Office Hours: Webrot and COVID-19 August 18, 2020

  • 11 August 2020
  • 8 replies
  • 231 views

Userlevel 7
Badge +48

Hello Webroot Community, 

I wanted to create a space for us to come together and discuss Webroot and COVID-19.

Consider this our office hours. 

In case you might have missed it, we created a page here where we’ll keep a running list of articles, blog posts, and other pieces of content about our COVID-19 response.

If you have specific questions on what we’re doing as a company during the pandemic and our tips for how you can stay cyber resilient in these uncertain times. 

Please add your questions below or join us Tuesday, August 18, 2020, at 1:00 PM - 1:30 PM MT.


This topic has been closed for comments

8 replies

Userlevel 7
Badge +48

Hi everyone, hope you’re all having a great week and doing well. We’ve got a handful of questions this week that @TylerM will be helping us with today. 

What is Webroot doing to prevent covid scams? - Mark G.

What new security risks have you seen since covid moved most people to work from home? - Chris W. 

What new products can we expect from webroot in the near future? - Peter D.

What protocols are in place for monitoring cyber attacks during the pandemic? - Jeremy R.

Zoom..I keep it updated and check for newer updates is there more I can do to stay secure?@TripleHelix 

Userlevel 4
Badge +3

What new products can we expect from Webroot in the near future? Peter D.

We will be launching some new products in 2021 but I think the main changes you will see is us delivering more integrated offerings of what we already have (combining Webroot/Carbonite for MSP/SMB market). There is also a lot of innovation around endpoint efficacy, DNS offering more privacy and security, while simplifying security training so it is very low cost  in terms of admin and time to operate successfully. There are other new items,  but really too early to really talk about here. 

Userlevel 7
Badge +15

 

Zoom..I keep it updated and check for newer updates is there more I can do to stay secure?@TripleHelix 

 

Yes, that’s basically all you can do, but it’s very effective. Zoom has literally fixed all the issues that were plaguing them previously. I’ll paste below every issue we’ve seen from them

 

The main issue here is public URLs that ANYONE can use to join in on these meetings. This has been getting abused, as anonymous people (a lot of the time students) will join in the session and shout profanity, yell out the address of the teachers, show porn or other graphic material on the webcams, paste malware in the chat, etc. There was an exploit for that. Zoom patched it.  

People were told make sure the meetings are protected with a password. Enable "Embed password in meeting link for one-click join." This prevents an actor from accessing your meeting without losing the usability of sharing a link to join.

Then there was an issue with the way zoom would generate linkIDs and actors learn how to generate links in the same way and they had a 5% success rate of generating a live link, allowing actors to bomb

Zoom patched it, but too little too late. Google dropped them

Make sure hosts change their settings so only they can share their screen (not defaults). Create a meeting room to screen attendees and let them in one at a time. Once the meeting starts you can lock the meeting so no one else can join. 

Also, make sure the zoom software is up to date as there have been exploits in previous versions that can result in malware through the chat system

Download directly from zooms website. We’ve seen miners being bundled with them

 

So all of that is now fixed and those tweaks that weren’t defaults are now defaults, You’ve just got to update to the latest version. Make sure you do so from the official zoom webpage

Userlevel 7
Badge +15

 

What is Webroot doing to prevent covid scams? - Mark G.

 

Our humans and AI/ML have determined about 3x the normal amount of malware (files) typically seen, which reflects the current state of attack and increase all-around during the pandemic. All of our phishing intelligence from brightcloud is doing a fantastic job blocking the big jump in phishing (URL/IP) as well. Here is some stats on what our data shows for top phishing targets during the pandemic. 

  • Netflix – 525% increase
  • YouTube – 3,064% increase
  • Twitch – 337% increase
  • HBO – 525% increase

As the lockdown progressed, Webroot also found that Netflix related phishing URLs jumped from 525% to 853% in May.

Additionally, we have partnered with Ninjio to drastically increase the number of education courses for employees to be aware of and avoid these attacks. 

Userlevel 7
Badge +15

 

What protocols are in place for monitoring cyber attacks during the pandemic? - Jeremy R.

 

Answer to Mark above applies here

Userlevel 4
Badge +3

What is Webroot doing to prevent COVID-19 scams - Mark G.

We are of course monitoring through our Webroot Platform and BrightCloud Threat Intelligence what we are seeing across the spectrum of our own and our 100+ technology partners customers.  This feeds technical solutions like our Web Reputation shields built into our endpoint and of course malicious domains feeding attacks are constantly updated in DNS for outbound calls we could miss at the endpoint level. We also have RTAP (real-time anti-phishing)  that kicks in on poor reputation URL requests and looks at the risk in real-time to protect the endpoint user. Then, on the training front, we are releasing phishing templates and lures pretty much bi-weekly at the moment so there is good real-world phishing simulations constantly available around COVID scams. So we’re doing a lot to try to keep the scammers at bay technically an with training.

Userlevel 7
Badge +15

 

What new security risks have you seen since covid moved most people to work from home? - Chris W. 

 

 Here is a nice list, but it mostly comes downs to the security measures in place on a corporate machine, environment, and habbits 

People working from home are more likely to use their personal PC for work

A personal PC is more likely to be used by more than one person in the household

The average home network is less secure than airport, hotel or mobile networks

Home PCs encounter nearly 2x as many infections annually compared with business devices (12.6% vs 7.8%)

Household members often share a single admin account

Browsers and applications are not updated frequently, if at all

Home users often use unencrypted online file sharing services

Home Wi-Fi networks are not always locked down to outside users

Routers often use the default password for the deviceFirmware is rarely kept up to date, making them vulnerable to exploits

Userlevel 7
Badge +48

Thanks again to @GeorgeA and @TylerM for answering questions and spending a little time with us today. 

If anyone has any additional questions, be sure to stop by next Tuesday, August 25 at 1:00 PM MT. or add your questions here and we’ll do our best to answer all of them.

Until next week, stay resilient!