Industry Intel

Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

Why Webroot is Proven Next-Generation Endpoint Security

Within the last several years, online threats have continued to evolve at disturbingly high rates, and are more robust than ever before. According to the data we’ve seen across the Webroot Threat Intelligence Platform, many new attacks are targeted, adaptive (polymorphic) malware variants that appear suddenly in several points across a targeted company’s network and then may never be seen in the same way again. When so many threats are tailor-made and can even be purchased as a service in the criminal networks, traditional, reactive cybersecurity just won’t cut it.

At Webroot, we know the only way to protect businesses and individuals is by understanding our adversary and predicting their next move. That’s why we’ve continued to expand our threat intelligence and integrate it more deeply with our endpoint protection solutions so that new, unknown threats are detected and destroyed as soon as they appear within the networks of any of our customers. This unique, collective protection means that all Webroot customers protect one another. It’s a community of cybersecurity. Our cloud-based threat intelligence is derived from millions of sensors and real-world endpoints around the world to provide proven next-generation endpoint security that can predict, prevent, detect, and respond to threats in real time. With 87,000 business customers (and counting) and partnerships with 40 of the industry’s top security vendors, Webroot is the proven choice for defending against modern malware. If you would like to learn more about out Threat Intelligence Platform, see our website.

In view of the tactics modern malware writers and other cybercriminals have adopted, we invite you to join us at the 2016 RSA conference to find out how our next-generation endpoint security solutions protect businesses and individuals in a connected world. To schedule a meeting with us at RSAC, visit www.webroot.com.

Threat Recap: Week of February 7th

A lot happens in the security world, some big and some small, and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

FBI Data Breach

In recent weeks, it became known that an anonymous hacker had gained access to thousands of FBI and DHS employee records, including names, email addresses, and phone numbers. The leak was announced shortly before the Super Bowl started, with a tweet stating the release of personal information for 20,000 FBI employees, accompanied by pro-Palestinian messages.

Read More: http://motherboard.vice.com/read/hacker-publishes-personal-info-of-20000-fbi-agents

Microsoft Addresses Unsolicited ‘Microsoft’ Calls

A blog post from Microsoft, this week, has brought attention to a long-known issue of unsolicited third-party companies cold-calling customers and claiming to be Microsoft in order to gain access to an unsuspecting user’s computer. Along with additional security tips, they warned readers to never give out credit card, or other sensitive information, to anyone calling to assist you, unwarranted.

Read More: http://www.digitaltrends.com/computing/microsoft-safer-interent-day-security-advice/

North Korea Hit With DDoS After Satellite Launch

Recently, a group of hackers known as New World Hackers, had launched a DDoS attack on several North Korean news sites, in response to an unauthorized satellite launch. The group claims to have started the attack to halt any communications between the sites and the satellite, whose purpose is still undetermined.

Read More: https://www.hackread.com/anonymous-ddos-north-korea-sites/

Bitcoin Wallets, As Good As Their Passwords

This week, researchers reported that, through the use of a brute-force attack, they were able to access over 18,000 Bitcoin passwords. The researchers used an Amazon service that allows users to examine passwords/or any other data in a large grouping instance, and for a surprisingly low cost, attacked nearly a trillion possible passwords. This result proves that, regardless of your password’s complexity, it can still be easily susceptible to cyber-attacks.

Read More: https://nakedsecurity.sophos.com/2016/02/11/bitcoin-brain-wallets-are-useless-like-bitcoiners-passwords/

The High Cost of a Security Breach

With companies being under the constant threat of a cyber attack, it’s pricetag remains as daunting as ever. In a recent survey, it was estimated that a data breach would cost nearly $1 million USD and take over two months to resolve. While some companies surveyed have some form of insurance for financial loss or a data breach, many are still without protection or are still implementing their solutions.

Read More: http://www.net-security.org/secworld.php?id=19422

 

What IP/URL Based Threat Intelligence Can and Can’t do for the IoT

Part one of this series provided a high-level overview of Threat Intelligence, the underlying data types common in the current security landscape and how these data are gathered, analyzed and consumed. As cyber security becomes a key focus for the IoT it may appear, on the surface, much of the existing threat intelligence and the techniques used to gather these data do not directly play a role in protecting IoT devices from malicious actors. Though there are gaps in some areas, specifically with malicious files for IoT devices and closed network threat analysis, much of the threat data can be applied to the IoT once communication with, and across, the Internet occurs.

Many consumer and industrial IoT devices do use custom protocols to communicate with one another in a closed environment which presents a challenge for existing systems to gather and collate data specific to these environments. Fortunately, by definition, devices in the IoT must communication through the Internet requiring proprietary or non-TCP/IP traffic to be converted to TCP/IP. It is at this conversion point existing threat intelligence can play a critical role in protecting IoT devices through the use of traditional malicious IP blocking and traffic management to and from malicious or off category URLs. Some specific cases for the use of these data that directly affect how IoT Gateways can be secured are:

Malicious IP Blocking: One of the most basic ways to protect IoT devices is to prevent known malicious IP addresses from communicating from the Internet to devices inside of a network. If an OT network contains devices that are directly manageable over the Internet and whitelisting is not a viable option due to dynamic addressing, then a very straightforward and extremely successful solution in IT ecosystems, is to block known malicious IP addresses.

URL Categorization and Reputation: Another common, and extremely effective, security measure that is used throughout the IT landscape in perimeter appliances is to limit what a device can communicate with. Through the use of policy and security management filters devices can, at the gateway, be denied the ability to communicate with malicious IP addresses and URLs, preventing the exfiltration of data to unknown or unauthorized entities.

The aforementioned use of IP addresses and URLs in IoT Gateways to help prevent threats from entering an ecosystem does have limitations in terms of detecting threats in closed environments. Today, threat intelligence providers have focused on identifying threats on the Internet at large due to the vast amounts of data available for analysis. Machine learning engines have been a boon for the cyber security industry in their ability to be finely tuned to detect and identify Internet-borne threats but they require vast amounts of data to accurately identify a threat and reduce false positive results. Closed ecosystems, even TCP/IP-based networks, do not have the volume of data the current state of machine learning requires to accurately and definitively detect threats unique to these environments. Building tools and applying new methodologies to these smaller datasets associated with closed ecosystems will be the challenge security architects must overcome as more and more devices make their way into the IoT.

Part three of this series will continue with the discussion around threat intelligence and how to apply it to IoT Gateways to protect OT ecosystems. It will give an overview of a basic gateway, the submodules required to extract necessary data from a data stream for analysis, how to analyze the resulting data and the process for applying policy to the overall environment. The hope will be to keep the discussion moving forward on how existing technology can help protect the IoT.

Some notes on VirusTotal

Many of you are probably familiar with VirusTotal, a service that allows you to scan a file or URL using multiple antivirus and URL scanners. VirusTotal results are often used in write-ups about new malware to show how widely a sample is detected by the AV community. We receive links to VirusTotal results via our support system and on the Webroot Community. Computer support forums will also suggest a user submit a file to VirusTotal in order to determine whether or not a file is malicious. VirusTotal can be a very useful service – if you know how the service works and how to interpret the results. A good place to start is the About page, paying special attention to the Important notes and remarks section of the page.

I’ve written before about how inconsistent the results for a file can be, and this makes a bit more sense when you understand more about how VirusTotal works. To put it simply, because of the way that VirusTotal works, files that show no detections in VirusTotal may actually be detected by the scanners used in real-world situations, and the opposite is also true. (Knowing how it works can also help understand why a next-generation cloud-based solution like Webroot SecureAnywhere is not one of the scanners used in VirusTotal.) I’ve seen many instances where a write-up on new malware shows few detections in VirusTotal, but a quick check of our database shows that we had seen and were detecting the sample prior to the date it was submitted. There have also been countless times where our own Webroot SecureAnywhere process showed as being detected by multiple scanners in VirusTotal.

As VirusTotal clearly states, “the service was not designed as a tool to perform antivirus comparative analyses” yet we see it used to gauge how widely detected a new malware sample is all the time. When looking at VirusTotal results, I tend to make two assumptions. The first is that I always assume that all of the scanners are set to their highest heuristic settings – what I like to refer to as “tin-foil hat heuristics” – which will cause a much higher number of False Positives.

The second assumption is that the scanners will be using their full Enterprise signature set which will detect various legitimate programs that administrators might not want on their networks such as administrative tools or remote access tools. Over time, you can become familiar with some of the more common detections and naming conventions used by the various scanners that can help make a more informed interpretation of the results.

As with any tool, knowing the intended use and limitations helps use it more effectively.

Threat Recap: Week of January 31st

A lot happens in the security world, some big and some small, and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.

U.S. Police Union Data Breach

In the past week, a security breach affected the Fraternal Order of Police’s computer systems, resulting in a significant data loss. Currently, only 2.5 GB of data has been released, according to the hacker/activist Thomas White, who claims to have an additional 18 TB of data stored. The FBI are still investigating the breach, which contains information that could expose possible police corruption or other classified government data.

Read More: http://www.net-security.org/secworld.php?id=19394

Java Browser Plug-In Hits End of Life

This week, Oracle announced that is was killing off the vulnerability-prone plug-in, with the version 9 release of their Java Developer Kit. While thousands of applications were built around the Java plug-in, most Internet browsers stopped supporting it in 2015, due to the unending exploits. Unfortunately, some companies still require legacy versions of Java to run custom-built applications, that may not have a counterpart in the marketplace.

Read More: https://nakedsecurity.sophos.com/2016/02/02/goodbye-and-good-riddance-oracle-finally-ditches-java-browser-plug-in/

U.S. Restaurant Chains Experience Credit Card Hack

It has been reported that venues owned by Landry’s have been targeted multiple times in the last two years with major payment data breaches. Currently, the information that has been exposed contains names, card numbers, expiration dates, and other sensitive data of customers. It appears that the attack was aimed at the payment processing devices, which would pull customer data when the card was swiped for the transaction.

Read More: http://www.infosecurity-magazine.com/news/hundreds-of-landrys-golden-nugget/

Super Bowl Stadium, Possible Hacking Target?

With Super Bowl 50 coming up this weekend, there looms a question of how well the high-tech stadium will handle any possible cyber attacks. With nearly 13,000 wi-fi points, it would be a prime target, considering the large volume of high-profile attendees. If a security leak was found by an attacker, any malicious payload could spread rapidly through the over-logged network, and cause significant data loss. For those travelling to the game in Santa Clara, stay safe and Go Broncos!

Read More: http://www.theatlantic.com/technology/archive/2016/02/silicon-valleys-high-tech-super-bowl-stadium-could-be-a-target-for-hackers/434673/

eBay Resolves Security Issue

Recently, an Israeli security firm found a vulnerability in eBay, that would allow an attacker to create a vendor store and, using a malicious Javascript payload, could launch an attack on unsuspecting site visitors. The vulnerability itself comes from the “store” allowing dynamic content to appear, such as pop-ups or ads, and leading the victim to a compromised page. The specific issue was dealt with, but the use of active/dynamic content remains.

Read More: http://www.forbes.com/sites/thomasbrewster/2016/02/03/ebay-severe-security-weakness/

Threat Intelligence: An Overview

Bring Threat Intelligence to the world of IoT

Threat Intelligence has become common throughout the cyber security landscape used in traditional information technology platforms from next generation firewalls, application load balancers, SIEM and other threat monitoring and prevention tools. With the pervasive growth of IoT initiatives and concerns around how to protect operational infrastructures from malicious actors an understanding of how existing threat intelligence can play a role in protecting an organization’s technology infrastructure is needed. Additionally, the existing methods for collecting and analyzing threat data do not directly translate to meet all of the potential security issues found in the IoT space. Therefore, a deep dive into what existing security technology can and cannot do for an organization’s operational infrastructure will help determine what can be done today and what technologies need to be developed to better secure entire ecosystems.

This five-part blog will walk through each aspect of threat intelligence from a general overview to help provide a basic understanding to the future of threat intelligence as it relates to IoT. Part 1 will give a high-level overview of what threat intelligence is, how it is gathered, analyzed and consumed. Parts 2 and 3 will focus on IP and URL data, how it can be applied to IoT and an example of implementing this data in an IoT Gateway. The last two articles will discuss what the future holds in store for protecting devices and creating purpose-built protection for the IoT.

Threat Intelligence: An Overview

Traditional Threat Intelligence consists of the collection and analysis of four main data types: IP Addresses, URLs, Files and Mobile Applications. The focus of this data collection and analysis revolves around protecting workstations and servers from becoming infected with malicious software, preventing command and control servers from activating dormant code living in an organization’s network and helping to identify and prevent the exfiltration of data. This was initially done through the use of human analysts who spent time manually identifying and evaluating threats but has now evolved to a more automated process through the use of machine learning and big data analytics.

As stated above, threats in the cyber security space can be broken down into four main components. Of course, there are other vectors a malicious actor can use to attack an organization but the elements below comprise the bulk of threats a typical organization will regularly face:

  • IP Addresses: IPv4 and IPv6 addresses that are typically analyzed for threats inbound to an organization. Typical attacks include spam sources, command and control servers, and botnet servers.
  • URL: Not often thought of as a threat category as many organizations consider URLs as policy control but they are heavily used as dynamic embedded delivery endpoints for phishing and malware. It should also be noted that URLs can contain IP addresses.
  • Files: Traditional malicious files, think viruses, used to encrypt user data, listen to user activity, destroy systems and/or exfiltrate data.
  • Mobile Applications: These have been identified separately from traditional files as they require special analysis due to their specific platforms and the functionality they provide in terms of network connectivity and application performance.

There are three main steps to any threat intelligence system:

  • Data Collection and Aggregation: There are three main ways to gather data in the wild for analysis.
  • Active: This includes web crawlers and IP port scanning techniques. Since it can be controlled this method provides a robust amount of data but does not typically result in identifying the high-value zero-day threats.
  • Passive: By deploying victim machines, web app honeypots, endpoint agents and other exploitable devices on the Internet it is possible to attracted attackers and record malicious activity as it occurs. This technique results in a better set of threat data but requires patients while waiting for a malicious actor to attempt to take advantage of weakened system.
  • 3Rd Party Data: There are several international, governmental and independent bodies that collect threat data for use by security teams. This data, though valuable, must be vetted for accuracy and often times because outdated quickly as threat actors subscribe to the same data sets and change or avoid the items published in these lists.
  • Classification: Once data has been gathered and aggregated it can be fed into purpose-built machine learning engines for analysis. This involves the creation and training of engines for each of the data types identified above. Analysts move from doing deep dive identification of threats to maintaining and tuning the engines for better accuracy. This is done by continually feeding the engines more highly refined data for the engine type.
  • Analysis and Consumption: Once the data has been collected and classified it is a simple Big Data issue of provided tools such as APIs or SDK to access each of the individual data types.

A relatively new component to the threat intelligence space is the generation of contextualized data made possible through advancements in big data analytics. Contextualization involves walking through disparate data sources looking for linkages between the data in an effort to help prevent future threats before they occur or allow an analyst to better understand the effect of an identified threat may have on an organization.

Typical applications of threat intelligence range from policy management in next generation firewalls to network traffic analysis in security operation centers. Depending on the type of threat data an organization uses and their ability to apply that data to their infrastructure will directly correlate with how well they can detect, identify and resolve threats.

Next week Part Two of this series will explore what traditional URL and IP data can and cannot do for the IoT.

Threat Recap: Week of January 24th

A lot happens in the security world, some big and some small, and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot ThreatBrief, highlighting 5 major security news stories of the week.

Indian Banks Hit with Ransomware

Recently, several Indian banks were infiltrated by an unknown hacker, who used this access to launch a ransomware attack. Using LeChiffre, a manually-executed ransomware program, the hacker was able to encrypt the already infected machines, and set a ransom of 1 Bitcoin (currently worth ~$400 USD). Though not meant to be used in a large-scale malware distribution campaign, hundreds of bank computers were infected, with several top bank executives paying the ransom. A decryptor for LeChiffre is available; though only useful for version 2.6.

Read More: http://news.softpedia.com/news/lechiffre-ransomware-hits-three-indian-banks-causes-millions-in-damages-499350.shtml

New Technology Leads to Car Issues

With the improvements in vehicle technology, there is bound to be a rise in exploitable vulnerabilities. Using the existing OBD II ports in consumer vehicles, researchers were able to wirelessly gain access to the system network and make changes to critical components. Unfortunately, these issues are industry-wide and the automakers are playing catch-up to a whole string of problems that were previously nonexistent. This is only the beginning of a long road for car companies, in terms of keeping ahead of these issues.

Read More: http://time.com/4195332/hacking-cars-security/

PayPal Resolves Java Exploit

This week, it was found by an independent researcher, that there was a critical bug in PayPal’s servers. The bug allowed access to databases used by the PayPal app, which gave the attacker access to information that had been deserialized for communication between  various programs. Using the information that was gathered, the attacker could then drop a malicious payload onto the servers, and gain further access to sensitive information.

Read More: https://nakedsecurity.sophos.com/2016/01/27/critical-java-bug-found-in-paypal-servers/

Android Ransomware Evolving

Ransomware is nothing new for the Android OS, and now there have been updates that can allow a fake screen overlay to be created over an administrator access dialog box, with the user then clicking on the fake button and unknowingly giving full access to the malicious software. Fortunately for most Android users, the multiple dialog boxes that are being exploited have been changed with Android 5.0, to no longer display above system dialog messages.

Read More: http://www.pcworld.com/article/3027123/new-android-ransomware-uses-clickjacking-to-gain-admin-privileges.html

Payment Data Security Needs Update

A survey was recently completed that asked 3,700 IT security professionals, in several different industries, questions covering their data security policies and actual practices. Over half of those surveyed stated that they had no idea where some of their customer data was stored, while a similar number allowed third-party access to customer payment data, with no multi-factor authentication required. Hopefully, with the rise in data breaches over the last year, many of these companies will strive to improve payment data to better protect themselves and their customers.

Read More: http://www.net-security.org/secworld.php?id=19369

Webroot’s Acceleration with Advancement of IoT

As a concept, the IoT (Internet of Things) has been with us since the late 1990’s, and has evolved from simple M2M (Machine-to-Machine) connectivity into a vision for Operational Productivity enabled by Interoperability.  Innovation and investment in new IoT technology and business models are driven by the pursuit of key operational benefits such as:

  • Provisioning Assets as Services
  • Efficiency through Automation
  • Resource Utilization
  • Environmental Impact
  • Safer and more productive Critical infrastructure

Next-generation IoT devices and platforms are now being deployed in critical infrastructures such as Integrated Transportation (auto, railway, airports,…), oil & gas operations, industrial & manufacturing facilities, energy distribution, and ‘SmartCity’ systems.  Operations are becoming dependent on these efficient and high-availability IP-aware systems.

New systems are being deployed and older non-IP based systems are being modernized with IP-aware functions at a rapid rate. Supporting this movement has driven device manufacturers to deploy new classes of devices and systems that can take advantage of direct and indirect internet connectivity in order to leverage public and private IoT Cloud Services Platforms.  Theses next-generation smart systems can perform many advanced functions such as data aggregation and storage, advanced analytics, prediction, prognostication, and even limited decision-making.   What was considered advanced data processing and decision- making in a data center just two years ago is now being deployed regularly in stand-alone IP-connected devices at the internet edge.   This along with rapid developments in semiconductor and control technology is paving the way for a new wave of robotics and autonomous systems where cloud processes like machine learning are being brought down to the edge (FOG computing).

In order to deliver the vision of IoT business models, the lines between traditional enterprise IT systems (IT) and the high-availability autonomous operational infrastructures are undergoing radical evolution with new standards and vendors.  As with many new waves of technology advancement, there are those who seek to leverage weaknesses for criminal exploit, state-sponsored espionage, or simply mischief on a grand scale.  These new systems are very enticing to those who specialize in advanced exploits.  Increasingly, malicious actors who have targeted personal computing with malware, viruses and phishing exploits, are now targeting critical infrastructure elements for profit and other motives.  Modern cyber attacks on critical infrastructure take advantage of compromised IP addresses (servers, websites, etc.) to carry out DDoS, botnet and other forms of remote command and control exploits.

Webroot deployed the cyber-security industry’s first, most advanced, and most effective real-time cloud-based Threat Intelligence.  We have been providing this service exclusively to leading Security Appliance, NGFW, and Access Point OEMs for over 5 years.  These OEMs are leaders in bringing the latest cyber security approaches to corporate and public IT enterprises.  This same technology, which has armed advanced networking equipment providers with a real-time defense against Internet launched attacks, is now made available to non-telecom equipment developers for cyber protection to support the growing new classes of IoT systems, such as connected automobiles, industrial automation, process control, aviation, railway, power management, and home energy management.

As system designers look to protect new and existing IoT devices and networks, they are increasingly applying techniques formerly used by the most advanced firewall and network security appliance manufacturers.   IoT gateways are emerging as this new class of OEM appliance. They are being designed to locally integrate single and multi-vendor platforms.  Common functions are real-time data stream analytics, protocol translations, networking control, endpoint control, storage, and manageability.  However, until recently, IoT gateways were being built without sufficient security or intelligence to properly protect critical infrastructure.  What is new and very exciting now is that non-security appliance vendors are now able to bring advanced cyber-security into IoT Gateways and offer Cyber-Security-as-a-Service to critical infrastructure. IoT Gateways can now utilize cloud-based cyber-security to securely connect legacy and next-generation devices to the Internet of Things.

I am pleased and excited to be part of the efforts by Webroot and our partners to ensure that the latest techniques are leveraged across these new IoT devices, appliances, systems and platforms.  We look forward to our continued dialogue with you in advancing collective threat intelligence.

Worst Passwords of 2015, Best Passwords of 2016

When it comes to digital security, little is as important as knowing how to create a strong password. An ideal password is easy enough to remember so that it doesn’t need to be written down, yet complex enough to prevent someone else from guessing it. For many, this is a challenging and even frustrating experience, a delicate balancing act. However, there are a few techniques that can help you to reliably create strong passwords. The first thing to know is what passwords you should NEVER use.

SplashData, an online security company who’s “SplashID” software allows you to securely store your passwords, has recently released a list of the Worst Passwords of 2015. This list was compiled from more than 2 million passwords that were publicly leaked during the last year:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball
  11. welcome
  12. 1234567890
  13. abc123
  14. 111111
  15. 1qaz2wsx (first two columns of main keys on a standard keyboard)
  16. dragon
  17. master
  18. monkey
  19. letmein
  20. login
  21. princess
  22. qwertyuiop (top row of keys on a standard keyboard)
  23. solo
  24. passw0rd
  25. starwars

This is the fifth year that SplashData has released a Top 25 list, and many of the entries have been seen year after year. The passwords “123456” and “password” have been the top two entries since SplashData has started publishing an annual Top 25 list. However, due to the popularity of “Star Wars: The Force Awakens”, this is the first year that related passwords like “solo”, “princess”, and “starwars” have appeared on the list.

What we can take away from this list is that many people continue to put themselves at risk by using weak, easily guessed passwords. “We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers,” Morgan Slain, CEO of SplashData, said in a statement.

“As we see on the list, using common sports and pop culture terms is also a bad idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.”

So, what can you do to ensure that your passwords are strong?

  • Avoid using full words and names. Hackers regularly use “dictionary attacks” to guess passwords, and any word or name that is commonly known is considered unsafe to use.
  • Create passwords or passphrases of twelve characters or more with mixed types of characters. A password longer than 12 characters, if created with the appropriate complexity, will be nearly impossible to guess quickly.
  • Use a different password for each website you log into. If someone is able to discover your password for one site, they will not be able to use that same password to log into another site with your information.
  • Use a password manager such as LastPass or SplashID to organize and protect passwords, generate random passwords, and automatically log into websites. This is also a feature that is offered with some Webroot SecureAnywhere software packages.
  • Test your password for complexity with a password checker, such as Password Meter.

To create a strong password, try using the “Letter/Number Substitution” technique, which generate seemingly random jumbles of letters and numbers that only you would remember. First, think of a phrase that you want to associate with the site or service you are setting up.

  • Example: “testpassword” (DO NOT USE)

Next, substitute characters for some of the letters using numbers and special characters which resemble those letters.

  • Example: “t3$9@S$w0rD” (DO NOT USE)

This example password is rated as 100% “Very Strong” using the Password Meter. By using this technique with even longer words in combination with numbers or special characters placed between the words, you can create passwords that will be nearly impossible to guess. With these tips in mind, you can ensure that your password won’t appear on next year’s list!

Threat Recap: Week of January 17th

A lot happens in the security world, some big and some small, and many stories get lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot ThreatBrief, highlighting 5 major security news stories of the week.

Kiev Airport Cyber Attack

In recent weeks, Ukraine’s infrastructure has been under attack by Russian hacktivists, with Kiev’s main airport as the primary focus of the latest attack. It would seem that the BlackEnergy malware platform was in use, once again, to gain access to several computers on the airport’s network, including access to air traffic control systems. Ukrainian authorities are still unsure if the Russian government is involved, as this string of attacks comes at a volatile time for both countries.

Read More: http://www.reuters.com/article/us-ukraine-cybersecurity-malware-idUSKCN0UW0R0

British Banks Fighting Malware Improvements

With over a dozen British banks being targetted by the persistent banking trojan, known as Dridex, it’s latest update is capable of altering crucial DNS settings. By changing these settings, it directs the unknowing user to a fake banking website, which allows sensitive information to be gathered and sent off to a command-and-control server for verification. Dridex is most commonly transmitted using macro-enabled MS Office documents sent as attachments via email.

Read More: http://www.csoonline.com/article/3024323/security/dridex-banking-malware-adds-a-new-trick.html#tk.rss_news

Top US Cities Hit With Malware in 2015

In the past week, a study revealed the cities in the US that were the most common targets for malware attacks in 2015; the highest being Little Rock, Tampa, St. Louis, Orlando, and Denver. Each of the top five cities had rates over 650% of the national average, with Little Rock reaching 1,412% above. While it is unclear whether geographical location has any effect, the New England region was not present in the top 20 regions listed.

Read More: http://www.networkworld.com/article/3023432/malware-cybercrime/little-rock-tampa-and-st-louis-hardest-hit-by-malware-among-us-cities-study-finds.html

Encryption Still Major Issue for Companies

Encryption issues have plagued companies and customers alike for many years, and there are no signs of it slowing, as many companies still refuse to implement it on a widescale. This comes as no surprise as nearly two-thirds of companies only use encryption for “proprietary company data”, while most companies cite “employee data” as their reason for implementing encryption at all, it seems to be often pushed aside or forgotten.

Read More: https://nakedsecurity.sophos.com/2016/01/19/survey-shows-many-businesses-arent-encrypting-private-employee-data/

Apple Corrects Cookie Theft Bug

It was noted recently that a bug found in Apple’s iOS that allowed for unauthorized access to unencrypted website cookies has been resolved with the release of iOS 9.2.1. The bug itself could allow attackers to impersonate unsuspecting users on their commonly browsed sites, and allow for a malicious javascript payload to execute on subsequent site visits.

Read More: http://arstechnica.com/security/2016/01/ios-cookie-theft-bug-allowed-hackers-to-impersonate-users/

Crypto-ransomware – still a real worry

This week, we held our first BrightTALK webinar of 2016 (January 19th), talking about crypto-ransomware. I’ve got to admit I’m always overwhelmed at the numbers of people interested in this as a topic, and I called in help from one of our top threat researchers Tyler Moffitt to help me out with answering the more technical questions. In fact, Tyler and I double-handed the presentation as we’re both getting used to discussing the issues. It always helps when you have a real expert on hand, my background isn’t a coding one.

We tried as always to be terrifyingly truthful. At Webroot, we have had a lot of success with our next-generation behavioral approach of stopping customers from getting infected by all the variants of Crypto. Inevitably that leads to malware authors’ taking an interest in finding ways around our defenses, which admittedly has lead to a few very regrettable failures in stopping the infections) Right now though we are holding our own and, in fact, have been forced to innovate more to be even better at stopping this threat.

None-the-less, we do not believe we can stop every crypto threat, but we do believe we can protect against these attacks far faster and more effectively than other endpoint solutions. I might add no testing or results I’ve seen anywhere else or claims from expensive machine learning next generation vendors makes me believe anything different. There are a lot of Emperor’s new clothes out there, and as my namesake Hans Christian Andersen’s points out, “They haven’t got anything on!”

I’ve also done something I don’t normally do and that’s send out slides to those that requested them, if for a good reason. Which usually is to persuade a recalcitrant or unbelieving customer they need to spend some cash on protecting their only real asset, their irreplaceable data. I did mention a story I was told by a Webroot Partner in Australia about a friend (not a Client of his) who’d paid-up AUS $100,000 to get his server unencrypted after an attack, much what the FBI were forced to admit they often advise too.

These days if the crypto-ransomware has encrypted your files and unless you have other precautions in place, you are in trouble. Even paying up is not a guarantee. And this isn’t just for businesses but home consumers as well; this infection will and does target anyone with a connected PC.

The presentation which I am referring to above can be accessed here: https://www.brighttalk.com/webcast/8241/181075. This is a very logical approach when it comes to discussing what crypto-ransomware is; it’s history; its variants; some ways it avoids detection and probably most valuable what to do to protect yourself from having to pay extortion money for your own data.

On a more emotional level, I’d like to take the treasured programming from the malware authors of crypto-ransomware and delete it forever. I’m sure they’d agree with their own assertion that CryptoWall is not malicious. I agree it isn’t – it’s pure evil in a digital age.

As tax season approaches, beware of tax related scams

Tax season officially began on January 19th, and with tax season comes the inevitable rise in tax-related scams. Identity thieves tend to step up their game a bit during tax season, looking to get the ultimate prize – your Social Security Number. Scammers often use the threat of jail time for unpaid tax debt to trick you into giving out sensitive personal information. As with so many scams, seniors are a major target. Telephone scams are particularly popular, but as more people file their taxes electronically, phishing emails and malicious email attachments have become more prevalent.

Now is a good time to help educate your family members about these types of scams. It is important to pay extra attention to any email that is tax related. Be aware that the IRS will not contact you via email to request any personal or financial information. Don’t click on any links or download any attachments from emails claiming to be from the IRS. If you need tax related information, go directly to the official IRS website at www.irs.gov instead of using a search engine.

For more information on taxes and security, the IRS have provided resources at: https://www.irs.gov/Individuals/Taxes-Security-Together