Hey everyone,
Hope you’re all having a great week!
This will be our last Q&A with @TylerM on Nastiest Malware as we’ve continued to see more and more questions coming in.
If you have a question for Tyler, be sure to ask it below.
What is the best method to protect customer from Malware attacks that doesn't require a lot of maintenance and management. - Craig L.
How long after a new Malware is discovered does it take for protection to appear in Webroot? - Owen R.
What are the next updates and changes to the Webroot suite to tackle these adapting malware? - Tara H.
Are there any nations that are being held accountable for being the source of malware attacks? - Arnold
What is the best method to protect customer from Malware attacks that doesn't require a lot of maintenance and management. - Craig L.
If only everything were this easy!
There is no one silver bullet. You will need multiple layers of security, think training for not clicking on bait, URL/IP protection for when they do take the bait, endpoint protection for when the payload hits disk or on execution. Plus you need too secure the environment to make sure that there aren’t any back doors open (looking at you Microsoft RDP).
But ONE thing you can do that will reduce a HUGE amount of threat vectors is just disabling what you dont use, big ones are MACROS and powershell
How long after a new Malware is discovered does it take for protection to appear in Webroot? - Owen R.
To make sure I understand the question correct, you want to know how long a never before seen malware file (unknown) encounters an agent for it to be determined bad?
That is what is known as “dwell time” and our average dwell time right now is about 10min
What are the next updates and changes to the Webroot suite to tackle these adapting malware? - Tara H.
While I can’t make any promises on timelines or anything because of pandemic and holidays, but we are expecting to finish and release a new update to our Evasion Shield early next year. This is further improvements to the evasion shield feature that we released earlier this year to help with fileless payloads that lead to malicious paylods (think macros and scripts, ect). Remember that you have to enable this feature if using GSM (its enabled by default for consumers)
Are there any nations that are being held accountable for being the source of malware attacks? - Arnold
Kinda... not really
These guys do get caught. Indictments happen but they are usually in countries like Iran and Russia. Not often do they ever set foot on US soil to formally get charged and put in jail. Even in Russia it’s not illegal to hack or attack anyone with malware as long as you don’t target Russian citizens.
The biggest groups get away with it. The FBI has $5m bounties for info leading to capture, but they are still at large and no bounties claimed (looking at you Evgeniy Bogachev)
That just about wraps it up today.
Thanks to @TylerM and everyone who joined us today and sent us a question.
Thanks again!