Reading Time: ~ 1 min.

Cybersecurity in Schools: What Families Need to Know

Our kids are more connected than any previous generation. From the moment they wake up, they have an instant connection to the internet through phones, tablets, and laptops. The internet is also now an important part of their learning experience, and many parents...

Context Matters: Turning Data into Threat Intelligence

1949, 1971, 1979, 1981, 1983 and 1991. Yes, these are numbers. You more than likely even recognize them as years. However, without context you wouldn’t immediately recognize them as years in which Sicily’s Mount Etna experienced major eruptions. Data matters, but only...

Out from the Shadows: The Dark Web

You’ve likely heard of the dark web. This ominous sounding shadow internet rose in prominence alongside cryptocurrencies in the early 2010s, eventually becoming such an ingrained part of our cultural zeitgeist that it even received its own feature on an episode of Law...

Webroot DNS Protection: Now Leveraging the Google Cloud Platform

We are  excited to announce Webroot® DNS Protection now runs on Google Cloud Platform (GCP). Leveraging GCP in this way will provide Webroot customers with security, performance, and reliability.  Security Preventing denial of service (DoS) attacks is a core benefit...

Streaming Safer Means Streaming Legally

It’s been more than a decade since Netflix launched its on-demand online streaming service, drastically changing the way we consume media. In 2019, streaming accounts for an astonishing 58 percent of all internet traffic, with Netflix alone claiming a 15 percent share...

A Cybersecurity Guide for Digital Nomads

Technology has unlocked a new type of worker, unlike any we have seen before—the digital nomad. Digital nomads are people who use technologies like WiFi, smart devices, and cloud-based applications to work from wherever they please. For some digital nomads, this means...

Cyber News Rundown: Android Adware

Reading Time: ~ 2 min.

Android Apps Riddled with Adware

Another 85 photo and gaming apps have been removed from the Google Play store after they were discovered to have been distributing adware to the roughly 8 million users who had downloaded the fake apps. The adware itself is rather tricky: by sitting dormant on devices for at least 30 minutes to avoid detection, they are then able to display a steady stream of full-screen ads that make users wait through each in its entirety before allowing continued use of the app.

Learn more about mobile security for shopping, banking and browsing.

Texas Hit by Multiple Ransomware Attacks

Several Texas municipalities have fallen victim to a single ransomware campaign affecting at least 22 locations and asking a cumulative ransom of $2.5 million. The state of Texas has been under fire for the past few months, suffering a seemingly endless string of ransomware attacks on local governments. Fortunately, many of the targeted districts have been swift to remediate issues and are already on the path to full system recovery, managing to avoid paying heavy ransoms.

Steam Zero-Days Released After Valve Bans Submitter

A researcher recently found several zero-day vulnerabilities within the Steam API that could allow for local privilege escalation (LPE), which could then allow malware to use the client as a launching point. Unfortunately, Valve decided the bug was outside of its scope of responsibility, locked the report, and refused to investigate it any further, also banning the submitter from the bug bounty program. Eventually, after much negative media coverage, Valve pushed out a patch that was quickly subverted by another workaround. It is unusual for a company with so many active users to blatantly ignore one of Microsoft’s most commonly patched vulnerabilities.

Adult Site Database Exposed

Yet another adult site has fallen victim to poor information security practices after a database containing personally identifiable information belonging to nearly 1 million users was misconfigured and left publicly available. The leak was discovered by researchers who were able to verify a breach and swiftly report it to the site, which took only four days to secure the data. Site users were notified of the breach and are being advised to change login credentials, especially those using work devices or contact details.

Magecart Found in Poker Tracker

The infamous Magecart card-skimming script was recently found loaded into Poker Tracker’s main site, which allows online poker players to make statistics-based betting decisions. It was later revealed that the site was fully injected via an outdated version of Drupal that has since been updated. The attack left the attackers with a copy of every payment made through the site or the app. 

Cybersecurity in Schools: What Families Need to Know

Reading Time: ~ 3 min.

Our kids are more connected than any previous generation. From the moment they wake up, they have an instant connection to the internet through phones, tablets, and laptops. The internet is also now an important part of their learning experience, and many parents often assume that cybersecurity has risen as a priority for school administrators. But with many institutions struggling to modernize legacy systems, that assumption puts our children’s security at risk. Here are the top threats to cybersecurity in schools and how to protect against them, so you can send your kids out the door knowing they’re safe and secure. 

Learn how VPNs help safeguard your data and can enable private and anonymous web browsing.

Unsecured School WiFi

Many school WiFi networks are as vulnerable as any public network at a coffee shop or airport. In an attempt to secure WiFi networks in K-12 environments, many schools use pre-shared key (PSK) authentication. PSK authentication is the practice of sharing a single WiFi password with network users in order to grant access. This password often makes its way onto unauthorized devices, granting potentially malicious users access to the school’s network, and to your child’s digital footprint.

Weak Cybersecurity Practices

A school’s cybersecurity defense plan is only as strong as its weakest link, and that weak link is often the plan’s users and overseers. According to Verizon’s 2019 Data Breach Investigation Report, a startling 35% of all education sector data breaches were caused by human error. Mistakes as simple as using discontinued or out-of-date software can leave entire school systems vulnerable—even at prestigious institutions like Stanford University. Because Stanford was using discontinued software called NolijWeb, a white hat hacker was able to exploit a security flaw that left sensitive student data easily accessed through a simple change to a numeric ID in a URL. While exploring the scope of the vulnerability, 81 students’ private data was exposed, including information like Social Security numbers, citizenship status, criminal status, standardized test scores, ethnicity, and home addresses.

Targeted Cybersecurity Attacks

Due to the highly sensitive data stored within their systems, education IT infrastructure is consistently a top target for cybercriminals. K-12 school systems and higher education saw more than 48 million records exposed through data breaches in 2017 and 2018 alone. The threat has become a large enough issue that the FBI has released a public service announcement warning that the education sector was one of those most frequently targeted by social engineering schemes and phishing attacks. 

Beyond traditional cyber threats, schools often face a unique adversary—the students themselves. The Joint Information Systems Committee (JISC) recently conducted a survey that examined more than 850 cyberattacks against schools and concluded that a majority of those incidents had been perpetrated by students or school staff. Although an attacker who targets a school so that they won’t have to take a test may not be as costly as one that targets student data, it still can grind a school system to a halt.

How to Protect Your Student’s Cybersecurity

How can you protect your child’s cybersecurity while they are at school? Get involved. Ask the school’s administrators about their cybersecurity policy. Ask about their strength of their firewalls, their email security measures, and the amount of encryption applied to the data storage systems. If you’re not satisfied with their measures, be your child’s cybersecurity advocate.

Although you may have limited control over any school-provided devices, you can secure your child’s personal devices behind a trusted VPN (though they must know how to use it first). This will wrap your child’s data in a tunnel of encryption, protecting them from prying eyes wherever they go. In some cases, VPNs can prevent access to testing and curriculum sites on school networks, so students should know how to connect and disconnect to their VPN at will.

Most importantly, teach your child to be aware of the risks of cybercrime and how to combat them. Help them understand how a VPN and other measures can keep them safe, how to recognize phishing attacks, and why they should always be vigilant. Your child knows to wear a seatbelt when riding in someone else’s car, they should also know how to stay safe online, whether at home, school, or a friend’s house.

The key to truly protecting your children from potential cybersecurity threats is education, both for yourself and for your family. Follow us on Facebook and Twitter to stay up to date on the latest risk reports and security tips.

Get to Know Manager of Software Development, Fred Yip

Reading Time: ~ 2 min.

With job growth projected to surge 24% over the next seven years, software engineering is one of the most demanded professional fields in the U.S. Exceptionally competitive pay and the chance to pursue careers across many industries are just a few benefits of being a software engineer.

We explore how software engineers working in cybersecurity face unique challenges and opportunities in our sit down with Fred Yip, Manager of Software Development in Webroot’s San Diego office.

Besides this sunny San Diego weather, what gets you out of bed and into the office?

I’m surrounded everyday by smart people who want to do their best to solve customer problems. There is a lot to do, but the work is very engaging and rewarding. My favorite part of the job is working closely with my team to deliver products to our customers. We work in a startup-like environment. Everyone wears many hats: as software developer, as tester, DevOps engineer, and customer support. 

There are many industries that demand your talent, what drew you to cybersecurity?

Cyberattacks are a rising trend. I used to work for an enterprise serving Fortune 500 companies. Knowing that cyberattacks affect everybody, I saw an opportunity to bring my skillset to Webroot. We extend our product to small and mid-sized businesses as well as consumers, which gives me the satisfaction of building a top-notch technology for anyone who needs it, whether it be a doctor’s office, coffee shop, or someone walking down the street.

What does a week of life at Webroot look like for you? 

A typical week for a manager is not much different than that of a team member. We do software development, testing, and deployment of product features as a team. I help design and implement the cloud infrastructure that supports our software components as microservices. In addition, I look out for the well-being of each team member in terms of technical, personal, and career development. 

What skills and traits do you look when hiring software engineers?

As an engineer, you have to be a team player, not self-focused. I look for a lot of integrity and honesty about what they are doing and what they know and don’t know. An eager attitude toward learning is important because it allows them to solve problems and contribute to the team. When they bring their best character and performance, they help to build a strong team. As long as someone has some relevant experience, they can always learn the technical skills. And an ability to learn new things quickly is another thing I always look for in a potential team member.  

Are there any outside activities that you and your team are involved in?

We attended a coding challenge at UC San Diego earlier this year, where we host students for a friendly competition. It was very high energy and there was a lot of participation. It was a fun challenge beyond just writing code. You could actually see the code working against others and the top winner was recognized after we gave out prizes. I always tell candidates to participate in the event, it’s a way to motivate them to join our team!

Check out Highlights from the UCSD Coding Challenge

Cyber News Rundown: Hookup App Exposes Users

Reading Time: ~ 2 min.

Hookup App Leaks User Locations

Geo-locating and other sensitive data has been leaked from the hookup app 3fun, exposing the information for more than 1.5 million users. While some dating apps using trilateration to find nearby users, 3fun showed location data capable of tracing a user to a specific building or floor. Though users had the option to disable coordinate tracking, that data was nevertheless stored and available through the app’s API. 3fun has since resolved the leak and has hopefully implemented stronger security measures considering the private nature of their client’s activities.

Ransomware Attacks on DSLR Cameras

Malware authors continue to find new victims, as a ransomware variant has been found to be remotely attacking Canon DSLR cameras and demanding a ransom to regain access to the device. Researchers have found multiple vulnerabilities that could allow attackers to perform any number of critical functions on the cameras, including displaying a ransom note and remotely taking pictures with the camera. Fortunately, Canon has already begun issuing patches for some of its affected devices, though it’s taking longer to fully secure others.

Take back your privacy. Learn more about the benefits of a VPN.

Google Drive Exploit Allows Phishing Campaign to Flourish

A new phishing campaign has been discovered that uses a legitimate Google Drive account to launch a phishing campaign that impersonates the CEO asking the victim to open the Google Docs file and navigate to the phishing site’s landing page. Luckily for victims, the campaign has a few tells. The phony CEO email address uses a non-conforming naming convention and the email itself appears to be a hastily compiled template.

British Airways Data Leak

British Airways has again come under scrutiny, this time after it was discovered that their e-ticketing system was leaking sensitive passenger data. The leak stems from flight check-in links that were sent out to customers containing both their surname and booking confirmation numbers completely unencrypted within the URL. Even more worrisome, this type of vulnerability has been well-known since last February when several other airlines were found to have the same issue by the same security firm.

Android Trojan Adds New Functionality

Following in the footsteps of Anubis, an Android banking Trojan for which source code was recently revealed, Cerberus has quickly filled the void without actually borrowing much of that code. One major change is that Cerberus implemented a new method of checking if the device is physically moving or not, in hopes of avoiding detection by both the victim and any researchers who may be analyzing it. Additionally, this variant uses phishing overlays from several popular sites to further collect any login credentials or payment card data.

Will You Ace Your Cybersecurity Internship?

Reading Time: ~ 4 min.

Cybersecurity has become the hot industry – tips and tricks on how to get the most out of your cybersecurity internship (and land a job after graduation). 

Students today are faced with grueling course loads, pressure to get real-world experience and a looming competitive job market. The need for hands-on knowledge and a developed resume is crucial, making internships a necessity. However, once you nail your interview and land your position, how do you prepare and make the most out of the opportunity?

The goal of an internship is to prepare you for your future career. While earning a college degree in computer science is quite an accomplishment, in the cybersecurity field, a theoretical knowledge and your required coding and science classes just aren’t enough. It’s critical to supplement those courses with real experience tackling a variety of threats in the cyber landscape, not only to gain new skills, but also understand what it’s really like to work in cybersecurity to decide if that career path is right for you.

Learn how Webroot is building a cybersecurity talent pipeline through our annual Coding Challenge.

According to a recent Wall Street Journal article, companies and government organizations are beginning to lock in contracts with cybersecurity job candidates younger than ever before–during junior, sometimes even sophomore year. Often, these early recruits are individuals who interned for the company in the past and proved themselves as an invaluable member of the team; securing a good position and acing your internship have never been more crucial to future career success. There’s no better feeling than having job security heading back to college for your senior year or being able to focus your electives on skills that will immediately translate to skills you’ll need for your upcoming role.

Be Eager and Ready to Learn 

While pursuing a major in cybersecurity provides the background necessary for your internship, you won’t know it all. You should walk into your internship everyday ready to learn the ins and outs of the field and be eager to take on new experiences. Say “yes” to everything.

According to William W. Dyer, director of the Corporate Affiliates Program for the Jacobs School of Engineering at the University of California San Diego, “Students study theories, case studies and learn both fundamental and advanced coding, but are not able to work on threats and breaches in real-time. They have structured work with a finite ending (quarters are 10 weeks long), whereas hacks and threats can happen at any time and require immediate response and solutions.”

A simple way to learn (and network) is to reach out to a few professionals who are working on a project you’re interested in or skilled in an area you’d like to further develop. Grabbing a quick coffee with someone who has been working in the cybersecurity field will allow you to gain valuable insights and real-world anecdotes. Not only will these people be able to mentor you, but they could even be a reference when the time comes for you to apply for jobs after graduation. 

Be Up-To-Date on All Things Cybersecurity 

Before your first day, it’s important to be well versed in the latest cybersecurity news, trends and data breaches. Taking the initiative to keep up on the latest in the industry and to provide an educated opinion on these issues will not only set you apart from other interns, but it will impress your managers and allow you to have a deeper understanding of your tasks and assignments. Every security incident is an opportunity to learn and ask questions that will serve you well later.

When pressed for what cybersecurity students should do to prepare for a future career in the space, Fred Yip, manager of software development at Webroot said, “Follow cybersecurity news and podcasts to understand what problems the industry is facing.” 

Listening to a security podcast on your morning commute or setting up simple Google alerts for topics such as, ‘data breach,’ or ‘cybersecurity,’ will keep you up to date on the conversations happening in the space. Lots of great discussions happen on professional LinkedIn forums and Twitter too.

Continue to Grow in Cybersecurity, Even After Your Internship Ends

Once your internship has concluded, it is important to keep growing and honing your arsenal, especially that crucial developer knowledge. According to Dyer, “We encourage our students to participate in any and all extracurricular activities that enhance their skills.” Taking online tutorial courses or participating in hackathons or coding challenges are a great way to put your new skills to the test.

That said, continuing to challenge yourself in school and taking coding and cybersecurity classes is also important. Classes that are focused around operating systems, network security, digital forensics or a variety of computer programming languages like C++, Javascript, Python are all courses that will serve you in your future career. Finding the link between class and real-world is the key to a successful career. 

Also continue following industry news and engaging with professionals through social channels. The network you create during your college years with classmates, professors and folks you meet during your internships will be instrumental in securing future opportunities. Check in with your internship managers, what’s their take on the latest data breach, acquisition or trend?

In today’s competitive job market, setting yourself apart through quality work is important and can be the key to a future at that company. While the classroom provides you with the concepts necessary to succeed, real-world experience will not only help you decide if a career in cybersecurity is something you want to continue to pursue, but you will gain invaluable knowledge and begin to grow your professional network that will be so crucial upon graduation. It is important to connect with colleagues and other interns, keep up with cybersecurity news, engage with professionals and accept as many opportunities as possible to learn about your chosen career path, allowing you to get the most out of your internship.

Cyber News Rundown: Children’s Tablets Show Vulnerabilities

Reading Time: ~ 2 min.

Children’s Tablets Leave Users Vulnerable

At least one LeapPad tablet designed specifically for children has been found to harbor critical vulnerabilities in the app Pet Chat that could allow unauthorized access to online traffic. The vulnerabilities could be used locate the tablet’s owner by creating a temporary WiFi network to help the user connect with other devices in the area. In addition to the remote access, local attackers would be able to send messages to children through non-HTTPS communications.

UK Universities Lacking Security

A recent study found that nearly 65% of the UK’s top universities are currently operating with sub-standard cybersecurity, especially during the time that students would be sitting for final exams. Among the remaining 35% of universities that did have some domain authentication, only 5% of those were using settings that would fully block phishing emails. If UK university students are requesting any login changes, they should be cautious when opening anything they receive, as the message may be compromised.

Intel CPU Patch Issued by Microsoft

Microsoft just released a patch for an Intel CPU vulnerability that was brought to light in 2012. The flaw could have been used to breach memory data from the device. The researchers who discovered it found they could easily leak sensitive kernel memory data into the normal user operations, even though a system normally doesn’t allow this. Additionally, this vulnerability would allow for speculative execution, which is when the system begins executing certain operations pre-emptively, and simply deleting those that don’t occur.

AT&T Employees Bribed to Unlock Phones

Employees of AT&T were found to be illicitly installing hardware onto corporate systems that would allow an attacker to unlock phones that were prevented from being used on other mobile providers. Even though some of the conspirators were eventually fired, many continued to work from within and from outside the company to further compromise nearly 2 million individual devices until the scam, which had been ongoing for more than five years, was discovered.

Mobile Bank Customers’ PINs Exposed

Customers of Monzo, a mobile-only bank in the UK, are being warned to change their PINs after many customers’ were leaked into internal log files. Fortunately, the data wasn’t made available outside of the company and the problem of PINs being stored in an alternate location has been resolved. Even after the company fixed the data leak, though, many customers were still suspicious when receiving an email informing them of the PIN reset issue.

Context Matters: Turning Data into Threat Intelligence

Reading Time: ~ 3 min.

1949, 1971, 1979, 1981, 1983 and 1991.

Yes, these are numbers. You more than likely even recognize them as years. However, without context you wouldn’t immediately recognize them as years in which Sicily’s Mount Etna experienced major eruptions.

Data matters, but only if it’s paired with enough context to create meaning.

While today’s conversations about threat intelligence tend to throw a ton of impressive numbers and fancy stats out there, if the discussion isn’t informed by context, numbers become noise. Context is how Webroot takes the wealth of information it gathers—data from more than 67 million sources including crawlers, honeypots, as well as partner and customer endpoints—and turns it into actionable, contextual threat intelligence.

Read about the importance of data quality for a threat intelligence platform in our latest issue of Quarterly Threat Trends.

What defines contextual threat intelligence?

When determining a definition of contextual threat intelligence, it can be helpful to focus on what it is not. It’s not a simple list of threats that’s refreshed periodically. A list of known phishing sites may be updated daily or weekly, but given that we know the average lifespan of an in-use phishing site to be mere hours, there’s no guarantee such lists are up to date.

“Some threat intelligence providers pursue the low-hanging fruit of threat intelligence—the cheap and easy kind,” says Webroot Sr. Product Marketing Manager Holly Spiers. “They provide a list of of IP addresses that have been deemed threats, but there’s no context as to why or when they were deemed a threat. You’re not getting the full story.”

Contextual threat intelligence is that full story. It provides not only a constantly updated feed of known threats, but also historical data and relationships between data objects for a fuller picture of the history of a threat based on the “internet neighborhood” in which it’s active.

Unfortunately, historical relationships are another aspect often missing from low-hanging threat intelligence sources. Since threat actors are constantly trying to evade detection, they may use a malicious URL for a period before letting it go dormant while its reputation cools down. But because it takes more effort to start from scratch, it’s likely the actor will return to it before too long.

“Our Threat Investigator tool, a visualization demo that illustrates the relationship between data objects, is able to show how an IP address’s status can change over a period of time, says Spiers. “Within six months, it may show signs of being a threat, and then go benign.”

What are the elements of context?

Over the course of a year, millions of internet objects change state from benign to malicious and back numerous times as cyber criminals attempt to avoid detection. And because threats are often interconnected, being able to map their relationships allows us to better predict whether a benign object has the potential to turn malicious. It also helps us protect users from never-before-seen threats and even predict where future attacks may come from.

That’s where the power in prediction lies—in having contextual and historical data instead of looking at a static point in time.

Some elements that are needed to provide a deeper understanding of an interwoven landscape include:

  • Real-time data from real-world sources, supplemented by active web crawlers and passive sensor networks of honeypots designed to attract threats, provide the necessary data for training machine learning models to spot threats
  • An ability to analyze relationships connecting data objects allows threat intelligence providers to make a connections as to how a benign IP address, for example, may be only one step away from a malicious URL and to predict with high confidence whether the IP address will turn malicious in the future.
  • Both live and historical data helps in the development of a trusted reputation score based on behavior over time and common reputational influencers such as age, popularity, and past infections.

Seeing the signal through the noise

Context is the way to turn terabytes of data into something meaningful that prompts action. Having the power to be able to dig into the relationships of internet objects provides the context that matters to technology vendors. For consumers of contextual threat intelligence, it means fewer false positives and the ability to prioritize real threats.

“Working with real-world vendors is key,” according to Spiers. “The reach of contextual threat intelligence and number of individuals it touches can grow exponentially.”

Cyber News Rundown: Ransomware Attacks on Louisiana Schools

Reading Time: ~ 2 min.

Ransomware Targets Louisiana School Districts

At least four school districts in Louisiana fell victim to a series of ransomware attacks in recent weeks, forcing the governor to issue a state of emergency to allow federal agencies to assist local governments during these situations. The IT systems for each of these school districts were taken offline to stop the further spread of the infection. The severity of the infections varies from district to district.

Sephora’s APAC Customers Exposed

Customers from the Asia Pacific region were recently contacted by Sephora after the discovery of unauthorized access to a database containing sensitive personal information belonging to an undetermined number of users. The company has assured affected victims that no payment card information was included in the stolen data.

CapitalOne Bank Hacked

A former Amazon employee was recently arrested in connection with the breach of over 106 million CapitalOne bank customers. By using a vulnerability in the bank’s firewall the attacker was able to access not only personal data, but also bank account numbers and social security information. It also appears that, during the hack, the attacker attempted to gain the credentials for an administrator account in order to gain additional access to internal systems. Luckily for law enforcement, the attacker was brazen enough to make several social media posts regarding the breach, ultimately leading to her capture.

Honda Database Left Exposed to Public

Sensitive data for nearly 300,000 Honda employees was found in an unsecured database that was publicly available for almost a week and that was still being updated. The database was found to contain internal information on hundreds of networked computers and the employees using them. The researcher who discovered the vulnerability quickly contacted Honda, who in turn properly secured the database.

Officer Data Stolen in LAPD Data Breach

Hackers claim that they have sensitive data on 2,500 LAPD officers and over 17,000 potential applicants after a breach of the department’s network. After learning of the theft, the LAPD began contacting the affected officers and recommending they monitor their financials, though it made no mention of offering credit monitoring services.

Cyber News Rundown: Hackers Expose US Colleges

Reading Time: ~ 2 min.

Vulnerability Exposes Dozens of U.S. Colleges

At least 62 U.S. colleges have been compromised after an authentication vulnerability was discovered by hackers, allowing them to easily access user accounts. At several of the compromised colleges, officials were tipped off after hundreds of fraudulent user accounts were created within a 24-hour period. The vulnerability that was exploited stemmed from a Banner software program that is very widely used by educational institutions; however, many colleges had already patched the flawed software versions and so were unaffected.

Data Breach Affects Lancaster University Applicants

Officials recently announced that a data breach compromised the personal records of all 2019 and 2020 applicants of Lancaster University. Additionally, some applicants have been receiving fraudulent tuition invoices, which the University recommends recipients delete immediately. The breach occurred sometime on Friday, and University officials quickly began contacting the affected parties and securing their IT systems.

Facebook to Pay $5 Billion in FTC Fines

Nearly a year after the Cambridge Analytica discovery, the FTC has issued a record fine of $5 billion to be paid by Facebook in recompense for their deceitful use of the private information from their hundreds of millions of their users. The staggering sum Facebook must pay sets a strong incentive for all industries to handle their customers’ sensitive data with the appropriate security and care, and also to address follow-up actions in the wake of a breach more adequately than Facebook did.

Remote Android Trojan Targets Specific Victims

A new remote-access Trojan, dubbed Monokle, has been spotted working through the Android™ community with a laundry list of dangerous capabilities, most of which are designed to steal information from the infected devices. To make Monokle even more dangerous, it can also install trusted certificates that grant it root level access and near total control over the device.

Fake Browser Update Distributes TrickBot

As TrickBot continues its multi-year streak of mayhem for computer systems and sensitive information, criminals created a new set of fake updates for the Google™ Chrome and Mozilla™ Firefox browsers that would push a TrickBot download. The updates appear to have originated at a phony Office365 site that does give users a legitimate link to a browser download, though it quickly prompts the user to install an update which installs the TrickBot executable.

Out from the Shadows: The Dark Web

Reading Time: ~ 4 min.

You’ve likely heard of the dark web. This ominous sounding shadow internet rose in prominence alongside cryptocurrencies in the early 2010s, eventually becoming such an ingrained part of our cultural zeitgeist that it even received its own feature on an episode of Law & Order: SVU. But as prominent as the dark web may be, few average internet users can properly explain what it is and the cyber threats it provides a haven for. Let’s step back from the pop culture mythos and dive into what makes the dark web so dark.

Don’t let cybercriminals steal your money or identity. Protect your devices with cloud-based security.

Open Web, Deep Web, and Dark Web: Know the Difference

The open web, or surface web, is the internet we use every day. This includes all the web content that can be found through search engines and is accessed by traditional web browsers. Though you might find it surprising that the open web accounts for just 5% of the internet. The rest is made up of the deep web. 

The deep web is the section of the internet that is not indexed by search engines and cannot be found through traditional search methods. This means that the only way to access deep web content is through a direct URL. While rumors about the deep web make it seem as if it is exclusively used for nefarious purposes, content on the deep web is often banal. It is largely comprised of school and university intranet systems, email and banking portals, internal sites for businesses and trade organizations, and even things like your Netflix or Hulu queues. Nothing to be afraid of there.

While the dark web is technically a part of the deep web, it takes anonymity a step further by using overlay networks to restrict access, often attracting users engaged in illicit activity. These networks use special anonymized software to grant users access; the largest and most famous of which is Tor. Tor stands for “The Onion Router,” which references its “onion routing” technique of using encapsulated layers of encryption to ensure privacy. Tor websites are most easily recognized by their “.onion” domains, and by the fact that they cannot be accessed through traditional web browsers. You may have heard stories about the NSA trying to shut Tor down, but don’t expect the services to go away soon. It has funding from high places, with a recent FOI request revealing that one of Tor’s largest financial contributors has long been the U.S. State Department—likely to offer encrypted communication options for State Department agents working in the field.

Is the Dark Web Illegal?

The dark web isn’t inherently illegal—the illegality comes from how it can be used. Darknet markets, such as the infamous and now defunct original Silk Road, showcase how thin the line is between legal and illegal dark market activities. As long as what you are purchasing is legal, using a darknet market is as lawful as making a purchase from any other online retailer. But buying illicit drugs or human organs? Yeah, that’s definitely illegal. 

Although not as remarkable as some of the more grotesque items available, one of the most commonly found items for sale on the dark web is data. With a reported 281 data breaches in just the first quarter of 2019, we have already seen 4.53 billion records exposed this year alone. That’s potentially more than 4 billion chances for hackers to profit off the victimization of strangers, and a majority of them will use the dark web to do so. We have seen several high-profile data breaches resurface on the dark web—Equifax, Canva, Under Armor, and Evite all recently had their user data available for sale on darknet markets.

The Dark Web and Malware-as-a-Service

Beyond selling your data, the dark web can be used to harvest it as well. Webroot Security Analyst, Tyler Moffitt, explains this growing threat:

“Anyone can create malware in today’s landscape where the dark web is very accessible,” says Moffit. “There are ransomware services on .onion links that will allow you to input just a few bits of information, like a bitcoin address, desired ransom, late fees, etc., and unique binaries are generated to distribute however they like. The only ‘catch’ is that the portal creator usually takes a cut (around 30%) for any ransom payments made.”

These malware-as-a-service attacks mean that an attacker doesn’t even need to know how to execute one; they just need to know how to navigate to the portal. Therein lies the largest dark web danger for many consumers—anonymized cyberattacks available at the click of a mouse.

Keeping Your Data Off the Dark Web

Like a hydra with its multiple heads, black markets will likely never be wiped out. When you shut one down, two more will pop up. Darknet markets are just their newest evolution. While you can’t expect to see this threat disappear anytime soon, you can take steps to keep your data secure and off the dark web.

Using an up-to-date antivirus solution will help stop malware from scraping your data on the dark web. You can also lock your credit (called freezing) to help prevent new credit lines being open without additional information. Another recommendation is avoiding public WiFi without a VPN, as it leaves you susceptible to a man-in-the-middle attack (MITM). Even with these precautions, a breach may still occur. Keeping your sensitive accounts secured with a trusted password manager can also help prevent cyber attacks from spreading beyond their breach point. 

Follow us on Facebook and Twitter to stay up to date on the latest threats to your online security and privacy.

Cyber News Rundown: Evite Data Breach

Reading Time: ~ 2 min.

Over 100 Million Accounts Exposed in Evite Breach

More than 100 million users of Evite were exposed after the company’s servers were compromised earlier this year. While the company doesn’t store financial information, plenty of other personally identifiable information was found in the leaked database dump. The initial figures for the breach were thought to be much lower, as another database dump of 10 million Evite users was found on an underground marketplace around the time they discovered the unauthorized access, though that site was shut down soon after.

American Express Suffers Phishing Attack

Many American Express customers recently fell victim to an email phishing attack that used the uncommon tactic of hiding the URL domain when hovering over the hyperlink. The attack itself, which requests the victim open a hyperlink to verify their personal information before re-routing them to a malicious site, was reliably full of spelling and grammar mistakes. The phishing landing page, though, looks nearly identical to the real American Express site and even has a drop-down list to catch multiple types of user accounts.

NHS Worries Over XP Machines

Over five years after Microsoft officially ceased support for Windows XP, the UK government has revealed that there are still over 2,000 XP machines still being used by its National Health Services (NHS). Even after becoming one of the largest targets of the 2017 WannaCry attacks, the NHS has been incredibly slow to roll out both patches and full operating sytem upgrades. While the number of effected systems, the NHS has over 1.4 million computers under their control and is working to get all upgraded to Windows 10.

Google Defends Monitoring of Voice Commands

Following a media leak of over 1,000 voice recordings, Google is being forced to defend their policy of having employees monitor all “OK Google” queries. After receiving the leaked recordings, a news organization in Belgium was able to positively identify several individuals, many of whom were having conversations that shouldn’t have been saved by the Google device in the first place. The company argues that they need language experts to review the queries and correct any accent or language nuances that may be missing from the automated response.

Monroe College Struck with Ransomware

All campuses of Monroe College were affected by a ransomware attack late last week that took down many of their computer systems. The attackers then demanded a ransom of $2 million, though it doesn’t appear that the college will cave to such exorbitant demands. Currently, the college’s systems are still down, but officials have been working to contact affected students and connect them with the proper assistance with finishing any coursework disrupted by the attack.

Cyber News Rundown: Major Spike in Magecart Attacks

Reading Time: ~ 2 min.

Magecart Attacks See Spike in Automation

The latest attack in the long string of Magecart breaches has apparently affected over 900 e-commerce sites in under 24 hours. This increase over the previous attack, which affected 700 sites, suggests that its authors are working on improving the automation of these information-stealing attacks. The results of these types of attacks can be seen in the latest major fines being issued under GDPR, including one to Marriott for $123 million and another to British Airways for a whopping $230.5 million.

Agent Smith Android Malvertiser Spotted

Researchers have been tracking the resurgence of an Android-based malware campaign that disguises itself as any number of legitimate applications to deliver spam advertisements. After being installed from a third-party app store, the malware checks both a hardcoded list and the command-and-control server for available apps to swap out for malicious copies, without alerting the device owner. The majority of targeted devices have been located in southwestern Asia, with other attacks showing up in both Europe and North America.

Third Florida City Faces Ransomware Attack

Almost exactly one month after the ransomware attack on Lake City, Florida, a third Florida city is being faced a hefty Bitcoin ransom to restore their systems after discovering a variant of the Ryuk ransomware. Similar to the prior two attacks, this one began with an employee opening a malicious link from an email, allowing the malware to spread through connected systems. It is still unclear if the city will follow the others and pay the ransom.

British Airways Receives Record GDPR Fine

Following a data breach last year that affected over 500,000 customers, British Airways has been hit with a total fine amount of $230.5 million. The amount is being seen as a warning to other companies regarding the severity of not keeping customer data safe, though it’s still much less than the maximum fine amount of up to 4% of the company’s annual turnover.

Georgia Court System Narrowly Avoids Ransomware Attack

Thanks to the quick work of the IT team from Georgia’s Administrative Office of the Courts (AOC), a ransomware attack that hit their systems was swiftly isolated, leading to minimal damage. Even more fortunate for the AOC, the only server that was affected was an applications server used by some courts but which shouldn’t disrupt normal court proceedings. Just days after the initial attack, the IT teams (aided by multiple law enforcement agencies) were already in the process of returning to normal operations without paying a ransom.