Office Hours: Webroot and COVID-19 September 22, 2020

  • 22 September 2020
  • 9 replies
  • 231 views

Userlevel 7
Badge +48

Hello Webroot Community, 

I wanted to create a space for us to come together and discuss Webroot and COVID-19.

Consider this our office hours. 

In case you might have missed it, we created a page here where we’ll keep a running list of articles, blog posts, and other pieces of content about our COVID-19 response.

If you have specific questions on what we’re doing as a company during the pandemic and our tips for how you can stay cyber resilient in these uncertain times. 

Please add your questions below or join us Tuesday, September 22, 2020, at 1:00 PM - 1:30 PM MT


This topic has been closed for comments

9 replies

Userlevel 7
Badge +48

Hello again Webroot Community! 

Hope you’re all having a great week. Today is the first day of fall and I couldn’t be happier. Looking forward to cooler temps, the leaves turning, and here in Colorado the snow to start falling. All good things! 

This week we’ve got our regular crew to help us answer your questions. Thanks again for those of you who submitted them to us already. 

We’ll get started in a little bit. 

 

Userlevel 7
Badge +48

Are you seeing an increase in targeted phishing or virus campaigns? - Sander G. 

How have you seen the threat landscape change during lockdown? - Dan S. 

What are the clear cyber threat trends that Webroot have seen during the pandemic so far? - Richard C. 

Do you have plans for a mobile solution like what you had with mobile endpoint protection? - Ramy

What has been the most challeninging aspect of working from home? - Ashley G. 

Userlevel 4
Badge +3

Are you seeing an increase in targeted phishing or virus campaigns? - Sander G. 

I’m sorry to say both. Targeted phishing (spear phishing) is more common among high value targets and played alongside the growth in Business Email Compromise scams is a growing trend.

A figure from May this year is that we saw over 1.5 million unique malware threats that month. Three times as many as in January and a three-year high.  

So things are worse this year I’m not happy to say, COVID-19 has accelerated efforts by bad actors  to compromise systems.

Userlevel 4
Badge +3

Do u have plans for mobile solution as u had with mobile endpoint protection? - Ramy

We do not have any current plans for a new business mobile endpoint protection solution for Android or iOS.

We do however offer Consumer protection: https://www.webroot.com/us/en/home/products/mobile#iphone

As many small businesses are BYOD we didn’t find demand for business mobile in our market.

Many companies also want MDM with Security and we didn’t think the MDM capabilities of Samsung ‘Knox’ or Apple were going to be better from ourselves.  So we understand the need but believe others satisfy businesses requirements better right now.

Userlevel 4
Badge +3

What has been the most challenging aspect of Working From Home? - Ashley G. 

I’d say its maintaining relationships and starting new ones with new hires. In the end people work with people for the most part and not having that contact, for me, has been the most challenging.

Userlevel 7
Badge +24

Are you seeing an increase in targeted phishing or virus campaigns? - Sander G. 

We're seeing an increase accross the board. All types of malware campaigns are up. Phishing is a key part to a malware campaigns effectiveness and its usage has not stopped growing since it came out decades ago. Victims falling for phishing is the first step in an infection that will lead to important credentials stolen or more payloads dropped on the machine eventually leading to ransomware. It’s only getting harder to avoid falling for phishing emails as they get better and harder to spot every year. Malicious spam emails (malspam) is so important to many  malware campaigns that they simply do not infect or pose any threat if the user doesn’t fall for the phishing attempt. Therefore, it’s so important for users to educate themselves on the new trends of phishing tactics.

 

This year is all about the pandemic and almost all the malspam phishing lures used by malware are based on COVID-19. The most common lures are around safe guidelines on how to protect yourself pretending to be from the CDC, WHO, NHO and White House asking you to download a word doc. We also saw fake pandemic stimulus lures and expect those to resurface if there is another stimulus approved. Once the word doc is downloaded from the attachment or link, it will ask the user to click the “enable content” button. This is what’s known as a macro, which if the user clicks on, will deliver the malware to their machine and is the scam that users should avoid at all costs. Macros are the most popular way criminals get victims to turn a word document into a malicious payload that can infect the entire network.

Userlevel 7
Badge +24

 

What are the clear cyber threat trends that Webroot have seen during the pandemic so far? - Richard C. 

 

Our humans and AI/ML have determined about 3x the normal amount of malware (files) typically seen, which reflects the current state of attack and increase all-around during the pandemic. All of our phishing intelligence from brightcloud is doing a fantastic job blocking the big jump in phishing (URL/IP) as well. Here is some stats on what our data shows for top phishing targets during the pandemic. 

  • Netflix – 525% increase
  • YouTube – 3,064% increase
  • Twitch – 337% increase
  • HBO – 525% increase

As the lockdown progressed, Webroot also found that Netflix related phishing URLs jumped from 525% to 853% in May.

Userlevel 7
Badge +24

How have you seen the threat landscape change during lockdown? - Dan S. 

Definitely some good stats above….

Covid19 has absolutely dominated headlines this year, so it’s of no surprise that criminals have taken advantage of this to where most of the threat landscape this year is also heavily covid19 related. Many of these bad actor groups contract work from others. This will allow each group to specialize on their respective payload and perfect it. This criminal underground community working together is what makes the threat landscape as nasty as ever.

Ransomware continues to dominate headlines of breaches and the amount of devastation they cause. The average ransom payment is now over $175k and looks to clear $200k before the end of the year. Not only are most ransomware campaigns specifically targeting businesses over consumers, but some of them are now leaking your data if you decide not to pay the ransom. This is done so that if the victim tries to not pay the ransom and sweep it under the rug, they will be ousted and open to damage of brand and fines from compliance agencies like GDPR and CCPA. This is the nastiest trend we’ve seen and it’s only growing in adoption as it has a direct impact on the victims decision to pay the ever growing ransom amounts.

 

Phishing is a key part to a malware campaigns effectiveness and its usage has not stopped growing since it came out decades ago. Victims falling for phishing is the first step in an infection that will lead to important credentials stolen or more payloads dropped on the machine eventually leading to ransomware. It’s only getting harder to avoid falling for phishing emails as they get better and harder to spot every year. Malicious spam emails (malspam) is so important to many of the mentioned malware campaigns below that they simply do not infect or pose any threat if the user doesn’t fall for the phishing attempt. Therefore, it’s so important for users to educate themselves on the new trends of phishing tactics.

 

This year is all about the pandemic and almost all the malspam phishing lures used by malware are based on COVID-19. The most common lures are around safe guidelines on how to protect yourself pretending to be from the CDC, WHO, NHO and White House asking you to download a word doc. We also saw fake pandemic stimulus lures and expect those to resurface if there is another stimulus approved. Once the word doc is downloaded from the attachment or link, it will ask the user to click the “enable content” button. This is what’s known as a macro, which if the user clicks on, will deliver the malware to their machine and is the scam that users should avoid at all costs. Macros are the most popular way criminals get victims to turn a word document into a malicious payload that can infect the entire network and that trend has continued into the pandemic

Userlevel 7
Badge +48

Alrighty, that concludes another Office Hours this week. Thanks to @GeorgeA and @TylerM for helping us out today and answering your questions.

Join us again next Tuesday at 1:00 MT!