Reading Time: ~ 1 min.

Staying Cyber Resilient During a Pandemic

We’re all thinking about it, so let’s call it out by name right away. The novel coronavirus, COVID-19, is a big deal. For many of us, the structure of our lives is changing daily; and those of us who are capable of doing our work remotely are likely doing so more than...

World Backup Day: A Seriously Good Idea

"Cold Cuts Day," "National Anthem Day," "What if Cats and Dogs had Opposable Thumbs Day"... If you've never heard of World Backup Day, you'd be forgiven for thinking it's another of the gimmicky "holidays" that seem to be snatching up more and more space on the...

5 Security Tips for Setting Up a New Device

The last thing you want to do when you get a new computer, mobile device, or tablet is spend a lot of time setting it up. But like any major appliance, these devices are something you want to invest a little time setting up properly. Often, they’re not cheap. And you...

Cyber News Rundown: Snake Ransomware

Reading Time: ~ 2 min.

Snake Ransomware Slithers Through Networks

A new ransomware variant, dubbed “Snake,” has been found using more sophisticated obfuscation while targeting entire networks, rather than only one machine. In addition, Snake will append any encrypted file extensions with five random characters following the filetype itself. Finally, the infection also modifies a specific file marker and replaces it with “EKANS,” or SNAKE spelled backwards. A free decryptor hasn’t been released yet, and the malware authors have specified that that encryption will be for entire networks only.

Minnesota Hospital Data Breach

Sensitive information belonging to nearly 50,000 patients of a Minnesota hospital has been illicitly accessed after multiple employee email addresses were compromised. While in most cases the information accessed was medical data and basic contact info, some patients may have also had their Social Security and driver’s license numbers compromised. Alomere Health has already contacted affected patients and begun providing credit and identity monitoring services.

Cyberattack Finally Cracks Las Vegas Security

For a city that is the target of roughly 280,000 cyber attacks every month, one attack was finally able to make it through Las Vegas security protocols. The attack appears to have stemmed from a malicious email but was quickly quarantined by city IT officials before it could do any critical damage. Earlier in 2019, Las Vegas officials proposed a measure to refuse payments to any cybersecurity threat actors.

Travelex Falls Victim to Sodinokibi Ransomware

On the first day of 2020, foreign travel service provider Travelex experienced a ransomware attack that used unsecured VPNs to infiltrate their systems. To make matters worse, a demand of $6 million has been placed on the company for the return of their data, or else the ransom will be doubled. Since this attack, a scoreboard has been created to track the six additional victims of the Sodinokibi/REvil ransomware campaign.

ATM Skimmer Arrested in New York

At least one individual has been arrested in connection to an ATM skimming ring that has taken over $400,000 from banks in New York and surrounding states. From 2014 to 2016, this group installed card skimmers in an unidentified number of ATMs in order to steal card credentials and build up fraudulent charges. Eleven other people are connected with this incident and will also likely be charged.

Cyber News Rundown: US Coast Guard Hit with Ransomware

Reading Time: ~ 2 min.

US Coast Guard Facility Hit with Ransomware

During the last week of December a US Coast Guard facility was the target of a Ryuk ransomware attack that shut down operations for over 30 hours. Though the Coast Guard has implemented multiple cybersecurity regulations in just the last six months or so, this attack broke through the weakest link in the security chain: human users. Ryuk typically spreads through an email phishing campaign that relies on the target clicking on a malicious link before spreading through a network.

Crypto-trading Platform Forces Password Reset After Possible Leak

Officials for Poloniex, a cryptocurrency trading platform, began pushing out forced password resets after a list of email addresses and passwords claiming to be from Poloniex accounts was discovered on Twitter. While the company was able to verify that many of the addresses found on the list weren’t linked to their site at all, they still opted to issue passwords reset for all clients. It’s still unclear where the initial list actually originated, but it was likely generated from a previous data leak and was being used on a new set of websites.

Cybersecurity Predictions for 2020: What Our Experts Have to Say

850 Wawa Stores Affected by Card-skimming

Nearly every one of Wawa’s 850 stores in the U.S. were found to be infected with a payment card-skimming malware for roughly eight months before the company discovered it. It appears Wawa only found out about the problem after Visa issued a warning about card fraud at gas pumps using less-secure magnetic strips. WaWa has since begun offering credit monitoring to anyone affected. In a statement, they mention skimming occurring from in-store transactions as well, so card chips would only be effective if the malware had been at the device level, rather than the transaction point.

Microsoft Takes Domains from North Korean Hackers

Microsoft recently retook control of 50 domains that were being used by North Korean hackers to launch cyberattacks. Following a successful lawsuit, Microsoft was able to use its extensive tracking data to shut down phishing sites that mainly targeted the U.S., Japan, and South Korea. The tech company is well-known for this tactic, having taken down 84 domains belonging to the Russian hacking group Fancy Bear and seizing almost 100 domains linked to Iranian spies.

Landry’s Suffers Payment Card Breach

One of the largest restaurant chain and property owners, Landry’s, recently disclosed that many of their locations were potentially affected by a payment card leak through their point-of-sale systems. The company discovered that from January through October of 2019, any number of their 600 locations had been exposed to a card-skimming malware if not processed through a main payment terminal that supported end-to-end encryption.

Cyber News Rundown: Honda Customer Data Leak

Reading Time: ~ 2 min.

Honda Customer Database Exposed

Officials have been working over the past work to secure a database containing highly sensitive information belonging to more than 26,000 North American customers of the Honda motor company. The database in question was originally created in October and was only discovered on December 11. While no financial information was included in the leak, the records did contain names, VIN numbers, and service details for thousands of customers.

Boeing Contractor Data Leak

Nearly 6,000 defense contractors working for Boeing have had personal information leaked after a user error left an Amazon web service bucket publicly exposed. The 6,000 Boeing staff are only a small portion of the 50,000 individual records found on the leaked server, many of whom were involved in confidential projects for the Department of Defense. These types of data leaks are increasingly common as more users are not properly securing their servers or using any form of authentication.

Sextortion Email Campaign Shutdown

After months spent chasing them across Europe, authorities have arrested the authors responsible for the Nuclear Bot sextortion campaign. With their Nuclear Bot banking trojan, the team was able to compromise roughly 2,000 unique systems and use them to help distribute malicious emails. Though it’s been verified that the original authors are in custody, the source code for Nuclear Bot was made public in the hope no money would be made from its sale.

Emotet Sent from Phony German Authorities

A new email campaign has been disguising itself as several German government agencies and spreading the Emotet trojan, infecting multiple agency systems. This campaign differs from previous Emotet attacks by appearing as a reply from a prior email to appear more legitimate. To best defend against these attacks, users are strongly encouraged to check both the sender’s name and address as well as ensuring that macros aren’t enabled in their Office apps.

LifeLabs Pays Ransom After Cyber-Attack

Canadian testing company LifeLabs decided to pay a ransom after attackers illicitly accessed the sensitive information for all 15 million of its customers. Oddly, many of the records being found date back to 2016 or earlier and have yet to be identified on any illicit selling sites. LifeLabs has since contacted all affected customers and has begun offering identity monitoring services.

Cybersecurity Predictions for 2020: What Our Experts Have to Say

Reading Time: ~ 3 min.

As the year draws to a close, the cybersecurity analysts at Webroot and Carbonite pull out their crystal balls to make their predictions for the year ahead. 

Our experts predict many of the trends they’ve been tracking throughout the year—well-researched attacks, RDP compromise, and the importance of user education—will continue into the New Year. But they’ll be affected by new industry developments such as impending privacy regulations, AI-enabled attacks, and attacks targeting developing nations. 

Highly Targeted Ransomware Will Continue to Devastate Businesses

Unsurprisingly, our experts predict the strong trend toward highly targeted ransomware will bleed into 2020.  

“Highly targeted ransomware will likely continue,” predicts Webroot Software Management Manager Eric Klonowski. “Next year, we predict ransom-motivated attackers will more pointedly observe automatic backup solutions and make attempts to remove and alter the backup data or the task itself.” Klonowski said. 

High-effort, low-volume surveillance techniques are now favored by ransomware operators like the Bitpaymer Group, which has been known to customize ransomware only hours before deploying an attack, first tailoring it to observations gathered on their targets. 

We should expect actors like these to continue to gain access to networks from where they can observe financial transactions and valuable information before determining the most profitable way to strike at their intended targets. 

Phishing will likely also become more targeted as data collected from breaches is incorporated into phishing emails. Things like passwords and recent transactions can go a long way in convincing people an email is legit.—Grayson Milbourne, Security Intelligence Director, Webroot

Long-Awaited Privacy Legislation Will Finally Arrive in the U.S. 

We expect that privacy and security will continue to jockey for primacy of concern in the minds of U.S. citizens. California, which has long led the fight for more stringent data privacy for consumers, is set to enact a law in early 2020 that has often drawn comparisons to Europe’s GDPR. 

As noted by Tech Crunch, California’s new data privacy act, like GDPR, will extend to all organizations that do business with Californians, effectively making it the law of the land nationwide. But Webroot Product Marketing Director George Anderson predicts a groundswell of support among U.S. citizens for stricter data privacy regulations. 

“U.S. citizens will step up their demands for privacy in 2020,” he says. “Privacy legislation in the U.S., which has lagged behind other nations, will be a central issue.” 

But rather than settling for a new set of standards, Anderson wouldn’t be surprised if entirely new revenue models are explored. Models that rely less on selling personal data than, say, subscription fees or some other alternative. 

“I would expect an alternative paid for services that don’t abuse data will emerge, Anderson says. “The existing, untrusted purveyors of convenience will try to pivot, but ultimately lose out heavily. Legislation and technology are starting to converge due to so many abuses of privacy.”

“Adversarial attacks against AI-based security products will likely grow in scope and complexity, which would highlight the fact that  there are fundamentally two types of AI in cybersecurity: AI which acts like a smarter conventional signature and AI which is built into every facet of an intelligent, cloud-based platform capable of cross-referencing and defending itself against adversarial attacks.” —Joe Jaroch, Senior Director of Cybersecurity Strategy, Webroot

Small and Medium-Sized Businesses will Bear the Brunt of Cyberattacks

Findings regarding cybersecurity readiness among small and medium-sized businesses (SMBs) continue to be grim. Despite commonly falling victim to data breaches and other attacks, an attitude still pervades that they are either too small to catch the eye of cybercriminals or that their data isn’t valuable enough to warrant an attack. 

In a study conducted by Webroot and 451 Research, 71 percent of SMBs admitted to experiencing a breach or attack within the previous 24 months that resulted in “operational disruption, reputational damage, significant financial losses or regulatory penalties.”

According to Webroot Security Analyst Tyler Moffitt, that trend is unlikely to abate. 

“We expect that SMBs will continue to be targets for cybercriminals because, just like the public, education, and healthcare sectors, they maintain the same vulnerable environment. They’re low budget, understaffed, and often under-educated on matters of cybersecurity.”

Findings from the 451 Research report confirm Moffitt’s suspicions. A full 36 percent of SMBs surveyed in that study reported that they had no full-time staff on hand dedicated to cybersecurity. 

“The SMBs typically targeted have under 50 employees, and it often falls to a lone IT admin or someone in finance or sales to shore up cybersecurity at the company,” Moffitt says. “Almost always it’s a person who wears many hats and doesn’t have much of a budget or expertise.”

It’s the easily overlooked yet easily exploited security gaps like an unsecured RDP that most worry Moffitt. Without dedicated cybersecurity consulting, these can easily be exploited, yet they are easy to fix.

 “Expect to see more attacks against less developed nations. Attacks like this don’t generate revenue, rather they are meant to disrupt and destroy” —Grayson Milbourne, Security Intelligence Director, Webroot

We Want to Hear Your 2020 Predictions

Are these the developments you expect to see to kick off the new decade? Have some other ideas? We want to hear what hacks, news stories, or trends in cybersecurity you anticipate in the New Year. You can read additional predictions from our staff for the year ahead, plus submit your own, on the Webroot Community. Click here to visit the Community and share your 2020 predictions.

Cybersecurity Tips for Online Holiday Shopping

Reading Time: ~ 4 min.

The holiday shopping season is prime time for digital purchases and cybercriminals are cashing in on the merriment. With online shopping officially becoming more popular than traditional in-store visits this year, all signs point to an increase in cyberattacks. It’s more important than ever to be mindful of potential dangers so you can avoid getting Scrooged when buying online. Follow these top tips for secure online shopping.

Want to give the gift of cybersecurity? Internet Security Complete includes Identity Shield, designed to protect your browsing, shopping, banking, and social media.

Only use credit cards. If your debit card gets compromised, it has the potential to cascade in catastrophic ways; automatic bill payments may bounce or overdraft protections may drain secondary accounts. Some banks also have strict rules about when you need to notify them of suspected fraud, or else you could be liable for the costs.

On the other hand, the Fair Credit Billing Act provides some protections for consumers from unauthorized charges on credit cards. Additionally, it’s much easier to have your credit card replaced with new, uncompromised numbers and details than it is with bank account info.

Be cautious of deal and discount emails. During the holidays, there’s always a spike in physical and electronic mailers about special deals. At this point, we’re all used to that. We might even wait to buy something we want, knowing that it’ll probably go on sale during holiday clearance. Unfortunately, criminals use this expectation against us by sending cleverly crafted phishing emails to trick us into compromising our data.

Always be cautious about emails from unknown senders or even trusted third-party vendors, especially around the holidays. Always navigate to the deal website separately from the email — don’t just click the link. If the deal link can only be accessed through the email, it’s best to pass up on those supposed savings. It is also prime time for emails offering “free giftcards” avoid those like the plague.

Never make purchases without HTTPS. Check the URL—if it doesn’t start with HTTPS, it doesn’t have SSL encryption. SSL (secure sockets layer) encryption is a security standard for sharing information between web servers and a browser. Without it, your private information, including your credit card number, can be more easily intercepted by cybercriminals.

Keep in mind: HTTPS only ensures that the data you send will be encrypted on the way, not that the destination is legit. Cybercriminals have started to use HTTPS to trick website users into a false sense of security. That means, while you should never send private or financial data through a site that doesn’t have HTTPS, you shouldn’t rely on the presence of HTTPS alone to guarantee the security of the page.

Don’t make purchases on devices you don’t personally own. If you’re using a borrowed or shared device, such as a computer at a library or a friend’s phone, don’t make any purchases. Even if it’s a seemingly safe device that belongs to a person you know and trust, you have no way of knowing how secure it really is. It’s pretty unlikely that you’ll encounter a lightning deal that’s worth the hassle of financial fraud or identity theft. So just wait on that purchase until you can make it on your own device.

Never use unsecured public WiFi for online purchases. Many public WiFi networks, like the ones at your local café, the gym, a hotel, etc., are completely unsecured and unencrypted. That means anyone with the know-how can easily track all of your online activities while you’re using that network, including any login or banking information. Even worse, hackers are capable of dropping viral payloads onto your device through public networks, which can then spread to your other devices at home.

Always use a VPN when you’re on public WiFi, if you have to use it at all. Otherwise, we suggest using a private mobile hotspot from your phone instead. (See our section on VPNs below.)

Use a password manager to create strong passwords. You can often stop a security breach from spreading out past the initial impact point just by using a trusted password manager, such as LastPass, which will help you create strong passwords. A password manager will create and store them for you, conveniently and securely, so you don’t have to remember them or write them down somewhere. Taking this step will help protect you from potential third-party breaches as well, like the one Amazon announced just before Black Friday in 2018.

Encrypt your traffic with a virtual private network (VPN). A VPN allows you browse privately and securely by shielding your data and location in a tunnel of encryption. So even if you are unwittingly using a compromised network, such as the unsecured public WiFi at your favorite morning coffee stop, your VPN will prevent your private data from being scooped up by cybercriminals. But be sure you’re using a trusted VPN—many free options secretly collect and sell your data to turn a profit.

Install antivirus software and keep it up to date. A VPN will protect your data from being tracked and stolen, but it can’t protect you if you click on a malicious link or download a virus. Make sure your antivirus software is from a reliable provider and that it’s not only installed, but up to date. Most antivirus products today will even update themselves automatically (as long as you don’t turn that feature off), so make sure you have such settings enabled. It may make all the difference when it comes to preventing a security breach.

Keep a close eye your bank and credit accounts for suspicious activity. The fact of the matter is that the holiday season causes a peak in malicious online activity. Be proactive and check all of your financial records regularly for suspicious charges. The faster you can alert your bank or credit provider to these transactions, the faster you can get a replacement card and be back on your merry way.

Don’t fall victim to cybercrime this holiday season. Be mindful of all the links you click and online purchases you make, and be sure to protect your devices (and your data and identity) with a VPN and strong antivirus software!

Cyber News Rundown: Zeppelin Ransomware

Reading Time: ~ 2 min.

Zeppelin Ransomware Spreading

Over the last month, researchers have been monitoring the spread of a new ransomware variant, Zeppelin. This is the latest version of the ransomware-as-a-service that started life as VegaLocker/Buran and has differentiated itself by focusing on healthcare and IT organizations in both the U.S. and Europe. This variant is unique in that extensions are not appended, but rather a file marker called Zeppelin can be found when viewing encrypted files in a hex editor.

German ISP Faces Major GDPR Fine

The German internet service provider (ISP) 1&1 was recently fined for failing to protect the identity of customers who were reaching out to their call centers for support. While the incident took place in 2018, GDPR is clear about imposing fines for organizations that haven’t met security standards, even if retroactive changes were made. 1&1 is attempting to appeal the fines and has begun implementing a new authentication process for confirming customers’ identities over the phone.

Turkish Credit Card Dump

Nearly half a million payment cards belonging to Turkish residents were found in a data dump on a known illicit card selling site. The cards in question are both credit and debit cards and were issued by a variety of banking institutions across Turkey. This likely means that a mediating payment handler was the source of the leak, rather than a specific bank. Even more worrisome, the card dump contained full details on the cardholders, including expiration dates, CVVs, and names; everything a hacker would need to make fraudulent purchases or commit identify theft.

Pensacola Ransomware Attack

The city of Pensacola, Florida was a recent victim of a ransomware attack that stole, then encrypted their entire network before demanding $1 million ransom. In an unusual message, the authors of the Maze ransomware used explicitly stated that they had no connection to the recent shootings at the Pensacola Naval Base, nor were they targeting emergency services with their cyberattack.

Birth Certificate Data Leak

An unnamed organization that provides birth certificate services to U.S. citizens was contacted earlier this week in regard to a data leak of nearly 750,000 birth certificate applications. Within the applications was sensitive information for both the child applicant and their family members, which is highly sought after by scammers because it is relatively easy to open credit accounts for children with no prior credit history. Researchers are still waiting to hear back from the organization after finding this data dump in an unsecured Amazon Web Services bin.

Cyber News Rundown: ZeroCleare Malware

Reading Time: ~ 2 min.

ZeroCleare Malware Wiping Systems

IBM researchers have been tracking the steady rise in ZeroCleare deployments throughout the last year, culminating in a significant rise in 2019. This malware is deployed on both 32 and 64-bit systems in highly targeted attacks, with the capability to completely wipe the system by exploiting the EldoS RawDisk driver (which was also used in prior targeted attacks). The malware itself appears to be spreading through TeamViewer sessions and, though the 32-bit variant seems to crash before wiping can begin, the 64-bit variant has the potential to cause devastating damage to the multi-national corporations being targeted.

FTC Scam Threatens Victims with Terrorism Charges

FTC officials recently made an announcement regarding scam letters purporting to be from the commission and the numerous complaints the letters have sparked from the public. Victims of the scam are told that, due to some suspicious activity, they will be personally and financially monitored as well as face possible charges for terrorism. These types of scams are fairly common and have been in use for many years, often targeting the elderly with greater success.

Take back your privacy. Learn more about the benefits of a VPN.

Misreported Data Breach Costs Hospital Millions

Following an April 2017 complaint, the Office of Civil Rights has issued a fine of $2.175 million after discovering that Sentara Hospitals had distributed the private health information for 577 patients, but only reported eight affected. Moreover, it took over a year for the healthcare provider to take full responsibility for the breach and begin correcting their security policies for handling sensitive information. HIPAA violations are extremely time-sensitive and the slow response from Sentara staff could act as a lesson for other organizations to ensure similar events don’t reoccur.

Android Vulnerability Allows Hackers Easy Access

Researchers have identified a new Android exploit that allows hackers access to banking applications by quickly stealing login credentials after showing the victim a legitimate app icon, requesting additional permissions, and then sending the user to their expected app. Even more worrisome, this vulnerability exists within all current versions of AndroidOS and, while not found on the Google Play Store, some illicit downloaders were distributing it.

Smith & Wesson Hit by Magecart

In the days leading up to Black Friday, one of the largest retail shopping days of the year, malicious skimming code was placed onto the computer systems and, subsequently, the website of Smith & Wesson. In a slight break from the normal Magecart tactics, they attackers were masquerading as a security vendor to make their campaign less visible. The card-skimming code was initially placed onto the website on November 27 and was still active through December 2.

What You Need to Know about Cyberbullying

Reading Time: ~ 2 min.

Have you noticed a decrease in your child’s happiness or an increase in their anxiety? Cyberbullying might be the cause to these behavioral changes.

Bullying is no longer confined to school playgrounds and neighborhood alleys. It has long moved into the online world, thanks to the easy access to technology. Between Twitter, SnapChat, TikTok, Instagram, WhatsApp, or even standard SMS texts, emails and instant messages, cyberbullies have an overwhelming number of technical avenues to exploit.

While cyberbullying can happen to anyone, studies have shown that teens are usually more susceptible to it. The percentage of individuals – middle and high school students from across the U.S. — who have experienced cyberbullying at some point, has more than doubled (19% to 37%) from 2007 to 2019, according to data from the Cyberbullying Research Center.

Before you teach your kids how to respond to cyberbullying, it is important to know what it entails.

Check out our Cybersecurity Education Resources

What is Cyberbullying?

Cyberbullying is bullying that takes place over digital devices like cell phones, tablets, or computers. Even smaller devices like smartwatches and iPods can facilitate cyberbullying. Today, social media platforms act like a breeding ground for cyberbullying.

Cyberbullying usually begins with teasing that turns to harassment. From there it can evolve in many ways, such as impersonation and catfishing, doxxing, or even blackmail through the use of compromising photos.

Catfishing is the process of creating a fake identity online and using it to lure people into a relationship. Teens often engage in impersonation online to humiliate their targets and it is a form of cyberbullying.

Doxxing is used as a method of attack that includes searching, collecting and publishing personal or identifying information about someone on the internet.

Identifying the Warning Signs

When it comes to cyberbullying, just like traditional bullying, there are warning signs for parents to watch for in their child. Although the warning signs may vary, Nemours Children’s Health System has identified the most common ones as:

  • being upset or emotional during or after internet or phone time
  • being overly protective of their digital life and mobile devices
  • withdrawal from family members, friends, and activities
  • missing or avoiding school 
  • a dip in school performance
  • changes in mood, behavior, sleep, or appetite
  • suddenly avoiding the computer or cellphone
  • being nervous or jumpy when getting an instant message, text, or email
  • avoiding conversations about their cell phone activities

Remember, there are free software and apps available to help you restrict content, block domains, or even monitor your child’s online activity.

While having a child who is being cyberbullied is every parent’s nightmare, it’s equally important to understand if your child is cyberbullying others.

Do you believe your child is a cyberbully? That difficult and delicate situation needs its own blog post—but don’t worry, we have you covered.

You’ll also find many cyberbullying prevention and resolution resources on both federal and local levels, as well as support from parents going through similar issues on our community forum.

Preparing your kids for a world where cyberbullying is a reality isn’t easy, but it is necessary. By creating a safe space for your child to talk to you about cyberbullying, you’re setting the foundation to squash this problem quickly if it arises.

Simplified Two-factor Authentication for Webroot

Reading Time: ~ 1 min.

Webroot has evolved its secure login offering from a secondary security code to a full two-factor authentication (2FA) solution for both business and home users.

Webroot’s 2FA has expanded in two areas. We have:

  • Implemented a time-based, one-time password (TOTP) solution that generates a passcode which is active for only a short period of time.
  • Given our users the option to either opt-in or opt-out, especially those that leverage Webroot for home and personal use.

Starting in December, with the new updates, users will find it easier to use industry-vetted options, including Google Authenticator, Microsoft Authenticator, LastPass Authenticator, and Authy 2-Factor Authentication.

Why Two-Factor Authentication?

First and foremost, we encourage all users to opt-in to maintain a higher level of security. Two-factor authentication adds an extra layer of security to your basic login procedure. When logging into an account, the password is a single factor of authentication, and requiring a second factor to prove you are who you say you are adds a layer of security. Each layer of security you add exponentially increases protection from unauthorized access and makes it harder for brute force and credential stuffing attacks to occur.

A Note to Businesses

Users will have the option to opt-in or opt-out of the new Webroot 2FA feature. The Admins tab within our console will show you which of your users have or have not enabled 2FA.

To learn how to enable two-factor authentication, visit the Webroot Community.

Cyber News Rundown: Shade Ransomware Most Distributed Variant

Reading Time: ~ 2 min.

Shade Ransomware Takes Crown as Most Distributed Variant

Over the course of 2019, one ransomware variant, known as Shade, has taken over 50 percent of market share for ransomware delivered via email. Otherwise known as Troldesh, this variant receives regular updates to further improve it’s encrypting and methods of generating additional revenue from both cryptomining and improving traffic to sites that run ads. In just the first half of 2019, attacks using Troldesh dramatically rose from 1,100 to well over 6,000 by the second calendar quarter.

PayMyTab Leaves Customer Data Exposed

For more than a year sensitive customer data belonging to users of the mobile payment app PayMyTab has been publicly exposed in an online database using no security protocols. Even after being contacted multiple times regarding the data breach, the company has yet to fully secure customer data and may have to take drastic measures to fully secure their data storage after allowing virtually unlimited access to anyone with an interest in personal data.

Credentials Dump for Major Service Sites

Login credentials for two highly-trafficked websites were discovered in a data dump earlier this week. One dump belonged to GateHub, a cryptocurrency wallet with potentially up to 1.4 million user credentials stolen, including not only usernames and passwords, but also wallet hashes and keys used for two-factor authentication. The second dump contained information on 800,000 users of EpicBot, a RuneScape bot used to automate tasks in the skill-centric MMORPG. While both dumps appeared on dark web marketplaces on the same day, it also seems coincidental that both sites use bcrypt hashing for passwords, which should make them exceedingly difficult to crack assuming it was set up properly.

Louisiana Government Systems Hit with Ransomware

Multiple Louisiana state service sites were taken offline early Monday morning following a ransomware attack that affected mostly transportation services. All 79 of the state’s DMV locations were forced to close until systems were returned to normal, as they were unable to access DOT services to assist clients. While it is still unclear what variant of ransomware was used, the state of Louisiana did have a cybersecurity team in place to stop any further spread of the infection.

Magecart Targets Macy’s Online

Nearly a week after the initial breach, Macy’s officials noticed some unauthorized access between their main website and an undisclosed third-party site. The breach itself appears to have compromised payment card data for any customers who input their credentials during the first couple weeks of October. Macy’s has since removed the illicitly added code from their sites as well as contacted both payment card providers and affected customers regarding the breach.

5 Tips for Feeling Your Best in Your Home Office

Reading Time: ~ 4 min.

With major advancements in communication technology, many employees and entrepreneurs are opting to work from home at least some of the time. In fact, according to CNBC, 70 percent of people globally worked remotely at least once a week in 2018. And why shouldn’t they? They save gas and time by not commuting, plus they get to work more on their own terms. 

If you’re considering the prospect of working from home (or just knocking out some digital chores), here are five tips to make sure you stay productive and feeling good in your home office.

Get Comfortable

Not so comfortable that you fall asleep, but we all know how miserable an uncomfortable office chair can be. By working at home, you have the opportunity to completely build your own environment. That means finding the right furniture for you. 

If you’re looking for a high-quality office chair, an underrated place to look is gaming chairs, which were built for long hours of sitting. However, a high-quality chair from your local furniture store would likely also do the trick.

Or, maybe instead of sitting all day, you prefer to stand. Luckily, there is an abundance of standing desks available for your choosing, many of which are easily adjustable so you can alternate between sitting and standing.

In addition to ergonomics, you also want to think about how to decorate your home office. For example, having plants in your office can actually help reduce stress and improve productivity. If you can, try to choose a room that has lots of natural lighting, which can help you stay healthy, concentrated, and even sleep better at night.

However you want to set up your home office, it’s important that you do what’s most comfortable for you. 

Limit Distractions…But Not Too Much

If you’re going to be working from home, you may have to deal with more distractions than you would in the office, especially if you have pets or family moving around the house. Because of this, it’s important you try to limit distractions, not letting your eyes wander to the television or Facebook. After all, you may be the only one keeping yourself accountable.

If you have people in the home who could be distracting, make sure you choose an office space that has a door, possibly in a more remote part of the home, rather than working in common spaces. It’s a good idea to also ask your friends and family members to respect your work hours.

At the same time, you will need breaks from time to time, so don’t be afraid to keep distractions at hand, but out of sight. If you know that you struggle with concentration without someone looking over your shoulder, there are a number of apps you could try that help promote focus and productivity

Secure Your Devices

Now that you are in charge of your own office, you may also be in charge of making sure that it is secure. Namely, you want to make sure you have proper cybersecurity measures in place. This will help you keep peace of mind while you’re working, but also ensure you’re not derailed by cybercriminals or unexpected computer failures.

First and foremost, you want to make sure your devices and data are protected with a consumer antivirus (AV) or endpoint protection. If your company consists only of you or you are working remotely from your personal computer, a consumer AV may be right for you. However, if your company has a few employees and you need to manage multiple endpoints, a business endpoint solution is a better option.

Explore the differences between antivirus and businesses endpoint protection.

Regardless of which solution is right for you, it’s important to remember that all security products are not created equal. The top antivirus and endpoint protection products are cloud-based, have a small digital footprint—meaning they won’t slow down your computer—are actively protecting against known and never-before-seen threats, and are able to reverse any damage that occurs if your device is compromised.

Another measure you should consider is backing up your data. While this can be done using a physical external hard drive, they can also be compromised when plugged in. The best option is using a cloud-based backup and recovery service.

Ransomware attacks alone increased over 350 percent in 2017 and have since become more sophisticated, targeting larger victims including government organizations. Given that, protecting your devices and your data is no longer a luxury. It’s a necessity.

Declutter Often

We all know how cluttered a desk can get. Depending on your job, you may have papers strewn about, multiple desktops, or a pile of sticky notes in shorthand you can no longer quite decipher. But a cluttered environment can lead to a cluttered mind. 

In fact, Lynne Gilberg, a professional organizer in Los Angeles, CA told WebMD, “Clutter is bad for your physical and mental health…A lot of people express that they are overwhelmed. They become nonfunctional and nonproductive.” It’s important to keep your area organized and tidy to be more productive and creative in the long run.

Plus, remember that this is still your home, and you may not want your family or guests to consider your office an eyesore. If you’re ever overwhelmed by chaos in your home office, here are some tips for helping clean up your work area.

Separate Personal and Professional

When working from home, it’s easy to blur the lines between your personal and professional lives. However, it is important that you resist this tendency to blend the two. Thinking too much about work at the dinner table can disconnect you from family and friends. And managing day-to-day family tasks while on the clock can hurt productivity.

You may want to establish strict working hours to help keep your two home lives separate. Let’s say from 8-5 you concentrate on work and then, after five p.m., you concentrate on your family, friends, and anything else that may need to get done around the home. 

Looking to build a more complete, detailed schedule? The New York Times highlighted some tips for building a work-from-home schedule that will help you stay on task and stay productive.

Some Final Tips for Your Home Office

  • Consider getting exercise equipment for short breaks. Things like resistance bands, small weights, or even a treadmill can help keep your blood flowing on a long work day.
  • Stock up on supplies. You’ll still need pens, paper, and other work supplies in your home office. Make sure you are always stocked.
  • Dress for work. Just because you have the option to work in your underwear, doesn’t mean you should.

To learn more about how criminals are targeting the healthcare industry, as well as what needs to be done about it, check out the second installment of this blog: Healthcare Cyber Threats That Should Keep You up at Night.

Cyber News Rundown: Orvis Password Leak

Reading Time: ~ 2 min.

Orvis Internal Credentials Leaked

A database containing login credentials for numerous internal systems belonging to Orvis, one of America’s oldest retailers, was found to be publicly available for an unknown amount of time. Why the database was publicly accessible at all is still unclear, but the retailer has determined that many credentials were for decommissioned devices. They managed to resolve the security dilemma for the remaining devices relatively quickly.

Mexican Oil Company Hit by Ransomware Attack

A few days ago, Pemex Oil was targeted by a ransomware attack that, according to reports, affected 5% of their computer systems. The demanded ransom, as displayed by the note left by the DoppelPaymer ransomware variant, was 565 bitcoins, or roughly $4.9 million. Fortunately, Pemex had a decent security strategy in place and was able to get their operations running normally by the following day.

Facebook Bug Turns on iPhone Cameras

The latest bug from Facebook is one that turns on the user’s iPhone camera when they open the Facebook app. It appears the bug only works on phones running iOS version 13.2.2, and for users who accepted permissions to allow the app to access the camera. Unfortunately for Facebook, many of its users are already wary of the company’s privacy policies, and so-called “bugs” like this one only serve to increase the level of distrust within its customer base.

PureLocker Ported to All Major Operating Systems

A new ransomware variant, PureLocker, has been successfully ported from Windows® operating systems to both MacOS® and Linux® systems with the typical capacity to fully encrypt all discovered files. Researchers have found that it encrypts files on compromised systems using .CR1 as the file extension, a tag which also appears in the text-based ransom note. This may be tied to a particular affiliate, as PureLocker is being distributed as Ransomware-as-a-Service.

Cyberattack on UK Labour Party

Officials for the UK Labour Party have issued a statement regarding a cyberattack on their computer systems, though it appears that the security they had in place was enough to repel the attack. While they are still unsure as to the origin of the attack, they were able to determine that it was a DDoS attack (Distributed Denial of Service), which floods the targeted systems with an overwhelming amount of cyber-traffic.