Internet users in the U.S. have seen internet privacy protections diminish significantly in the post-9/11 era. In just March of this year, Congress swiftly (and quietly) did away with federal privacy regulations that prevented internet service providers from selling their customers’ browsing histories without consent.
In recent years, products intended to deliver conveniences directly to our doorsteps have begun to present tacit privacy intrusions into the modern home. Always-on smart speakers from online retailers make it easier than ever to order products, but they also enable those companies to listen to our every word. Those same companies are monitoring our behaviors across the web.
“Google knows quite a lot about all of us,” said cybersecurity expert Bruce Schneier in a recent interview with the Harvard Gazette. “No one ever lies to a search engine. I used to say that Google knows more about me than my wife does, but that doesn’t go far enough. Google knows me even better, because Google has perfect memory in a way that people don’t.”
Giant corporations aren’t the only ones intruding into our daily lives to collect our personal data for financial gain—cybercriminals are intent on doing the same. Crimes such as identity theft and extortion can be carried out with stealthy malware, such as remote access tools (RATs) used to spy on users via laptop webcams.
We asked people in downtown Denver, CO what they are doing to protect their privacy. Their answers were rather bleak:
While public awareness of this ominous trend has mounted somewhat since 2013, when revelations of America’s government surveillance surfaced via the Snowden leaks, virtually nothing has been done to reverse it. Faced with this constant barrage of privacy invasion, pulling the plugs and disconnecting entirely may seem like the only way out—but rejecting “the way things are” is a pill most people are unlikely to swallow.
Until there’s a major shift in our society’s attitudes (and public policies) toward internet privacy, the duty falls on individual users to safeguard their own private data, identities, and other sensitive information. Follow and share the tips below to take back control over your privacy.
Tips for protecting your online privacy
Configure your web browser to delete cookies after closing. You can also take control of other advanced privacy features in your web browser to have greater control of what you’re sharing with websites you visit.
Cover your webcam with tape, a sticker, or something else that can block the camera lens and also be easily removed when you need to use it. (Webroot SecureAnywhere® solutions protect against webcam spying and other potentially unwanted applications.)
Don’t share sensitive information on social media. Check your privacy settings on sites like Facebook and Twitter and make sure only your trusted followers can see your complete profile. For instance, do your Facebook friends really need to know your real birthday? Deliberately sharing a fake birthday on social media can be a crafty way to enhance your privacy.
Lock your screens. All of them. Losing a device like your laptop or smartphone could spell disaster if they were to end up in the wrong hands. Strong, uncommon PINs and passwords can lock down your devices from would-be thieves.
Use fake answers for password security questions. Honest answers to security questions can often be found with just a little online digging. Why can’t your mother’s maiden name be “7O7F1@!3kgBj”? This brings us to our next tip…
Use a password manager app to generate and store strong, unique passwords for all of your accounts. (A password manager can also safely store those fake security answers mentioned above.)
Use security software to monitor and protect your digital devices from threats like malware, spyware, and phishing attacks, which can steal your private data.
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Equifax announced hackers gained access to sensitive company data that potentially compromised information for 143 million American consumers, including Social Security numbers, driver’s license information, and credit card details. This is the third major cybersecurity incident for the agency since 2015. Most concerning, Equifax knew of the breach on June 29 but waited until September 7 to disclose the information.
Instagram Hack Exposes Millions of Accounts
A group of hackers recently gained access to a large number of Instagram accounts for high-profile celebrities and other victims. The attackers were able to use an exploit in the Insta app to retrieve the email addresses and phone numbers for millions of account holders. They then used this information to take control of more valuable accounts and posted the credentials for sale on the dark web. While Instagram was quick to fix the bug, it is still unclear just how many accounts were compromised.
Customer Databases Belonging to Time Warner Cable Publicly Exposed
In the last week, officials have been working to trace the cause of a data breach that could affect nearly 4 million Time Warner Cable customers. The breach appears to have stemmed from two databases, managed by Broadsoft Inc. (a partner of TWC), that were left fully accessible to the public. The data in question spans millions of transactions and communications with customers who have used the MyTWC mobile app in the last 7 years.
PrincessLocker Ransomware Uses Exploit Kit to Spread
While PrincessLocker may not be the newest or most dangerous ransomware variant currently making the rounds, it propagates through an unusual method: exploit kits. Along with a less expensive ransom demand, PrincessLocker has been spotted as the payload for a fully automated exploit kit known as RIG, which uses drive-by attacks to exploit system vulnerabilities.
Energy Grid Hackers Play Waiting Game
As cyberattacks focus more and more on infrastructure, rather than financial gain, they leave the future of many cities and countries uncertain. Many modern hackers have managed to work their way into countries’ infrastructures by easily bypassing the poor security used by numerous largescale energy facilities around the world. They’ve left backdoors into systems that could cause major disruption to the surrounding geographical areas, and, unfortunately, many of these very systems have never been updated appropriately. Meanwhile, attackers have nothing but time on their side to determine how and when it would benefit them to exploit these vulnerabilities.
Poker Site DDoSed, Then Ransomed
Late last week, America’s Cardroom and Winning Poker Network fell victim to the latest in a long string of DDoS attacks that have plagued such sites for years. This latest attack, however, brought with it a ransom demand to stop the attacks. The sites claim to have mitigated the DDoS attacks, though that comes after nearly 2 days of cancelling poker tournaments due to the insufficient bandwidth for their players.
Over the past eight years, I’ve been honored to work alongside a world-class group of professionals—including the Webroot team, and our growing network of partners and customers. Our security community has grown into something special, and powerful. With tremendous gratitude for that experience, I am sharing my plan to retire as CEO of Webroot. Mike Potts will be joining Webroot as CEO and a member of the Board of Directors on September 25, 2017, and I will continue to serve on Webroot’s Board of Directors.
As I look back and think about the highlights of the past 8 years, a few stand out for me:
Introducing the first “next gen” endpoint solution, built in the cloud and leveraging contextual threat analysis for greater efficacy against zero day threats than was possible before.
Establishing Webroot as a highly innovation company and expanding our portfolio from endpoint protection to network protection, threat intelligence and security awareness training.
Winning the prestigious Thomas J. Edison Award for Innovation, the first ever awarded to a security company.
Building out a team of almost 600 talented Webrooters across the world, including outstanding teams from our acquisitions of BrightCloud, PrevX, CyberFlow Analytics and Securecast.
Achieving #1 status in the major markets where we compete, like consumer retail in North America, and managed service providers and embedded threat intelligence worldwide.
Growing our customer base to millions of consumers, over 9,000 managed service providers and 210,000 businesses.
And, achieving with the close of this last fiscal year 14 consecutive quarters of double-digit growth.
What stands out most for me, though, is the extraordinary people. My years at Webroot were the most satisfying of my 52 years in business, and I’ve never worked with a finer group of people—employees, customers and partners alike. We created a uniquely collaborative relationship with our customers and partners, which led to not only the highest satisfaction rates in the industry, but also a great source of inspiration for how our products could evolve to solve new problems. The success of Webroot is our shared accomplishment.
It’s time for me to pass the baton, and I am confident Mike Pott’s is the right person to lead Webroot going forward. Mike’s passion, vision, and industry knowledge paired with the talented team in place means you have just seen the beginning of innovation from Webroot. I can’t wait to see what this team accomplishes in the coming years and hear about all of the successful implementations from our customers and partners.
From streaming entertainment to social media to our online bank accounts and software, we are inundated every day with the need to create and remember new passwords. In fact, one study revealed that Americans have an average of 130 online accounts registered to a single email address. And what are the chances that those 130 passwords are each unique and difficult to crack? Slim to none.
You’ve probably heard about the infamous Yahoo breach that came to light last year, in which hackers stole the credentials and other sensitive information of more than 1 billion users. For people who used their Yahoo password for other sites, those accounts were also compromised.
Unfortunately, many people admit their passwords are less secure than they should be. See for yourself:
So how, exactly, can we all be expected to create and remember an average of 130 unique passwords?
The best solution available today, offering both convenience and security, is a password manager.
What exactly is a password manager?
It is a type of application that can address all the above issues. Password managers come in the form of lightweight plugins for web browsers such as Google Chrome or Mozilla Firefox and can automatically fill in your credentials after saving them in an encrypted database.
The major benefit of using a password manager is that you only need to remember a single master password. This allows you to easily use unique, strong passwords chosen for each of your online accounts. Just remember one strong password and the manager will take care of the rest.
Avoid these common password security risks:
Typing passwords to login each time can be dangerous in itself. Malicious keyloggers designed to secretly monitor keystrokes can record your passwords as you type them. (You can eliminate these with good antivirus software.)
Remembering multiple passwords, especially if you have carefully picked a password that is complicated. Most people tend to use the same or similar passwords for different accounts, which means that if one password is exposed, criminals can log into all those accounts.
Storing passwords in a document or writing them down, which creates a very high risk of being affected by a breach or simply losing the information.
UPDATE: The Webroot Password Manager upgrade is here—now powered by LastPass, the most trusted password manager! Get access to quality-of-life features including the password vault, access on ALL devices, auto-fill and save, emergency access, and more.
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
IRS-Themed Ransomware Using Old-School Tactics
Over the past week, researchers have discovered a new ransomware variant that attempts to impersonate both the IRS and the FBI, similar to the FBI lockscreen malware that was popular several years ago. By tricking the victim into opening a link to a fake FBI questionnaire, the ransomware is downloaded onto the machine and begins encrypting. Fortunately, both the FBI and the IRS are taking great measures to alert possible victims and to catalog any scam emails that are being sent out.
History Repeats Itself at UK NHS District
Back in May, the UK’s National Health Services fell victim to a large WannaCry ransomware attack. While most of the districts have since regained full functionality, the district of Lanarkshire has once again been targeted. A cyberattack on its staffing and telephone systems left the district with only emergency services for several days. This event just reinforces the importance of updating security on critical systems before an attack, and even more so after one as devastating as WannaCry.
Worldwide Spread of Android DDoS Malware
A recent study found that hundreds of thousands of Android mobile devices had been compromised by a malware variant designed to turn them into a large-scale DDoS botnet. With hundreds of apps carrying the malicious code, it’s unsurprising that devices in more than 100 different countries have been linked to this WireX botnet, which was recently dismantled by security researchers from several different companies.
Hurricane Harvey Brings Out Scammers
As donations have poured in to support the victims of Hurricane Harvey, so too have stories of scammers looking to profit from their tragedy. Many fraudulent non-profit websites have already been registered and are seeing an exponential increase in traffic, along with large donations that will never reach the intended recipients. Phone scams have also been on the rise, with people impersonating relief organizations and other assistance groups to get information and money from victims of the storm.
Payment Records Compromised at UK Tech Retailer
In more tough news for UK citizens, officials at CeX have confirmed unauthorized access to payment records of nearly two million user accounts on their online site, webuy.com. Fortunately for many of the site’s users, CeX stopped storing customer payment information back in 2009, so most of the cards on file are likely expired. Customers have been advised to watch their accounts for any suspicious activity in the coming months, and to change their passwords as a precaution.
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
UK NHS Database Exposes Over 1 Million Patient Records
During the past week, a breach was discovered in patient booking system SwiftQueue, which is widely used by several National Health Service (NHS) facilities. The database may have contained patient information for up to 1.2 million UK citizens, though the actual data has yet to be fully examined. Even worse, attackers now claim they have found additional SwiftQueue vulnerabilities and are in possession of all 11 million records stored by the company.
Booking Provider’s Data Found in Public Data Dump
Researchers recently discovered a large customer data dump in a publicly-facing Amazon S3 bucket. The data in question belongs to Groupize, a groups and meetings solution, and contains everything from customer interactions to full credit card information used to book hotels and other meeting spaces. Fortunately for anyone who has used the service, the data was properly secured within a week of the discovery.
Phishing Site Hosted on .fish Domain
A new phishing site using a .fish domain was found in the past few weeks. .Fish is one of many generic top level domains (TLDs) created several years ago. While the site itself appears to have been compromised, rather than created maliciously, it was issuing redirects to an actual phishing page disguised as a French banking cooperative in Vietnam. This is the second .fish-hosted phishing site in the past 2 weeks; the first was a Netflix phishing attack that emerged just one week prior.
U.S. Navy Considers Possible Cyberattack to Blame for Recent Collision
Over the last few days, U.S. Navy officials have been trying to determine the exact cause of a large ship collision in the busy shipping lanes near Southeast Asia. Although there is currently no conclusive evidence of hacking in the ship’s systems, a steering failure occurring without initiating the backup procedures created for this very scenario raises some eyebrows. This is not the first occasion that a ship was purposely sent off-course by external interference, and officials are right to be concerned, as these are major vehicles of war.
Nearly All Hacked Companies Running Unpatched Systems
A new report by the Fortinet cybersecurity firm shows that 90% of all companies hacked in the last year were running unpatched software and network policies. Even worse for many of these companies: suitable patches had been available for months, which could have prevented the attacks, had they been implemented in a timely fashion. With a continually increasing number of attacks on unpatched system protocols, it’s crucial that companies ensure they’re taking sufficient steps to update infrastructure as part of their regular security measures.
Have you ever been out with friends, had a little too much to drink, and left your credit card in a bar? Or maybe you thought you’d stowed your child’s social security card safely away in your desk drawer, but now you can’t find it. It may seem like losing these items is just an inconvenience, but the reality is that simple slip-ups like these can spell disaster for you and your family.
According to NBC News, more than 15 million Americans were victims of identity theft last year alone, up 16 percent from 2015. And stolen credit or social security cards are just a couple of the ways identity thieves can invade your personal life, dealing major blows to your finances and even your reputation.
Unfortunately, the culprits behind identity theft can be anyone from family, friends, and neighbors to sophisticated cybercriminals.
“Most cybercriminals use automated tools to steal thousands, if not millions, of IDs at a time. Ensuring you have unique passwords for financial sites, avoiding public Wi-Fi in hotels and airports, and keeping backups of all your data are all important steps toward protecting yourself from identity theft. Finally, having a current, layered antivirus solution that not only protects against malicious files like ransomware, but also prevents phishing attacks and protects online browsing can close the loop on cybercriminals trying to do your and your family harm.”
-David Dufour, Senior Director of Engineering, Webroot
We recently took to the streets of Denver to get a feel for how average Americans are staying safe from identity theft. Their responses were not so surprising.
How to protect yourself from identity theft
With these types of malicious acts making the news more frequently than ever, why are people not taking more precautions with their identity? That’s not something we can answer, but we can give you a few tips on how to be safer with your identity:
Don’t send or receive private data over unsecured Wi-Fi networks or in public spaces.
Keep personal data encrypted when stored on devices.
Safely store (or destroy) physical documents that contain your private information, from credit cards to mail.
Freeze your credit. It sounds scary, but it isn’t. Freezing your score makes it harder for a criminal to open a new credit card account or take out a loan in your name. The FCC provides details on their website.
Know your credit score. There are many free services that help you keep track of your credit score, and make sure nothing phishy is going on.
If you’re looking for more ways to protect yourself from identity theft, the federal government has a few more tips.
What if I’ve been a victim of identity theft?
The Federal Trade Commission has a useful one-stop-shop to help you repair the damage and recover from identity theft. The task may seem daunting, but at the end of the day, your identity is yours—and it should stay yours.
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Officials in the Scottish Parliament have issued a statement regarding a brute force attack on their IT infrastructure. Fortunately for the many members of parliament, their already impressive cybersecurity protocols had recently been further improved in the wake of similar attacks over the last few months. On top of the added security measures, a forced password reset was issued to all staff members, simply to improve any weak credentials.
Phony Banking Domains Distribute Malware
While security precautions continue to expand, the malicious campaigns that try to evade them are growing even faster. By creating multiple fake banking domains, scammers are now attempting to spread Trickbot, a banking Trojan, to thousands of unsuspecting customers. Online banking customers should remain cautious of sites that require banking credentials, especially if visiting them from a link from their email.
Web Service Providers Move Away From the Daily Stormer
In the aftermath of the recent demonstrations and violence in Charlottesville, Virginia, the public has fervently demanded that The Daily Stormer, as a high-traffic site for hate speech, be taken down. After GoDaddy took down the domain, the site attempted to use Google’s hosting services, which were quickly terminated. After being shunned by numerous hosting sites, The Daily Stormer has relocated to the Dark Web.
Additional Chrome Extensions Exploited
Over the past week or so, researchers have found a growing list of compromised Google Chrome extensions. The extensions in question have been used to redirect normal internet traffic to malicious sites, and even alter ads that users see on a site. By using Javascript alerts to gain user permissions, these extensions have successfully diverted nearly 1 million users to their redirected landing pages.
Hacker Unlocks Vehicle for Desperate Family
After waiting several months for a replacement key to be shipped from Japan, the owner of a now keyless Toyota minivan called on a hacker for help. The hacker was able to reprogram the car to allow the owner to use a new key. While this case is a white hat story with a happy ending, it calls attention to the security protocols that could be circumvented by a less altruistic character.
NOTE: This blog post discusses active research by Webroot into an emerging threat. This information should be considered preliminary and will be updated as more data comes in.
New variants of Locky—Diablo and Lukitus—have surfaced from the ransomware family presumed by many to be dead. After rising to infamy as one of the first major forms of ransomware to achieve global success, Locky’s presence eventually faded. However, it appears this notorious attack is back with distribution through the Necurs botnet, one of the largest botnets in use today.
Webroot protects against Diablo and Lukitus
We first detected Diablo on August 9, 2017, and Lukitus yesterday, August 16. Since then, we’ve seen activity hitting Windows XP, Windows 7, and Windows 10 machines in the United States, United Kingdom, Italy, Sweden, China, Botswana, Russia, Netherlands, and Latvia.
How are these attacks deployed?
As with previous versions, the initial attack vector is through malspam campaigns in which phishing emails contain a zipped attachment with malicious javascript that downloads the Locky payload.
Once the Locky payload is dowloaded, it encrypts the users’ files with “.diablo6” and “.Lukitus”, respectively.
Then it changes the desktop background and provides the rescue pages “diablo6.htm” and “lukitus.htm”, which are identical.
Following what’s been standard for years, the Locky ransomware instructs the user to install a Tor Browser, then navigate to your unique .onion address to pay the ransom.
There is currently no available decryption tool that will work, other than paying the ransom to obtain the decryption keys. Although Webroot will stop this specific variant of Ransomware as a Service in real time—before any encryption takes place—don’t forget that the best protection in your anti-ransomware arsenal is a strong secure backup. You can use a cloud service or offline external storage, but remember to keep it up to date for personal productivity and business continuity.
For best practices for securing your environment against encrypting ransomware, see our community post.
Initial list of MD5s analyzed by Webroot
NOTE: This exhaustive list is current as of publication of this blog. We will continue to update internal lists but will not publish further additions until such time that we deem it necessary.
Over the last couple of years, I’ve written and spoken regularly about the changing roles of the Chief Information Security Officer (CISO). And what better way to demonstrate the many skills the position requires – from the technical to the managerial – than journaling a day’s work. A CISO has to be the strategic partner his or her company needs to manage risk. So for anyone who may be curious, here’s what a day in the life of a CISO looks like.
Hit the ground running
05:46 – Time to get up. Traffic is pretty heavy driving into work, so I have to leave early. As I rise, I check my phone for new emails. Then I check my calendar… it’s going to be a busy day.
06:42 – I pull into Starbucks. I need my venti Pike and a hot morning bun to help me wake-up for the day. As I wait for my coffee, I’m already thinking about my meetings and reading through emails. I learn that we need to triage an issue with Webroot’s SEIM vendor that prevents Webroot employees from accessing certain URLs.I need to speak with the team about tuning our email gateway to stop flagging certain types of email attachments.
07:27 – After making it to the office, I grab another cup of coffee as I walk to my office to check email and read cybersecurity news articles I’ve flagged.
08:10 – After I finish reading email, I prepare for a meeting with my team at 08:30.
We’re currently transitioning from one fiscal year to the next, so I want to review with my team what we have budgeted and go over projects that have been funded. I want them to have some context about what we will be working on, what security controls we need to mature and I want each of my team members to volunteer to help manage a project with the project manager.
09:46 – Time for a quick meeting with my Deputy. I work in a satellite office in San Diego, but I’ll be at headquarters in Colorado in a couple weeks, and I want to plan some team meetings.
As a CISO, it’s important that I mentor my team and spend time one-on-one with its leaders. As the role of cybersecurity has matured, much of we do is now woven throughout the business, and I believe it’s critical that my team develops the skills it needs to relate to non-technical stakeholders.
10:31 – As I put together a 3-year strategic roadmap to help my organization achieve its goals (ISO 27001 and GDPR certification), I seek out another point of view from my CISO mentor. Even I need assistance at times.
As a CISO, you must continually challenge yourself to learn about innovative technologies, new cybersecurity skills, or new management skills. I will never know everything, and I can’t expect my team members to be active in the cybersecurity community and grow their professional skills if I don’t do the same.
Working lunch
11:54 – I’m meeting with a local cybersecurity start-up for lunch. They’ve developed technology for a scenario-based testing platform that evaluates and establishes a risk baseline for an organization. I’ve followed this start-up for several years, and now that they have funding I want to see what changes they’re making to their platform.
It probably goes without saying that as a CISO, I find new technologies fascinating, and I continuously look to improve the security suite I have built for my organization. It’s my responsibility as the senior security executive for Webroot to be familiar with innovative technologies and to look at new possibilities that will provide strategic value to my company.
13:41 – Reviewing notes from the meeting with my CISO mentor. He provided me with some spider graphs, which we used to annotate a security risk scorecard. I want to use this data to put together a slide deck that outlining the projects we will work on over the next 36 months, split into two phases.
It’s critical to have a strategic roadmap of projects, backed by a risk scorecard that annotates our current state risk baseline. That way, as my team proceeds to work with our business units to update technologies, improve work processes, and complete ISO compliance requirements, we can watch our risk scorecard change. As the CISO, this will enable me to demonstrate the business value of cybersecurity by reducing our risk exposure and maturing our operations.
15:00 – My team and I are meeting with a threat-hunting vendor, planning to do a “proof of concept” for their technology. We requested a demonstration and a Q&A session.
I’m continuously working with my team to improve how we view threats to our organization. We want to have a real-time view into how data enters the enterprise, how it is used, how it is accessed, and when and where it exits the organization. Throughout that lifecycle, we want visibility from a single platform to log, alert, analyze, hunt, and remediate when required.
16:47 – After reviewing late emails, I call my boss to check in.
After business hours
18:17 – After fighting through traffic on the way home, I changed to go on a four-mile power walk. As I walk, I use my voice recorder to review meetings and events I had today and lay out ideas for future projects. I also look for articles to review tomorrow, and remind myself to register for the CISO roundtable dinner next week.
20:05 – After having dinner with my family, I retire to my home office to write for an hour. I am in the process of writing my second book for CISOs, and I must dedicate a specific period of time to writing ever day so that I stay on track.
21:32 – Now I’m catching up on Krebs and Cyberwire. This is when I really feel like I’m catching up on what’s going on in the cybersecurity community. I found some articles on interesting technologies, so I shared a couple of them with several of my peers at work.
22:30 – Time to call it a day. Shutting down the office now, and heading upstairs for bed.
01:28 – Woke up with a spontaneous idea to write an article about 24 hours in the life of a CISO. I jot down some ideas to send to our Public Relations department in the morning.
05:56 – The alarm goes off, and I hit the snooze button for ten minutes. Time to roll over, check my email and start another day…
At the end of the day, I’d like to thank Webroot for giving me the opportunity to be that valuable information security partner I talked about earlier. I’d also like to tell those veterans who are transitioning and looking for a new career, the cybersecurity community needs you. We’d be honored if you came to serve with us.
