the exfiltration script when the keyword “checkout” is searched
for in the address bar.
Scammers Target Google Search Ads
Scammers are now turning towards Google Ads to post fake
phone numbers posing to be customer support for popular websites such as eBay
and Amazon. These phone
scammers will often tell those who call that there is something wrong with
their account and ask for a Google Play gift card code before they can help.
The ads will look as if they are legitimate which causes confusion to those who
call the phony numbers listed.
Citycomp Data Dumped After Blackmail Attempt
Shortly after discovering that their systems had been
breached, Citycomp
announced they would not be paying a ransom for a large chunk of stolen client
data. Unfortunately for Citycomp, the hackers decided to make the data publicly
available after not receiving their requested $5,000. Amongst the stolen data
is financial and personal information for dozens of companies for which Citycomp
provides infrastructure services, though it may only be an initial dump and not
the entire collection.
Email Scam Robs Catholic Church of Over $1.7 Million
The Saint Ambrose Catholic Parish in Ohio recently fell
victim to email
scammers who took nearly $2 million from the church currently
undergoing a major renovation. The scammers targeted monthly transactions made
between the church and the construction company by providing “updated” bank
information for the payments and sending appropriate confirmations for each
transfer. The church was only made aware of the breach after the construction
company called to inquire about two months of missing payments.
Today we chat with Web Analyst Manager Serena Peruzzi. Serena constantly filters through the web to analyze content. Sometimes her position requires looking through difficult material, but other times you can find her traveling, organizing company events, and even gardening!
See how Serena helps build Webroot’s company culture in this Employee Spotlight.
How did you get into the technology field?
During my undergrad in Translation and Interpreting 10 years ago, I came to realize how big a role automation and machine translation were going to play in my field. Thus, I decided to beat the trend to the punch and focus my research on Google Translate for my thesis; further on, I completed a master’s degree in Translation Technology, which mixed together traditional translation with state-of-the art localization technologies, and included leveraging on Machine Learning and language pattern recognitions to build automated translation engines. Google Translate pretty much rules the multilingual content scene for the general public, making content in more than 100 languages immediately accessible to the global audience with just one click. Also, a lot of crowdsourced content, for example travel or business reviews on the web, is also localized using machine translation technologies to maximize international reach. Additionally, many large corporations already leverage on customized enterprise machine translation engines to translate manuals and other documentation. There are already technologies allowing to converse in multiple languages in real-time, so there’s virtually no language barriers than cannot be overcome anymore; of course, provided you have an internet connection
What does a week as a Web Analyst Manager look like?
I typically have a few one-on-one calls with all remote Web Analysts on a weekly or bi-weekly basis, and two team meetings per week, one with the US and one with Sydney. We discuss top issues, upcoming tool updates and feature releases, and use the wisdom of the crowd to find a solution to difficult cases. We use a collaborative Kanban board to track the topics we discuss, so that we can always go back to them or track progress on resolutions. Finally, I work on a number of projects related to training, quality assessments, classification approvals, new implementations, case escalations from the team, and documentation. I also have a few gardening tasks to take care of, keeping the Webroot Threat plants alive is quite an arduous task!
What have you learned / what skills have you built in this role?
Customer care, URL threat analysis, and all aspects of people management are among the key skills I learned in the role. It also helped me keep up my passion for foreign languages, especially Spanish and Japanese, since I need to analyze web content from all over the world.
What is the hardest thing about being a Web Analyst Manager?
Explaining what a Web Analyst does is quite an arduous task, partially because it is a very complex and multi-faceted role involving analyzing large amounts of online content, but also because it involves, to some extent, evaluating content that may be disturbing or violent in nature, and it can be a difficult sell at times.
What is your greatest accomplishment in your career at Webroot so far?
Having helped build a global team of brilliant and enthusiastic minds is perhaps what makes me most proud of being a part of Webroot. The Web Analysts are first and foremost masters of languages and cultures; collectively we speak 12 different languages. The more languages you know, the more confidence you have in analyzing online content from all over the world, bringing different perspectives to the mix. Also, we have another element in common: we all want to make the internet a little safer for our user base. Because of that, building the team has always been an incredibly fun experience. It allows candidates to bring up their unique backgrounds and passions for different cultures and the IT security world in their interviews.
Does your work allow you to travel a lot? Where are some of the coolest places you have travelled?
I’ve travelled to San Diego, Colorado and Sydney with Webroot. While I enjoyed all my trips, I do have a weak spot for Australia. I am a big fan of water sports, and Australia offers the best sceneries for surfing and diving. It also hosts some of the most amazing animals I’ve ever seen. I’ll admit that my encounter with a group of Huntsmen in Sydney, despite being harmless spiders, had me run away fast. But when I first met Quokkas (smiling furry animals), they literally melted my heart
Best career advice you’ve received?
There’s a saying in Ireland which can be used as an antidote when things don’t go your way, “What’s for you won’t pass you.” I felt particularly close to it when I couldn’t attain a role in the past, as it ultimately led me to a different, extremely satisfactory role surrounded by amazing people.
Are you involved in anything at Webroot outside of your day to day work?
Aside from gardening, I’ve given a hand with organizing team-building and social events for Dublin in the past, including Christmas parties, Health Day, mini-golf and bubble football tournaments, and escape room challenges. Since the team is spread across three offices, team events vary based on group size and local amenities. In Ireland, we typically go out for a nice meal once a month, and order in food for celebrations; additionally, there are regular pub sessions with other Webroot teams. We also have office-wide team building activities on a quarterly basis, and/or when we have visitors on-site.
Favorite memory on the job?
St Patrick’s Day in the office, when I was in Support, was also a truly fun day. On our lunch break we went to Temple Bar, the very core of St Patrick’s celebrations, hid amongst the mayhem of thousands of party-goers celebrating, and then pinged the US team to spot us on the live street camera, just like in a game of “Where’s Waldo.”
Hackers Breach Private Keys to Steal Cryptocurrency
A possible coding error allowed hackers to compromise at
least 732 unique,
improperly secured private keys used in the Ethereum blockchain. By
exploiting a vulnerability, hackers have successfully stolen 38,000 Ethereum
coins so far, translating to over $54 million in stolen funds, though the
current number is likely much higher. While uncommon, such attacks do show that
the industry’s security and key-generation standards have plenty of room for
improvement.
Prominent Malware Reverse Engineer Faces Jail Time
The malware researcher Marcus
Hutchins, who successfully reversed and stopped the WannaCry
ransomware attacks in 2017, is facing up to six years of jail time for prior
malware creation and distribution. Hutchins’ charges all tie back to his
involvement in the creation of Kronos, a widespread banking Trojan that’s caused
significant damage around the world.
Data Exposed for Thousands of Rehab Patients
Personally identifiable data belonging to nearly 145,000
patients of a Pennsylvania rehab facility have been found in a
publicly available database. After a Shodan search, researchers discovered the
database that contained roughly 4.9 million unique documents showing information
ranging from names and birthdays to specific medical services provided and
billing records, all of which could be used to to steal the identity of these thousands
of individuals.
Study Finds Password Security Still Lacking
After this year’s review of password
security it may come as no surprise that the top five passwords
still in use are simple and have remained at the top for some time. Using a
list generated from past data breaches, researchers found the password “123456”
was used over 23 million times, with similar variations rounding out the top five.
Several popular names, sports teams, and bands like blink182 and Metallica are
still in use for hundreds of thousands of accounts. While these passwords may
be easy to remember, they are exceedingly simple to guess. Stronger passwords should
include multiple words or numbers to increase the complexity.
Bodybuilding Site Breached through Phishing Campaign
The website bodybuilding.com has announced they were the
victim of a data breach stemming from an email
phishing campaign in July 2018 that could affect many of the site’s
clients. Fortunately, the site doesn’t store full payment card data, and the
data it does store is only stored at the customer’s request, leaving little
data for hackers to actually use. The site also forced a password reset for all
users issued a warning about suspicious emails coming from bodybuilding.com, noting
they may be part of another phishing campaign.
Public concern about online privacy and security is rising, and not without reason. High-profile data breaches make headlines almost daily and tax season predictably increases instances of one of the most common types of identity theft, the fraudulent filings for tax returns known as tax-related identity theft.
As a result, more than half of global internet users are more concerned about their safety than they were a year ago. Over 80% in that same survey, conducted annually by the Center for International Governance Innovation, believe cybercriminals are to blame for their unease.
Individuals are right to wonder how much of their personally identifiable data (PII) has already leaked onto the dark web. Are their enough pieces of the puzzle to reconstruct their entire online identity?
Questions like these are leading those with a healthy amount of concern to evaluate their options for enhancing their cybersecurity. And one of the most common questions Webroot receives concerns the use of antivirus vs. a VPN.
Here we’ll explain what each does and why they work as compliments to each other. Essentially, antivirus solutions keep malware and other cyber threats at bay from your devices, while VPNs cloak your data by encrypting it on its journey to and from your device and the network it’s communicating with. One works at the device level and the other at the network level.
Why You Need Device-Level Antivirus Security
Antiviruses bear the primary responsibility for keeping your devices free from infection. By definition, malware is any software written for the purpose of doing damage. This is the category of threats attempting to undermine the antivirus (hopefully) installed on your PC, Mac, and yes, even smartphones like Apple and Android devices, too.
In an ever-shifting threat landscape, cybercriminals are constantly tweaking their approached to getting your money and data. Banking Trojans designed specifically for lifting your financial details were among the most common examples we saw last year. Spyware known as keyloggers can surreptitiously surveil your keystrokes and use the data to steal passwords and PII. A new category of malware, known as cryptojackers, can even remotely hijack your computing power for its own purposes.
But the right anti-malware tool guarding your devices can protect against these changing threats. This means that a single errant click or downloaded file doesn’t spell disaster.
“The amazing thing about cloud-based antivirus solutions,” says Webroot threat analyst Tyler Moffit, “is that even if we’ve never seen a threat before, we can categorize it in real time based on the way it behaves. If it’s determined to be malicious on any single device, we can alert our entire network of users almost instantaneously. From detection to protection in only a few minutes.”
Why You Need Network-Level VPN Security
We’ve covered devices, but what about that invisible beam of data traveling between your computer and the network it’s speaking to? That’s where the network-level protection offered by a VPN comes into play.
While convenient, public networks offering “free” WiFi can be a hotbed for criminal activity, precisely because they’re as easy for bad actors to access as they are for you and me. Packet sniffers, for instance, can be benign tools for helping network admins troubleshoot issues. In the wrong hands, however, they can easily be used to monitor network traffic on wireless networks. It’s also fairly easy, given the right technical abilities, for cybercriminals to compromise routers with man-in-the-middle attacks. Using this strategy, they’re able to commandeer routers for the purpose of seeing and copying all traffic traveling between a device and the network they now control.
Even on home WiFi networks, where you might expect the protection of the internet service provider (ISP) you pay monthly, that same ISP may be snooping on your traffic with the intent to sell your data.
With a VPN protecting your connection, though, data including instant messages, login information, social media, and the rest is encrypted. Even were a cybercriminal able to peek at your traffic, it would be unintelligible.
“For things like checking account balances or paying bills online, an encrypted connection should be considered essential,” says Moffit. “Without a VPN, I wouldn’t even consider playing with such sensitive information on public networks.”
How Webroot Can Help
Comprehensive cybersecurity involves protecting both data and devices. Antivirus solutions to protect against known and unknown malware—like the kinds that can ruin a laptop, empty a bank account, or do a cybercriminals bidding from afar—are generally recognized as essential. But for complete protection, it’s best to pair your antivirus with a VPN—one that can shield your data from intrusions like ISP snooping, packet sniffers, and compromised routers.
These are the places your digital tracks can be dug up. With a little sleuthing.
Experts have warned for years of the risks of using public computers such as those found in libraries, hotels, and airline lounges.
Many warnings focused on the potential for hackers to plant keystroke loggers, or intercept data as it flows across the internet. Indeed, in 2014, the National Cybersecurity and Communications Integration Center of the U.S. Secret Service issued an advisory for “owners, managers, and stakeholders in the hospitality industry” concerning data breaches. The text of the advisory claimed, “The attacks were not sophisticated, requiring little technical skill, and did not involve the exploit of vulnerabilities in browsers, operating systems or other software.” A 2014 announcement may seem to be an outdated reference, except that the recent Marriott data breach of over 300 million records was attributed to an attack in…wait for it…2014.)
But spyware and keyloggers aren’t the most common threat to the users of business center and other public computers. Forgetfulness, operating systems, applications, and temporary files are high up on the list. For several years I have searched public computers, mostly at hotels, to see what kinds of information people have left behind. It’s been an interesting passion project, to say the least.
Uncovering a Very Public Digital Paper Trail
The first places I look are the documents, downloads, desktop, and pictures folders. The pictures folder typically yields the least interesting information, usually pictures of groups of drunken people, group gatherings at restaurants, weddings, or cats.
The desktop, document, and occasionally downloads folders are where most documents are inadvertently left behind. Some interesting samples I’ve discovered include a spreadsheet of faculty merit raises at a university in Texas, including the names of professors, their departments, their current salaries, and their projected raises. Another was the assignment of a chief officer to a ship belonging to one of the largest shipping companies in the world. It included the officer’s name, address, phone number, vessel name, date of assignment, and contact information.
I have come across corporate audits and strategic business plans. Recently, I discovered a document called “closing arguments” created by a district attorney. When possible, I contact the owners of the information to help them understand the risks of using public computers for sensitive work. I rarely hear back, however the DA did thank and assure me the document was a training example.
The biggest menace, however, has been the temporary files folders, which include auto-saved documents and spreadsheets, as well as attachments. It is in the Temporary Internet Files folder that I have uncovered complete emails, and even a webpage including a bank statement detailing a large balance, the account holder’s name, sources of income, and the names and addresses of places he had done business. Of all of the temporary files I have discovered, documents belonging to businesses’ employees have been the most unsettling.
If you must, take precautions
There is some good news concerning the safety of public computers. Due to technology changes, I no longer find the contents of emails in the Temporary Internet Files folder. But we’re far from out of the woods. I have found my inbox cached, including pictures within emails and even a PDF that had not yet opened.
Although I could not open emails in the temoprary copy of my inbox shown above, subject lines and return email addresses may reveal more information than desired.
Deleting temporary internet files is a good habit, but there are multiple locations that temporary files are stored. Documents edited on public computers remain of particular concern. Due to auto-save features, it’s possible to open a document on a thumb drive and leave auto-saved documents behind on the computer. Now in normal operating circumstances and with current operating systems and Office applications, this is not likely to happen. But errors like OS and application crashes will leave these copies behind. Microsoft Word and Excel will even proactively offer these auto-saved documents to the next user of these applications
The PDF file shown above was left behind when I read an email using my ISP’s webmail interface.
Other than finding and deleting information left behind, my use of public computers is limited to reading online articles, checking the weather, and performing internet searches. What personal information you are willing to leave behind on a public computer depends on your risk tolerance. But it’s important to note that accessing corporate data on public computers could result in an inadvertent violation of company policies involving confidential data.
Although I still find public computers running Windows XP, there is a growing shift in the hospitality industry to use Kiosk applications. These provide limited functionality combined with locked-down security configurations. Access to the start menu is not possible and functionality is limited to desktop applications. Printing of boarding passes is a common allowed application. Reading web email is sometimes allowed, though I don’t recommend it because it requires entering a password. The risk of password compromise may be low, but the value of practicing quality security habits leads me to advise against it. If you must, consider changing your email password the next time you log onto a private computer.
If you happen to be using a public computer without a Kiosk interface, would you be so kind as to copy this blog, paste it into a Word document, and save it on the public computer to help inform the next user? They may end up paying it forward.
By its very nature, cybercrime must evolve to survive. Not only are cybersecurity experts constantly working to close hacking loopholes and prevent zero-day events, but technology itself is always evolving. This means cybercriminals are constantly creating new attacks to fit new trends, while tweaking existing attacks to avoid detection. To understand how cybercrime might evolve in the future, we look back to understand how it emerged in the past.
Cybercrime’s origins are rooted in telecommunications, with “hacker” culture as we know it today originating from “phone phreaking,” which peaked in the 1970s. Phreaking was the practice of exploiting hardware and frequency vulnerabilities in a telephone network, often for the purpose of receiving free or reduced telephone rates. As landline networks became more security savvy—and then fell out of favor—phone phreaking became less and less common. But it hasn’t been phased out completely. In 2018, a phone phreaker staged a series of creepy attacks in New York City WiFi kiosks, reminding us that the phreaks may have been forgotten, but they are certainly not gone.
Cybercrime as we currently think of it began on November 2, 1988 when Robert Tappan Morris unleashed the Morris Worm upon the world. Much like Dr. Frankenstein, Morris did not understand what his creation was capable of. This type of self-replicating program had never been seen before outside of a research lab, and the worm quickly transformed itself into the world’s first large-scale distributed denial of service (DDoS) attack. Computers worldwide were overwhelmed by the program and servers ground to a halt. Although Morris quickly released the protocol for shutting the program down, the damage had been done. In 1989, Morris was the first to be prosecuted and charged in violation of the Computer Fraud and Abuse Act.
At the turn of this century, we began to see a new era of malware emerge as email gave hackers a fresh access point. The infamous ILOVEYOU worm infected 50 million computers in 2000, corrupting data and self-propagating by exploiting a user’s email contacts. Given that the infected emails were coming from an otherwise trusted source, it forced many consumers to gain perspective on cybersecurity for the very first time. With antivirus software becoming a must-have for all computer owners, cybercriminals had to get inventive once again.
Phishing Makes A Splash
Phishing is the practice of tricking a user into willingly providing account logins or other sensitive information. This popular style of attack began with downloadable files through email, like the ILOVEYOU worm, but quickly grew more sophisticated. Phishing emails often imitate a trusted source, like an internet or phone service provider, and often include official-looking graphics, email addresses, and dummy websites to trick the user. In some cases, these phishing attacks are so convincing that even top government officials have been fooled—something we learned all too well in 2016 when the Democratic National Committee was breached.
With the rise of social media, we have seen a new style of phishing attack that doesn’t appear to be going anywhere anytime soon. Messages from Facebook, Instagram, Twitter and other social media accounts are frequent and increasingly sophisticated sources of social media phishing.
The Rise of Ransomware
No history of cybercrime would be complete without an examination of ransomware, a type of malware that gains access to critical files and systems and encrypts them, blocking a user from accessing their own data. Perpetrators extort the user, threatening to permanently delete the data or—in some cases—expose incriminating or embarrassing information. While ransomware has been around for decades, encryption and evasion techniques have become increasingly refined, sometimes at the hand of state actors. One of the most infamous examples of ransomware is the WannaCry attack in 2017, in which North Korean hackers used loopholes developed by the United States National Security Agency in the Windows operating system to attack more than 200,000 computers across 150 countries.
This made ransomware an international cybersecurity boogeyman, but it shouldn’t be your top concern. Webroot security analyst Tyler Moffitt explains why it’s a complicated strategy:
“Ransomware requires criminals to execute a successful phish, exploit, or RDP breach to deliver their payload, bypass any installed security, successfully encrypt files, and send the encryption keys to a secure command-and-control server—without making any mistakes,” Moffitt said. “Then the criminals still have to help the victim purchase and transfer the Bitcoin before finally decrypting their files. It’s a labor-intensive process and leaves tracks that must be covered up.”
Cryptojacking: the cutting edge?
A more recent workaround for the hard work of ransomware? Cryptojacking. Cryptojacking works by embedding JavaScript code into a website, which can then harvest the processing power of all devices that visit that site, using device processors to mine cryptocurrency for the host. This resource theft drags systems down, but often stealthily enough to go undetected; a fact that makes it very attractive to hackers. The number of cryptojacked URLs detected more than doubled from September to December of 2018, and cryptojacking attacks have officially surpassed ransomware in prevalence.
“Cryptojacking costs basically nothing to pull off and has much less illegal footprint,” Moffitt said. “When criminals are leveraging victims’ hardware (CPU) and power for siphoned crypto, the profits are very appealing. Even with the volatility of crypto prices, large campaigns have been able to make hundreds of thousands of dollars in only a few months. It’s estimated that over 5% of the cryptocurrency Monero in circulation is the result of illicit mining.”
Until recently, a cyptocurrency mining service called Coinhive was responsible for 60% of all cryptojacking attacks. Coinhive announced in early March 2019 that they would be shuttering the service. But this is by no means a death knell for crytpojacking—competitors are already rushing to fill the vacuum, not to mention inventing new ways to pivot off of existing cryptojacking techniques.
Being prepared for this next generation of cybercrime requires a few things from internet users. Keeping devices protected with antivirus software is a strong first step, but awareness of current threat trends is also helpful in preventing outside actors from viewing your data. Pairing antivirus software with a trusted VPN wraps your web traffic in a tunnel of encryption, shielding it from prying eyes. A double-pronged antivirus-plus-VPN defense will stop a majority of cybercrime in its tracks, but it’s by no means where your cybersecurity plan should end.
Global IT
services provider Wipro announced they are in the process of
investigating a data possibly affecting some of their clients. These types of
companies are popular for hackers because, by breaching a single IT service
company, they gain access to a far larger pool of victims through compromised credentials
belonging to client networks. It’s still unclear how long the hackers had
access to the systems, but some reports claim the attack was ongoing for
several months.
Age-Verification Hits UK Porn Viewers
The UK has passed a measure that will subject users to age-verifications
before being allowed to enter a pornographic website, as part of their ongoing
fight to make the UK safer online. This measure was originally introduced as a
way to decrease ransomware infections and slow the stream of stolen credentials
from paid accounts for higher-traffic sites. The new law has an 88% backing
from UK parents and will go into full effect on July 15.
Data Breach Affects Navicent Patients
A recent Navicent
Health announcement revealed the email systems of the health care
services provider were compromised in July, 2018, possibly affecting over
275,000 patients. While the remainder of their internal systems were untouched,
the email server did contain patient data, including social security numbers
and billing information. Fortunately, Navicent responded to the breach quickly
and began notifying the proper authorities, as well as their client base, in
addition to providing identity monitoring services for those whose information
was exposed.
Chrome for iOS Bug Redirects Users to Ads
A new bug, found only in the iOS
version of Chrome, has exposed up to half a million users to
unwanted advertising redirects, sometimes from legitimate websites. The bug works
by allowing malicious code to be executed from within page advertisements,
which can then overlay onto the device’s screen until clicked. The majority of
this campaign’s victims are based in the US and were targeted over a four-day
period in early April.
Microsoft Loses Subdomain for Live Tiles
A German researcher recently took control of a subdomain
used by Microsoft to assist websites with correctly formatting RSS
feeds into a usable XML format for Windows 8 and 10 Live Tiles. Because the
subdomain wasn’t registered to Microsoft or their Azure cloud services, and any
malicious actor could have compromised the domain, the researcher purchased it
and alerted Microsoft of his findings.
