PC PORTAL

Experienced. Trusted. Solutions.

Threat Lab

By

Antivirus vs. VPN: Do You Need Both?

Reading Time: ~3 min.

Public concern about online privacy and security is rising, and not without reason. High-profile data breaches make headlines almost daily and tax season predictably increases instances of one of the most common types of identity theft, the fraudulent filings for tax returns known as tax-related identity theft

As a result, more than half of global internet users are more concerned about their safety than they were a year ago. Over 80% in that same survey, conducted annually by the Center for International Governance Innovation, believe cybercriminals are to blame for their unease.  

Individuals are right to wonder how much of their personally identifiable data (PII) has already leaked onto the dark web. Are their enough pieces of the puzzle to reconstruct their entire online identity?  

Questions like these are leading those with a healthy amount of concern to evaluate their options for enhancing their cybersecurity. And one of the most common questions Webroot receives concerns the use of antivirus vs. a VPN.  

Here we’ll explain what each does and why they work as compliments to each other. Essentially, antivirus solutions keep malware and other cyber threats at bay from your devices, while VPNs cloak your data by encrypting it on its journey to and from your device and the network it’s communicating with. One works at the device level and the other at the network level.  

Why You Need Device-Level Antivirus Security 

Antiviruses bear the primary responsibility for keeping your devices free from infection. By definition, malware is any software written for the purpose of doing damage. This is the category of threats attempting to undermine the antivirus (hopefully) installed on your PC, Mac, and yes, even smartphones like Apple and Android devices, too.  

In an ever-shifting threat landscape, cybercriminals are constantly tweaking their approached to getting your money and data. Banking Trojans designed specifically for lifting your financial details were among the most common examples we saw last year. Spyware known as keyloggers can surreptitiously surveil your keystrokes and use the data to steal passwords and PII. A new category of malware, known as cryptojackers, can even remotely hijack your computing power for its own purposes.  

But the right anti-malware tool guarding your devices can protect against these changing threats. This means that a single errant click or downloaded file doesn’t spell disaster. 

“The amazing thing about cloud-based antivirus solutions,” says Webroot threat analyst Tyler Moffit, “is that even if we’ve never seen a threat before, we can categorize it in real time based on the way it behaves. If it’s determined to be malicious on any single device, we can alert our entire network of users almost instantaneously. From detection to protection in only a few minutes.” 

Why You Need Network-Level VPN Security 

We’ve covered devices, but what about that invisible beam of data traveling between your computer and the network it’s speaking to? That’s where the network-level protection offered by a VPN comes into play.  

While convenient, public networks offering “free” WiFi can be a hotbed for criminal activity, precisely because they’re as easy for bad actors to access as they are for you and me. Packet sniffers, for instance, can be benign tools for helping network admins troubleshoot issues. In the wrong hands, however, they can easily be used to monitor network traffic on wireless networks. It’s also fairly easy, given the right technical abilities, for cybercriminals to compromise routers with man-in-the-middle attacks. Using this strategy, they’re able to commandeer routers for the purpose of seeing and copying all traffic traveling between a device and the network they now control.  

Even on home WiFi networks, where you might expect the protection of the internet service provider (ISP) you pay monthly, that same ISP may be snooping on your traffic with the intent to sell your data.  

With a VPN protecting your connection, though, data including instant messages, login information, social media, and the rest is encrypted. Even were a cybercriminal able to peek at your traffic, it would be unintelligible.  

“For things like checking account balances or paying bills online, an encrypted connection should be considered essential,” says Moffit. “Without a VPN, I wouldn’t even consider playing with such sensitive information on public networks.”  

How Webroot Can Help 

Comprehensive cybersecurity involves protecting both data and devices. Antivirus solutions to protect against known and unknown malware—like the kinds that can ruin a laptop, empty a bank account, or do a cybercriminals bidding from afar—are generally recognized as essential. But for complete protection, it’s best to pair your antivirus with a VPN—one that can shield your data from intrusions like ISP snooping, packet sniffers, and compromised routers.  

Click the links for more information about Webroot SecureAnywhere® antivirus solutions and the Webroot® WiFi Security VPN app.  

The post Antivirus vs. VPN: Do You Need Both? appeared first on Webroot Blog.

By

A Chat with Kiran Kumar: Webroot Product Director

Reading Time: ~4 min.

The process of bringing a cybersecurity product to market can be long and tedious, but Kiran Kumar, Product Director at Webroot, loves to oversee all the moving parts. It keeps him on his toes and immersed in the ever-changing world of security technology.

We sat down to chat with Kumar about his #LifeAtWebroot, heard how he got to where he is today, and why he’s loved every minute of his journey.

Tell us about your role as a Product Director.

I’m the product director for our network portfolio of products. This includes Webroot DNS Protection, FlowScape, and our next-gen security solution. I’m also responsible for the overall solutions platform, the next-gen solution we are working on.

What does a typical week look like for you? 

My typical week ranges from working with customers on concept validation or case studies, to presenting at events. I’ll help customers with damage control, provide assurance of the product, or pitch Webroot solutions. I would say that at least 40-50% of my job is working with the engineering team on the next product release. The key is to stay on top of everything and keep my eyes and ears open because it’s the product director’s responsibility to make things happen. You must be able to collect information from different stakeholders, bring it all together, and prioritize. Sometimes no one reports to you, but you still have to bridge the gaps and constantly negotiate, make decisive tradeoff decisions, get buy-ins, etc. That’s the key to being a strong Product Manager. I spend time with a lot of people both inside and outside: marketing, sales, sales engineering, customer success, public relations, analyst relations, you name it. It’s a matter of constantly juggling and prioritizing.

What is your favorite part of working as a Product Director?

I enjoy being able to make a difference. Also, the satisfaction of building relationships with all these different groups of people and rallying them to achieve a common goal is really satisfying. You have to take everyone else’s opinion, along with your own, and figure out the best the direction to move in. All of that starts with the product. It’s a key part of every organization. I love seeing all the work that goes into bringing a product to market. The ability to make an impact and visibility into projects is tremendous.

What have you learned in this role? 

I think one of the biggest pieces of advice that I can give, and that I’m continuing to work on myself, is that building relationships is absolutely critical to success. You have to use negotiation skills, persuasion tactics, and figure out how to rally the whole troop. I’d say that’s critical in many areas of business. Also, you need to constantly have a sense of curiosity and willingness to challenge yourself. Good enough is not good enough. Ask questions and take ownership of things. One great thing about Webroot is that everyone is open to questions and collaborating to find answers.

What is the hardest thing about being a Product Director?

The most challenging thing about the job is staying levelheaded. Every day you need to be flexible and willing to adapt because a hundred different things will be thrown your way and you need to be prepared to handle it. You can’t be flustered. Another challenge is figuring out how to work quickly. One of the hardest things is working through problems and getting them solved in the time that I want — quickly.

Is this what you expected to be doing in your career?

After graduating from college, I never expected that I would be a product manager, but I was at the right place at the right time. I started at a technology consulting company and was placed at a security company. I started doing business analysis, and that’s still a part of my job, but product management is more inclusive of business analysis, product management, market research – everything this position entails. I didn’t like programming as much. I couldn’t sit behind a computer all day – that’s just not my personality. Now I’ve been in the industry about 16 years, and I have to say I have had the best time working at Webroot.

What makes working at Webroot so amazing? 

One benefit to being located in our smaller San Diego office, besides the weather, beach, and beer, is I’ve been able to see it grow. We have about 90 people in this office and I know everyone. The people at Webroot are really friendly and helpful, so it’s easy to feel welcomed. The Webroot culture is very open and not hierarchical. Since I’ve been here I’ve been able to talk to anyone, including any executive. I am super passionate about the products I support and the audiences we help – SMB/MSP.

Best career advice you’ve received? How have you seen that advice playing out in your own career? 

For someone who’s starting fresh and getting into product management, I would say to be open, be flexible, and constantly seek to challenge yourself. Soak in as much as you can. For people more senior, I would say to continue with relationship building and be mindful of how you can make the biggest impact. This position isn’t about having an MBA and writing up numbers. It is very technology focused and it’s all about being able to adapt and able to provide solutions, not just numbers.

What’s your favorite patio? (Place to go when it’s nice outside, place to get a drink.)

There’s a really nice brewery close to the office called Ballast Point. The team goes there a lot. But my favorite food is Mexican and I love hole-in-the-wall places. There’s one restaurant in the Torrey Pines area called Berto’s that’s awesome. It’s not fancy, but their veggie burrito keeps me coming back.

To learn more about life at Webroot, visit https://www.webroot.com/blog/category/life-at-webroot/.

The post A Chat with Kiran Kumar: Webroot Product Director appeared first on Webroot Blog.

By

Cyber News Rundown: First GDPR Fine Issues in Poland

Reading Time: ~2 min.

First GDPR Fine Issued in Poland

The first fine issued from the Polish privacy regulator has been issued to an unnamed firm for quietly gathering personal data for over 6 million Polish citizens and using it for commercial gains without consent. The fine of £187,000 was generated after officials learned that only 90,000 individuals had been contacted via email, as the company had seemingly no other low-cost options for contacting the remaining millions of affected citizens. 

ASUS Update Utility Used as Backdoor

ASUS recently confirmed that their Live Update utility for notebooks was compromised, leading to at least 500,000 machines being affected by malicious code. While this attack was focused on a only a couple of specific servers, the announcement came nearly a month after the company was told by researchers about the issue and it continued to push the malware via Live Update. Fortunately, ASUS resolved the issue with their latest update and has provided a tool to help customers determine if they’re still at risk. 

Microsoft Takes Domains Back from Hackers

Microsoft has been working for some time to combat state-backed hackers by regaining control of nearly 100 domains that have been used in spear-phishing attacks across the globe. Many of the domains used keywords relating to more popular companies to steal login credentials for the sites they mimicked By obtaining court orders for the domains, Microsoft has continued its long-term legal battle, with help from domain registrars, to take these scams offline. 

Facebook Hack Exposes 110,000 Australians

After the Facebook hack in September of last year the personally identifiable information for over 100,000 Australians was compromised. While some users saw only their name and email address exposed, others had their search history, recent location check-ins, and more information available to the hackers. Facebook began notifying the proper regulatory officials four days after they themselves became aware of the breach that had begun more than a week earlier. 

Cryptocurrency Exchanges Hacked

With an estimated combined loss of over $46 million in cryptocurrency, two exchanges have come forward about hacks that have taken them offline as investigations unfold. DragonEx initially announced that an attack had occurred over the weekend and that they were able to regain some of the stolen funds. They then posted the wallet addresses that had received stolen funds in hopes of having the accounts frozen and the flow of currencies stopped. The second hack on CoinBene has been denied by the company as they haven’t lost any funds, but users were able to trace significant amounts of several cryptocurrencies dumped into other markets not long after the attack on the exchange took place.

The post Cyber News Rundown: First GDPR Fine Issues in Poland appeared first on Webroot Blog.

By

HTTPS: Privacy vs. Security, and Where End Users and Security Culture Fit In

Reading Time: ~4 min.

Since the dawn of IT, there’s been a very consistent theme among admins: end users are the weakest link in your network, organization, security strategy, fill-in-the-blank. We’ve all heard the stories, and even experienced them first-hand. An employee falls for a phishing scam and the whole network is down. Another colleague torrents a file laced with malware. Or maybe it’s something less sinister: someone wants to charge their phone, so they unplug something from the only nearby outlet, but what they unplug is somehow critical… help desk tickets ensue. 

But when it comes to security issues caused by human error, it’s not necessarily always the end user’s fault. Cyberattacks are getting more and more sophisticated by the second, and all of them are designed to either circumvent defenses or appear totally legitimate to fool people. One of the major advances of this type that we’ve seen is with phishing sites and the use of HTTPS.

HTTPS: The Beginning

While HTTP is the foundation of all data exchange and communication on the internet, it wasn’t designed for privacy. Transmitting information on the web using HTTP is kind of like sending a postcard; anybody who handles that card can read it. HTTPS was supposed to be a way of adding privacy to protect users and sensitive information from prying eyes.

At first, you’d only see HTTPS on financial or health care websites, or maybe the cart page on a shopping site, where the extra privacy was necessary. And back then, getting a security certificate was much harder—it involved significant costs and thorough security checks. Then, a few years ago, most web browsers started requiring security certificates for every website, or else they’d throw up a scary-looking warning that the site you were trying to visit might be dangerous. That trained us to look for (and trust) HTTPS.

A False Sense of Security

These days, when we see HTTPS at the beginning of a URL or the accompanying lock icon in our browser’s address bar, we’ve been conditioned to think that means we’re safe from harm. After all, the S in HTTPS stands for “secure”, right? But the issue is that HTTPS isn’t really about security, it’s about privacy. That little lock icon just means that any information we transmit on that site is encrypted and securely delivered to its destination. It makes no guarantees that the destination itself, is safe.

If you unwittingly end up on a well-faked phishing copy of your banking website and see the lock icon, it’s natural to assume that you’re in the right place and all is well. Except when you try to log in, what you’re really doing is securely transmitting your login credentials to an attacker. In this case, HTTPS would’ve been used to trick you.

The Bad Guys and HTTPS

Malicious actors are always looking for new ways to trick end users. Because so many of us think HTTPS ensures security, attackers are using it against us. It’s no longer difficult to obtain a security certificate. Attackers can do so very cheaply, or even for free, and there’s really no background or security check involved. 

As I mentioned during my talk on HTTPS at this year’s RSA conference, almost half a million of the new phishing sites Webroot discovered each month of 2018 were using HTTPS. In fact, 93% of phishing domains in September and October alone were hosted on HTTPS sites. When you think about these numbers, it’s easy to see why end users might not be to blame when you discover that a major security breach was caused by someone being duped by a phishing scam. 

The Way Forward

As more HTTPS phishing and malware sites emerge, even the most vigilant among us could fall victim. But that doesn’t mean we shouldn’t invest in end user education. End users are on the front lines on the cybersecurity battlefield. It’s up to us to provide right tools and armor to keep users and the companies they represent safe. To be truly effective, we need to implement ongoing security awareness training programs that recur continually throughout an employee’s time with the company. If we accomplish that, the results speak for themselves; after 12 months of training, end users are 70% less likely to fall for a phishing attempt!

We also need to make sure our security strategies incorporate real-time threat intelligence to accurately classify and determine which websites are good or malicious, regardless of their HTTPS designation. In an age where phishing sites appear and disappear in a matter of hours or minutes, malicious sites use HTTPS, and at least 40% of bad URLs can be found on good domains, it’s more important than ever that we all use the most advanced real-time technologies available. 

Ultimately building a culture of cybersecurity will always be more effective than a top-down mandate.. Everyone in the organization, from the CEO to the newest intern, should be invested in adopting and furthering a security conscious culture. Part of that process is going to be shifting the general IT perceptions around human error and the issues it can cause. We shouldn’t think of our end users as the weakest link in the chain; instead we should think of them as the key to a robust security strategy.

To hear more about HTTPS, phishing, and end user education, you can listen to the podcast I did with cybersecurity executive and advisor Shira Rubinoff at RSAC 2019.

The post HTTPS: Privacy vs. Security, and Where End Users and Security Culture Fit In appeared first on Webroot Blog.

By

Post Coinhive, What’s Next for Cryptojacking?

Reading Time: ~2 min.

In late February, the notorious cryptojacking script engine called Coinhive abruptly announced the impending end to its service. The stated reason: it was no longer economically viable to run.

Coinhive became infamous quickly following its debut as an innovative javascript-based cryptomining script in 2018. While Coinhive maintained that its service was born out of good intentions—to offer website owners a means to generate revenue outside of hosting ads—it took cybercriminals no time at all to create cryptojacking attack campaigns. Cryptojacking became incredibly popular in 2018, infecting millions of sites (and cloud systems among the likes of Tesla) and netting criminals millions in cryptocurrency at the expense of their victims.

Source: Coinhive [dot] com

I honestly did not see this happening, but I do understand. It is reasonable to think that Coinhive didn’t intend for their creation to be abused by criminals. However, they have still kept 30 percent of ALL the earnings generated by their script, one that was often found running illegally on hijacked sites. Most of that profit came from illicit mining, which has earned Coinhive a lot of negative press.

Additionally, 2018 was a terrible year in terms of the US-dollar value of Monero (XMR), which means their service is significantly less profitable now, relative to what it once was. Combined with the fact that the XMR development team hard-forked the coin and changed the difficulty of the hashrate, this means Coinhive is making very little money from legitimate miners.

Coinhive created this service so legitimate domain owners could host their script and generate enough revenue to replace ads. Ads are annoying and I believe this innovation was aimed at attempting to fix that problem. But the ultimate result was a bunch of criminals breaking into other people’s domains and injecting them with Coinhive scripts that essentially stole from visitors to that domain. Without consent, millions of victims’ computers were subject to maximum hardware stress for extended periods of time, all so some criminals could make a few pennies worth of cryptocurrency per computer.

Would you continue to operate a startup business in which most of the money you earned was a cut of criminal activity—stealing from victims in the form of an increased power bill? Maybe a year ago, when the hashing difficulty was easier (you earned more XMR) and XMR was worth 10 times what it’s worth now, it might have been easier to “sleep at night” but now it probably just isn’t worth it.

Even before this news, there were plenty of other copy cats—Cryptoloot, JSEcoin, Deepminer, and others—so criminals have plenty of similar services to choose from. At the time of its shutdown, Coinhive had about around 60% share of all cryptojacking campaigns, though we saw this market dominance reach as high as 80% last year. I anticipate these other services stand to take larger shares of cryptojacking revenue now that the largest player has left. We might even see a new competitor service emerge to challenge for cryptojacking dominance.

Stay tuned to the Webroot blog for future developments in cryptojacking.

The post Post Coinhive, What’s Next for Cryptojacking? appeared first on Webroot Blog.