Webroot: Nastiest Malware Threats Offer All Tricks, No Treats

Cybercriminals are relying on the same old tricks to secure their financial treats.

Edward Gately, Senior News Editor

October 30, 2020

12 Min Read
Michael Meyers Hacker
Shutterstock

Forget Halloween’s Michael Myers, malware threats are the real villains out there, hoping to trick you into giving away your money and personal data.

Webroot has released its annual list of nastiest malware threats. The list reveals phishing, ransomware and botnets as 2020’s most vicious cybersecurity threats. And it’s no surprise that cybercriminals have taken advantage of the global pandemic.

Furthermore, they’re relying on the same old tricks to secure their financial treats.

Here’s the malware that made Webroot’s latest list:

  • Phishing is a key part to a malware campaign’s effectiveness. This year, many threats are taking advantage of the situation created by the pandemic. And almost all the malicious spam emails (malspam) phishing lures used by malware are based on COVID-19.

  • Ransomware did everything but slow down in 2020, largely due to COVID-19 phishing lures. There’s been several notable attacks from health care to municipalities to education. Ransomware gangs are now exposing or auctioning off a victim’s sensitive data if they refuse to pay. The three nastiest ransomware threats include Conti/Ryuk, Sodinokibi/REvil/Gandcrab, and Crysis/Dharma/Phobos.

  • Botnets continue to be a dominant threat in the security landscape. They are essential to the success of ransomware. And many of the top offenders have close ties to top ransomware. Botnets are responsible for most of the malicious spam email campaigns. The nastiest botnet and trojan threats are Emotet, Trickbot and Dridex.

This year has brought an unexpected rise in mobile threats, earning them an honorable mention on this year’s list. Many of them masquerade as COVID-19 tracing apps, preying on the fear generated by the pandemic. Others abuse app accessibility features to steal user information.

Moffitt-Tyler_Webroot-web-size.jpg

Webroot’s Tyler Moffitt

To find out more about these nasty malware threats, we spoke with Tyler Moffitt, security analyst at Webroot.

Channel Futures: How has the COVID-19 pandemic impacted this latest list of nastiest malware threats compared to previous lists?

Tyler Moffitt: COVID-19 has impacted everything in the threat landscape. Nearly every type of malware on our list of 2020’s nastiest threats involves a phishing lure related to the pandemic. Some of the top phishing lures are now: CDC best guidelines, a list of positive COVID-19 cases in your area and stimulus forms. Before the pandemic, some of the top lures were you missed a package, you’re being sued and fake billing invoices. Cybercriminals are really tailoring their tactics to the pandemic because they know people are hungry for information and more distracted while working from home.

CF: Are an increasing number of people falling for these types of malware threats? If so, why?

TM: Absolutely. In fact, Webroot recently did a survey that found one in three professionals in the United States have clicked a phishing link in the past year. And one in five received a phishing email related to COVID-19. People are falling victim to these scams because they’re more sophisticated and believable than even before, but also because they’re more distracted while working from home.

Working while doing household chores, caring for children or watching TV may seem harmless. But it could make people vulnerable to threats. Attention is lower and people might be less likely to properly notice and weigh the risks of potential threats like phishing emails. Additionally, the home network is often less secure than the physical office, consisting of numerous personal devices that were set up and continue to be managed without the proper security controls in place.

CF: What sort of damage can result from falling for one of these malware threats? Can you give some examples?

TM: Ransomware has the potential to drain all financial resources and ultimately close a business if it’s disruptive enough to critical systems and backups are not adequate. An example could be as simple as someone opening a Word doc attachment then enabling macros. From there an Emotet payload is downloaded with a goal to gain a foothold on that network and download further tools for the hackers, in this example say trickbot. Trickbot’s goal would then be to move laterally throughout every computer in the network and gather credentials. The aim is to get domain controller credentials for full access to the environment. This will allow the criminal to analyze the environment, take data to assess its worth, and even remote in to disable backups if needed. Then the eventuality, ransomware and trickbot most commonly partner with Ryuk ransomware, which has been devastatingly popular this year, most recently hitting hospitals across the U.S.

CF: What aren’t organizations doing that they should be doing to protect themselves and their employees from these malware threats?

TM: There are many ways businesses can strengthen their cyber resilience. But the easiest and most impactful way is starting with employees. They are the first line of defense against cyber threats. Ensure they have clear distinctions between work and personal time…

…to limit the amount of uncertainty that can lead to phishing-related breaches. Educate employees on common threats using consistent security awareness training and phishing simulations. Additionally, lock down RDP with data encryption and multifactor authentication. And pair cybersecurity software with backup to strengthen cyber resilience at multiple different layers of vulnerability.

CF: What can MSSPs and other cybersecurity providers do to help organizations guard themselves against these malware threats?

TM: Educate clients about the many different attack vectors that exist within the threat landscape, and thus the multiple layers of security and tools that need to work cohesively to prevent and protect against them. Make sure the IT professionals are educated regularly on the threat landscape, and aware of new trends and tactics. Security should be a primary budget consideration because the preventions you put in place today will help protect the business in the future. It’s not a matter of if a threat or a breach will happen, it’s when.

CF: What are we likely to see in terms of malware threats in the months ahead? Are we likely to see new tactics emerge?

TM: The landscape is an endless cat-and-mouse game. And criminals are always innovating new ways to sneak malware into systems. Change is the only constant. So expect the unexpected and prepare for the worst with cybersecurity and data backup solutions that prevent and protect against threats at every layer of vulnerability.

Micro Focus: Security Personnel Shortage High Amid COVID-19

More than 90% of organizations are dealing with a shortage of IT security personnel, according to a new Micro Focus report.

Security architects and analysts are the most in-demand positions. Additionally, the findings discovered that every educational institution surveyed had a security shortage.

Moreover, some of the most regulated industries in the survey have the lowest percentages of organizations with shortages. Those include finance, health care and government.

Mychalczuk-Michael_Micro-Focus.jpg

Micro Focus’ Michael Mychalczuk

Michael Mychalczuk is director of security operations at Micro Focus. He said the reason analysts are in such demand is data has increased, but the ability to process it has not.

“The silver bullet promise of ML has been disappointing for many, because they fundamentally misunderstand the correct pairing of the human and machine,” he said. “The human creates the question, the machine answers the question. When humans rely on machines for creating the questions, the feedback loop fails. So organizations are trying hard to staff for the onslaught of additional data and the new threats, but have not learned how to use the tools as effectively as possible.”

Security architects are needed as security now has to be built into services from inception, Mychalczuk said.

Just because organizations have a security personnel shortage doesn’t necessarily mean they’re more vulnerable to cyberattacks, he said.

“A small organization with a good grasp of how strong governance cost effectively manages risk and compliance needs can be far more effective than a large organization simply throwing bodies at the problem,” Mychalczuk said. “There are core processes that significantly reduce the attack surface, and thereby enable an organization to be tiny but mighty. Sadly, they are not often utilized because they are not hip and cool, and because they often conflict with an organization’s culture. And culture will always eat strategy. The secret is to pick tactics that advance the strategy that adapt to the changing situation. It’s been the winning combination in warfare for thousands of years, and yet remains elusive for many.”

Guardicore/Ponemon: Organizations Increasingly Shun Legacy Firewalls

More than 60% of organizations say legacy firewalls are ineffective in preventing damaging cyberattacks against applications, data centers and data in the cloud.

That’s according to a new report conducted by Ponemon on behalf of Guardicore. More than 600 U.S. security professionals were polled.

Fifty-three percent of respondents are actively looking to replace legacy firewalls with modern security solutions. They want solutions that are more cost effective and provide greater flexibility. Furthermore, they want them to match the speed and agility required by digital transformation.

According to the survey, legacy firewalls:

  • Are failing to enable zero trust;Aren’t stopping attacks, therefore leaving organizations vulnerable; and

  • Hinder Agility and cost too much to maintain.

Burton-Dave_Guardicore.jpg

Guardicore’s Dave Burton

Dave Burton is Guardicore‘s vice president of marketing.

“Organizations are increasingly operating in the cloud, and rapidly introducing new applications to drive innovation and support remote workforces,” he said. “The biggest complaints we’re hearing from organizations on legacy firewalls is that they kill speed and flexibility and are not providing the required needs around securing complex cloud and hybrid infrastructures.”

Fifty-seven percent of respondents said it can take three weeks to a month to change firewall rules to accommodate an updated or new app, Burton said. Furthermore, 62% said access control…

…policies are not granular enough. And it takes far too long to implement segmentation policies.

Companies are increasingly moving toward more modern security solutions to overcome legacy firewall challenges, Burton said. That includes micro-segmentation.

“Micro-segmentation is the technique of inserting security services between two workloads to isolate them from one another and secure them individually,” he said. “This allows system administrators to deploy flexible security policies that restrict traffic between workloads based on the principle of least privilege. Fifty-four percent of respondents say their organizations have adopted micro-segmentation. Out of these respondents, 66% say micro-segmentation is important to their organization’s security posture.”

Offering micro-segmentation as an alternative to firewalls for data center could be a solution that MSSPs build, Burton said.

Software-based segmentation offers a quick and cost-effective delivery of new security services, he said. Those services include MDR, micro-segmentation as-a-service, audit and compliance, and cloud workload protection.

“These service offerings afforded through micro-segmentation solutions provide MSSPs with options to expand into adjacent security solutions and create more revenue opportunities,” Burton said.

Terranova Security Beefs Up Partner Program

Terranova Security has enhanced its partner program for MSSPs, OEMs, distributors, resellers and technology partners globally.

The enhancements include expanded tier options, special offers to bolster revenue-generation opportunities, and an enhanced partner portal interface.

Participants have access to:

  • Online training and certification;

  • Incentives and offers to drive new sales opportunities and facilitate new account acquisition and portfolio expansion; and

  • Sales and marketing resources that promote continuous business growth.

Oullette-Mathieu_Terranova.jpg

Terranova’s Mathieu Oullette

Mathieu Ouellette is Terranova‘s vice president of sales.

“We wanted to ensure that our partners had the best possible experience, with a collaboration process that was as transparent, actionable and easy to navigate as possible,” he said. “The partner program is also opening up the Terranova solution to different channels worldwide, giving more partners and resellers access to high-quality security awareness training content and phishing simulations.”

These enhancements were also prompted by the Terranova’s partnership with Microsoft, Ouellette said. Many Microsoft partners want to work with the company.

“There’s also a lot of demand for security awareness training solutions for Microsoft E3 clients,” he said. “And we wanted to make our high-quality content available to all organizations at this level. It’s all about giving all partners and their clients the tools they need to avoid phishing threats and understand the risks that come with cyber scams.”

Terranova gives partners an “unparalleled advantage” over other options in the security awareness training domain, Ouellette said.

“It’s a mutually beneficial program that boasts a very appealing ROI and an excellent overall investment for partners,” he said. “For example, MSSPs can also manage the security awareness platform and, through this capability, sell services for additional revenue. OEMs benefit from very competitive pricing and volume discounts available across all our partner program tiers.”

Exabeam Unleashes Enhanced SMP

Exabeam has enhanced its Security Management Platform (SMP) with AWS, Google Cloud Platform and Microsoft Azure cloud storage monitoring.

The enhanced SMP allows organizations to protect themselves against cloud threats, even with remote work and scattered security teams.

The behaviors that the enhanced SMP will help identify, investigate and contextualize include:

  • Enumeration of cloud storage objects;

  • Abnormal amounts of data being sent from buckets; and

  • Additional irregular cloud admin activity.

Trevor Daughney is Exabeam‘s vice president of product marketing.

“Partners will see carryover benefits from assisting end users in solving specific pain points by ingesting audit data from Amazon S3, Microsoft Azure Blobs and Google Cloud Platform cloud storage buckets,” he said.

This is yet another step in new opportunities for Exabeam partners, Daughney said.

“Exabeam’s multi-tenant cloud platform extends Exabeam’s SIEM solution with capabilities unique to Exabeam – user and entity behavior analytics (UEBA) and object-centric workspaces – as well as cloud storage, data graphing and integrations with over 250 products,” he said.

Read more about:

MSPs

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like