Reading Time: ~< 1 min.

The Evolution of Cybercrime

From Landline Hacking to Cryptojacking By its very nature, cybercrime must evolve to survive. Not only are cybersecurity experts constantly working to close hacking loopholes and prevent zero-day events, but technology itself is always evolving. This means...

A Chat with Kiran Kumar: Webroot Product Director

The process of bringing a cybersecurity product to market can be long and tedious, but Kiran Kumar, Product Director at Webroot, loves to oversee all the moving parts. It keeps him on his toes and immersed in the ever-changing world of security technology. We sat down...

How To Keep Better Tabs on Your Connected Apps

Not that long ago, before data breaches dominated daily headlines, we felt secure with our social media apps. Conveniently, every website seemed to allow logging in with Facebook or Twitter instead of creating a whole new password, and families of apps quickly became...

Four Tips to Help Tidy Up Your Tech

This spring, many of us will roll up our sleeves and get down to business decluttering our homes. Garage sales will be held, basement storage rooms will be re-organized, and donations will be made.  Shouldn’t the same thing happen in our digital lives? After all, the...

How to Keep Your Kids Safe Online

Reading Time: ~4 min.

As digital natives become more immersed in and dependent upon technology, they are likely to experience “cyber fatigue,” which can be thought of cybersecurity complacency. Paired with the invincible feeling that often accompanies being young, this can be a dangerous combination. It’s easy to mistakenly believe that hacked devices and identity theft are things that only happen to adults. Kids and teenagers, however, are just as high-risk and the impacts of cybersecurity breaches could potentially affect them for years into their future. So how can we protect our kids’ digital lives in the same way we protect their offline lives?

Frank Conversations

The internet may seem like a playground of endless entertainment, but we need to educate our children about the dangers that exist there as well. Have you had a friend or family member who’s been hacked or somehow had important information compromised? Talk to your kids about it, how it happened, why it happened, and the work needed to fix it. These real-life examples may be one of your most powerful education tools, as they help children more concretely understand the concept of cybersecurity threats. Demonstrating that these things can happen to anyone, including them, is the quickest way to get their cybersecurity guard up. Looking for fresh ideas on how to talk to your kids about cybersecurity? Check out the Webroot Community for advice and tips.

Common Scams

Teach your children about the most common cybersecurity threats, especially ones that are particularly pervasive on social media, including phishing, identity theft, and malicious websites. They should never accept private messages from people they don’t know, or click on links from friends or family that seem out of character or suspect. If they aren’t sure a message from a friend is actually from that individual, they should not hesitate to verify their identity by calling them, or by asking specific questions only that individual would know. The comments sections of websites like YouTube are also potential flashpoints. Clever comments can entice users into clicking on a risky link that navigates them to a malicious site.

Illegal Downloads

The temptation to download an illegal copy of a favorite movie, game, or album can be strong, but ethical and legal implications aside, it remains one of the most risky online behaviors. In fact, a recent study found that there was a 20% increase in malware infection rates associated with visits to infringing sites. Make sure your kids know the impact illegal downloads have on their security, and inform them of alternative streaming and download options. If you’re able, give your child an allowance for services like Steam for video games, or Amazon Video for films and shows. Providing them with alternative options is the best way to keep your child from giving into the temptation of illegally torrenting content.

Mobile Safety

A recent study found that people aged 15 to 24 spend about four hours a day on their phones. This works out to roughly 1,456 hours of mobile engagement a year, making mobile devices one of the most vulnerable entry points for cybersecurity breaches. Make sure your child’s phone is protected with a pin number, password, or biometrics on the lock screen, and that they know to leave Bluetooth turned off when not in use. Connecting to public WiFi networks could also leave your child vulnerable, but you can protect their devices from open networks by securing them with a VPN.

Digital Footprint

Many young people today use anonymous or “private” messaging services, like Whisper, Sarahah, or Snapchat, believing that they are protected by the apparent anonymity. However, cybersecurity experts have long been critical of these services, as nothing online is 100% anonymous.

“There is no single app that is capable of providing complete anonymity,” says Randy Abrams, Sr. Security Analyst at Webroot. “Even though someone may think they are anonymous, our online behavior allows people to track and identify us. Apps that claim to provide anonymity often collect and sell personally identifying data left behind from internet searches.”

“Some apps may offer much higher degrees of anonymity, but it takes a tremendous amount of knowledge and discipline to be anonymous,” he adds. “If an app requires access to your contacts, pictures, storage, location or the ability to make and receive phone calls or SMS messages, anonymity quickly starts to disappear.”

Free applications have to make a profit somewhere, which often means that they are storing, tracking and selling user data. This is particularly dangerous as users are lulled into a false sense of security, which can quickly be shattered when these services are affected by a cybersecurity breach. Make sure your kids know nothing they say online is truly private, and that a negative digital footprint can drastically alter the course of their lives.

Shared Responsibility

We believe cybersecurity is a shared responsibility, and that it is not just up to parents to educate digital natives. This is why we’ve developed a cybersecurity awareness initiative with the Aurora Public School System in Colorado. In addition to providing students with online safety tips, we’ve given them insights on potential career paths, and connected them with our engineers to solve problems using skills like math and coding that could benefit them later in their careers.

We encourage parents to explore and advocate for cybersecurity and STEM education opportunities for children in their local communities. For more educational content to help keep your family safe from cyber threats, visit the Home + Mobile section of our blog.

Cyber News Rundown: Infowars Hacked by Card Skimmers

Reading Time: ~2 min.

Infowars Online Site Compromised by MageCart Attack

Earlier this week, a security researcher found payment card-stealing scripts running on the Infowars online site. The scripts managed to stay active for nearly 24 hours. At least 1,600 users of the site may have been affected during this period, though many were returning customers who wouldn’t have had to re-enter their payment information into the compromised forms. As of writing, the malicious scripts being used by Magecart are active on nearly 100 other online stores, with almost 20% getting re-infected within a two-week period.

Scammers Syphon €19 Million From French Film Company

A lawsuit recently revealed that savvy scammers successfully took nearly €19 million through a series of unauthorized transfers from a spoofed personal email address of the company’s CEO. After requesting additional information from the scammers, who continued to provide highly-detailed documents suggesting their legitimacy, several payments were transferred from the company’s main cash pool with promises of a quick payback from the scammers.

Chinese Headmaster Caught Cryptomining on School’s Systems

The headmaster of a Chinese school was fired after staff discovered an excessively high power bill previously written off as a faulty HVAC system was actually caused by several cryptomining rigs running off the school’s electricity. The headmaster brought the mining machines into the school in mid-2017 and evaded blame for the excess power consumption until the physical proof was discovered. While it appears no other harm was done, cryptomining software can be dangerous, as you can never be sure nothing else is bundled with it.

New Botnet Exploits Unpatched Bug in Over 100,000 Devices

Researchers have been monitoring a relatively new botnet that is currently controlling over 100,000 devices, including 116 device types from multiple manufacturers. By taking advantage of well-known bugs within Universal Plug n Play, hackers can quickly take control of the device and begin monitoring traffic from outside of the network.

Cathay Pacific Airlines Cyberattack Occurred Over Several Months

After originally claiming a data breach had taken place last month, affecting 9.4 million customers, new findings have shown the attacks have been happening regularly since March. Even though local laws didn’t require the company to notify authorities regarding a data breach, it is still surprising that it has taken almost nine months to determine what data had been exposed and what hadn’t.

Cyber Monday: Big Savings, Big Risks

Reading Time: ~3 min.

What business owners and MSPs should know about the year’s biggest online retail holiday

It’s no secret that Black Friday and Cyber Monday are marked by an uptick in online shopping. Cyber Monday 2017 marked the single largest day of online sales to date, with reported sales figures upwards of $6.5 billion. Data from Webroot charted a 58 percent increase in traffic to shopping sites on that day. And while Black Friday originated as a day to tussle with your neighbors for deals in person, online retailers like Amazon and eBay wouldn’t be left out and have begun offering their own deals.

What’s less often discussed is the corresponding rise in cybercrime that accompanies these online retail holidays. Webroot noted a surge in phishing and fraud sites of 203 percent between November 19 and December 5, with the number of such sites peaking on Cyber Monday. Instances of spyware and adware also rose 57 percent during the busy holiday shopping period, again peaking on Cyber Monday.

The Problem with Cyber Monday

For business owners and those in IT, Cyber Monday likely means lost productivity as employees bargain hunt at work rather than actually work. (It’s interesting to note that, according to CNET, the first Cyber Monday in 2005 was intentionally made to fall on a weekday so workers could browse shopping sites on faster computers.) As our data shows, more than just a few hours of lost productivity are at stake.

Employees expose business owners to greater risks of phishing scams, ransomware, and other types of attack that could significantly lengthen downtimes for all employees, or even shutter a business completely. According to a Better Business Bureau study on cybercrime, more than half of businesses would cease to be profitable within a month if a ransomware attack were to lock them out of essential data.

What’s a Business Owner to Do about Cyber Monday?

Whether you’re a business owner or provide IT services, you’re likely to see employees or clients indulging in deals this Cyber Monday. But there are strategies for limiting your risk on November 26. As with much of cybersecurity, you can manage your policy for online shopping based on what you consider acceptable levels of risk.

With network-level protection it’s possible to block access to any sites categorized as “shopping,” while still whitelisting trusted domains. Our research shows Amazon, the Apple iTunes Store, and Walmart rounded out the top three most visited shopping sites last Cyber Monday, so employers may want to consider whitelisting those sites specifically, while still blocking less reputable ones. Webroot offers DNS protection with the ability to filter according to more than 80 categories, including gambling, adult content, and weapons, as well as shopping. Set a policy to block the shopping category this Cyber Monday, with your own tailored exceptions and presto, problem solved.

There are also other, less prohibitive strategies for protecting employees and clients, too. Tools like Webroot’s Web Classification and Reputation services forecast the risks of visiting more than 27 billion URLs, which can help user determine if that deal really is a little too good to be true. IP Reputation Services make a similar determination based on an IP’s risk score.

Real-Time phishing protection and hands-on phishing simulations can go a long way toward improving security, too. The surge in these types of attacks represents cybercriminals focus on the weakest element of a company’s IT security: the end users themselves. Catching phishing attacks before they’re clicked and teaching users to be vigilant about threats by using custom phishing templates are paramount to your business’s security posture.

So there are a variety of methods for limiting disruption from online shopping in the workplace, so business owners and managed service providers shouldn’t let Cyber Monday come and go without preparation. Employees will almost certainly be on an online hunt for deals and cybercriminals know it.

Focus on security now, before a user’s big savings end up costing you.

Cyber News Rundown: HSBC Data Breach

Reading Time: ~2 min.

Data Breach Nabs HSBC Account Info

HSBC has been monitoring some unauthorized access occurring over a ten-day period on their customer’s online accounts. During this time, attackers used credentials that were likely part of prior breaches to access numerous accounts. HSBC worked quickly to disable online access to any accounts that showed suspicious activity. The bank also began notifying potential victims of the incident and have taken additional steps in securing their online access points.

Latest Chrome Iteration Cracks Down on Annoyances

With the rollout of Google’s Chrome 71, the company is looking to enhance the user experience by blocking all advertisements on sites that have continued to allow the hosting of offensive material. Chrome 71 will also be more efficient at blocking phishing attacks and misleading pop-up notifications that may redirect users. Fortunately, sites that are flagged can check their status and are given 30 days to correct for offending content.

University Shuts Down Network Over Cryptomining

A Canadian University was forced to shut down its entire network after IT staff discovered a cryptocurrency miner operating illicitly on several university systems. While they are still unsure who installed the cryptominer, they have removed the software from the systems and brought the remainder of the networks back online. Along with slowly restoring the remaining services taken offline, the university also forced a password change for all current users.

Cardless ATMs Lead to Rise in Phishing Attacks

Several arrests in Ohio have recently revealed a new scam that leverages SMS phishing attacks to withdraw money from ATMs that don’t require the use of a bank card. By sending a victim’s smartphone an SMS message containing a link to “unlock” their accounts, they are redirected to a phony site that steals their credentials. The scam has netted the attackers nearly $68,000 over a two-week period.

Twitter Bitcoin Scammers Take Over Verified Accounts

Even as Twitter-based Bitcoin scams have slowed, a new Elon Musk spoof account has popped up with the usual offer to multiply any amount of Bitcoins received and return the inflated amount. This scammer may have the benefit of taking over a verified account, but modifications to the profile name and obvious spelling errors reveal its clearly not legitimate, though it does leave raise questions regarding the verification system’s security.

Reducing Risk with Ongoing Cybersecurity Awareness Training

Reading Time: ~3 min.

Threat researchers and other cybersecurity industry analysts spend much of their time trying to anticipate the next major malware strain or exploit with the potential to cause millions of dollars in damage, disrupt global commerce, or put individuals at physical risk by targeting critical infrastructure.

However, a new Webroot survey of principals at 500 small to medium-sized businesses (SMBs), suggests that phishing attacks and other forms of social engineering actually represent the most real and immediate threat to the health of their business.

Twenty-four percent of SMBs consider phishing scams as their most significant threat, the highest for any single method of attack, and ahead of ransomware at 19 percent.

Statistics released by the FBI this past summer in its 2017 Internet Crime Report reinforce the scope of the problem. Costing nearly $30 million in total losses last year, phishing and other social engineering attacks were the third leading crime by volume of complaints, behind only personal data breaches and non-payment/non-delivery of services. Verizon Wireless’s 2018 Data Breach Investigations Report, a thorough and well-researched annual study we cite often, blames 93 percent of successful breaches on phishing and pretexting, another social engineering tactic.

Cybersecurity Awareness Training as the Way Forward

So how are businesses responding? In short, not well.

24 percent of principals see phishing scams as the number one threat facing their business. Only 35 percent are doing something about it with cybersecurity awareness training.

One of the more insidious aspects of phishing as a method of attack is that even some otherwise strong email security gateways, network firewalls and endpoint security solutions are often unable to stop it. The tallest walls in the world won’t protect you when your users give away the keys to the castle. And that’s exactly what happens in a successful phishing scam.

Despite this, our survey found that 65 percent of SMBs reported having no employee training on cybersecurity best practices. So far in 2018, World Cup phishing scams, compromised MailChimp accounts, and opportunist GDPR hoaxers have all experienced some success, among many others.

So, can training change user behavior to stop handing over the keys to the castle? Yes! Cybersecurity awareness training, when it includes features like realistic phishing simulations and engaging, topical content, can elevate the security IQ of users, reducing user error and improving the organization’s security posture along the way.

The research and advisory firm Gartner maintains that applied examples of cybersecurity awareness training easily justify its costs. According to their data, untrained users click on 90 percent of the links within emails received from outside email addresses, causing 10,000 malware infections within a single year. By their calculations, these infections led to an overall loss of productivity of 15,000 hours per year. Assuming an average wage of $85/hr, lost productive costs reach $1,275,000 which does not necessarily account for other potential costs such as reputational damage, remediation cost, or fines associated with breaches.

One premium managed IT firm conducted its first wave of phishing simulation tests and found their failure rate to be approximately 18 percent. But after two to three rounds of training, they saw the rate drop to a much healthier 3 percent.1

And it’s not just phishing attacks users must be trained to identify. Only 20 percent of the SMBs in our survey enforced strong password management. Ransomware also remains a significant threat, and there are technological aspects to regulatory compliance that users are rarely fully trained on. Even the most basic educational courses on these threats would go a long way toward bolstering a user’s security IQ and the organizations cybersecurity posture.

Finding after finding suggests that training on cybersecurity best practices produces results. When implemented as part of a layered cybersecurity strategy, cybersecurity awareness training improves SMB security by reducing the risks of end-user hacking and creating a workforce of cyber-savvy end users with the tools they need to defend themselves from threats.

All that remains to be seen is whether a business will act in time to protect against their next phishing attack and prevent a potentially catastrophic breach.

You can access the findings of our SMB Pulse Survey here.

1 Webroot. “Why Security Awareness Training is an Essential Part of Your Security Strategy” (November, 2018)

Password Constraints and Their Unintended Security Consequences

Reading Time: ~5 min.

You’re probably familiar with some of the most common requirements for creating passwords. A mix of upper and lowercase letters is a simple example. These are known as password constraints. They’re rules for how you must construct a password. If your password must be at least eight characters long, contain lower case, uppercase, numbers and symbol characters, then you have one length, and four character set constraints.

Password constraints eliminate a number of both good and bad passwords. I had never heard anyone ask “how many potential passwords, good and bad, are eliminated?” And so I began searching for the answer. The results were surprising. If you want to know the precise number of possible 8-character passwords there are if all of the character sets must be used, then the equation looks something like this.

A serious limitation of this approach is that it tells you nothing about the effects of each constraint alone or relative to other constraints. (I’m also not sure if there were supposed to be four consecutive ∑s or if the mathematician was stuttering.)

We choose to use a Monte Carlo simulation to analyze the mathematical impact of the various combinations of constraints. A Monte Carlo simulation uses a statistical analysis approach that provides a close approximation of the answer, while also providing the flexibility to quickly and easily measure the impact of each constraint and combination of constraints.

A look at minimum length limits

To start, let’s look at the impact of an eight-character length constraint alone. There are 95^8 possible combinations of 8 characters. 26 uppercase letters + 26 lowercase letters + 10 numerals + 33 symbols = 95 characters. For a length of 8 characters, we have 95˄8 possible passwords.

If a password must be at least 8 characters long, then there are also about 70.6 trillion otherwise viable passwords you are not allowed to use (95+(95^2 ) +(95^3 ) +(95^4 ) +(95^5)+(95^6 )+(95^7)). That’s a good thing. It means you can’t use 95 one character passwords, 9,025 two character passwords, and so on. Almost 70 trillion of those passwords you cannot use are seven characters long. This is a great and wholly intended effect of a password length constraint.

The problem with a lack of constraints is that people will use a very small set of all possible passwords, which invariably includes passwords that are incredibly easy to guess. In the analysis of over one million leaked passwords, it was found that 30.8 percent passwords eight to 11 characters long contained only lowercase letters, and 43.9 percent contained only lowercase letters and numbers.  In fact, to perform a primitive brute force attack against an eight-character password containing only lower case letters, it’s only necessary to try about 209 billion character combinations. That does not take a computer very long to crack. And, as we know from analyzing large numbers of passwords, it’s likely to contain one of the most popular ten thousand passwords.

To beef up security, we begin to add character constraints. But, in doing so, we decrease the number of possible passwords; both good and bad.

Just by requiring both uppercase and lowercase letters, more than 15 percent of all possible 8-character combinations have been eliminated as possible passwords. This means that 1QV5#T&|cannot be a password because there are no lowercase letters. Compared to Darnrats,which meets the constraint requirements, 1QV5#T&|is a fantastic password. But you cannot use it. Superior passwords that cannot be used are acceptable collateral damage in the battle for better security. “Corndogs” is acceptable, but “fruit&veggies” is not. This clearly is not a battle for lower cholesterol.

As constraints pile up, possibilities shrink

If a password must be exactly eight characters long and contain at least one lower case letter, at least one uppercase letter and at least one symbol, we are getting close to one-in-five combinations of 8 characters that are not allowable as passwords. Still, the effect of constraints on 12 and 16 character passwords is negligible. But that is all about to change… you can count on it.

Are you required to use a password that is at least eight characters long, has lower and uppercase letters, number and symbols? Just requiring a number to be part of a password removes over 40 percent of 8-character combinations from the pool of possible passwords. Even though you can use lowercase and uppercase letters, and you can use symbols, if one of the characters in your password must be a number then there are far fewer great passwords that you can use. If a 16 character long password must have a number, then 13 times more potential passwords have become illegal as a result of that one constraint than the combined constraints of lower and uppercase letters and symbols caused. More than one-in-four combinations of 12 characters can no longer become a passwords either.

You might have noticed that there is little effect on the longer passwords. Frequently there is also very little value in imposing constraints on long passwords. This is because each additional character in a password grows the pool of passwords exponentially. There are 6.5 million times as many combinations of 16 character pass words using only lowercase letters than there are of eight character passwords using all four character sets. That means that “toodlesmypoodles” is going to be a whole lot harder to crack than “I81B@gle”

Long and simple is better than short and hard

People tend to be very predictable. There are more symbols (than there are in any other characters set. Theoretically that means that symbols are going to do the most to make a password strong, but 80 percent of the time it is going to be one of the top five most frequently used symbols, and 95 percent of the time is will be one of the top 10 most frequently used symbols.

Analysis of two million compromised passwords showed that about one in 14 passwords start with the number one, however for those that started with the number one, 75 percent of them ended with a number as well.

The use of birthdays and names, for example, make it much easier to quickly crack many passwords.

Password strength: It’s length, not complexity that matters

As covered above, all four character sets (95 characters) in an eight character password allow for about 6.634 quadrillion different password possibilities. But a 16 character password with only lowercase letters has about 43.8 sextillion possible passwords. That means that there are well over 6.5 million times more possible passwords for 16 consecutive lowercase letters than for any combination of eight characters regardless of how complex the password is.

My great password is “cats and hippos are friends!”, but I can’t use it because of constraints – and because I just told you what it is.

For years password experts have been advocating for the use of simple passphrases over complex passwords because they are stronger and simpler to remember. I’d like to throw a bit of gasoline on to the fire and tell you, those 95^8 combinations of characters are only  half that many when you tell me I have to use uppercase, lowercase, numbers, and symbols.

Cyber News Rundown: DemonBot Rising

Reading Time: ~2 min.

DemonBot Botnet Gaining Traction

DemonBot, while not the most sophisticated botnet discovered to date, has seen a significant rise in usage over the last week. With the ability to take control of Hadoop cloud frameworks, DemonBot has been using the platform to carry out DDoS attacks across the globe. By exploiting Hadoop’s resource management functionality, the infection can quickly spread itself and allows for remote code execution on affected servers.

Cyber Attack Leaves Pakistani Bank Under Scrutiny

Bank Islami, one of the largest banks in Pakistan, announced that an unusual attack had occurred involving local cards used far outside of the country’s borders. While the bank was quick to return the funds removed from customer’s accounts, the remainder of the malicious transactions processed internationally have the bank being on the hook for nearly $6 million in phony withdrawals, mainly in the US and Brazil. Unfortunately, due to a lack of information regarding the malicious transactions, several other top banks in the country were forced to temporarily restrict international purchases to protect their own clients.

UK Industrial Credentials for Sale

Researchers recently discovered the credentials for over 600,000 individuals, all closely tied to construction or building firms, available for sale on the dark web. Presently it appears that the credentials were all compromised during breaches involving third-parties users would have given corporate email into, rather than specific breaches for the industry group. Fortunately, it appears there haven’t been any related breaches thus far, though this type of data could lead to additional sensitive information being stolen.

Ransomware Demands RDP Access to Encrypted System

A new ransomware variant has been making an unusual request from its victims: allowing remote desktop access in order to decrypt their files. Dubbed CommonRansom, due to the appended extension on the encrypted files, the variant also demands a 0.1 Bitcoin payment before making the request for administrator credentials to the victim’s computer. Even though this variant isn’t widespread, it does appear to be using a similar Bitcoin wallet as other infections, as 65 Bitcoins were recently sent from the designated wallet.

USGS Auditors Find Porn-related Malware on Government Network

Following a recent audit of the US Geological Survey, agency inspectors discovered Russian malware circulating the internal network and were able to trace it back to one employee who had visited over 9,000 pornographic websites from his government-issued computer. The employee was also found to be

Cyber News Rundown: Medicare Data Breach

Reading Time: ~2 min.

Data Breach Affects Centers for Medicare & Medicaid Services

The Centers for Medicare & Medicaid Services (CMS) announced last week they had discovered malicious activity within their direct enrollment pathway, which connects patients and healthcare brokers. At least 75,000 individuals were affected. The pathway has since been disabled to prevent further exposure. Until the pathway is fixed, hopefully within a week, CMS is contacting affected patients and offering them credit protection services.

Ransomware Disables City’s Computer Systems

City officials in West Haven, Connecticut finally gave in to ransom demands following a cyberattack against their systems. The attack began early Tuesday morning and disabled 23 individual servers before a decision was made to pay a ransom in hopes for the return of their data. While it is still unclear if the systems were fully restored, the town was lucky to receive a relatively small ransom request ($2,000 given the significant amount of data stolen.

User Data Exposed on Adult Sites

A string of eight adult sites, all owned by the same individual, fell victim to hackers who took advantage of poor security to expose records for up to 1.2 million individuals. While not as large as similar adult-related breaches, it still presents questions as to why proper security measures aren’t put in place on these sites proactively. The owner of the sites has since taken them down and replaced them with messages warning users to update their passwords and take extra security precautions.

McAfee Tech Support Scam on the Rise

A new browser-based tech support scam has been spotted recently that warns users their McAfee subscription has run out and needs to be renewed. Rather than redirect victims through an affiliate link to the real McAfee site, though, this latest scam directly prompts the user to input payment card information and other personal data into a small pop-up window. To top it off, once payment info is entered, an additional pop-up appears that suggests contacting support to help install your new software and eventually falsely claiming payment wasn’t successful and users must re-purchase the software.

Iowa City Shuts Down After Ransomware Attack

The city of Muscatine, Iowa is working to determine how several of their main computer systems, both within city hall and its library, were infiltrated by ransomware that’s knocked them offline. Officials have announced that no information was stolen and the city does not maintain any payment records, so citizens shouldn’t be worried. The city’s emergency services were also unaffected and continue to operate as normal.

5 Tips for Optimizing Your VPN Experience

Reading Time: ~3 min.

By now, you likely know that a Virtual Private Network (VPN) is essential to remaining safe when working remotely. But, once set up, how can you optimize your VPN to work well with your devices and meet your security needs? Here are our top five tips for maximizing your VPN experience.

Pair it with an Antivirus

One of the biggest misconceptions about VPNs is that they protect your device from malicious programs. While a VPN will encrypt your network traffic, preventing others from viewing intercepted data, most do not warn you when you visit dangerous sites. If your VPN provides advanced web filtering for risky sites, that can be an additional defense against cyber threats such as malware and phishing.  Alternatively, while strong antivirus software actively monitors for viruses and malware within files and applications, it does not encrypt your data or prevent it from being monitored. Both are equally important for protecting your devices, and are ideally used together. Combining the two services provides additional security.

Enable a Kill Switch

Setting up a VPN to keep your data safe is an important first step, but what happens if your VPN server goes down or disconnects while you are entering sensitive data and you don’t notice the connection was lost? Without the protection of a VPN kill switch, your devices will often automatically reconnect to the network without alerting you, this time without the protection of your VPN. A kill switch feature blocks sending and receiving data until the VPN connection is re-established.. For maximum protection, select a VPN with a kill switch feature and ensure it has been enabled.

Understand the Impact of Setting Up a VPN on Your Router

Having a VPN on your home router may seem like a helpful boost to your cybersecurity, but it’s actually the opposite. Most routers lack the processing power of a modern CPU, meaning that even older personal devices (phones, tablets, computers) will have a much easier time handling the task of encrypting/decrypting data than your router will. Instead, set up a VPN for each personal device to prevent a bottleneck of data to your router while simultaneously securing it at all access points. Selecting an easy-to-use VPN solution with cross-device functionality will make this task much easier on the end user, while providing maximum security.

Protect All of Your Smart Devices

When it comes to cybersecurity, we tend to imagine a nefarious hacker out to steal and sell your data. But not all data collection is illegal. Your Internet Service Provider (ISP) has a vested interest in tracking your streaming habits, and they may even throttle your network depending on your usage. Our phones, computers, and tablets are each a potential interception point for our private data. Securing each of your smart devices with a VPN, even those that stay in your home, is the best way to prevent your data from potentially being monitored by third parties. 

Encrypt Your LTE Connection

While your cellular network is more secure than public WiFi options, it remains vulnerable to an attack. LTE user data can be exploited by what is known as an “aLTEr attack”. This attack redirects domain name system (DNS) requests, performing a DNS spoofing attack that can fool your device into using a malicious DNS server. This spoofed DNS server will deliver you to websites as normal until you request a high-value website the attack is targeting, like your banking or email provider. Oftentimes this fake website will scrape your data before you realize what has happened. You give yourself an extra layer of security by wrapping your LTE connection in a VPN, allowing you to access your most sensitive data confidently.

When it comes to getting the most out of your VPN, this list is just the beginning. Our privacy concerns and security needs will continue to change as our connected devices mature and we recommend keeping an eye on your VPN provider for any potential updates to their services.

Ready to take back control of your privacy? Learn how our Webroot WiFi Security VPN protects what matters most wherever you connect.

Cyber News Rundown: Voter Records for Sale

Reading Time: ~2 min.

2018 Voter Records for Sale

As the United States midterm elections draw closer, concern surrounding voter information is on the rise, and for good reason. Records for nearly 35 million registered voters from 19 different states were found for sale on a hacker forum, with prices ranging from $500 to $12,500, depending on the state. Unfortunately, a crowdfunding campaign has begun on the forums to purchase each database and post them publicly, with 2 states already being published.

County Water Utility Struck by Ransomware

Just a week after Hurricane Florence hit land in North Carolina, a coastline county’s water utilities fell victim to a ransomware attack. Effectively shutting down all services during a time when they are working on emergency operations left the local water authority with limited capabilities until they began the lengthy process of restoring everything from backup files. By choosing to ignore the ransom and restore manually, the utility service has taken on a more time and resource consuming task, as they continue operating without any of their online systems.

PS4 Exploit Causes System Crash

A new exploit has been discovered that allows attackers to send a malicious message to other PlayStations that will effectively render the console unusable. The message itself doesn’t even need to be opened to cause considerable damage, resulting in most users performing a factory reset to return everything to normal. While some users have been successful in deleting the message from the mobile app before it causes any harm, others still had to rebuild the system’s database.

iPhone Passcode Bypass Still Active

Days after Apple released a patch for iOS 12.0 that shutdown a passcode bypass method, the same researcher was able to find yet another way to access the phone illicitly. By using a combination of Siri and the VoiceOver feature, anyone with physical access to the device could obtain pictures, and other data with ease. To make matters worse, the latest bypass also gives attackers the ability to send files to other devices and view them in full resolution, rather than minimized like the previous bypass allowed.

Massive Phishing Campaign Targets Iceland

Over the weekend, thousands of emails were sent out to the relatively small population of Iceland, most of which claimed to be from the local police and threatened judicial action if they did not comply. The email then linked victims to a nearly perfect replica of the official Icelandic Police website and requested their social security number. The attack itself was focused on gaining bank details and further compromising already infected computers for more information.

Responding to Risk in an Evolving Threat Landscape

Reading Time: ~3 min.

There’s a reason major industry players have been discussing cybersecurity more and more: the stakes are at an all-time high for virtually every business today. Cybersecurity is not a matter businesses can afford to push off or misunderstand—especially small and medium-sized businesses (SMBs), which have emerged as prime targets for cyberattacks. The risk level for this group in particular has increased exponentially, with 57% of SMBs reporting an increase in attack volume over the past 12 months, and the current reality—while serious—is actually quite straightforward for managed service providers (MSPs):

  • Your SMB clients will be attacked.
  • Basic security will not stop an attack.
  • The MSP will be held accountable.

While MSPs may have historically set up clients with “effective” security measures, the threat landscape is changing and the evolution of risk needs to be properly, and immediately, addressed. This means redefining how your clients think about risk and encouraging them to respond to the significant increase in attack volume with security measures that will actually prove effective in today’s threat environment.

Even if the security tools you’ve been leveraging are 99.99% effective, risk has evolved from minimal to material due simply to the fact that there are far more security events per year than ever before.

Again, the state of cybersecurity today is pretty straightforward: with advanced threats like rapidly evolving and hyper-targeted malware, ransomware, and user-enabled breaches, foundational security tools aren’t enough to keep SMB clients secure. Their data is valuable, and there is real risk of a breach if they remain vulnerable.Additional layers of security need to be added to the equation to provide holistic protection. Otherwise, your opportunity to fulfill the role as your clients’ managed security services providerwill be missed, and your SMB clients could be exposed to existential risk.

Steps for Responding to Heightened Risk as an MSP

Step 1: Understand Risk

Start by discussing “acceptable risk.” Your client should understand that there will always be some level of risk in today’s cyber landscape. Working together to define a businesses’ acceptable risk, and to determine what it will take to maintain an acceptable risk level, will solidify your partnership. Keep in mind that security needs to be both proactive and reactive in its capabilities for risk levels to remain in check.

Step 2: Establish Your Security Strategy

Once you’ve identified where the gaps in your client’s protection lie, map them to the type of security services that will keep those risks constantly managed. Providing regular visibility into security gaps, offering cybersecurity training,and leveraging more advanced and comprehensive security tools will ultimately get the client to their desired state of protection—and that should be clearly communicated upfront.

Step 3: Prepare for the Worst

At this point, it’s not a question of ifSMBs will experience a cyberattack, but when. That’s why it’s important to establish ongoing, communicative relationships with all clients. Assure clients that your security services will improve their risk level over time, and that you will maintain acceptable risk levels by consistently identifying, prioritizing, and mitigating gaps in coverage. This essentially justifies additional costs and opens you to upsell opportunities over the course of your relationship.

Step 4: Live up to Your Promises Through People, Processes, and Technology

Keeping your security solutions well-defined and client communication clear will help validate your offering. Through a combination of advanced software and services, you can build a framework that maps to your clients’ specific security needs so you’re providing the technologies that are now essential for securing their business from modern attacks.

Once you understand how to effectively respond to new and shifting risks, you’ll be in the best possible position to keep your clients secure and avoid potentially debilitating breaches.

Webroot WiFi Security: Expanding Our Commitment to Security & Privacy

Reading Time: ~3 min.

For the past 20 years, Webroot’s technology has been driven by our dedication to protecting users from malware, viruses, and other online threats. The release of Webroot® WiFi Security—a new virtual private network (VPN) app for phones, computers, and tablets—is the next step in fulfilling our commitment to protect everyone’s right to be secure in a connected world.

“Launching Webroot WiFi Security is a valuable and exciting progression in our mission,” said Webroot Director of Consumer Product Andy Mallinger. “Antivirus solutions protect your devices from malware and other cyber threats, and a VPN protects your data as it’s sent and received over networks—especially public networks. This combination allows us to extend our protection of personal data beyond the device to the network.”

Shifting tides

Webroot WiFi Security arrives at a time when the fragile state of our online privacy is becoming more apparent and better understood by internet users around the world. Recent revelations of government surveillance via the Snowden leaks, social media data collection like that in the Facebook/Cambridge Analytica scandal, and data breaches including the Equifax hack have fueled a palpable rise in data privacy concerns.

Over half of internet users from around the world say they are “more concerned about their online privacy than they were a year ago,” according to a 2018 CIGI-Ipsos Global Survey on Internet Security and Trust.

Another key factor with grave implications for data privacy in the United States specifically was the 2017 repeal of privacy regulations for Internet Service Providers (ISPs), which aimed to ensure broadband customers had choice, greater transparency, and strong security protections for their personal info collected by ISPs.

“ISPs are facing less regulation today, and so can continue to share, sell, and profit by passing on user information to third parties— browser history, location, communications content, financial details, etc.—without the user’s knowledge or consent,” said Webroot Sr. VP of Product Strategy & Technology Alliances Chad Bacher.

Taking control of privacy

Now more than ever, individual users must take steps to regain control over their online privacy and security. Along with keeping trusted antivirus software installed on mobile and home devices, users should actively protect their data in transit over networks with a VPN.

But it’s important to note that all VPN applications are not created equal. Many users looking for a privacy solution find themselves wondering if they can trust that their VPN provider has their interests at heart. Consumer wariness concerning the privacy of VPN products is justified—some VPN apps, especially free ones, are guilty of sharing or selling their user data to third parties, limiting bandwidth, or serving ads. Facebook’s VPN app was recently removed from the Apple App Store® following concerns over the app’s misuse of user data.

Webroot WiFi Security provides one of the most powerful forms of encryption available, AES 256-bit encryption, and protects user data from cybercriminals and ISPs alike. Webroot WiFi Security does not collect your browsing activity, the sites you visit, downloaded data (or shared or viewed), DNS queries, or IP addresses. The full Webroot WiFi Security Privacy Statement can be found here.

Privacy plus the protection of Web Filtering

In addition to the privacy safeguards of Webroot WiFi Security that protect users while they work, share, bank, and browse online, users also benefit from the integration of Webroot BrightCloud® Threat Intelligence.* The app’s Web Filtering feature provides an extra layer of protection to keep your financial information, passwords, and personal files from being exploited. Webroot WiFi Security is powered by the same threat intelligence platform the world’s leading IT security vendors trust.

“Not only is Webroot protecting user privacy, it’s also shielding users from phishing sites and websites associated with malware,” said Malinger.

Webroot WiFi Security is compatible with devices running iOS®, Android, macOS® and Windows® operating systems, and is now available to download on the Apple App Store, Google Play store, and Webroot.com.

*Only available on Windows, Mac and Android systems

Page 5 of 99« First...34567...Last »