Designed with MSPs, resellers, and distributors in mind, the Webroot® Channel Edge® Program offers
competitive margins, recurring revenue, lower operational costs, improved productivity, and innovative
enablement tools. Through its web-based management console and integration with RMM and PSA
platforms, Webroot provides easy-to-deploy, cloud-based security for endpoint, mobile, and web.
Partnering with businesses of all sizes, Webroot secures your clients against sophisticated threats—no
matter how or where users connect. For more information, visit www.webroot.com/MSPpartners

Uber paid hackers $100,000 to keep data breach quiet  

The BBC reported earlier today that Uber did not tell anyone about the breach that affected 57 million customers and drivers.

David Kennerly, director of threat research at security company Webroot, criticized Uber for paying a ransom to the hackers.

"Given the current climate around data security and breaches, it is astonishing that Uber paid off the hackers and kept this breach under wraps for a year. The fact is there is absolutely no guarantee the hackers didn't create multiple copies of the stolen data for future extortion or to sell on further down the line."

What's worse than being hacked? Covering up a hack.
Webroot Doubles Down on MSPs

"Some of the new offerings involved acquisitions. Others are homegrown. But they’re all coming together. Indeed, Webroot is coordinating its R&D, sales and marketing efforts to make it easier MSPs to try, buy and deploy the security solutions, Potts says."

Read the rest of the article here.
Cyber News Rundown: Edition 11/10/17

UK-Based Cryptocurrency Hit By Cyberattack

Prior to the official launch of Electroneum, a UK-based cryptocurrency that uses smartphones for its mining process, was targeted by a DDoS attack that shut down both the website and the app for several days. The attack effectively blocked all users from accessing their accounts, as the entire network was forced offline, to ensure the safety of investors’ funds.

Canadian University Held for Ransom

In the past week, officials have been working with affected students to secure their personal information after hackers breached the university’s systems and gained access to student records. The university has since taken its email system offline, as the hackers were spreading the leaked information throughout the email lists. Along with the data circulation, the hackers also demanded the university pay a large ransom of roughly 23,000 USD within 48 hours, though officials are still uncertain when the breach itself occurred.

WaterMiner Cryptocurrency Mod for GTA 5

As more cryptocurrency miners are embedded in software, one Russian hacker has gone a step further by exploiting a mod for the popular game Grand Theft Auto 5. The exploit silently uses a computer’s power to mine digital currency and, with the help of a modified version of the XMRig miner, can hide itself if it suspects monitoring software is active.

More on the Webroot blog here.
By combining a range of threat technologies, deployed over numerous stages, cybercriminals maximize the likelihood of infection success.

Here are 5 tips to help MSPs achieve a multi-layered cybersecurity strategy.

What's your multi-layered approach?
Top 10 Nastiest Ransomware Attacks of 2017

We’re revealing the top 10 nastiest ransomware attacks from the past year. NotPetya came in on our list as the most destructive ransomware attack of 2017, followed closely by WannaCry and Locky in the number two and three spots, respectively. NotPetya took number one because of its intent to damage a country’s infrastructure. Unlike most ransomware attacks, NotPetya’s code wasn’t designed to extort money from its victims, but to destroy everything in its path.

Check out the entire list here.

Webroot Protects You Against Bad Rabbit

Webroot customers are protected from the Bad Rabbit malware that is affecting computers across Russia, Ukraine, Bulgaria, a few surrounding Eastern-European countries, as well as Japan.

What we know about Bad Rabbit thus far:

Bad Rabbit is a well-made piece of malware that uses a lot of clever tricks to spread, similar to NotPetya, which affected customers across the globe this summer.

Bad Rabbit has been successful as it has worm-like behavior, using embedded usernames and passwords to move laterally through the network.

Attackers used compromised websites, most of which are news sources local to the APAC/Eastern European region, as watering-hole infection vectors which helps explain the geographic location.

More about Bad Rabbit, what you can do to protect yourself even further, and what one of our Senior Advanced Threat Research Analyst had to say about it here.
Cyber News Rundown: 10/13/17

Rigzone Founder Caught Stealing Data

Over the last few months, officials have been piecing together the case against Rigzone founder, David Kent. After selling the Rigzone domain several years ago, Kent used several backdoors he’d implemented to access account information for over 700,000 customers, which he then attempted to sell back to Rigzone. By setting up several dummy accounts, Rigzone staff determined the specific IP address Kent used and apprehend him.

Criminals Hack Eastern Europe Bank for Millions

In the last year, banks in several Eastern European countries have seen a drastic rise in fraudulent charges at ATMs that have allowed hackers to make off with nearly $40 million dollars. Attackers start by manipulating the banks overdraft protection and setting up proxies to allow accomplices in other countries withdraw massive quantities of money from separate accounts. In addition to spoofing the overdraft system, the attackers also installed remote access software on bank computers to enable further intrusion to the institution’s systems.

More on our blog here.
Cyber News Rundown: 10/06/17

Yahoo Breach Expands to All 3 Billion Users

In a recent statement, Yahoo announced that its 2013 breach, which took nearly 4 years to investigate, has impacted all 3 billion of their site’s unique users. Along with this recent update, the company is still reeling from a separate 2014 breach, which holds the dubious title of 2nd largest data breach to date. This update to the total affected users isn’t surprising, given that the original breach left questions as to why some accounts were compromised, while others remained untouched and showed no signs of malicious activity.

Facebook Under Fire After Russia-Based Ads Overwhelm Users

Recently, Facebook founder Mark Zuckerberg issued an apology for the site’s lack of action in stopping Russian advertisements and fake news articles, which have been circulating heavily since the 2016 election season. His statement goes on to promise that additional safeguards will be implemented to ensure Facebook can continue to be a safe platform for users to voice their opinions.
More stories you might have missed this week on the Webroot Blog!
Don't Get Hooked!

Another day, another phishing attack. From businesses to consumers, phishing attacks are becoming a more widespread and dangerous online threat every year. One wrong click could quickly turn into a nightmare if you aren’t aware of the current techniques cyber scammers are using to get access to your valuable personal information.

Stay safe with these tips.

Cyber News Rundown: Edition 9/29/17

Showtime Site Found Using Cryptocurrency Miner

Following the discovery last week that ThePirateBay has been using a Monero miner to experiment with revenue alternatives for the site, researchers have found that both Showtime.com and ShowtimeAnytime.com have embedded code for similar cryptocurrency mining. The code itself runs only while the user is on the site, and ceases once they navigate away. The main concern, however, was the high CPU usage users experienced. The script in question was removed after several days of testing, but Showtime has yet to comment on their implementation of the crypto-miner or its intended outcome.

Massive Stash of Credit Card Info Linked to Sonic Breach

In the past few days, researchers have found a trove of credit card data that could be tied to a recent breach at Sonic, the popular drive-in restaurant. The data is organized by the location of each card, and currently contains nearly 5 million unique card numbers and related info. While Sonic has not yet determined the cause of the breach, they have been working with their credit processing company to identify the compromised store locations and implement credit monitoring for affected customers.

More cybersecurity news you might have missed from the week on our blog.

Expert Comment

I was thinking can they really make that much money from it, as I remembered it it was like pennies if even that
Then I read https://www.lifewire.com/cryptocoin-mining-for-beginners-2483064 and it seems there could be big money to be made where popular sites like this are using it. Why invest money when you can get your customers to make you money

But on the flip side if I am giving away a few CPU cycles that meant no ads then is it really a bad thing...
Thoughts from Webroot’s new President and CEO, Mike Potts

Mike Potts, Webroot's new President and CEO, shares his thoughts on why he joined Webroot and where he sees the cybersecurity industry going.

I’m delighted to join the Webroot team officially today as CEO. We helped define the cybersecurity field in our first 20 years, but I believe our best days are ahead. With this introductory post, I thought I’d let you know where I intend to focus in my first months at Webroot, with the goal of taking our customers, partners, and company to the next level of success.

More from Mike on our blog about his plans for the future of Webroot.
Ransomware Spares No One: How to Avoid the Next Big Attack

With global ransomware attacks, such as WannaCry and not-Petya, making big headlines this year, it seems the unwelcomed scourge of ransomware isn’t going away any time soon. While large-scale attacks like these are most known for their ability to devastate companies and even whole countries, the often under-reported victim is the average home user.

We sat down with Tyler Moffit, senior threat research analyst at Webroot, to talk ransomware in plain terms to help you better understand how to stop modern cybercriminals from hijacking your most valuable data.
Protect DNS: A Conversation With Dave Dufour of Webroot

DNS is one of the basic services on which the web is based and it has proven to be robust and scalable to an astounding degree. Unfortunately, it's also vulnerable to hacking and can be a serious attack vector if left unprotected. Dave Dufour, director of cybersecurity and engineering at Webroot, is an expert on DNS and its implications in network security. Security Now talked with Dufour about the issues with DNS and what organizations should be doing to protect their networks, employees and customers from DNS-based threats.

Read more of the interview on Security Now.
Cyber News Rundown: Edition 9/15/17

German Voting Software Raises Concerns

With German elections only a couple weeks away, researchers have been working to determine how secure the voting systems really are. Per a recent study, the software being used contains multiple vulnerabilities that could lead to devastating results if the election is compromised. Meanwhile, the software creator maintains there is nothing wrong with the system and any tampering would only lead to confusion, rather than truly affecting the vote’s outcome.

Upgraded Android OS Slows Tide of Overlay Attacks

While overlay attacks are nothing new to Android™ users, the Toast window is a surprisingly fresh take on this technique. Google has already patched the issue being exploited, but many users unintentionally fell victim and gave permissions to a malicious app using the Toast window overlay on a legitimate page to spoof the users input. This type of attack can range from simply installing an annoying piece of malware on the device, all the way up to locking the device down and demanding a ransom.
Cyber News Rundown: Edition 9/8/17

The Cyber News Rundown brings you the latest happenings in cyber news weekly.
If you have any other questions, just ask!

Consumer Credit Reporting Agency Equifax Suffers Cyberattack Affecting 143 Million Customers

Equifax announced hackers gained access to sensitive company data that potentially compromised information for 143 million American consumers, including Social Security numbers, driver’s license information, and credit card details. This is the third major cybersecurity incident for the agency since 2015. Most concerning, Equifax knew of the breach on June 29 but waited until September 7 to disclose the information.

Instagram Hack Exposes Millions of Accounts
A group of hackers recently gained access to a large number of Instagram accounts for high-profile celebrities and other victims. The attackers were able to use an exploit in the Insta app to retrieve the email addresses and phone numbers for millions of account holders. They then used this information to take control of more valuable accounts and posted the credentials for sale on the dark web. While Instagram was quick to fix the bug, it is still unclear just how many accounts were compromised.

Customer Databases Belonging to Time Warner Cable Publicly Exposed
New Leadership at Webroot

Dick Williams has decided to retire after 8 years at Webroot, and more than five decades in the business world. Webroot has named a new CEO, Mike Potts, who will start September 25. Dick will remain on Webroot’s Board of Directors.
Mike brings more than 25 years of experience as a seasoned technology industry veteran spanning the application and security sectors. He most recently served as an integration executive in the security business group at Cisco after the acquisition of Lancope, where he served as president and CEO. Prior to Lancope, Mike was president and CEO of Air Defense, which was acquired by Motorola in 2008. He has a long history of driving innovation and growth and is the right person to continue our path to success at Webroot.

Dick expresses his sincere thanks and appreciation to all of our customers and advocates for helping Webroot achieve its current success, and for being incredible partners over the years.

Check out Dick's blog and our press release for more information on this announcement.
Cyber News Rundown: 9/1/17

IRS-Themed Ransomware Using Old-School Tactics

Over the past week, researchers have discovered a new ransomware variant that attempts to impersonate both the IRS and the FBI, similar to the FBI lockscreen malware that was popular several years ago. By tricking the victim into opening a link to a fake FBI questionnaire, the ransomware is downloaded onto the machine and begins encrypting. Fortunately, both the FBI and the IRS are taking great measures to alert possible victims and to catalog any scam emails that are being sent out.

History Repeats Itself at UK NHS District

Back in May, the UK’s National Health Services fell victim to a large WannaCry ransomware attack. While most of the districts have since regained full functionality, the district of Lanarkshire has once again been targeted. A cyberattack on its staffing and telephone systems left the district with only emergency services for several days. This event just reinforces the importance of updating security on critical systems before an attack, and even more so after one as devastating as WannaCry.

To read all of the stories, visit the Webroot Threat Blog.
Cyber News Rundown: Edition 8/25/17

The Cyber News Rundown brings you the latest happenings in cyber news weekly.
If you have any other questions, just ask!

UK NHS Database Exposes Over 1 Million Patient Records
During the past week, a breach was discovered in patient booking system SwiftQueue, which is widely used by several National Health Service (NHS) facilities. The database may have contained patient information for up to 1.2 million UK citizens, though the actual data has yet to be fully examined. Even worse, attackers now claim they have found additional SwiftQueue vulnerabilities and are in possession of all 11 million records stored by the company.

Booking Provider’s Data Found in Public Data Dump
Researchers recently discovered a large customer data dump in a publicly-facing Amazon S3 bucket. The data in question belongs to Groupize, a groups and meetings solution, and contains everything from customer interactions to full credit card information used to book hotels and other meeting spaces. Fortunately for anyone who has used the service, the data was properly secured within a week of the discovery.

Phishing Site Hosted on .fish Domain
Your Identity Is Yours. Here’s How To Keep It That Way.

Have you ever been out with friends, had a little too much to drink, and left your credit card in a bar? Or maybe you thought you’d stowed your child’s social security card safely away in your desk drawer, but now you can’t find it. It may seem like losing these items is just an inconvenience, but the reality is that simple slip-ups like these can spell disaster for you and your family.
We recently took to the streets of Denver to get a feel for how average Americans are staying safe from identity theft. Their responses were not so surprising.  
How are you protecting your identity?

Expert Comment

by:Brian Matis
How are you protecting your identity?
I'm with you on the credit monitoring and credit freeze. Although, full disclosure, I did spend many years working for one of the major credit bureaus on their consumer credit monitoring products and wrote the business requirements for my team's portion of the credit lock feature—still one of my favorite projects from when I was there. We made it so much easier for customers to manage their freeze status through our service. :-)

Author Comment

by:Drew Frey
The credit piece is a big one that I think many don't pay enough attention to. It's important to know where you stand and stay up to date with your credit score and in some cases, freeze when needed.

That project sounds really interesting! Fun that you got to work on that Brian!
Locky ransomware rises from the crypt

New variants of Locky—Diablo and Lukitus—have surfaced from the ransomware family presumed by many to be dead. After rising to infamy as one of the first major forms of ransomware to achieve global success, Locky’s presence eventually faded. However, it appears this notorious attack is back with distribution through the Necurs botnet, one of the largest botnets in use today.
Webroot protects against Diablo and Lukitus
For the initial list of MD5s and more detail on Locky.
Webroot Acquires Securecast, Launches Webroot Security Awareness Training

Beta Program Available Immediately to Help Businesses Reduce the Risks and Costs of Cyber Threats with End User Education

Webroot has acquired the assets of Securecast, a security awareness training platform. Building on Securecast, Webroot Security Awareness Training will give managed service providers (MSPs) and businesses a solution to reduce the risks and costs of phishing, ransomware, and other cyber threats with end-user education.

Webroot Security Awareness Training is available today as a beta program, with general availability scheduled for later this fall. The beta will allow participants to operate phishing simulations and provide a test course to address the weakest link in an organization’s security posture: the human factor. By combining the latest threat intelligence, technology, and training, Webroot enables businesses to reduce their security risks by continually educating their users and testing their awareness on cybersecurity best practices.

Explore Webroot Security Awareness Training

Webroot Security Awareness Training Beta Key Facts:
  • Webroot Security Awareness Training is a fully hosted Awareness-as-a-Service platform with an end user training program and a sophisticated phishing simulator.
  • The phishing
The Future of Cyber Security - Facts & Predictions

Ransomware, one of today's biggest security threats, has become a massive growth opportunity for our channel. As key stakeholders fear now that their organisation will eventually be hit by a ransomware attack, they are willing to spend more on IT security solutions.
Join our Live Webinar on 24th August 2017
  • Why is NHS spending 50 million pounds to improve its cyber security?
  • Why are schools and top universities the perfect targets for the file-encrypting attacks?
  • How much are businesses willing to invest after their first ransomware attack?
  • How to remain competitive and win the cyber security market?

Register Now and Secure your Spot!

71% of SMBs aren't prepared for cybersecurity risks

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies (with between 100 and 499 employees) in the U.S., U.K., and Australia. The survey focused on how these small businesses perceived new threats facing their organizations.

Some of the answers were surprising.

Key stats:

  • 96% of those surveyed believe they are susceptible to cyber threats.
  • 80% use third-party IT security resources (mixed-use IT and security teams).
  • 94% are updating their security budgets to account for mitigating new threats.
  • 71% still admit not being ready to address cybersecurity threats.

Get the full report and more stats here.
You need to assemble a crack AI team: Where do you even start?

AI is finding its way into every day business and government. The idea of AI is not a new, but what is different is that today's hardware and software is bringing the various concepts underpinning AI to a mass market.

What’s new, too, is the driver: from bots and digital assistants to autonomous vehicles Google, Microsoft, Facebook, Nvidia and others in Silicon Valley are setting a drum beat to which the rest of are marching.

View All
How machine learning enables your best employees to work 24/7

A recent incent industry report states that artificial intelligence and machine learning have great potential, but can’t yet match the breadth of human intelligence. While I would argue you can’t have one without the other, meaning humans are an integral part of both AI and machine learning, both of these technologies have the power to be better than any single employee.

Our CTO, Hal Lonas, talks Artificial Intelligence and machine learning with Information-Management.


Designed with MSPs, resellers, and distributors in mind, the Webroot® Channel Edge® Program offers
competitive margins, recurring revenue, lower operational costs, improved productivity, and innovative
enablement tools. Through its web-based management console and integration with RMM and PSA
platforms, Webroot provides easy-to-deploy, cloud-based security for endpoint, mobile, and web.
Partnering with businesses of all sizes, Webroot secures your clients against sophisticated threats—no
matter how or where users connect. For more information, visit www.webroot.com/MSPpartners