Skip to main content

Hello Webroot Community, 

I wanted to create a space for us to come together and discuss Webroot and COVID-19.

Consider this our office hours. 

In case you might have missed it, we created a page here where we’ll keep a running list of articles, blog posts, and other pieces of content about our COVID-19 response.

If you have specific questions on what we’re doing as a company during the pandemic and our tips for how you can stay cyber resilient in these uncertain times. 

 

Please add your questions below or join us Tuesday, April 28, 2020, at 1:00 PM - 1:30 PM MT.

 

Welcome and thank you to everyone who’ll be joining us today. 

We’ve had some questions rolling in earlier from other Webroot customers that I’ll be posting over the next 30 mins but if you have a question, please feel free to add to the conversation below. 

With that, we’ll get started. 

 


Our first question comes from Andrea R. who asks:

Best strategy to protect a mixer home & office network, where personal devices and data are mixed with business Ines?

 

 


Louis M. wants to know: 

What are the best strategies to follow to minimize the current risks in the season we’re in?

 

 


Our first question comes from Andrea R. who asks:

Best strategy to protect a mixer home & office network, where personal devices and data are mixed with business Ines?

 

 

Make sure you have a router than can handle all of the bandwidth needed for video conferencing while other people in the house stream Netflix and play games and stuff. If you restart your router at least once a week, and yet still have issues then it may be time to upgrade.

Make sure that all laptops and desktops have security solutions installed. If you are concerned about the level of protection between home and office devices being too great, then make sure when you connect work machines to the network, that they aren’t discoverable or can share files. 


Our next question comes from Richard C.: 

During the CV19 pandemic how has Webroot seen its business change? What steps have been undertaken to support businesses during this time?

 

 


During the CV19 pandemic how has Webroot seen its business change? What steps have been undertaken to support businesses during this time?

 

Yes we have seen our business change with both increases and some decreases in business – Increases particularly in our Consumer solutions as users protect their home devices, and opting for VPNs.
On the business side we’ve also seen different requests to extend licenses and we have reacted to that by taking steps to support businesses during this time by:


Edwin D. is curious about the rise in COVID related domain registrations: 

Are you actively monitoring any new COVID related new domain name registrations with a view to filtering?


Are you actively monitoring any new COVID related new domain name registrations with a view to filtering?

 

Yes, we are as per normal, using our Threat Intelligence platform to continuously monitor real-time phishing events and using that data to update our Domain blocks in our DNS service.

And we are using our TI data at a URL level when establishing the reputation of URLs within the Webroot Web Threat Shield too. W

We have seen significant rises in Covid scams and phishing at the Domain level.

 


Louis M. wants to know: 

What are the best strategies to follow to minimize the current risks in the season we’re in?

 

 

We have a blog that covers a lot of this 

https://www.webroot.com/blog/2020/03/19/staying-cyber-resilient-during-a-pandemic/

Be very careful of COVID scams. Lots of malware campaigns like Emotet that often end in ransomware are capitalizing during this pandemic - sending many emails saying here are guidelines from the white house or CDC for COVID, or even stimulus form scams. 

Also zoom video conferencing is worth a mention 

The main issue here is public URLs that ANYONE can use to join in on these meetings. This has been getting abused, as anonymous people (a lot of the time students) will join in the session and shout profanity, yell out the address of the teachers, show porn or other graphic material on the webcams, paste malware in the chat, etc. There was an exploit for that. Zoom patched it.  

People were told make sure the meetings are protected with a password. Enable "Embed password in meeting link for one-click join." This prevents an actor from accessing your meeting without losing the usability of sharing a link to join.

However, there was an issue with the way zoom would generate linkIDs and actors learn how to generate links in the same way and they had a 5% success rate of generating a live link, allowing actors to bomb

Zoom patched it, but too little too late. Google dropped them along with Apple. 

Make sure hosts change their settings so only they can share their screen (not defaults). Create a meeting room to screen attendees and let them in one at a time. Once the meeting starts you can lock the meeting so no one else can join. 

Also, make sure the zoom software is up to date as there have been exploits in previous versions that can result in malware through the chat system

Download directly from zooms website. We’ve seen miners being bundled with them


Hey everyone, it’s hard to believe but we’re at time already. We’ll answer just 1 or 2 more. We can look into extending this to a full hour next week. Let us know if that sounds interesting and we’ll see what we can do. 

Thank you to @GeorgeA and @TylerM for stopping by and answering questions. 

If you have additional questions, be sure to stop by next Tuesday at 1:00 PM MT or add your questions here and we’ll do our best to answer them. 


These two questions were similar so we lumped them together: 

Rick W.:

What are the most common COVID-19 related scams?

 

Jason C.:

 How much of a rise in cyber attacks have you seen?


Our final question of the day comes from Argiris F.

Thanks to @GeorgeA for answering this one before we ended our session today!

Undoubtedly, yes.

As we need to extend data security into environments that are not currently a normal part of our networks – our users' homes. Looking at the best way to protect them and data will involve re-thing the remote user and how we secure data connections, or maybe opt for a  more Client/Server Citrix type approach to limit data to keystrokes and screen refreshes using ‘dumb’ terminals. So precepts will need to change, or at least be revisited and revised.

 


These two questions came in but seeing that they’re similar, we lumped them together: 

Rick W.:

What are the most common COVID-19 related scams?

 

Jason C.:

 How much of a rise in cyber attacks have you seen?

 

The  most common scams are the COVID 19 relief stimulus scam. Goes around text message, email (macro doc), facebook messenger, etc. Tells you fill out form to get payment from government. They are all scams to take personal info or infect the machine. There are also free stuff scams, like Netflix giving free access to everyone during the pandemic, it’s not true. Criminals are capitalizing on the many vendors that are offering special access and offers during the pandemic. We’ve also seen apps that will claim to be able to show you on google maps around you if anyone is infected - after putting in your credit card info for a small fee. Zoom bombing is on the rise - see above for details on that. 

We have absolutely seen spikes on specific  things because of this pandemic. One of which is exposed RDP ports on TCP. I’ve been talking about this being an issue for MSPs and SMBs for YEARS but not enough people are getting the message. Look at the image below. That spike is right when COVID19 started hitting the rest of the world after China. 

Also here are some new domain name trends

Fun fact: Webroot recently saw that 2% of the 20K websites created with “covid” or “coronavirus” as part of the name in the past two months were malicious.

Webroot also found that files marked malicious with the word “zoom” in them increased 2000%

For example, ZOOM-CLOUD-MEETINGS_01621164491.EXE

Hope this info helps!


Thanks again for stopping by and to @TylerM and @GeorgeA for answering questions today. 

If you have additional questions, be sure to stop by next Tuesday at 1:00 PM MT or add your questions here and we’ll do our best to answer them. 

Until next week, stay safe.

-Drew