Office Hours: Webroot and COVID-19 July 7, 2020


Userlevel 7
Badge +48

Hello Webroot Community, 

I wanted to create a space for us to come together and discuss Webroot and COVID-19.

Consider this our office hours. 

In case you might have missed it, we created a page here where we’ll keep a running list of articles, blog posts, and other pieces of content about our COVID-19 response.

If you have specific questions on what we’re doing as a company during the pandemic and our tips for how you can stay cyber resilient in these uncertain times. 

Please add your questions below or join us Tuesday, July 7, 2020, at 1:00 PM - 1:30 PM MT.


This topic has been closed for comments

13 replies

Userlevel 7
Badge +17

The first question of the day is:

“What cyber security trends have Webroot seen during the pandemic from the endpoint data you see in your cloud? Have any particular threats been more prevalent than others?”

- Dan S.

Userlevel 7
Badge +17

“Do you feel that this is going to permanently change how businesses plan and deal with crisis?” 

- Robin T.

Userlevel 7
Badge +17

“How do you prevent all the "clickers" from clicking everything they see?”

- David R.

Userlevel 7
Badge +17

“Will Webroot be adapting to working from home full time after the pandemic?”

-Daniel B. 

Userlevel 7
Badge +17

“How has webroot helped with virus scams?”

-Mark G.

Userlevel 7
Badge +17

“What has COVID-19 taught us about cyber security? How can we best protect against these threats in the future?”

-Martin G. 

Userlevel 7
Badge +15

The first question of the day is:

“What cyber security trends have Webroot seen during the pandemic from the endpoint data you see in your cloud? Have any particular threats been more prevalent than others?”

- Dan S.

Phishing malspam into ransomware is probably the most popular right now. They have adaptive to the COVID19 landscape and basically all of the emails now are around COVID, usually themed with CDC guidelines, COVID testing for free and anything related. The email contains a word doc that wants you to run a macro. Once clicks that enable content button, it will download trickbot or dridex which will analyze the network so criminals can decide what kind of environment they are in and ballpark figure of what they want to charge for ransom. One change that we’ve seen recently is that criminals will now steal the data before they ransom, so in the case that you decide not to pay the ransom because you are able to bounce back without the files they encrypted, they will just auction or release the data so your company faces ramifications of things like GDPR and CCPA. They are trying to create a scenario where paying the ransom is the most attractive option

 

We've seen 2% of all COVID websites created in past few months were malicious. 2000% increase in malicious files with ZOOM in their name. We’ve also seen over  a 40% increase in unsecured RDP machines for remote working. Unsecured RDP is a huge problem because Microsoft allows unlimited login attempts and by anyone from any location - by default when you set it up. So criminals will just brute force their way into environments and have complete control of the machine. Again, unsecured RDP isn’t new and has been around for a while, but the attack area surface is only growing. 

Userlevel 7
Badge +15

“Do you feel that this is going to permanently change how businesses plan and deal with crisis?” 

- Robin T.

 

I would certainly hope so! I’m sure there are many companies that realized their inefficiencies with current processes while also learning to use some of their tools more efficiently. from an IT perspective and for MSPs the chance to demonstrate their skills and abilities to manage and keep businesses afloat while their staff are WFH. A realization that the network edge was always the remote user or roaming user. That many have seen the move to remote working as a smooth process – ESG webinar and survey last week saw 67% of IT Decision Makers saying it went smoothly, or very smoothly. And, while some have cut IT spending back others are increasing spending so the impact of COVID has not been as bad as anticipated.

 

Let us know your experience!

Userlevel 7
Badge +15

“How do you prevent all the "clickers" from clicking everything they see?”

- David R.

 

HAHA. This one has always been a challenge but never really a focus until recently. User education is paramount to a robust security posture. While there is no way to stop attacks fully at the user level, you can drastically reduce the % at which users click on stuff they shouldn’t click on. We’ve seen that you can reduce it by up to 70% if you run regular phishing simulation twice a month. You’ll likely have users who fall for it every time, so make sure to have good reports so you can target these repeat offenders with more tests until they get it. If they don’t get it, then you should evaluate what permissions that employee has access to

Userlevel 7
Badge +15

“Will Webroot be adapting to working from home full time after the pandemic?”

-Daniel B. 

The vast majority of Webroot is already working from home. 100% was WFH during the lockdown orders, but now that offices are opening up in stages we have some people returning to the office. We have many special new processes to accommodate the safest environment at the office, but still about 90-95% are working from home currently. It’s pretty clear that Webroot employees can work from home if they wish and there is no pressure to return to the office. As far as after the pandemic, I’m not sure what the rules will be

Userlevel 7
Badge +15

“How has webroot helped with virus scams?”

-Mark G.

Probably the most with phishing. Phishing has seen the largest increase of all malware families. Covid themed phishing lures have been the hottest thing right now and we’re blocking them all with our Brightcloud Threat Intelligence platform to stop these attacks at the URL/IP level using machine learning and artificial intelligence. 

Userlevel 7
Badge +15

“What has COVID-19 taught us about cyber security? How can we best protect against these threats in the future?”

-Martin G. 

Criminals will adapt to any situation and so do you! Most surprising thing to me to learn was that unsecured RDP is in an even worse state than it was 4 years ago when it started. While businesses are adjusting to allow for a remote workforce, you have to do it securely. 

Good suggestion for protecting against threats

  1. A company provided device – limit use of BYOD whether desktop, mobile or  
  2. Windows 10 OS
  3. Admin control and continuous monitoring of the endpoint device – control downloads etc.
  4. A written do’s and don’ts WFH home policy that is enforced and enforceable
  5. Admin control of multi-threat vector endpoint protection of both device and user
  6. VPN access with at least 2-factor, if not multi-factor authentication
  7. Strong access permissions in place depending on user ‘needing’ access (IAM if possible)
  8. Use of virtualization strategies to minimize risk, and software network NACs etc.
  9. Endpoint back-up and recovery
  10. Secure remote access support

If you have BYOD and can’t follow above steps, here is minimum

  1. Most up to date OS that auto-updates
  2. Reputable AV that auto-updates
  3. Employee education and regular phishing simulation
  4. VPN, 2FA everything you can (RDP especially)
  5. Don’t use the OS native apps (outlook, Drive, teams, etc) and instead use the webapp versions. Malware can steal outlook.pst files which could contain PII, or hijack email chains and distribute spam malware links, ect

 

Userlevel 7
Badge +17

That’s all the questions for today! 

Thank you to everyone that participated - I hope you’ve all gotten some value out of today’s session!

Until next week.

-Keenan