Celebrating Women in STEM for National Coding Week and IT Pro Day
Women of Webroot and Carbonite talk about what drew them to the field and their advice for others looking to break into STEM.
The lack of representative diversity in tech has been long acknowledged and well-studied.
Organizations and non-profit groups like National Center for Women & Information Technology (NCWIT), Girls Who Code and She++ do excellent work to help address the issue. CIO, a digital magazine for tech business leaders, maintains a helpful hub of resources “dedicated to uplifting women in tech, pushing inclusivity in the workplace and closing the diversity gap.”
Unfortunately, despite this wealth of organizations dedicated to researching and addressing the problem, meaningful progress has been harder to come by. (And if you’re not convinced this is a problem, consider this: a study of 500 U.S.-based companies found that racial and gender diversity was associated with increased sales revenue, market share and relative profits.)
CIO reports that women in tech remain underpaid, underrepresented and more likely to be discriminated against. Despite holding 57 percent of professional positions in the U.S., women hold only 26 percent of positions in tech. Half of all women in STEM fields report experiencing workplace discrimination. The percentage of female computer scientists is actually falling in America.
September 14 kicks off National Coding Week and the third Tuesday of September (September 15 this calendar year) is National IT Professionals day. In celebration, we’ve asked some of the female IT professionals within our organization about representation in IT, what drew them to the field and advice for other women interested in STEM.
What led you to a career in STEM?
“After starting my career as a web design and developer, I became more involved in the web development which led me to where I am today, a principal UI engineer. I’ve always had a passion for making flat designs come to life and find it very exciting when I see my work go live.” – Christiane Evans, Principal UI Engineer
What makes you proud to be a woman in STEM?
“Realizing there are no wrong questions and no one knows everything, I resolved to challenge myself to learn something new every day. If being a woman in tech makes me different, then I am proud to be different. So, I say follow your passion. That passion and talent will take you miles, and don’t let anyone tell you otherwise.” – Kirupha Balasubramian, Sr. Devops Engineer
What advice would you give to women looking to join a STEM field?
“Be curious. Don’t be afraid to ask questions. Challenge yourself to solve problems. Never stop learning; continue learning new technologies to buil your skills and toolset. Put in the hard work, know your work inside out and you’ll feel confident in your abilities.” – Krystie Shetye, Director of Software Development
What would you say is one of the greatest challenges for women working in STEM?
“Working in engineering is its own constant learning curve. I think women should look for support everywhere we can to assure ourselves. We can and should do whatever we want to – no matter the barriers. Technology changes so fast, we have to constantly adapt. Though that’s part of the reason I love it here and why I love engineering as a career.” – Mingyan Qu, VP of Quality Engineering
Putting our values to work
The skills gap in cybersecurity is real and a detriment to businesses of all sizes. We believe there’s room enough for everyone in STEM, and the industry needs all the help it can get.
Webroot and its parent company OpenText are committed to diversity in hiring. In its 2020 Corporate Citizenship Report, OpenText reaffirmed its support of the 30% Club and committed to the goal of 30% of board seats and executive roles to be held by women by 2022.
To see what positions are available for you at OpenText, visit our careers page here.
Cybersecurity Tips for a Happy National Video Games Day
This year more than others, for many of us, it’s gaming that’s gotten us through. Lockdowns, uncertainty, and some pretty darn good releases have kept our computers and consoles switched on in 2020. GamesIndustry.biz, a website tracking the gaming sector, reported a record number of concurrent users on the gaming platform Steam for several weeks as the lockdown went into effect.
According to NationalToday.com, the authority for such days, video games are an $18 billion industry that trace their origins to the halls of prestigious educational institutions like Oxford University and MIT. Not surprisingly given, the nature of our work, they’ve captured the hearts and imaginations of a good number of here at Webroot. But again, due to the nature our work, we’re well attuned to video game-related hacks and scams.
This March, 66 malicious gaming apps were discovered to have evaded reviewers and found their way into the Google Play store. In April, just as coronavirus was beginning to keep most of us indoors, Nintendo was breached and the accounts of more than 300,000 gamers were compromised. Phishing attacks posing as gaming platforms have risen significantly during this time period.
But too often we hear from gamers that they don’t use an antivirus. With all the time gamers spend online, especially PC gamers, this is a big risk. Many of the reasons we hear for not using an antivirus, in fact, are based on misconceptions.
So, to clear up some of those misconceptions, and to provide some tips for spending National Video Games Safely, we sat down with cybersecurity expert and resident gamer Tyler Moffitt to get his advice.
What kinds of security threats do gamers face?
Not running any security is the main one. It’s a big problem within the gaming community. There are also tailored phishing attempts for online games where accounts can be worth over $100. The happen on platforms including Blizzard, Steam, Epic, Riot and others.
Why do cybercriminals target gamers?
They can be a niche target when big things happen like major game releases. Halo, World of Warcraft, Grand Theft Auto, and Call of Duty have all been targets for scams. But PC gamers not running any antivirus solution other than built-in or free protection are asking for trouble.
Either by game or gaming type, what tends to be the biggest target for hackers?
The way most players are infected with actual malware and not just giving up account info is by downloading game hacks. These are usually aim bots or other ways to cheat at the game. In addition to making games less fun for other players, they endanger the cybersecurity of the individuals doing the cheating. Also, trying to download games for free on torrent sites is just asking for trouble…or a trojan
Any misconceptions about gaming security?
I’d the biggest one is that all antiviruses today will cause problems with gameplay. Many players imagine they’ll have issues with latency, or their frame rate will drop off significantly, and that’s just not true. While years ago this may have been the case with heavy installation suites and large daily definition updates, many anti-viruses has changed throughout the years to do all the heavy lifting in the cloud while still being lightning fast and accurate with threats. The amount of CPU, RAM and bandwidth usage of AVs while idle and during a scan are significantly lighter than they used to be.
What can gamers do to improve online security?
As I mentioned, running an antivirus is essential. There are lightweight options available that won’t impact gameplay. Also, I recommend enabling two-factor authentication on all accounts for online games whenever possible to reduce the risk of falling victim to a malicious hacker.
As a gamer yourself, anything else to consider or personal best practice to share?
Trying to cheat or download premium games for free, especially when prompted to by clickbait-type ads, will almost always lead to a scam or malware. There’s no such thing as a free lunch.
See how Webroot compares to competitors in terms of installation size, scan time, and resource use in in third-party performance testing here.
4 Ways MSPs Can Fine-Tune Their Cybersecurity Go-To-Market Strategy
Today’s work-from-home environment has created an abundance of opportunities for offering new cybersecurity services in addition to your existing business. With cyberattacks increasing in frequency and sophistication, business owners and managers need protection now more than ever.
MSPs are ideally positioned to deliver the solutions businesses need in order to adapt to the current environment. In this post, we’ll briefly summarize four ways to fine-tune your cybersecurity GTM strategy for capitalizing on the shifting demands of today’s market.
1. Build an Offering That Aligns with Your Customer’s Level of Cyber Resilience
A cybersecurity GTM strategy is not a one-size-fits-all proposition. Each customer has unique needs. Some operate with higher levels of remote workers than others. Some may have more sensitive data than others. And some will have lower tolerances to the financial impact of a data breach than others. So, understand the current state of your customer’s ability to adequately protect against, prevent, detect and respond to modern cyberthreats, and then focus on what aspects of cybersecurity are important to them.
2. Leverage Multi-Layered Security
Today’s businesses need a cybersecurity strategy that defends against the methods and vectors of attack employed by today’s cybercriminals. This includes highly deceptive and effective tactics like Ransomware, phishing and business email compromise (BEC). These methods require a layered approach, where each layer addresses a different vulnerability within the larger network topology:
- Perimeter – This is the logical edge of your customer’s network where potentially malicious data may enter or exit. Endpoints (wherever they reside), network connectivity points, as well as email and web traffic all represent areas that may need to be secured.
- User – The employee plays a role when they interact with potentially malicious content. They can either be an unwitting victim or actually play a role in stopping attacks. This makes it necessary to address the user as part of your GTM strategy.
- Endpoint – Consider the entire range of networked devices, including corporate and personal devices, laptops, tablets and mobile phones. Every endpoint needs to be protected.
- Identity – Ensuring the person using a credential is the credential owner is another way to keep customers secure.
- Privilege – Limiting elevated access to corporate resources helps reduce the threat surface.
- Applications – These are used to access information and valuable data. So, monitoring their use by those with more sensitive access is critical.
- Data – inevitably, it’s the data that is the target. Monitoring who accesses what provides additional visibility into whether an environment is secure.
For each layer, there’s a specific tactic or vector that can form the basis of an attack, as well as specific solutions that address vulnerabilities at that layer.
3. Determine the Right Pricing Model
Pricing can make or break a managed service. Too high and the customer is turned off. Too low and there’s not enough perceived value. Pricing is the Goldilocks of the MSP world. It needs to be just right.
Unlike most of your other services, cybersecurity is a constantly moving target, which can make pricing a challenge. After all, a predictable service offering equates to a profitable one. The unpredictability of trying to keep your customers secure can therefore impact profitability. So, it’s imperative that you get pricing correct. Your pricing model needs to address a few things:
- It needs to be easy to understand – Like your other services, pricing should be straightforward.
- It should demonstrate value – The customer needs to see how the service justifies the expense.
- It needs to focus on protection – Because you have no ability to guess the scope and frequency of attacks, it’s important to keep the services centered around preventive measures.
- Consider all your costs – Cost is always a factor for profitability. As you determine pricing, keep every cost factor in mind.
4. Rethink How You Engage Prospects
Assuming you’re going to be looking for new customers with this service offering (in addition to selling it to existing customers), it’s important to think about how to engage prospects. The days of cold outreach are long gone as 90% of buyers don’t respond to cold calls3. Instead, today’s buyer is looking to establish connections with those they believe can assist their business. Social media sites have become the primary vehicle for a number of aspects of the buyer’s journey:
- 75% use social media to evaluate vendors
- 84% of CXOs/VPs use social media to influence buying decisions
- 78% of social sellers outsell those who do not use social media
Build a Cybersecurity GTM Strategy that Works
The biggest challenge with bringing a cybersecurity service to market is meeting the expectations of the prospective customer. Demonstrate value from the very first touch through social media engagement and content. Meet their unique needs with comprehensive solutions that address all their security vulnerabilities. And finally, make sure your pricing is simple, straightforward and easy to understand.
Ransomware: The Bread and Butter of Cybercriminals
Imagine a thief walks into your home and rummages through your personal belongings. But instead of stealing them, he locks all your valuables into a safe and forces you to pay a ransom for the key to unlock the safe. What choice do you have?
Substitute your digital space for your home and encryption for the safe and you have what’s known as ransomware. Ransomware is a type of malware. After the initial infection, your files are encrypted, and a note appears demanding payment, which is usually in the form of cryptocurrency such as bitcoin because transactions can’t be stopped or reversed. Once your files are encrypted, you can’t access them until you pay the ransom.
The roots of ransomware can be traced back to 1989. The virus, known as PS Cyborg, was spread through diskettes given to attendees of a World Health Organization International AIDS conference. Victims of PS Cyborg were to mail $189 to a P.O. box in Panama to restore access to their data.
Historically, ransomware was mass distributed indiscriminately which happened to be mostly personal machines that ended up getting infected. Today, the big money is in attacking businesses. Most of these infections go unreported because companies don’t want to expose themselves to further attacks or reputational damage.
Criminals know the value of business data and the cost of downtime. Because they service multiple SMB customers simultaneously, managed service providers (MSPs) are now an especially attractive target. A successful attack on an MSP magnifies the impact of attacks and the value of the ransom.
Primary ransomware attack vectors – with more detailed descriptions below – include:
- Phishing
- Cryptoworms
- Polymorphic malware
- Ransomware as a Service (RaaS)
- Targeted attacks
Want more on ransomware and how it’s advancing? Click here for a new Community post.
Phishing: Still the No. 1 Ransomware threat
Ninety percent of all Ransomware infections are delivered through email. The most common way to receive ransomware from phishing is from a Microsoft Office attachment. Once opened the victim is asked to enable macros. This is the trick. If the user clicks to enable the macro, then ransomware will be deployed to the machine. Phishing remains a significant and persistent threat to businesses and individuals. The Webroot 2020 Threat Report showed a 640% increase in the number of active phishing sites since 2019.
Cryptoworms
Cryptoworms are a form of ransomware that able to gain a foothold in an environment by moving laterally throughout the network to infect all other computers for maximum reach and impact. The most spectacular incarnation of a cryptoworm was WannaCry in 2017, where more than 200,000 computers were affected in 150 countries causing hundreds of millions in damages.
Polymorphic malware
One of the more notorious forms of ransomware circulating today is polymorphic malware, which makes small changes to its signature for each payload dropped on machine – effectively making it a brand new, never before seen file. Its ability to morph into a new signature enables it to evade many virus detection methodologies. Studies show that 95% of malware is now unique to a single PC. This is largely due to the shape-shifting abilities of polymorphic malware code. Today, nearly all ransomware is polymorphic, making it more difficult to detect with signature-based, antivirus technologies.
Ransomware as a Service (RaaS)
Ransomware has become so lucrative and popular that it’s now available as a “starter kit” on the dark web. This allows novice cybercriminals to build automated campaigns. Many of these kits are available free of charge for the payload, but criminals owe a cut (around 30% but this can vary based on how many people you infect) to the author for a ransom payment using their payload. Grandcab, also known as Sodinokibi, was perhaps the most famous to use this tactic.
Targeted attacks
Cybercriminals are moving away from mass distribution in favor of highly focused, targeted attacks. These attacks are typically carried out by using tools to automatically scan the internet for weak IT systems. They are usually opportunistic, thanks to the vulnerability scanners used. Targeted attacks often work by attacking computers with open RDP ports. Common targets include businesses with lots of computers but not a lot of IT staff or budget. This usually means education, government municipality, and health sectors are the most vulnerable.
Stay cyber resilient with multi-layered defense
As you can see, ransomware authors have a full quiver of options when it comes to launching attacks. The good news is, there are as many solutions for defending systems against them. The best way to secure your data and your business is to use a multi-layered cyber resilience strategy, also known as defense in depth. This approach uses multiple layers of security to protect the system. We encourage businesses of all sizes to deploy a defense-in-depth strategy to secure business data from ransomware and other common causes of data loss and downtime. Here’s what that looks like.
Backup
Backup with point-in-time restore gives you multiple recovery points to choose from. It lets you roll back to a prior state before the ransomware virus began corrupting the system.
Advanced threat intelligence
Antivirus protection is still the first line of defense. Threat intelligence, identification and mitigation in the form of antivirus is still essential for preventing known threats from penetrating your system.
Security awareness training
Your biggest vulnerability is your people. Employees need to be trained on how to spot suspicious emails and what to do in case they suspect an email is malicious. According our research, regular user training can reduce malware clickthrough rates by 220%.
Patch and update applications
Cybercriminals are experts at identifying and exploiting security vulnerabilities. Failing to install necessary security patches and update to the latest version of applications and operating systems can leave your system exposed to an attack.
Disable what you’re not using
Disable macros for most of the organization as only a small percentage will need them. This can be done by user or at the group policy level in the registry. Similarly, disabling scripts like HTA, VBA, Java, and Powershell will also stop these powerful tools that criminals use to sneak infections into an environment.
Ransomware mitigation
Make sure your IT staff and employees know what to do when a ransomware virus penetrates your system. The affected device should immediately be taken offline. If it’s a networked device, the entire network should be taken down to prevent the spread of the infection.
Want to learn more about how to protect your business or clients from ransomware? Here are five actionable tips for better defending against these attacks.
Cyber News Rundown: Android Giveaway Fraud
Thousands of Android Users fall Victim to Giveaway Fraud
Upwards of 65,000 Android users were potentially compromised after installing a malicious app promising free giveaways. Over the year the scam was in effect, roughly 5,000 apps were spoofed to lure victims into downloading in exchange for a phony giveaway. In reality, the infection pushes silent background ads which generate ad revenue for the scammers and decrease device performance.
North American Real Estate Firm Hit by Ransomware
A new ransomware variant known as DarkSide claimed its first victim, Brookfield Residential, after operating for nearly two weeks. The North American real estate developer recently noticed unauthorized access to several systems and was left a ransom note stating that over 200GB of data had been stolen. The data has since been published to DarkSide’s leak site, which has prompted many to speculate the ransom was not paid by Brookfield Residential.
Cryptominers Caught Using AI
Researchers have been at work creating an AI algorithm to detect malicious cryptocurrency miners while avoiding legitimate ones. The detection method compares currently running miners to graphs of both legitimate and illegitimate miners and monitors changes between the processes being used and the scheduling of mining activity. This type of detection may be put to use to decrease the overall use of malicious code that can often tax the system’s CPU usage to max capacity.
Los Angeles School District Suffers Cyber Attack
Just weeks after the FBI issued a warning about the threat of cyberattacks against school districts, the Rialto School District in California has fallen victim to just such an attack. These setbacks have made the return to online schooling particularly difficult. The extent of the attack remains unclear and officials are still working to determine the effects on the 25,000 enrolled students.
Maze Ransomware Cartel Adds New Variant Team
The authors of the lesser-known ransomware variant SunCrypt have recently joined forces with the Maze ransomware cartel. It’s believed the new cartel members were brought in to assist with the high volume of attacks that the Maze Group is handling and are being paid with a portion of its profits. In addition to new revenue streams from its partnership with the organization, cartel members also benefit from access to the Maze Group’s resources including obfuscation techniques and posting cartel member’s stolen data to their dedicated leak site.
10 Ways a Commercial DNS Filtering Service Improves Your Cyber Resilience
If you’ve landed on this blog, then there’s a good chance you’re already aware that DNS is undergoing a major overhaul. DNS 2.0—aka encrypted DNS, DNS over HTTPS, or DoH—is a method for encrypting DNS requests with the same HTTPS standard used by numerous websites, such as online banking, to protect your privacy when dealing with sensitive information display.
While there’s no doubt that DoH offers incredible privacy benefits, it also has the potential to be a major security risk for businesses. That’s because DoH effectively wraps DNS requests in encryption protocols, which prevent traditional DNS or web filtering security solutions from being able to filter requests to malicious, risky, or otherwise unacceptable or inappropriate websites.
Although some DNS filtering solutions are now making moves to modernize, many of them simply provide the option to either allow or block all DoH requests, rather than offering any sort of nuanced control.
“That’s really where Webroot® DNS Protection differs from the competition,” says George Anderson, product marketing director at Webroot, an OpenText company. “Ours is currently the only DNS security product that lets businesses fully leverage DoH and its privacy benefits. Our solution encrypts data using HTTPS to route DNS requests through secure Webroot resolvers to prevent eavesdropping, manipulation, or exploitation of data.”
How a Commercial DNS Filtering Service is a Game Changer
According to George, the cyber resilience benefits of using a private, commercial DNS security service that fully supports DoH are numerous. When we asked him to narrow down to his top 10, here’s what he had to say.
- First, it provides a very secure, reliable, multi-point of presence connection to the internet with high availability.
- Second, trusted DNS resolvers process ALL of your internet requests—we are talking any user, server, or application using the internet with a single, tamperproof choke point for admin and policy request controls.
- Third is confidentiality. It keeps your organization’s internet requests private and invisible to malicious actors, your ISP, and so-called “free” DNS resolvers—all of whom can abuse this data.
- It then gives your organization full visibility and log access to all of your internet traffic requests, allowing for security analysis and management through reports or ingestion via a SIM/SIEM.
- With Webroot, you also get transparent security policy filtering of both encrypted (DoH) and clear text (DNS) requests.
- Webroot BrightCloud® threat intelligence data automatically applies the latest and most accurate internet domain security in real time to every outbound request, regardless of source, meaning we stop the majority of malicious and suspicious request responses that could have led to a breach.
- A commercial service also provides the flexibility to manage internet access for guest/public WiFi networks, IP address ranges, user groups down to individual user, and lets you filter using a wide range of domain categories.
- In the context of WFH, if the user is connected to the internet via VPN or a local DNS agent on their device, then a DNS filtering solution protects them no matter where they connect.
- Also, from a WFH perspective, you need your DNS security service to integrate with the majority of VPNs and work easily with your other security and network technologies.
- Lastly, and definitely key your organization, a commercial DNS security service can offer great visibility into internet usage with scheduled executive reporting that lets you oversee internet use, assist with HR initiatives, and help ensure compliance.
As DoH continues to grow in adoption, George advises all businesses to be proactive about their cyber resilience strategies. Particularly as more work is conducted outside of more traditional office settings, it’s critical to understand and embrace the value that a flexible cloud gateway—whose protection is not confined to a physical network—can offer.
“Ultimately, in a world where many companies continue to support remote workers, businesses really can’t afford not to use a filtering solution that provides both privacy and security control.”
– George Anderson, product marketing director at Webroot, an OpenText company
Learn more about Webroot’s answer to DNS filtering or take a free trial of Webroot DNS Protection here.
Cyber News Rundown: Ransomware Targets Major Cruise Line
Ransomware Attack Targets Major Cruise Line
Officials for Carnival Cruises have confirmed that a portion of their IT systems were encrypted following a cyberattack identified over the weekend. The company also revealed that sensitive information for both employees and customers was illicitly accessed, though they did not admit to what extent.
Millions of Social Media Profiles Exposed
More than 235 million social media profiles belonging to several major platforms, which contained personally identifiable information including names, locations and contact data, were publicly exposed due to a misconfigured database. Social Data, an online data marketing broker, seems to be the owner of the data, though it is unclear how they obtained it since data scraping for profit is generally not tolerated by Facebook or other platforms. According to Social Data, the database was exposed for up to three hours after initially spotted. It remains unknown how long the data was accessible without authentication.
Wine and Spirits Conglomerate Suffers Ransomware Attack
Brown-Forman, the parent company of many major liquor brands, recently fell victim to a ransomware attack that appears to be the work of the REvil ransomware authors. While the company was able to detect and thwart the attack before encryption, upwards of 1TB of highly sensitive internal information on employees, clients, and financial statements was stolen. Though no formal ransom was delivered, the attackers are likely to auction the data imminently.
File-less Worms Creates Linux Crypto-mining Botnet
Linux systems are on the lookout for a new infection that has been silently creating a botnet to employ target machines as crypto miners. Since the start of the year, over 500 SSH servers have been infected around the world by a worm creating additional backdoors to allow attackers to return to the systems later. Due to the file-less nature of this infection, a simple reboot of the system can temporarily remove the malicious processes, but because the login credentials have already been exported the system can be quickly re-infected.
Canadian COVID-19 Relief Sites Breached
Several Canadian government websites connected to healthcare relief funds were breached with the intent to steal COVID-19 relief fund payments. Though only a small portion of the 12 million total accounts, 9,000 GCKey accounts were directly affected after being breached via credential-stuffing. Credential-stuffing uses brute force attacks with employs previously leaked credentials in the hopes victims use the same login info for multiple sites. Since the websites affected don’t use multi-factor authentication, the odds of a successful credential-related attack were increased.
WFH for the Long Haul? These Tips Will Help You Create a Cyber Resilient Home Network
Cyber resilience is being put to the test during the coronavirus pandemic. As more and more users work from home, it’s becoming increasingly difficult for IT teams to ensure uniform cyber security on home devices and networks that they don’t own or control. At the same time, cybercriminals are using the pandemic to launch more deceptive attacks. In this post, we’ll break down a few steps you can take to add resilience to your home network, so you don’t have to sacrifice security for convenience during the global pandemic. We cover all of these tips and more in our Work From Home Playbook.
The secure tunnel
We lose a measure of security the minute we step outside the protective shell of our corporate network. The average home network is significantly less secure than corporate networks. This leaves remote workers more vulnerable to attacks anytime they’re not connected to the corporate network.
Luckily, you can easily improve your at-home security by using a virtual private network (VPN). With a VPN, you can establish a secure tunnel between your home network and your corporate environment, making your home connection more immune to outsider attacks. A VPN extends your home network – or connection from the local coffee shop – across a public network, allowing you to interact with your corporate system as if you were connected directly to it. This allows applications to operate securely and encryption to be enabled within the connection, ultimately privatizing any data being shared or input.
Handshake hygiene
A clean handshake is healthier in the physical world. And it’s the same with the digital handshake between your home devices and your corporate network. Anytime someone from outside the network attempts to log on, there’s a risk the person isn’t who they say they are. Login credentials are stolen all the time. In many scenarios, all it takes is a username and password to gain access to the company network. Once inside, cyberthieves can unload malicious payloads or find additional user credentials to launch even more pernicious attacks. But by adding just one extra layer of security in the form of an additional checkpoint, it’s possible to thwart most attacks that rely on only a username and password.
That’s why multi-factor authentication (MFA) has become the go-to method for adding extra verification steps to confirm that the person logging on is truly who they say they are. With MFA, the user verifies their identity using knowledge only they have, like a password or answers to challenge questions. As an additional verification step, the user supplies an item, like a YubiKey or a one-time password sent to a mobile device. Lastly is an inherited characteristic unique to who the person, such as a fingerprint, retina scan, or voice recognition. In today’s highly regulated business environment, most businesses make MFA mandatory for employees logging in from outside the network.
First, second and third lines of defense
Cybercriminals have a full quiver of options when it comes to launching attacks. But the good news is that there are also multiple solutions for defending home systems against them. The best way to secure the home network is to use a multi-layered cyber resilience strategy, also known as defense in depth.
This approach uses multiple layers of security to protect home devices and the networks they’re connected to. Here’s what that looks like:
- Backup – Backup with point-in-time restore gives you multiple recovery points to choose from. It ensures you can roll back to a prior state before the ransomware virus began corrupting the system.
- Advanced threat intelligence – Premium antivirus protection is still the first line of defense. And antivirus that is backed by advanced threat intelligence, identification and mitigation is essential for preventing known threats from penetrating your system.
- Patch and update applications – Cybercriminals are experts at identifying and exploiting security vulnerabilities. Failing to install necessary security patches and update to the latest version of applications and operating systems can leave your devices exposed to an attack.
Learn more
Cyber resilience while working from home is every bit as critical as working on-site. For more tips on how to add resilience to your home environment, and how to prepare your space for working from home long-term, download the Work from Home Playbook.
Cyber News Rundown: Ransomware Strikes Colorado Town
Colorado Town Suffers Ransomware Attack
The town of Lafayette, Colorado, fell victim to a ransomware attack last week without the capability to recover from the attack without paying a ransom of $45,000 in cryptocurrency. The attack disabled many city services for a number of days until officials determined they would not be able to recover without paying for systems to be decrypted. This attack was another example of how having data backed up, even if somewhat dated, is less expensive and more secure in the long run.
Illinois Healthcare Data Breach
The Illinois healthcare system suffered a multi-month data breach stemming from several compromised email accounts earlier this year. The breach does not affect all IHS clients, but those who were affected had much of their sensitive information, including social security numbers and personal health documents, leaked. The breach began in early February, but victims were not informed until the end of July, when they were offered credit and identity monitoring services to protect against illicit use of their data.
Cyberattack Strikes InfoSec Training Organization
One of the largest cybersecurity training organizations was recently targeted by a phishing attack against an internal email account. The compromised account was then used to install an illicit Office365 add-on to maintain control of the account and to forward over 500 emails to a third-party account, many of which contained sensitive information on customers. Affected customers have been contacted and warned to be vigilant against future phishing attacks.
Pace Center Data Compromised Following Blackbaud Breach
Some donor data for the Florida-based non-profit Pace Center for Girls was leaked after a data breach targeted its software provider, Blackbaud, in May. The breach affected over 200 organizations relying on Blackbaud for cloud-computing services and contained personally identifiable information on thousands of donors. Fortunately, no payment card data was included in the breach and the Pace organization has begun improving security protocols to avoid further attacks.
Payment Card Data Stolen from MSU Website
At least 2,600 individuals were possibly affected by a payment card leak after the Michigan State University online shop was infiltrated through a known website vulnerability. The attack used a card-skimming technique and remained active on the site for nearly a year, leaving many customer’s data vulnerable to other possible attacks. This would be the second cybersecurity-related incident to target MSU in the last year. In May, the university was hit with a ransomware attack that resulted in the publishing of stolen data.
Cybersecurity and Back to (Virtual) School 2020: What You Need to Know
Even though the 2020 Back to School season may look very different from those in years past, there are a few things that will remain the same. First, since Back to School is often when parents and caregivers stock up on new clothes, tech, and school supplies for students, it’s also when lots of stores (especially online retailers) run huge sales.
Second, there will be the customary
spike in cyberattacks. In fact, the attacks on the Education sector are already
up. The latest
data from Microsoft shows that the Education sector has recently suffered
more encounters with malware (over 5,000,000 in the last 30 days) than any
other industry!
Since a lot of children and teens will be attending school
virtually, either part-time or full-time, they’ll be spending even more time on
the internet than they currently do. The more time they spend online, the
higher the risk they face.
Here are the top threats to watch out for, as well as tips for how to help keep
young learners safe during Back to (Virtual) School.
Phishing
According to Tyler Moffitt, security analyst at Webroot, “phishing isn’t going to go away any time soon. As tactics go, it’s an oldie, but goodie. Times of year when people do more shopping, like Back to School or Christmas, are a big draw for cybercriminals. We always see a spike in phishing during those times. And with more people shopping and streaming online during COVID-19, I’m betting we’ll see even more activity this year than we would normally expect.”
To underscore Tyler’s point, the latest intelligence from the Webroot BrightCloud® Real-Time Anti-Phishing service shows that phishing URLs targeting global streaming services have increased significantly. In March 2020 alone, we saw the following increases in phishing URLs, broken out by service:
- Netflix – 525% increase
- YouTube – 3,064% increase
- Twitch – 337% increase
- HBO – 525% increase
Not only should you and your young learner keep an eye out for email scams, but also bear in mind that phishing can happen through a variety of channels. Because many students will end up communicating mostly via online chat, text message (SMS), or social media, it’s important for us all to be extra vigilant about what we click, what we download, and what information we transmit.
Zoom-bombing
The rise in the use of Zoom and other videoconferencing platforms has also paved the way for malicious actors to cause trouble. While it’s named after Zoom, zoom-bombing as a term refers to the act of intruding on a video conference on any platform and creating a disruption, such as spreading hate speech, displaying pornography, and more.
Additionally, Webroot threat researchers have seen videoconference executable files (i.e. the file you run to launch the program) either faked or manipulated so that unwitting victims end up downloading malware.
Fake Websites and Spoofing
Webroot researchers have seen huge jumps in the number of fake websites out there, particularly those with “COVID” and related terms in their domain names. Tyler also warns us to be on our guard for website spoofing, which is when malicious actors create a fake version of a website that looks like the real thing.
“A lot of people will have to access specific websites and online systems for school and related activities,” he says. “Criminals will effectively set traps, so that a mistyped URL or a fake search result could land you on a fake page that looks completely real, only to steal your info or install malware on your system.”
How to Keep Yourself and Your Family Safe
Here are Tyler’s top tips for staying safe online through Back to School and beyond.
- Use internet security software.
If you haven’t already, install internet security with antivirus on all your devices, especially those that will be used for schoolwork. Don’t forget about using a VPN to protect kids’ internet activity from prying eyes. - Update videoconferencing software.
Make sure children and teens are always using the most up-to-date versions of Zoom (or any other videoconferencing software) to ensure they have the latest patches to prevent malware distribution and disruptions. - Watch out for phishing in all its
forms.
Talk to kids about phishing. Make sure you all know to look before you click. And remember, phishing scams can look just like a text message from a best friend, classmate, or teacher, so always be wary of messages that ask you to click a link or download a file. Use a secondary means of communication, like a phone call, to verify that these are legitimate. - Use your bookmarks.
Bookmark all required distance learning pages. Criminals may try to spoof these for phishing, especially if there is a popular portal that many schools use. Using a bookmark, instead of Googling and clicking a search result, will help ensure that your kids are on the right page. - Just say ‘no’ to macros.
If you or your kids download a document and it asks you to enable macros or enable content, DO NOT DO IT. This is very likely to be a malicious file that will infect your computer. - Use a secure backup.
When we’re all so reliant on our computers and other internet-connected devices to work and study, it’s extra important to make sure they’re backed up. Nobody wants to lose a term paper or other important documents to a malware infection, hardware failure, damage, loss, or theft. Save yourself the hassle and heartache by investing in backup software.
This Back to School season, it’s especially vital that we all do what we can to ensure children and teens have the skills, awareness, and security protocols to stay safe. By following these tips, you can help make sure they stay safe today, tomorrow, and beyond.
Company Culture and Cyber Resilience by the Numbers
There’s no doubt we’ve all had to change our work habits as a result of the global coronavirus pandemic. Companies have had to adapt rapidly to smooth the transition to work from home. But companies will have to do more than adapt if they’re going to make cyber resilience a long-term priority going forward. As the edge of the network expands to include thousands of home networks and devices, it’s going to fall on leadership to establish a culture of cyber resilience, so employees internalize cyber security best practices instinctively.
What is a cyber resilient culture?
We asked Principal Product Manager Philipp Karcher what a cyber resilient culture is and what it takes to establish one at an organization. He said a culture of cyber resilience recognizes that everyone – not just IT – has role in cyber security. Karcher defines cyber resilience as the application of the same principles of IT resiliency so that employees:
Business benefits of security training
When businesses internalize this culture, they’re better prepared, better able to respond and better positioned to experience growth, Karcher says. Asking employees to devote time and effort toward security awareness is an investment in the future of the business.
On the other hand, businesses that don’t actively work toward a culture of cyber resilience are more vulnerable to cyberattack. Their employees are more likely to practice poor password hygiene, click on something they shouldn’t and make other mistakes, like misconfiguring access rights or accidentally sending someone the wrong file.
Cyber Resilience training delivers results
While IT resilience focuses on hardening data and applications, your overall cyber resilience as an organization depends equally on making users resilient. This should include a program of training and communication on security issues employees need to be aware of and education on how to properly respond to incidents.
We believe that when you look at the results of Webroot’s training program, it’s no wonder why it was recognized as a Strong Performer in The Forrester Wave™: Security Awareness and Training Solutions, Q1 2020. According to data from the Webroot Threat Research team:
Webroot also partnered with leading cybersecurity education content provider, NINJIO, to deliver engaging three-to-four-minute Hollywood-style micro-learning videos that feature updated COVID-19 content and encourage cyber resilient behavior, like identifying phishing emails and malicious URLs.
In addition to regular employee training, Karcher says businesses should publish regular communications on security topics in the form of emails, internal social media, posters and videos. Examples include coverage of real-world threats they need to defend against in their work and personal lives, and industry news about other businesses that were adversely affected by attacks.
Cyber resilience can only become a part of culture through sustained, long term engagement – not just annual check-box training.
Interested in implementing a culture of cyber resilience? Take the first step here.
Cyber News Rundown: Twitter Hack Arrests
Multiple Individuals Charged for Twitter Hack
Three people were charged with last month’s Twitter hack, which generated over $100,000 in bitcoin by hijacking high-profile accounts. Of the 130 accounts used to spread the Bitcoin scam, major names included Elon Musk and Bill Gates, who have been portrayed in similar past scams. The FBI was apparently able to identify the perpetrators through a known hacking forum offering Twitter account hacking services for a fee.
Kentucky Unemployment Faces Second Breach in 2020
Kentucky’s unemployment system suffered its second data breach of the year last week. The breach came to light after a user reported being able to view another’s sensitive information while attempting to review their own. Officials are still uncertain how the breach occurred or the exact contents of the information available to the person who reported the incident.
Canon Suffers Ransomware Attack
Several services related to Canon, including its cloud storage systems, fell victim to a ransomware attack that knocked them offline for nearly a week. In addition to the offline systems, more than 10TB of customer data were allegedly stolen and a ransom note pertaining to the Maze Ransomware variant was identified. A large number of Canon’s website domains were also taken offline, with an internal server error being displayed to site visitors.
Havenly Interior Design Breach
A data trove containing roughly 1.4 million Havenly user accounts were posted for sale on a Dark Web marketplace last week. It included personally identifiable information of customers including names, physical addresses and emails. The company’s official statement stated no financial information was lost in the breach. While Havenly has recommended all customers update their login credentials, the breach occurred well over a month ago, enough time for affected customers to be subjected to identity theft or attacks aimed at compromising further accounts.
Massive VPN Server Password Leak
The credentials for over 900 enterprise-level VPN servers from Pulse Secure recently appeared on a hacker forum known to be frequented by ransomware groups. The plain-text information contains enough information to take full control of the servers that are currently running a firmware with known critical vulnerabilities identified within the past two months. The vulnerability that allowed this breach, CVE-2019-11510, was identified and a patch was released late last year. Many of the attack’s victims had neglected to implement the patch.