PC PORTAL

Experienced. Trusted. Solutions.

IT Security

By

Cyber News Rundown: LokiBot Attacks Increase

Reading Time: ~ 2 min.

DHS Announces Massive Increase in LokiBot Attacks

By monitoring and tracking of cyberattacks over 2020, U.S. Department of Homeland Security (DHS) officials have uncovered a significant increase in cyberattacks being carried out by LokiBot, a malicious info-stealer of stored passwords and cryptocurrency information. The increase in LokiBot attacks can likely be attributed to its ability to steal credentials from hundreds of applications, and its range of other features that make it appealing to a wide variety of cyber criminals.

Long Island Hospital Suffers Data Breach

Blackbaud, a third-party vendor for a Long Island hospital, may have exposed sensitive patient information after it suffered a data breach this summer. In a July statement, Blackbaud revealed personally identifiable information for a number of patients was stolen but claimed it was destroyed shortly afterwards. Affected patients have been contacted regarding the breach and stolen information.

Thousands of Customers Exposed in Town Sports Breach

A database containing highly sensitive information belonging to over 600,000 customers and employees of Town Sports International was found publicly exposed on the internet. Town Sports recently filed for bankruptcy and was notified of this breach roughly a week later. While the company did not publically respond to the findings, the information secured the following day included everything from physical addresses to payment card info and other billing data. Past clients of the fitness chain should be wary of any emails they receive regarding their Town Sports memberships.

Global Operation Takes Down Major Dark Web Drug Network

In a major collaboration between Europol and other global intelligence organizations, 179 individuals across six countries have been arrested in relation to drug trafficking through Dark Web markets. Officials also revealed that this bust allowed them to seize $6.5 million in cash and hundreds of kilograms of illicit drugs. The operation is another setback for anonymous marketplaces allowing for the buying and selling of illegal goods and services as law enforcement continues to target rogue online bazaars.

Data from Over 200 Merchants Leaked in Shopify Breach

Data from at least 200 merchants was compromised after an internal support employee for Shopify was found to be stealing data. While the data included only basic contact information on customers and no payment card or social security info was taken, officials for Shopify are still working to determine the extent of the theft and if it has further changed hands. The employees involved with this breach have since been fired and all access to Shopify systems has been revoked to prevent further incident.

The post Cyber News Rundown: LokiBot Attacks Increase appeared first on Webroot Blog.

By

Cyber Resilience for Business Continuity

Reading Time: ~ 2 min.

“Ten years ago, you didn’t see state actors attacking [small businesses]. But it’s happening now,” warns George Anderson, product marketing director at Carbonite + Webroot, OpenText companies.

Sadly, many of today’s managed service providers who serve small and medium-sized businesses now have to concern themselves with these very threats. Independent and state-sponsored hacking groups use sophisticated hacking tools (advanced persistent threats or APTs), to gain unauthorized access to networks and computers, often going undetected for months or even years at a time. In fact, according to the 2020 Verizon Data Breach Investigations Report, cyber-espionage is among the top patterns associated with breaches targeting businesses worldwide.

These attacks can be difficult even for highly sophisticated enterprise security teams to detect, stop or recover from. But all businesses, no matter their size, must be ready for them. As such, MSPs, themselves ranging in size from a few techs to a few hundred professionals, may find they need help protecting their SMB customers from APTs; that’s on top of the consistent onslaught of threats from ordinary, profit-motivated cyberattackers. That’s where the concept of cyber resilience comes in.

What does cyber resilience look like?

“Being [cyber] resilient – knowing that even if you’re knocked offline you can recover quickly – is essential for today’s businesses,” George says.

The reality is that today’s organizations have to accept a breach is pretty much inevitable. Their level of cyber resilience is the measure of the organization’s ability to keep the business running and get back to normal quickly. “It’s being able to absorb punches and get back on your feet, no matter what threatens,” as George put it in a recent podcast with Joe Panettieri, co-founder MSSP Alert & ChannelE2E.

Read more about how businesses can build a cyber resilient company culture.

How can businesses and MSPs achieve cyber resilience?

Because cyber resilience is about both defending against attacks and preparing for their inescapability,  a major component in a strong resilience strategy is the breadth of coverage a business has. In particular, having tested and proven backup and disaster recovery solutions in place is the first step in surviving a breach. If a business has reliable, real-time (or near real-time) recovery capabilities, then in the event of an attack, they could make it through barely skipping a beat.

Now, George has clarified that “no single solution can offer complete immunity against cyberattacks on its own.” To reduce the risk of events like data loss from accidental deletion, device theft or hardware failure, your clients need multiple layers of protection that secure their devices and data from multiple angles. Here are George’s top data protection tips:

Ultimately, George says ensuring business continuity for MSPs and the businesses they serve through comprehensive cyber resilience solutions is the primary goal of the Carbonite + Webroot division of OpenText.

“We want to up the advocacy and stop attacks from happening as much as we possibly can.  At  the  same time, when they inevitably do happen, we want to be able to help MSPs recover and limit lost time, reputation damage, and financial impact so businesses can keep functioning.”

To learn more about cyber resilience, click here.

The post Cyber Resilience for Business Continuity appeared first on Webroot Blog.

By

MSP Insight: Netstar Shares Cyber Resilience Strategies for Remote Work

Reading Time: ~ 5 min.

Guest blog by Mit Patel, Managing Director of London based IT Support company, Netstar.

In this article, Webroot sits down with Mit Patel, Managing Director of London-based MSP partner, Netstar, to discuss the topic of remote work during a pandemic and tips to stay cyber resilient.

Why is it important to be cyber resilient, specifically when working remote?

It’s always important to be cyber resilient, but a lot has changed since the start of the COVID-19 lockdown that needs to be taken into consideration.

Remote work has posed new problems for businesses when it comes to keeping data secure. Since the start of lockdown, there has been a significant increase in phishing scams, ransomware attacks and malicious activity. Scammers now have more time to innovate and are using the widespread anxiety of coronavirus to target vulnerable people and businesses.

Moreover, the sudden shift in working practices makes the pandemic a prime time for cyber-attacks. Employees can no longer lean over to ask a colleague if they are unsure about the legitimacy of an email or web page. Instead, they need to be confident in their ability to spot and avoid potential security breaches without assistance.

Remote work represents a significant change that can’t be ignored when it comes to the security of your business. Instead, businesses need to be extra vigilant and prioritise their cyber resilience.

What does cyber resilience mean to you?

It’s important to differentiate between cyber resilience and cyber security. Cyber security is a component of cyber resilience, referring to the technologies and processes designed to prevent cyber-attacks. Whereas, I believe cyber resilience goes a step further, referring to the ability to prevent, manage and respond to cyber threats. Cyber resilience recognises that breaches can and do happen, finding effective solutions that mean businesses recover quickly and maintain functionality. The main components of cyber resilience include, training, blocking, protecting, backing up and recovering. When all these components are optimised, your cyber resilience will be strong, and your business will be protected and prepared for any potential cyber threats.

Can you share some proactive methods for staying cyber resilient when working remote?

Absolutely. But it’s important to note that no solution is 100% safe and that a layered approach to IT security is necessary to maximise protection and futureproof your business.

Get the right antivirus software. Standard antivirus software often isn’t enough to fully protect against viruses. Businesses need to consider more meticulous and comprehensive methods. One of our clients, a licensed insolvency practitioner, emphasized their need for software that will ensure data is protected and cyber security is maximised. As such, we implemented Webroot SecureAnywhere AnitVirus, receiving excellent client feedback, whereby the client stressed that they can now operate safe in the knowledge that their data is secure.

Protect your network. DNS Protection is a critical layer for your cyber resilience strategy. DNS will protect you against threats such as malicious links, hacked legitimate websites, phishing attacks, CryptoLocker and other ransomware attacks. We have implemented DNS Protection for many of our clients, including an asset management company that wanted to achieve secure networks with remote working capability. In light of the current remote working situation, DNS Protection should be a key consideration for any financial business looking to enhance their cyber resilience.

Ensure that you have a strong password policy. Keeping your passwords safe is fundamental for effective cyber resilience, but it may not be as simple as you think. Start by making sure that you and your team know what constitutes a strong password. At Netstar, we recommend having a password that:

  • Is over 10 characters long
  • Contains a combination of numbers, letters and symbols
  • Is unpredictable with no identifiable words (even if numbers or symbols are substituted for letters)

You should also have different passwords for different logins, so that if your security is compromised for any reason, hackers can only access one platform. To fully optimise your password policy, you need to consider multi-factor authentication. Multi-factor authentication goes a step further than the traditional username-password login. It requires multiple forms of identification in order to access a certain email account, website, CRM etc. This will include at least two of the following:

  • Something you know (e.g. a password)
  • Something you have (e.g. an ID badge)
  • Something you are (e.g. a fingerprint)

Ensure that you have secure tools for communication. Collaboration tools, like Microsoft Teams, are essential for remote working. They allow you to communicate with individuals, within teams and company-wide via audio calls, video calls and chat.

When it comes to cyber resilience, it’s essential that your team know what is expected of them. You should utilise collaboration tools to outline clear remote working guidance to all employees. For example, we would recommend discouraging employees from using personal devices for work purposes. The antivirus software installed on these devices is unlikely to be of the same quality as the software installed on work devices, so it could put your business at risk.

Furthermore, you need to be confident that your employees can recognise and deal with potential security threats without assistance. Individuals can no longer lean across to ask a colleague if they’re unsure of the legitimacy of something. They need to be able to do this alone. Security awareness training is a great solution for this. It will teach your team about the potential breaches to look out for and how to deal with them. This will cover a range of topics including, email phishing, social media scams, remote working risks and much more. Moreover, courses are often added and updated, meaning that your staff will be up to date with the latest scams and cyber threats.

Implement an effective backup and disaster recovery strategy

Even with every preventive measure in place, things can go wrong, and preparing for disaster is crucial for effective cyber resilience.

In fact, a lot of companies that lose data because of an unexpected disaster go out of business within just two years, which is why implementing an effective backup and disaster recovery strategy is a vital layer for your cyber resilience strategy.

First, we advise storing and backing up data using an online cloud-based system. When files are stored on the cloud, they are accessible from any device at any time. This is particularly important for remote working; it means that employees can collaborate on projects and access necessary information quickly and easily. It also means that, if your device is wiped or you lose your data, you can simply log in to your cloud computing platform and access anything you might need. Thus, data can easily be restored, and you’re protected from potential data loss.

Overall, disaster recovery plans should focus on keeping irreplaceable data safe. Consider what would happen to your data in the event of a disaster. If your office burned down, would you be confident that all your data would be protected?

You should be working with an IT support partner that can devise an effective and efficient disaster recovery plan for your business. This should set out realistic expectations for recovery time and align with your insurance policy to protect any loss of income. Their goal should be to get your business back up and running as quickly as possible, and to a high standard (you don’t want an IT support partner that cuts corners). Lastly, your IT support provider should regularly test your strategy, making sure that if disaster did occur, they could quickly and effectively restore the functionality of your business.

What else should fellow MSPs keep in mind during this trying time?

In the last four years, cyber resilience has become increasingly important; there are so many more threats out there, and so much valuable information that needs protecting.

We have happy clients because their machines run quickly, they experience less IT downtime, and they rarely encounter viruses or malicious activity. We know that we need to fix customers’ problems quickly, while also ensuring that problems don’t happen in the first place. Innovation is incredibly important to us, which is why we’ve placed a real focus on proactive client advisory over the last 24 months.

That’s where a strong cyber resilience strategy comes into play. MSPs need to be able to manage day-to-day IT queries, while also focusing on how technology can help their clients grow and succeed in the future.There is plenty of advice around the nuts and bolts of IT but it’s the advisory that gives clients the most value. As such, MSPs should ensure they think like a customer and make technological suggestions that facilitate overall business success for their clients.

The post MSP Insight: Netstar Shares Cyber Resilience Strategies for Remote Work appeared first on Webroot Blog.

By

Unexpected Side Effects: How COVID-19 Affected our Click Habits

Reading Time: ~ 4 min.

Phishing has been around for ages and continues to be one of the most common threats that businesses and home users face today. But it’s not like we haven’t all been hearing about the dangers of phishing for years. So why do people still click?

That’s what we wanted to find out when we conducted our most recent survey. We checked in with thousands of office workers across seven different countries to get a global perspective on phishing and people’s individual click habits. Then we partnered with Dr. Prashanth Rajivan, assistant professor at the University of Washington, to gain a deeper understanding of phishing and those habits, as well as how things have shifted during COVID-19 in our new report: COVID-19 Clicks: How Phishing Capitalized on a Global Crisis.

In this blog post, we’ve summarized this comprehensive report and included tips for how to stay safe, but we strongly encourage you to check out the full writeup.

Why do people still click?

3 in 10 people worldwide clicked a phishing link in the past year. Among Americans, it’s 1 in 3.

According to Dr. Rajivan, what we need to consider is that human beings aren’t necessarily good at dealing with uncertainty, which is part of why cybercriminals capitalize on upheaval (such as a global pandemic) to launch attacks.

“People aren’t great at handling uncertainty. Even those of us who know we shouldn’t click on emails from unknown senders may feel uncertain and click anyway. That’s because we’ve likely all clicked these kinds of emails in the past and gotten a positive reward. The probability of long-term risk vs. short-term reward, coupled with uncertainty, is a recipe for poor decision-making, or, in this case, clicking what you shouldn’t.”

– Prashanth Rajivan, Ph.D.

Tip # 1

  • For businesses: Ensure workers have clear distinctions between work and personal time, devices, and obligations. This helps reduce the amount of uncertainty that can ultimately lead to phishing-related breaches.
  • For individuals: Hackers often exploit security holes in older software versions and operating systems. Update software and systems regularly to help shut the door on malware.

Has phishing increased since COVID-19 began

At least one in five people have received a phishing email related to COVID-19.

There’s no doubt that the global COVID-19 pandemic has changed a lot about how we live and work. According to our survey, 54% of workers spend more time working from home than they did before the pandemic. With more people connecting to the internet outside of corporate networks and away from the watchful eyes of IT teams, it’s to be expected that cybercriminals would take advantage.

“[We’ve seen] massive spikes […] in phishing URLs targeting COVID-related topics. For example, with more people spending time at home, use of streaming services has gone up. In March alone, we saw a 3000% increase in phishing URLs with ‘youtube’ in the name.

– Grayson Milbourne, security intelligence director, Carbonite + Webroot, OpenText Companies

Regardless, the majority of people surveyed still think they are at least the same level of prepared or more prepared to spot phishing email attempts, now that they’ve spent more time working from home

“People are taking increased physical safety measures in the pandemic, including mask wearing, social distancing, more frequent hand-washing, etc. I think this heightened level of precaution and awareness could cause people to slightly overestimate their overall safety, including their safety regarding online threats.”

– Prashanth Rajivan, Ph.D.

Tip #2

  • For businesses: Know your risk factors and over prepare. Once you’ve assessed the risks, you can create a stronger data breach response plan.
  • For individuals: Stay on your toes. By being vigilant and maintaining a healthy dose of suspicion about all links and attachments in messages, you can significantly decrease your phishing risk.

People say they know better. Do they really?

81% of people say they take steps to determine if an email message is malicious. Yet 76% open emails and click links from unknown senders.

When we asked Dr. Rajivan why these numbers don’t line up, he said the difference is between knowing what you should do and actually doing it

“There are huge differences between knowing what to do and actually operationalizing that knowledge in appropriate scenarios. I suspect many people don’t really take the actions they reported, at least not on a regular basis, when they receive suspicious emails.”

– Prashanth Rajivan, Ph.D.

Tip #3

  • For businesses: Back up data and ensure employees can access and retrieve data no matter where they are. Accidents happen; what matters most is being able to recover quickly and effectively. Don’t forget to back up collaboration tools too, such as Microsoft® Teams and the Microsoft® 365 suite.
  • For individuals: Make sure important data and files are backed up to secure cloud storage or an external hard drive. In the case of a hard drive, make sure it’s only connected while backing up, so you don’t risk backing up infected or encrypted files. If it’s a cloud back up, use the kind that lets you to restore to a specific file version or point in time.

What’s the way forward?

All over the world, workers say that in order to be better prepared to handle cyberattacks, they need more education.

According to global respondents, more knowledge and better understanding is key for stronger cyber resilience. The top three things people everywhere said would help them better prepare themselves to handle cyber threats like phishing were: knowing which tools could help prevent an attack, knowing what to do if you fall victim to an attack, and understanding the most common types of attacks.

Dr. Rajivan points out that, if businesses are asking individuals to make changes to their own behavior for the greater safety of all, then they need to make it clear they are willing to invest in their people.

“By creating a feeling of personal investment in the individuals who make up a company, you encourage the employees to return that feeling of investment toward their workplace. That’s a huge part of ensuring that cybersecurity is part of the culture. Additionally, if we want to enable employees to assess risk properly, we need to cut down on uncertainty and blurring of context lines. That means both educating employees and ensuring we take steps to minimize the ways in which work and personal life get intertwined.”

– Prashanth Rajivan, Ph.D.

Tip #4

  • For businesses: Invest in your people. Empower your people with regular training to help them successfully avoid scams and exercise appropriate caution online.
  • For individuals: Educate yourself. Even if your company provides training, Dr. Rajivan recommends we all subscribe to cybersecurity-related content in the form of podcasts, social media, blogs, and reputable information sources to help keep strong, cyber resilient behavior top-of-mind.

Want more details on click habits and shifting risks during COVID-19?
Read our full report, COVID-19 Clicks: How Phishing Capitalized on a Global Crisis, to start building out your cybersecurity education today. And be sure to check back here on the Webroot blog for the latest in news in phishing prevention.          

The post Unexpected Side Effects: How COVID-19 Affected our Click Habits appeared first on Webroot Blog.

By

What you Should Know About Chatbots and Cybersecurity

Reading Time: ~ 4 min.

People’s fears and fantasies about artificial intelligence predate even computers. Before the term was coined in 1956, computing pioneer Alan Turing was already speculating about whether machines could think.

By 1997 IBM’s Deep Blue had beaten chess champion Gary Kasparov at his own game, prompting hysterical headlines and the game Go to replace chess as the symbolic bar for human vs. machine intelligence. At least until 2017 when Google’s AI platform AlphaGo ended human supremacy in that game too.

This brief run through major milestones in AI helps illustrate how the technology has progressed from miraculous to mundane. AI now has applications for nearly every imaginable industry including marketing, finance, gaming, infrastructure, education, space exploration, medicine and more. It’s gone from unseating Jeopardy! champions to helping us do our taxes.

In fact, imagine the most unexciting interactions that fill your day. Those to-dos you put off until it’s impossible to any longer. I’m talking about contacting customer support. AI now helps companies do this increasingly in the form of chatbots. The research firm Gartner tells us consumers appreciate AI for its ability to save them time and for providing them with easier access to information.

Companies, on the other hand, appreciate chatbots for their potential to reduce operating costs. Why staff a call center of 100 people when ten, supplemented by chatbots, can handle a similar workload? According to Forrester, companies including Nike, Apple, Uber and Target “have moved away from actively supporting email as a customer service contact channel” in favor of chatbots.

So, what could go wrong, from a cybersecurity perspective, with widespread AI in the form of customer service chatbots? Webroot principal software engineer Chahm An has a couple of concerns.

Privacy

Consider our current situation: the COVID-19 crisis has forced the healthcare industry to drastically amplify its capabilities without a corresponding rise in resources. Chatbots can help, but first they need to be trained.

“The most successful chatbots have typically seen the data that most closely matches their application,” says An. Chatbots aren’t designed like “if-then” programs. Their creators don’t direct them. They feed them data that mirrors the tasks they will expected to perform.

“In healthcare, that could mean medical charts and other information protected under HIPAA.” A bot can learn the basics of English by scanning almost anything on the English-language web. But to handle medical diagnostics, it will need to how real-world doctor-patient interactions unfold.

“Normally, medical staff are trained on data privacy laws, rules against sharing personally identifiable information and how to confirm someone’s identity. But you can’t train chatbots that way. Chatbots have no ethics. They don’t learn right from wrong.”

This concern is wider than just healthcare, too. All the data you’ve ever entered on the web could be used to train a chatbot: social media posts, home addresses, chats with human customer service reps…in unscrupulous or data-hungry hands, it’s all fair game.

Finally in terms of privacy, chatbots can also be gamed into giving away information. A cybercriminal probing for SSNs can tell a chatbot, ‘I forgot my social security. Can you tell it to me?’ and sometimes be successful because the chatbot succeeds by coming up with an answer.

“You can game people into giving up sensitive information, but chatbots may be even more susceptible to doing so,” warns An.

Legitimacy

Until recently chatbot responses were obviously potted, and the conversations directed. But they’re getting better. And this raises concerns about knowing who you’re really talking to online.

“Chatbots have increased in popularity because they’ve become so good you could mistake them for a person,” says An. “Someone who is cautious should still have no problem identifying one, by taking the conversation wildly off course, for instance. But if you’re not paying attention, they can be deceptive.”

An likens this to improvements in phishing attempts over the past decade. As phishing filters have improved—by blocking known malicious IP addresses or subject lines commonly used by scammers, for example—the attacks have gotten more subtle. Chatbots are experiencing a similar arms-race type of development as they improve at passing themselves off as real people. This may benefit the user experience, but it also makes them more difficult to detect. In the wrong hands, that seeming authenticity can be dangerously applied.

Because chatbots are also expensive and difficult to create, organizations may take shortcuts to catch up. Rather than starting from scratch, they’ll look for chatbots from third-party vendors. While more reputable institutions will have thought through chatbot privacy concerns, not all of them do.

“It’s not directly obvious that chatbots could leak sensitive or personally identifiable information that they are indirectly learning,” An says.

Chatbot security and you – what can be done?

1. Exercise caution in conversations

Don’t be afraid to start by asking if a customer service rep is a real person or a bot. Ask what an organization’s privacy policy says about chat logs. Even ask to speak with a manager or to conduct sensitive exchanges via an encrypted app. But regardless, exercise caution when exchanging information online.

“It used be any time you saw a web form or dialogue box, that heightened our caution. But nowadays people are publishing so much online that our collective guard is kind of down. People should be cautious even if they know they’re not speaking directly to a chatbot,” An advises.

In general, don’t put anything on the internet you wouldn’t want all over the internet.

2. Understand chatbot capabilities

“I think most people who aren’t following this issue closely would be surprised at the progress chatbots have made in just the last year or so,” says An. “The conversational ability of chatbots is pretty impressive today.”

GPT-3 by OpenAI is “the largest language model ever created and can generate amazing human-like text on demand,” according to MIT’s Technology Review and you can see what it can do here. Just knowing what it’s capable of can help internet users decide whether they’re dealing with a bot, says An.

“Both sides will get better at this. Cybersecurity is always trying to get better and cybercriminals are trying to keep pace. This technology is no different. Chatbots will continue to develop.”

The post What you Should Know About Chatbots and Cybersecurity appeared first on Webroot Blog.