Our news section dedicated to web filtering reports on instances in which a web filter can be used to protect organizations against online threats and the consequences of phishing campaigns. We also report on how filtering web access can protect the vulnerable against exposure to inappropriate online content – particularly minors viewing pornography.
Several of our news items will be of particular interest to MSPs and service providers who wish to add web filtering to their portfolio of products. With TitanHQ´s solutions, MSPs can incorporate white-labelled web filtering into an existing service package or market the solutions as stand-alone packages.
In Utah, lawmakers are attempting in make it harder for pornography to be accessed, especially in libraries. A new bill has been introduced that would make it compulsory for library WiFi filtering to be implemented to block patrons from accessing pornography. That bill has now been signed off by a group of Utah senators, bringing the compulsory use of library WiFi filtering closer to being written into the state legislature.
Last year, Sen. Todd Weiler, R-Woods Cross, was heavily involved in a campaign to raise awareness of the problems related to the accessing of hardcore pornography, with the senator claiming the use of pornography had now become “a public health crisis.”
Sen. Weiler, was not alone in his thinking. Many people supported the campaign and agreed that pornography was particularly damaging for minors, that its use threatened marriages and was contributing to the rise in sexual violence.
Library WiFi filtering is a contentious issue. While many libraries across the United States have implemented a WiFi filter to block pornography and other harmful images to protect minors and obtain government grants and discounts, many librarians are opposed to library WiFi filtering.
Libraries are places of learning where individuals can come to gain access to all types of information. The use of Internet filtering in libraries is seen as excessively curbing civil liberties and undermining freedom of speech. Public opinion is similarly divided, although many individuals would not want to catch a glimpse of hardcore pornography on another patron’s computer, and even less so their children.
In Utah, the majority of libraries have already implemented library WiFi filtering software. Weiler says that there are more than 100 public libraries in the state and that the larger libraries are already filtering out pornography. However, he pointed out that there are a dozen or so smaller library branches that have yet to implement Internet filtering on WiFi networks.
In the case of small libraries, there may not be sufficient funds available for WiFi filtering solutions to be purchased, even if by implementing those solutions savings could be made through the eRate program. Sen. Weiler appreciates that the cost of implementing a software solution may be prohibitively expensive for smaller libraries, which is why he is requesting $50,000 from the state budget to be made available to smaller libraries via a grant program. Those grants could then be used to pay for Internet filtering solutions for libraries in the state that have yet to purchase a filtering solution.
Now that the bill has been signed off, it will go before the senate for debate, although there is a high probability that the bill will be written into state law. Support for Sen. Weiler’s anti-pornography campaign last year was strong and many members of the chamber and house of representatives backed Sen. Weiler’s campaign last year. The campaign also received public backing from the governor of Utah.
There are many cybersecurity solutions for managed service providers to add to their service stacks and offer to clients. However, the failure to offer a comprehensive range of cybersecurity solutions can prove costly. There is considerable demand for managed services, and the failure to provide them could see clients effectively handed to competitors.
Furthermore, there is now increased competition. Managed service providers have offered preventative cybersecurity solutions to their clients for many years, but competition in this sphere is increasing.
IT companies that have previously relied on fixing computer problems or providing data breach investigative services as their core business have realized there is big money to be made from providing cybersecurity services to prevent problems. An increasing number of IT companies are now capitalizing on high profile data breaches and demand for preventative solutions from SMBs and are now providing these services.
In order to capitalize on the opportunity for sales and to make sure clients do not start looking elsewhere, managed service providers need to make sure that they offer a full suite of cybersecurity solutions. Solutions that will keep their clients protected from the barrage of cybersecurity attacks that are now occurring.
Fortunately, the move away from hardware-based solutions to cloud-based services is making it easier for managed services providers. Cloud-based solutions are not only cheaper for clients, they are easier for MSPs to deliver and manage. While providing solutions that prevent cyberattacks may have been impractical and provided little return for the effort, that is no longer the case.
There are many potential cybersecurity solutions for managed service providers, although one area in particular where MSPs can take advantage is to offer solutions to prevent phishing attacks. Phishing – obtaining sensitive information from employees – is one of the main ways that cybercriminals gain access to networks and sensitive data.
Companies are spending big on network security to prevent direct attacks, yet cybercriminals know all too well that even multi-million-dollar security defenses can be breached. The easiest way to gain network access is to be provided with it by employees.
It is much easier to fool an employee into downloading malware, ransomware, or revealing their email or login credentials that it is to find security vulnerabilities or use brute force tactics. All it takes is for a phishing email to reach the inbox of an employee.
Anti-phishing training companies, which provide security awareness training for employees and teach them how to identify phishing emails, know all too well that training alone is ineffective. Some employees are poor at putting training into practice.
Even if security awareness training is provided, employees will still open email attachments from strangers and click on links sent to them in emails. Furthermore, cybercriminals are getting better at crafting emails to get links clicked and malware-ridden attachments opened.
We have already seen this year (and last tax season) how effective phishing emails can be. At least 145 companies in the United States (that we know about) emailed W-2 Forms of employees to scammers via email last year. This year looks like it will be even worse.
A high percentage of malware infections occur as a result of spam emails with infection either through email attachments (downloaders) or links to malicious sites where malware is silently downloaded. The same is true of many ransomware infections.
Given the high risk of a phishing attack occurring or information-stealing malware and ransomware being installed, organizations are happy to pay for managed solutions that can block phishing emails, prevent malware-infecting emails from being delivered, and stop employees from visiting malicious links.
MSPs can take advantage by providing these services. Since cloud-based solutions are available that offer the required level of protection, adding these solutions to an MSPs service stack is a no brainer. Cloud-based solutions to protect against phishing, malware, and ransomware infections require no hardware, no site visits, and require little management overhead.
TitanHQ can provide cloud-based solutions ideal for inclusion in MSPs service stacks. TitanHQ’s email and web protection solutions – SpamTitan and WebTitan – are effective at blocking a wide range of email and web-borne threats.
SpamTitan blocks over 99.97% of spam email, has a low false positive rate and blocks 100% of known malware. Inboxes are kept spam and malware free, and an anti-phishing component prevents phishing emails from being delivered to end users.
WebTitan offers excellent protection from web-borne threats, protecting employees and networks from drive-by malware and ransomware downloads and blocking links to malicious websites.
Furthermore, these solutions can be run in a public/private cloud, can be provided in white-label format ready for MSP’s branding, have low management overhead and include generous margins for MSPs.
If you are an MSP and are looking to increase the range of cybersecurity services you can offer to clients, give TitanHQ a call today and find out more about the our cybersecurity solutions for managed service providers.
With our cybersecurity solutions for managed service providers, you can improve your cybersecurity portfolio, provide better value to your clients and boost your bottom line.
A restaurant malware attack has resulted in the theft of the credit and debit card numbers of more than 355,000 customers, according to Krebs on Security. A breach was suspected to have occurred when credit unions and banks started to notice a flurry of fraudulent purchases. The breach was traced to the fast food restaurant chain Arbys.
While there have been numerous instances of credit card fraud reported in the past few days, the Arbys data breach was first identified in January. Industry partners contacted Arbys regarding a potential breach of credit/debit card numbers. At that point, the incident was only thought to have affected a handful of its restaurants.
The malware infection was soon uncovered and the FBI was notified, although the agency requested that Arby’s did not go public so as not to impede the criminal investigation. However, a statement has recently been released confirming that Arby’s is investigating a breach of its payment card systems.
Upon discovery of the breach, Arby’s retained the services of cybersecurity firm Mandiant to conduct a forensic analysis. The Mandiant investigation is continuing, although rapid action was taken to contain the incident and remove the malware from Arby’s payment card systems. The investigation revealed that the incident only impacted certain corporate-owned stores. None of the franchised stores were infected with malware. Arbys has more than 3,300 stores across the United States, more than 1,000 of which are corporate-owned.
PSCU, an organization serving credit unions, was the first to identify a potential breach after receiving a list of 355,000 stolen credit card/debit card numbers from its member banks. It is currently unclear when the restaurant malware attack first occurred, although the malware is currently thought to have been actively stealing data from October 25, 2016 until January 19, 2017, when the malware was identified and removed.
This is of course not the first restaurant malware attack to have been reported in recent months. The restaurant chain Wendys suffered a similar malware attack last year. That incident also resulted in the theft of hundreds of thousands of payment card details before the malware was discovered and removed. Similar payment card system malware infections were also discovered by Target and Home Depot and resulted in huge numbers of card details being stolen.
Details of how the malware was installed have not been released, although malware is typically installed when employees respond to spear phishing campaigns. Malware is also commonly installed as a result of employees clicking on malicious links contained in spam emails or being redirected to malicious sites by malvertising. In some cases, malware is installed by hackers who take advantage of unaddressed security vulnerabilities.
Once malware has been installed it can be difficult to identify, even when anti-virus and anti-malware solutions are in use. As was the case with the latest restaurant malware attack, data theft was only identified when cybercriminals started using the stolen payment card information to make fraudulent purchases.
Protecting against malware attacks requires multi-layered cybersecurity defenses. Good patch management policies are also essential to ensure that any security vulnerabilities are remediated promptly. Anti-spam and anti-phishing solutions can greatly reduce the volume of messages that make it through to employees’ inboxes, while malicious links and redirects can be blocked with a web filtering solution. A little training also goes a long way. All staff members with computer access should receive anti-phishing training and should be instructed on security best practices.
Regular scans should be performed on all systems to search for malware that may have evaded anti-virus and anti-malware solutions. Since a restaurant malware attack will target payment card systems, those should be frequently scanned for malware. Rapid detection of malware will greatly reduce the damage caused.
Hotel malware attacks have been hitting the headlines in the past two years as cybercriminals target hotels looking for payment card information. Now, InterContinental Hotels Group Plc has announced that a malware infection has potentially resulted in the theft of customers’ payment card details from 12 of its hotels in the United States. The hotel malware attacks affected guests at InterContinental Hotels as well as Crowne Plaza and Holiday Inn hotels.
The data breach affected the payment systems used by the hotel chain’s restaurants and bars, but did not extend to the front desk system used to process guests.
Malware was installed on the hotels’ servers which searched for and obtained customer track data from credit and debit card transactions. Customers’ card data – including names, card numbers, expiry dates and verification codes – were intercepted and potentially stolen using the malware. The malware was discovered in late December when the hotel chain hired a cybersecurity firm to investigate a potential data breach following an unusual level of fraud affecting the hotel chain’s customers. That investigation revealed malware had been installed as early as August 1, 2016 which remained active until December 15, 2016.
InterContinental has not disclosed whether the malware passed on any payment card information to the attackers nor how many customers had been impacted by the incident, only that servers at 12 of the chain’s hotels had been affected. Investigations into the security breach are continuing and the investigation has now been extended to other hotels owned by InterContinental in the Americas.
Hotels are commonly targeted by cybercriminals seeking payment card information. Last summer, InterContinental’s Kimpton Hotels & Restaurants were attacked with malware and similar incidents were reported last year by Marriot International’s Starwood Hotels as well as the Hyatt, Westin, and Sheraton hotel chains. Hotel malware attacks were reported by the Hilton chain and Trump Hotels in 2015.
Cybercriminals are most interested in POS systems used by hotels. Malware is installed that is capable of capturing payment card information and those data are then transferred to the attackers. All too often, malware is installed and stays active for months before it is detected. During that time, tens of thousands of hotel guests can be impacted and have fraudulent charges applied to their accounts.
While hotel customers are often covered by their card providers’ insurance policy, the fallout from these incidents can be considerable. When guests suffer credit card and debit card fraud as a result of visiting a particular hotel, they may take their business elsewhere.
Malware can be installed by cybercriminals via a number of different attack vectors. Direct attacks take advantage of security flaws in software and hardware. Last year, Cylance’s Sophisticated Penetration Exploitation and Research Team (SPEAR) identified a zero-day vulnerability in ANTLabs InnGate routers, which are used by many of the top hotel chains to provide Internet access for guests. The flaw could be exploited to gain access to guest’s smartphones, laptops, and tablets, or potentially be used to install malware that targets POS systems on hotel servers.
According to SPEAR, the flaw was being actively exploited and 277 hotels had been targeted across 29 countries, including more than 100 hotels in the United States. Eight out of the world’s top ten hotel chains were found to have systems vulnerable to this type of attack. A patch was promptly issued to correct the flaw and hotels were able to plug the security hole.
It may not be possible to prevent attacks that exploit zero-day vulnerabilities; however, there are steps that can be taken to reduce hotel malware attacks. Malware is often downloaded as a result of employees’ or guests’ actions. Malware may be deliberately installed, although all too often downloads occur silently as a result of employees and guests visiting malicious websites.
Blocking access to these websites will protect both the hotel and its guests from web-borne malware and ransomware attacks. If a web filter – such as WebTitan – is installed, all websites known to house malware will be blocked.
If you run a hotel or hotel chain, a web filter is an additional layer of security that should be seriously considered. A web filter will help to reduce the risk of malware and ransomware infections and keep hotel networks safe and secure for all users.
A hotel ransomware attack in Austria hit the headlines in the past couple of days. The cyberattack affected the Romantik Seehotel Jägerwirt. The hotel’s computer system was infiltrated by the attacker who installed ransomware. A range of files were encrypted, which prevented the hotel from being able to check-in new guests and issue new key cards for hotel doors.
Hotel Ransomware Attack Hampers Guest Check-ins
Early reports of the hotel ransomware attack suggested hotel guests were locked out of their rooms or, in some cases, locked in their rooms. The latter is not possible as even when electronic key cards are used, locks can be opened manually from the inside. Guests who had been issued with key cards prior to the attack were also able to use their cards to get in their rooms, according to a statement issued by the hotel’s manager.
However, the cyberattack still caused considerable disruption at the 111-year old hotel. According to local news sources, the attack affected the hotel’s key card system, reservation system, and its cash desk.
Since files were encrypted that were necessary to program new key cards, any guest that had not been checked in before the cyberattack occurred experienced considerable delays. The issue was only resolved when the hotel paid the ransom demand of 1500 Euros – approximately £1,300/$1,600. Systems remained out of action for 24 hours as a result of the attack.
This was not the only attack affecting the hotel. A second attack reportedly occurred, although the hotel was able to thwart that attempt by taking its systems offline. Repeat attacks are unfortunately common. If one ransomware attack results in the payment of a ransom, other attacks may also occur as the attackers attempt to extort even more money from their victim. Backdoors are often installed during initial attacks to enable access to continue after payment has been made.
Not being able to check-in new guests for a period of 24 hours can make a serious dent in profits, not only from guests being forced to seek alternative accommodation, but also from the damage to a hotel’s reputation. Such an attack can keep future guests away.
In this case, in addition to paying the ransom demand, the manager of the Romantik Seehotel Jägerwirt confirmed that the hotel will be going old school in the impending future. Rather than continue to use an electronic key card system, the hotel will revert to using standard keys for hotel room doors. Another hotel ransomware attack would therefore not prevent guests from checking in.
Hotels Must be Prepared for Cybersecurity Incidents
This is not the first hotel ransomware attack to have occurred in 2017 and it certainly will not be the last. Hotels are attractive targets for cybercriminals because hotels cannot afford to have critical systems offline for lengthy periods of time due to the disruption they cause. Cybercriminals know that ransom demands are likely to be paid.
In this case, no lasting harm was caused, although that does not mean future attacks will be limited to reservation systems and cash desk operations. Elevator systems may be targeted or other systems that have potential to compromise the health and safety of guests.
Hotels therefore need to make sure that not only are defenses augmented to prevent ransomware attacks, but a data breach response plan is in place to ensure that in the event of a cybersecurity incident, rapid action can be taken to limit the harm caused.
According to a new report from data breach insurance provider Beazley, US ransomware attacks on enterprises quadrupled in 2016. There is no sign that these attacks will slow, in fact they are likely to continue to increase in 2017. Beazley predicts that US ransomware attacks will double in 2017.
Half of US Ransomware Attacks Affected Healthcare Organizations
The sophisticated nature of the latest ransomware variants, the broad range of vectors used to install malicious code, and poor user awareness of the ransomware threat are making it harder for organizations to prevent the attacks.
For its latest report, Beazley analyzed almost 2,000 data breaches experienced by its clients. That analysis revealed not only that US ransomware attacks had increased, but also malware infections and accidental disclosures of data. While ransomware is clearly a major threat to enterprises, Beazley warned that unintended disclosures of data by employees is actually a far more dangerous threat. Accidental data breaches increased by a third in 2016.
US ransomware attacks and malware incidents increased in the education sector, which registered a 10% rise year on year. 45% of data breaches experienced by educational institutions were the result of hacking or malware and 40% of data breaches suffered by companies in the financial services. However, it was the healthcare industry that experienced the most ransomware attacks. Nearly half of 2016 US ransomware attacks affected healthcare organizations.
The report provides some insight into when organizations are most at risk. US ransomware attacks spiked at the end of financial quarters and also during busy online shopping periods. It is at these times of year when employees most commonly let their guard down. Attackers also step up their efforts at these times. Beazley also points out that ransomware attacks are more likely to occur during IT system freezes.
Ransomware Attacks on Police Departments Have Increased
Even Police departments are not immune to ransomware attacks. Over the past two years there have been numerous ransomware attacks on police departments in the United States. In January, last year, the Midlothian Police Department in Chicago was attacked with ransomware and paid a $500 ransom to regain access to its files.
The Dickson County Sheriff’s Office in Tennessee paid $572 to unlock a ransomware infection last year, and the Tewksbury police department in Massachusetts similarly paid for a key to decrypt its files. In 2015, five police departments in Maine (Lincoln, Wiscasset, Boothbay Harbor, Waldboro and Damariscotta) were attacked with ransomware and in December 2016, the Cockrell Hill Police Department in Texas experienced a ransomware infection. The attack resulted in video evidence dating back to 2009 being encrypted. However, since much of that information was stored in backup files, the Cockrell Hill Police Department avoided paying the ransom.
Defending Against Ransomware
Unfortunately, there is no silver bullet to protect organizations from ransomware attacks. Ransomware defenses should consist of a host of technologies to prevent ransomware from being downloaded or installed, but also to ensure that infections are rapidly detected when they do occur.
Ransomware prevention requires technologies to be employed to block the main attack vectors. Email remains one of the most common mediums used by cybercriminals and hackers. An advanced spam filtering solution should therefore be used to prevent malicious emails from being delivered to end users. However, not all malicious attachments can be blocked. It is therefore essential to not only provide employees with security awareness training, but also to conduct dummy ransomware and phishing exercises to ensure training has been effective.
Many US ransomware attacks in 2016 occurred as a result of employees visiting – or being redirected to – malicious websites containing exploit kits. Drive-by ransomware downloads are possible if browsers and plugins are left unpatched. Organizations should ensure that patch management policies are put in place to ensure that all systems and software are patched promptly when updates are released.
Given the broad range of web-based threats, it is now becoming increasingly important for enterprises to implement a web filtering solution. A web filter can be configured to prevent employees from visiting malicious websites and to block malvertising-related web redirects. Web filters can also be configured to prevent employees from downloading malicious files and engaging in risky online behavior.
The outlook for 2017 may be bleak, but it is possible to prevent ransomware and malware attacks. However, the failure to take adequate preventative steps to mitigate risk is likely to prove costly.
The use of web filters in libraries has been in the headlines on many occasions in recent months. There has been much debate over the extent to which libraries should allow patrons to exercise their First Amendment freedoms and whether Internet access should be controlled.
Many libraries in the United States choose not to implement web filters to control the content that can be accessed on their computers, instead they tackle the problem of inappropriate website access by posting acceptable usage guidelines on walls next to computers.
However, patrons of libraries can have very different views of what constitutes acceptable use. Many users of library computers take advantage of the lack of Internet policing and use the computers to view hardcore pornography.
While this is every American’s right under the First Amendment, it can potentially cause distress to other users of libraries. Libraries are visited by people of all ages including children. It is therefore possible that children may accidentally view highly inappropriate material on other users’ screens.
Libraries that apply for government discounts under the e-rate program are required to comply with the Children’s Internet Protection Act (CIPA). The legislation, which went into effect on April 20, 2001, requires schools and libraries to implement controls to restrict Internet access and prevent the viewing of obscene images, child pornography, and other imagery that is harmful to minors. However, it is only mandatory for libraries to comply with CIPA regulations if they choose to take advantage of e-rate discounts. Many libraries do not.
A recent article in DNA Info has highlighted the extent to which library computers are used to access pornography. One patron recently reported an incident that occurred when she visited Harold Washington Library in Chicago to complete forms on a library computer. She claimed that the person on the computer next to her was viewing hardcore pornography and was taking photographs of the screen using his mobile phone camera.
That individual was viewing material of very explicit nature and the screen was in full view of other users of the library. When the woman mentioned what was going on to a security guard, she was told that there was nothing that could be done. The library had chosen to honor patrons First Amendment Rights, even though those rights were in conflict with public decency. A reporter spoke to one librarian who said “Up here in this branch there’s porn 24/7.”
Most libraries in Chicago do not use web filters to limit access to obscene material, although that is not the case in all libraries in the United States. The reverse is true in libraries in Wisconsin for example.
The American Library Association does not recommend the use of web filters in libraries and instead believes the issue of inappropriate website usage should be tackled in other ways, such as to “remind people to behave well in public.”
The debate over First Amendment rights and the blocking of pornography in libraries is likely to continue for many years to come. However, institutions that are commonly frequented by individuals under the age of 18, who are not permitted by law to view pornography, efforts should be made to protect them from harm. If technical measures such as web filters are not used to block pornography in libraries, at the very least libraries should use privacy screens to limit the potential for minors to view other users’ screens.
Do you believe patrons of libraries should be allowed to view any and all website content? Should First Amendment rights extent to the viewing of pornography in libraries?
Internet censorship laws in two U.S. states may be augmented, forcing Internet service providers and device manufacturers to implement technology that blocks obscene material from being viewed on Internet-connected devices.
North Dakota has recently joined South Carolina in proposing stricter Internet censorship laws to restrict state residents’ access to pornography. There is growing support for stricter Internet censorship laws in both states to block pornography and websites that promote prostitution, and it is believed that stricter Internet censorship laws will help reduce human trafficking in the states.
The new Internet censorship laws would not prevent state residents from accessing pornography on their laptops, computers and smartphones, as the technology would only be required on new devices sold in the two states. Any new device purchased would be required to have “digital blocking capability” to prevent obscene material from being accessed. Should the new Internet censorship laws be passed, state residents would be required to pay $20 to have the Internet filter removed.
The proposed law in North Dakota – Bill 1185 – classifies Internet Service Provider’s routers and all laptops, computers, smartphones, and gaming devices that connect to the Internet as “pornographic vending machines” and the proposed law change would treat those devices as such. The bill would also require device manufacturers to block ‘prostitution hubs’ and websites that facilitate human trafficking. If passed, the ban on the sale of non-filtered Internet devices would be effective from August 1, 2017.
Lifting of the block would only be possible if a request to remove the Internet filter was made in writing, the individual’s age was verified in a face to face encounter, and if a $20 fee was paid. Individual wishing to lift the block would also be required to receive a written warning about the dangers of removing the Internet filter.
The fees generated by the state would be directed to help offset the harmful social effects of obscene website content, such as funding the housing, legal and employment costs of victims of child exploitation and human trafficking. Fees would be collected at point of sale.
Device manufacturers would have a duty to maintain their Internet filter to ensure that it continues to remain fully functional, but also to implement policies and procedures to unblock non-obscene website content that has accidentally been blocked by filtering software. A system would also be required to allow requests to be made to block content that has somehow bypassed the Internet filtering controls. Requests submitted would need to be processed in a reasonable time frame. Failure to process the requests promptly would see the company liable to pay a $500 fine per website/webpage.
State Representative Bill Chumley (R‑Spartanburg) introduced similar updates in South Carolina last month, proposing changes to the state’s Human Trafficking Prevention Act. Both states will now subject the proposed bills to review by their respective House Judiciary Committees.
A restaurant WiFi filtering service can help to keep customers safe when they use the Internet by blocking access to websites known to contain malware. A restaurant WiFi filtering service will also ensure that patrons can only view website content that is suitable for families.
WiFi networks are often abused and used by some individuals to view pornography or other material that has no place in a restaurant. If one diner chooses to view such material on a personal device while in a restaurant, other diners may catch glimpses of the screen – That hardly makes for a pleasant dining experience.
However, there is another important reason why a restaurant WiFi filtering service should be used. Diners can be protected from a range of web-borne threats while using free wi-Fi networks, but also the computer systems of the restaurant.
Each year, many restaurants discover that their computers and networks have been infected with malware. Malware infections are often random; however, restaurants are now being targeted by cybercriminals. If a hacker can gain access to a restaurant’s computer network and succeeds in loading malware onto its POS system, every customer who pays for a meal with their debit or credit card could have their credentials sent to the hacker.
Restaurants, especially restaurant chains, are targeted for this very reason. One infected POS system will give a cybercriminal a steady source of credit card numbers. Each year, there are many examples of restaurants that have been attacked in this manner. One of the latest restaurant chains to be attacked was Popeye’s Louisiana Kitchen – A multinational chain of fried chicken and fast food restaurants.
Popeyes recently discovered a cyberattack that resulted in malware being installed on its systems. The attack started on or around May 5, 2016 and continued undiscovered until August 18, 2016. During that time, certain customers who paid for their meals on their credit and debit cards had their card numbers stolen by the malware and passed on to the attackers.
Popeyes only discovered the cyberattack when it received notification from its credit card processor of suspicious activity on customers’ accounts. CCC Restaurant Enterprises, which operates Popeyes, retained a forensic expert to analyze its systems for signs of its systems having been compromised. That analysis revealed a malware infection. The information stealing malware was passing credentials to the attacker and those details were being used to defraud customers. Ten restaurants in the chain were known to have been affected. Those restaurants were located in Georgia, North Carolina, and Texas. The malware infection has now been removed and customers are no longer at risk, although the cyberattack undoubtedly caused reputation damage for the chain.
Malware can be installed via a number of different vectors. Vulnerabilities can be exploited in servers and software. It is therefore essential to ensure that all software is patched and kept up to date. Attacks can occur via email, with malicious links and attachments sent to employees. A spam filter can block those emails and prevent infection. Attacks can also take place over the Internet. The number of malicious websites now produced every day has reached record levels and the threat level is critical.
A restaurant WiFi filtering service will not protect against every possible type of attack but it does offer excellent protection against web-borne threats. A web filtering service can also prevent users from visiting malicious links sent in spam and phishing emails, blocking users’ attempts to click the links. A restaurant WiFi filtering service will also ensure family-friendly Internet access is provided to customers. Something that is increasingly important for parents when choosing a restaurant.
To find out more about how a restaurant WiFi filtering service can be implemented, the wide range of benefits that such a service offers, and for details of how you can trial the WebTitan restaurant WiFI filtering service for 30 days without charge, contact the TitanHQ team today.
There are advantages and disadvantages of Internet filtering in libraries. Even though there are some potential drawbacks to filtering the Internet, an increasing number of libraries in the United States are now opting to use a web filtering solution.
What are the Advantages and Disadvantages of Internet Filtering in Libraries?
Controlling the types of content that can be accessed via library computers has sparked many debates. The American Library Association (ALA) for instance does not recommend Internet filtering. The problem, according to ALA, is that blocking Internet content in libraries “compromises First Amendment freedoms and the core values of librarianship.”
While it is true that libraries are institutions for learning, restricting access to certain types of website content is particularly important to ensure that children are protected. Unrestricted access to the Internet means minors could all too easily view imagery that could cause harm: Pornography for instance.
The ALA says it is better to tackle the problem of inappropriate Internet access with educational programs rather than restricting access. While the ALA understands that children should be protected from obscene and other potentially harmful website content, teaching children how to use the Internet correctly – and how to search for information – is viewed as a reasonable measure to limit harm.
However, for adults, training is likely to prove less effective. If an adult wishes to access illegal or inappropriate website content, acceptable usage policies and educational programs may not prove effective. Children may also choose to ignore library rules and access inappropriate content.
While many Americans have welcomed the use of Internet filtering in libraries to restrict access to obscene or illegal material, there has been concern raised about how the use of Internet filters could potentially limit access to ideas and valuable information. The main disadvantage of controlling Internet access in libraries is not the restriction of access to certain types of web content that have little to no educational value, but the overblocking of website content.
Some Internet filtering solutions lack granular controls which make it easy for libraries to inadvertently restrict access to valuable material. One example would be blocking of sexual content. Blocking sexual content would prevent pornography from being viewed, but potentially also valuable information on sex education: Sexually transmitted diseases or information on LGBT issues for instance. However, with the right solution, it is possible to carefully control Internet content without accidentally blocking valuable educational material.
Internet Content Filtering Helps Libraries Meet Digital Inclusion Goals
The debate over the advantages and disadvantages of Internet filtering in libraries is likely to go on for some time to come, although for many libraries the decision is now becoming less about First Amendment freedoms and more about money.
Libraries face considerable financial pressures, which can be eased with state and federal grants. The Children’s Internet Protection Act requires libraries to implement an Internet filter to block obscene images, child pornography, and other imagery that could be harmful to minors. Compliance is not mandatory, although it is a prerequisite for obtaining certain grants and discounts under the E-rate program.
Library Services and Technology Act grants are available, although while money can be received, unless an Internet content filter is in place, those funds cannot be used for Internet technology, which can limit the ability of libraries to meet their digital inclusion goals and better serve local communities.
The ALA will not – at the present time at least – recommend the use of Internet filtering in libraries, although the organization does concede that some libraries rely on federal or state funding in order to provide patrons with computers and Internet access.
The message to these institutions is to choose a solution which will “mitigate the negative effects of filtering to the greatest extent possible.”
Libraries can implement an internet content filtering solution to block the minimum level of content in order to comply with state and federal regulations. Policies can be implemented to allow content to be unblocked, if it has been inadvertently blocked by a content filtering solution.
It is then possible to receive funding that will allow them to better serve their communities and meet digital inclusion goals, while ensuring that children – and to a lesser extent adults – are appropriately protected.
Why WebTitan is an Ideal Internet Filtering Solution for Libraries
With WebTitan, libraries can control Internet access to meet CIPA requirements and qualify for discounts and grants, while mitigating the negative effects of Internet control. WebTitan features highly granular controls allowing librarians to precisely control the types of web content that can be accessed by patrons. Since the administration control panel is intuitive and easy to use, requests to unblock specific webpages can be easily processed by library staff, without the need for any technical skill.
To find out more about using WebTitan in libraries contact TitanHQ today. You will also receive full assistance setting up WebTitan for a free 30-day trial and can discover for yourself how easy it is to meet CIPA requirements without overblocking website content.
Cybersecurity spending in 2016 was increased by 59% of businesses according to PwC. Cybersecurity is now increasingly being viewed as essential for business growth, not just an IT cost.
As more companies digitize their data and take advantage of the many benefits of the cloud, the threat of cyberattacks becomes more severe. The past 12 months have already seen a major increase in successful cyberattacks and organizations around the world have responded by increasing their cybersecurity spending.
The increased threat of phishing attacks, ransomware and malware infections, data theft and sabotage has been a wake up call for many organizations; unfortunately, it is often only when an attack takes place that that wake up call occurs. However, forward-thinking companies are not waiting for attacks, and are increasing spending on cybersecurity and are already reaping the benefits. They experience fewer attacks, client and customer confidence increases, and they gain a significant competitive advantage.
The annual Global State of Information Security Report from Pricewaterhouse Coopers (PwC) shows that companies are realizing the benefits of improving cybersecurity defenses. More than 10,000 individuals from 133 companies took part in the survey that provided data for the report. 59% of respondents said that their company increased cybersecurity spending in 2016. Technical solutions are being implemented, although investment in people has also increased.
Cybercriminals are bypassing complex, multi-layered cybersecurity defences by targeting employees. Organizations have responded by increasing privacy training. 56% of respondents say all employees are now provided with privacy training, and with good reason.
According to the report, 43% of companies have reported phishing attacks in the past 12 months, with this cybersecurity vector the most commonly cited method of attack. The seriousness of the threat was highlighted by anti-phishing training company PhishMe. The company’s Enterprise Phishing Susceptibility and Resiliency Report showed 90% of cyberattacks start with a spear phishing email. Given how effective training can be at reducing the risk from phishing, increasing spending on staff training is money well spent.
The same is true for technical cybersecurity solutions that reduce phishing risk. Two of the most important solutions are antispam and web filtering solutions, with each tackling the problem from a different angle. Antispam solutions are employed to prevent phishing emails from reaching employees’ inboxes, while web filtering solutions are being used to block access to phishing websites. Along with training, companies can effectively neutralize the threat.
Many companies lack the staff and resources to develop their own cybersecurity solutions; however, the range of managed security services now available is helping them to ensure that their networks, data, and systems are adequately protected. According to the PwC report, 62% of companies are now using managed security services to meet their cybersecurity and privacy needs. By using partners to assist with the challenge of securing their systems, organizations are able to use limited resources to better effect and concentrate those resources on other areas critical to business processes.
There has been a change to how organizations are view cybersecurity over the past few years. Rather than seeing cybersecurity as simply a cost that must be absorbed, it is now increasingly viewed important for business growth. According to PwC US and Global Leader of Cybersecurity and Privacy David Burg, “To remain competitive, organizations today must make a budgetary commitment to the integration of cybersecurity with digitization from the outset.” Burg also points out, “The fusion of advanced technologies with cloud architectures can empower organizations to quickly identify and respond to threats, better understand customers and the business ecosystem, and ultimately reduce costs.”
Companies must now deal with a new ransomware threat: 2017 is likely to see a proliferation of doxware attacks.
2016 was the year when cybercriminals fully embraced ransomware and used it to devastating effect on many organizations. As 2016 started, the healthcare industry was heavily targeted. Cybercriminals rightly assumed that the need for healthcare professionals to access patient data would mean ransom payments would likely be paid. That was certainly the case with Hollywood Presbyterian Medical Center. An attack resulted in a ransom of $17,000 being paid to allow the medical center to regain access to patient data and computer systems
Hospitals throughout the United States continued to be attacked, but not only in the United States, Attacks spread to the United Kingdom and Germany. The education sector was also hit heavily. Many schools and universities were attacked and were forced to pay ransoms to obtain keys to unlock their data.
Between April 2015 and March 2016, Kaspersky Lab reported that ransomware infections rose by 17.7%. The figures for April 2016 to March 2017 are likely to show an even bigger rise. Ransomware has rarely been out of the news headlines all year.
Cybercriminals are making stealthier and more sophisticated ransomware variants to avoid detection and cause more widespread disruption. Widespread media coverage, warnings by security companies and law enforcement agencies, and the likely costs of dealing with attacks has led many companies to improve their defenses and develop strategies to recover from infections.
With ransom demands of tens of thousands of dollars – or in some cases hundreds of thousands of dollars – and widespread attacks, the threat can no longer be ignored
One of the best ways of avoiding having to pay a sizeable ransom is to ensure data are backed up. Should ransomware be installed, IT departments can wipe their systems, restore files from backups, and make a quick recovery.
Ransomware is only an effective income generator for cybercriminals if ransoms are paid. If companies can easily recover, and restoring data from backups is cheaper than paying a ransom, cybercriminals will have to look elsewhere to make their money.
However, ransomware is far from dead. Cybercriminasl are changing their tactics. Ransomware is still being used to encrypt data, but an extra incentive is being added to the mix to increase the chance of a ransom being paid.
Doxware: The New Ransomware Threat
Doxware, like ransomware, encrypts data and a ransom demand is issued. However, in addition to encrypting data, information is also stolen. The gangs behind these attacks up the ante by threatening to publish sensitive data if the ransom is not paid.
If access is gained to corporate emails or other electronic conversations, the potential harm that can be caused is considerable. Reputation damage from doxware can be considerable, making payment of a ransom far more preferable to recovering data from a backup. If intellectual property is stolen and published the consequences for a company could be catastrophic.
2016 has already seen extortion attempts by hackers who have infiltrated networks, stolen data, and threatened its release if ransom payments are not made. TheDarkOverlord attacks on healthcare providers are just one example. However, in those attacks data were simply stolen. The combination of data theft with ransomware would be more likely to see ransoms paid. Already we have seen ransomware variants that combine an information stealing component and 2017 is likely to see the problem get far worse.
The proposed crackdown on fake news websites has shone a light on the use of typosquatting and cybersecurity risks for businesses from employees visiting fake news websites.
Over the past few weeks there has been considerable media attention focused on fake news websites and the harm that these fake news stories can cause.
Just as newspapers and news networks can earn big money from being the first to break a new story, there is big money to be made from posting fake news items. The problem is growing and it is now becoming harder to separate fact from fiction. 2016 has seen fake news stories hit the headlines – Both the problem and the republishing of fake news in the mainstream media.
Fake News Websites are a Serious Problem
This year’s U.S. presidential election has seen the Internet awash with propaganda and fake news posts, especially – but not exclusively – about support for Donald Trump and criticism of Hillary Clinton. Fake news sites such as the Denver Guardian (the periodical doesn’t actually exist) posted news about rigging of the election. Genuine news organizations notably picked up on a story about Denzel Washington supporting Trump; however, the original story was taken from a fake news site. Of course, these are just two of many hundreds of thousands of fake news stories published throughout the year.
All too often fake news stories are silly, satirical, or even humorous; however, they have potential to cause considerable harm and influence the public. Potentially, they could change the outcome of an election.
Consumers are now increasingly basing their opinions on fiction rather than fact. Fake news is nothing new of course, but the U.S. presidential election has brought it to the forefront and has highlighted the extent to which it is going on – on a scale never before seen.
Worldwide governments are now taking action to crackdown on the problem. Germany and Indonesia have joined the U.S. in the fight against fake news stories and there have been calls for greater regulation of online content.
Facebook has received considerable criticism for failing to do enough to prevent the proliferation of fake news. While CEO Mark Zuckerberg dismissed the idea that fake news on Facebook was influential in the election – “the idea that fake news on Facebook, which is a very small amount of the content, influenced the election in any way, I think is a pretty crazy idea.” However, last month he confirmed a new initiative to address hoaxes and fake news. Facebook is to make it easier for users to report fake news stories, third-party fact checkers will be enlisted, news websites will be analyzed more closely, and stories will be pushed down the rankings if they are getting fewer shares.
All of the attention on fake news sites has highlighted a tactic that is being used to spread fake news – a tactic that has long been used by cybercriminals to spread malware: Typosquatting.
Typosquatting and Cybersecurity Risks
Typosquatting – otherwise known as URL hijacking – is the use of a popular brand name with authority to fool web surfers into thinking a website is genuine. The fake news scandal brought attention to the tactic after fake news items were posted on spoofed news websites such as usatoday.com (usatoday.com.com) and abcnews (abcnews.com.co).
To the incautious or busy website visitor, the URL may only get a casual glance. The slightly different URL is unlikely to be spotted. This may only result in website visitors viewing fake news, although in many cases it can result in a malware download. Cybercriminals use this tactic to fool web surfers into visiting malicious websites where malware is automatically downloaded.
Typosquatting is also used on phishing websites and for fake retail sites that relieve visitors of their credit card information or other sensitive credentials.
Even fake news sites are a problem in this regard. They often contain third-party adverts – this is one of the ways that fake news stories generate income for the posters. Those adverts are often malicious. The site owners are paid to display the adverts or send visitors to malicious websites. Adverts are also used to direct visitors to fake retail sites – zappoos.com or Amazoon.com for example. Many fake news sites are simply used as phishing farms.
While consumers can be defrauded, businesses should also take note. Since many of these sites are used to either spread malware or direct users to malicious sites where malware is downloaded, fake news sites are a serious cybersecurity risk.
Governments and social media networks may be taking a stand against these malicious sites, but businesses should also take action. All it takes is for one user to visit a malicious site for malware or ransomware to be downloaded.
Fortunately, it is possible to reduce risk with a web filtering solution. Web filtering solutions such as WebTitan can be used to block access to websites known to contain malware. Malicious websites are rapidly added to global blacklists. If a web filtering solution is used, an employee will be prevented from visiting a blacklisted site, which will prevent a malware download.
Malicious adverts can also be blocked and prevented from being displayed. Malicious links on fake news sites can also easily be blocked. Users can also be prevented from visiting websites when clicking on links to the sites in emails or on social media websites.
For further information on the full range of benefits of WebTitan and to find out how you can sign up for a free 30-day trial of WebTitan, contact TitanHQ today.
Anti-phishing solutions for businesses are now an essential element of cybersecurity defenses. The risk from phishing websites has grown considerably in 2016, and 2017 is likely to see the problem become much more severe.
Anti-Phishing Solutions for Businesses Now a Necessity
Cybercriminals are using increasingly sophisticated tactics to infect end users with malware and ‘phish’ for sensitive information such as credit card details, email login credentials, and other sensitive data that can be used for identity theft and fraud. Cybercriminals have changed their tactics to infect more end users and bypass traditional cybersecurity defenses.
In the past it was common for domains to be registered by cybercriminals and only used for phishing or to spread malware. Sooner or later the websites would be reported as malicious in nature, and those domains would be added to global blacklists. As the sites were blocked, the cybercriminals would simply buy another domain and repeat the process. Phishing websites used to remain active for weeks or even months before they ceased to be effective. However, cybersecurity firms are now faster at detecting malicious websites and adding them to blacklists.
Cybercriminals are aware that phishing websites and malicious webpages have a very short shelf life and will only remain effective for a few days before they are blocked. In response, they have changed tactics and are now creating webpages which are only used for very short periods of time.
New webpages are now being created faster and in higher volumes. Those webpages now remain active for less than 24 hours in the majority of cases. Cybercriminals are hijacking legitimate websites with poor security controls or unaddressed vulnerabilities. Malicious URLS are then created and hidden on those domains. Cybercriminals have now all but abandoned malicious websites in favor of single URLs on otherwise benign websites.
The volume of phishing websites has also increased considerably in 2016. Studies now suggest that around 400,000 phishing websites are being detected every month of the year.
Web Filtering Solutions Can Significantly Reduce Risk
There are many anti-phishing solutions for businesses that can be adopted to reduce risk, although one of the most effective tools is an advanced web filter. A web filter can be used to prevent users from visiting malicious websites and webpages that are used to phish for sensitive information or infect end users with malware.
While it was possible for standard web filtering solutions to protect against the risk from phishing by comparing domains against blacklists, it is now essential for each webpage to be checked to determine whether it is malicious. Each URL must also be checked each time it is visited to make sure that it has not been hijacked and used for phishing or to spread malware. For that an advanced web filtering solution is needed, such as WebTitan.
WebTitan checks each webpage that an end user attempts to visit in a fraction of a second, with no noticeable latency – slowing of webpage loading. If a website or webpage is identified as malicious the end user will be prevented from accessing that webpage.
WebTitan allows businesses to further protect their networks by restricting access to certain categories of websites which are commonly used by cybercriminals to spread malware. Since these websites have no legitimate work purpose, they can be easily blocked without any negative impact on the business. In fact, businesses are likely to see significant increases in employee productivity as a result.
Cybercriminals are also increasingly using third party advertising blocks on legitimate websites to display malicious adverts. Those adverts redirect visitors to malicious websites containing exploit kits. Some of those adverts require no user interaction at all – visitors are automatically redirected to websites where drive-by malware downloads occur. WebTitan can be configured to prevent these adverts from being displayed, thus neutralizing the risk.
Cybercriminal activity has been steadily increasing, yet employing an advanced web filtering solution such as WebTitan can help businesses stay one step ahead of cybercriminals and keep their networks malware free.
For further information on the capabilities of WebTitan, to find out how easy it is to protect your end users and networks from attack, and to register for a free 30-day trial of WebTitan, contact TitanHQ today.
The increase in cyberattacks and proliferation of web-borne threats has made web filtering for Managed Service Providers one of the most important, and profitable, opportunities for MSPs. However, not all MSPs have started offering a web filtering service to their clients, even though web filtering is now an essential cybersecurity defense
Why is web filtering for Managed Service Providers now so important? Listed below – and in a useful infographic – are some of the reasons why businesses need to control the websites that can be visited by their employees and why web filtering for Managed Service Providers is an important addition to any MSPs service stack.
Cybercriminals Have Switched from Email to the Web to Spread Malware
Email remains one of the most likely routes that malware can be installed. Malicious email volume is growing and in Q3, 2016, Proofpoint discovered 96.8% of malicious attachments were used to download Locky ransomware. Blocking malicious spam email messages is therefore an essential element of any organization’s cybersecurity defense strategy. However, times are a changing. The threat from web-borne attacks has increased significantly in the past few years.
Cybercriminals are well aware that most organizations now use a spam filter to block malicious messages and that they now conduct end user training to warn employees of the risks of opening email attachments or clicking on hyperlinks sent by strangers.
However, far fewer businesses have implemented a solution that blocks web-borne threats. Consequently, cybercriminals have changed their focus from email to the Internet.
The shift to the web means cybercriminals can reach a much bigger target audience and can spread malware and ransomware more effectively. The extent of this paradigm shift is deeply concerning.
Now, more than 80% of malware is web-related and spread via malicious web adverts, hijacked websites, and websites that have been created with the sole purpose of infecting visitors with malware.
As TitanHQ CTO Neil Farrell points out, “the average business user now encounters 3 malicious links per day.” Those links are rarely identified as malicious and the malware downloads that result from visiting malicious websites go undetected.
Web-Borne Threats have Increased Substantially in Recent Years
Cybercriminals use exploit kits – malicious software that probes for vulnerabilities in browsers – on hijacked webpages and purpose designed, malware-laced websites. Zero-day vulnerabilities are frequently identified in web browsers, browser plugins, and extensions and these flaws can be exploited and leveraged to download malware and ransomware. Each time a new flaw is identified, it is rapidly added to a swathe of exploit kits.
Anti-virus software is capable of detecting a high percentage of malware and preventing the malicious software from being installed on computers; however, new forms of malware are being released at an unprecedented rate. A new malware is now released every 4 seconds. Naturally, there is a lag between the release of new malware and the addition of its signature into antivirus software companies’ virus definition lists. Visits to malicious websites all too often result in malware installations that go undetected.
Malicious websites are constantly being created. Google reports that since July 2013, 113,132 new phishing websites have been created and it is businesses that are being targeted. TitanHQ now adds over 60,000 new malware-spreading websites to its blocklists every single day.
Companies that fail to block these web-borne threats face a high risk of their computers and networks being infected with malware. Figures from IDC show that 30% of companies employing more than 500 staff have experienced malware infections as a result of end users surfing the Internet.
New Threats are Constantly Being Developed
Malware is used to log keystrokes to obtain login credentials for further, more sophisticated attacks. Banking credentials are stolen and fraudulent transfers are made. Businesses also have to contend with the current ransomware epidemic. 40% of businesses have now been attacked with ransomware.
Malware and ransomware infections do not just occur via obscure websites that few employees visit. Hugely popular news sites such as the New York Times and the BBC have been discovered to display adverts containing malicious code. Social media websites are also a major risk. 24% of organizations have been infected with malware via Facebook and 7% via LinkedIn/Twitter, according to a recent study by Osterman Research.
These and other serious threats, along with the extent to which infections are occurring, have been summarized in a new infographic that can be accessed by clicking on the image below:
WebTitan Cloud – Web Filtering for Managed Service Providers
Fortunately, there is an easy solution to prevent web-borne attacks: WebTitan Cloud. WebTitan Cloud is a 100% cloud-based web filtering solution that can be used to prevent end users from visiting websites known to contain malware. WebTitan can be configured to block malicious adverts and can prevent end users from being directed to malware-infected websites if malicious links are clicked.
Given the range of threats and the extent to which cybercriminals are using the web, it is now essential for organizations to add web filtering to their cybersecurity defenses. Consequently, web filtering for Managed Services Providers presents a huge opportunity for growth. TitanHQ has seen a significant increase in uptake of its web filtering for Managed Service Providers in recent months as MSPs have started to appreciate the huge potential web filtering for Managed Services Providers has to improve bottom lines.
WebTitan can be rapidly added to an MSPs service stack and is an easy sell to clients. WebTitan can be deployed remotely and rapidly installed and configured. The solution is automatically updated, requires little to no IT support, is technology agnostic, and therefore so has an extremely low management overhead. The solution also has excellent scalability and can be used to protect any number of end users.
MSPs can be provided with a white-label version of WebTitan Cloud ready for branding and WebTitan Cloud can even be hosted within an MSPs own environment. Perhaps most important for MSPs is the high margin recurring SaaS model. That means high recurring revenues for MSPs and better bottom lines.
Contact TitanHQ today to find out more about web filtering for Managed Service Providers, for full technical specifications, and to discover just how easy it is to add WebTitan to your service stack and start boosting profits.
This month, security researchers have discovered cybercriminals are conducting social media ransomware attacks using Facebook Messenger and LinkedIn. Social media posts have long been used by cybercriminals to direct people to malicious websites containing exploit kits that download malware; however, the latest social media ransomware attacks are different.
According to researchers at CheckPoint Security, the social media ransomware attacks take advantage of vulnerabilities in Facebook Messenger. Images are being sent through Facebook Messenger with double extensions. They appear as a jpeg or SVG file, yet they have the ability to download malicious files including ransomware. The files are understood to use a double extension. They appear to be images but are actually hta or js files.
CheckPoint says “The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file.” The report goes on to say “This results in infection of the users’ device as soon as the end-user clicks on the downloaded file.” No technical details have been released as CheckPoint claim the vulnerability has yet to be fixed by Facebook.
Facebook responded to Blaze’s claim saying the problem was not related to Messenger, but involved bad Chrome extensions. Facebook said the problem had been reported to the appropriate parties.
Ransomware Attacks on the Rise
According to the Kaspersky Security Network, ransomware attacks on SMBs have increased eightfold in the past 12 months. The problem is also getting worse. More than 200 ransomware families have now been discovered by security researchers, and new forms of the malicious file-encrypting software are being released on a daily basis.
Any business that is not prepared for a ransomware attack, and has not implemented security software to protect computers and networks, is at risk of being attacked. A recent survey conducted by Vanson Bourne on behalf of SentinelOne showed that 48% of organizations had been attacked with ransomware in the past 12 months. Those companies had been attacked an average of 6 times.
How to Prevent Social Media Ransomware Attacks
Social media ransomware attacks are a concern for businesses that do not block access to social media platforms in the workplace. It is possible to prevent employees from accessing social media websites using WebTitan, although many businesses prefer to allow employees some time to access the sites. Instead of blocking access to Facebook, businesses can manage risk by blocking Facebook Messenger. With WebTitan, it is possible to block Facebook Messenger without blocking the Facebook website.
If WebTitan is installed, webpages that are known to contain malware or ransomware downloaders will be blocked. When individuals link to these malicious websites in social media posts, employees will be prevented from visiting those sites. If a link is clicked, the filtering controls will prevent the webpage from being accessed.
To find out more about how WebTitan can protect your organization from web-borne threats such as ransomware and to register for a free trial of WebTitan, contact the Sales Team today.
Many employers are not entirely happy with employees using social media sites in the workplace, and with good reason: There are many risks of social media in business and the costs can be considerable.
Social Media Use Can be a Huge Drain on Productivity
When employees are spending time updating their Facebook accounts or checking Twitter they are not working. All those minutes spent on social media platforms really do add up. Social media site use can be a major drain on productivity.
If every employee in an organisation spends an hour a day on social media sites, the losses are considerable. Unfortunately, many employees spend much more than an hour a day on the sites.
Salary.com reports that around 4% of employees waste more than half of each day on non-work related tasks. For a company employing 1,000 members of staff, that equates to more than 160 hours lost each day, not including the hour or two spent on social media sites by the remaining 96% of the workforce.
Social media site use is not all bad, in fact, the use of the sites can be good for productivity. Employees cannot be expected to work solidly for 8 or more hours each day; at least not 8 highly productive hours. If employees enjoy some ‘Facetime’ every hour or two, it can help them to recharge so they are more productive when they return to their work duties.
The problem for employers is how to control the use of Facebook in the workplace and ensure that social media site use is kept within acceptable limits. Taking 5 minutes off every hour or two is one thing. Taking longer can have a seriously negative impact. Unfortunately, relying on employees to self-moderate their use of social media sites may not be the best way to ensure that Internet use is not abused.
The Cost of Social Media Use Can Be Severe
Productivity losses can have a serious negative impact on profits, but there are far biggest costs to employers from social media site use. In fact, the risks of social media in business are considerable.
The cost from lost productivity can be bad, but nowhere near as bad as the cost of a malware or ransomware infection. Social media sites are commonly used by hackers to infect computers. Just visiting a malicious Facebook or Twitter link can result in a malware or ransomware infection. The cost of resolving those infections can be astronomical. The more time employees spend on non-work related Internet activities, the greater the risk of a malware infection.
Is there a genuine risk? According to PC Magazine, the risks are very real. There is a 40% chance of infection with malicious code within 10 minutes of going online and a 94% chance of encountering malicious code within an hour.
Controlling employees’ use of the Internet can not only result in huge increases in productivity, Internet control can help to reduce the risk of malware and ransomware infections. Further, by limiting the sites that can be accessed by employees, organizations can greatly reduce legal liability.
Fortunately, there is a simple, cost-effective, and reliable solution that allows organisations to effectively manage the risks of social media in business: WebTitan.
Managing the Risks of Social Media in Business
WebTitan is an innovative web filtering solution that allows organizations to accurately enforce Internet usage policies. Employers can block inappropriate content to effectively reduce legal liability, block or limit the use of social media sites to improve productivity, and prevent users from encountering malicious code that could give cybercriminals a foothold in the network.
If you have yet to implement a web filtering solution to control Internet use in the workplace or you are unhappy with the cost or performance of your current web filtering product, contact TitanHQ today and find out more about the difference WebTitan can make to your bottom line.
To find out more about the risks of social media in business and why it is now so important to manage social media use in the workplace, click the image below to view our informative infographic.
One of the questions most frequently asked of the WebTitan customer support team is how to block Facebook chat at work without blocking access to Facebook entirely.
Why Block Facebook Chat at Work?
There are many reasons why an organization would want to prevent employees from accessing Facebook. Social media websites can be a drain on productivity. Some employees may spend hours of each day accessing and updating their Facebook account, which is time spent not working.
However, an employee cannot remain productive for a full eight hours each day. By allowing access to Facebook – and other social media sites – employers can actually increase productivity, providing social media site use is kept within acceptable limits.
If employees take short breaks throughout the day and access Facebook for a few minutes every hour, they are likely to be more productive. Morale can also be improved with a little social media site use.
However, there is the question of security to consider and Facebook chat is a particular cause for concern. Many organisations believe Facebook Chat is a security risk. Use of Facebook chat can increase the risk of malware infections. The chat function also lacks the security standards demanded by many organizations and makes it too easy for employees to share sensitive corporate data. Use of Facebook chat is also difficult to police.
How to Block Facebook Chat Without Blocking Facebook Access
With WebTitan Cloud it is easy to block Facebook chat at work without blocking Facebook access entirely. The process takes just a few seconds and is detailed in the video presentation below (and described underneath.)
To block Facebook chat at work, open your WebTitan Cloud administration panel and navigate to “Filtering URL keywords.”
To block Facebook chat you need to add in two blacklisted keywords. Enter in the first keyword:
Then set filter options to ‘find keyword in entire URL’
The second keyword that must be blocked is:
As before, set filter options to ‘find keyword in entire URL’
These two files are used by Facebook chat and if the files are blocked, the Facebook chat will not function, although the Facebook website will still be accessible.
In order for URL keywords to work correctly it is necessary to have the SSL certificate pushed out to the browsers. Further information on how to do this via GPO or manually can be found in the help section on the WebTitan website.
It doesn’t matter which security report you read; one thing is clear. The ransomware problem is becoming worse and the threat greater than ever.
While ransomware attacks in 2015 were few and far between, 2016 has seen an explosion of ransomware variants and record numbers of attacks across all industry sectors. For every ransomware variant that is cracked and decryption software developed, there are plenty more to take its place.
200 Ransomware Families Now Discovered
As if there were not enough ransomware milestones reached this year, there is news of another. The total number of detected ransomware families has now surpassed 200. That’s families, not ransomware variants.
The ransomware families have been catalogued by the ID Ransomware Service; part of the Malware Hunter Team. The current count, which may well be out of date by the time this article is finished, stands at 210.
Not only are new ransomware being developed at an unprecedented rate, the latest variants are even sneakier and have new capabilities to avoid detection. They are also more virulent and capable of encrypting a far wider array of data, and can delete backup files and quickly spread across networks and storage devices.
More people are getting in on the act. Ransomware is being rented out as a service to affiliates who receive a cut of the ransoms they collect. Campaigns can now be run with little to no skill. Unsurprisingly there are plenty of takers.
Massive Campaign Spreading New Locky Ransomware Variant
One of the biggest threats is Locky, a particularly nasty ransomware variant that first appeared in February 2016. Even though Locky has not been cracked, new variants continue to be released at an alarming rate. This week yet another variant has been discovered. The developers and distributers are also using a variant of techniques to evade detection.
Three separate campaigns have been detected this week after a two-week period of relative quiet. The ransomware is now back with a vengeance, with one of the campaigns reportedly involving an incredible 14 million emails on October 24 alone; 6 million of which were sent in a single hour.
There have been some successes in the fight against ransomware. Earlier this year the No More Ransom project was launched. The No More Ransom Project is a joint initiative Europol and the Dutch National Police force, although a number of security firms have now collaborated and have supplied decryptors to unlock files encrypted by several ransomware strains. So far, decryptors have been uploaded to the site that can unlock several ransomware variants: Chimera, Coinvault, Rannoh, Rakhni, Shade, Teslacrypt, and Wildfire.
Ransomware Problem Unlikely to Be Solved Soon
Despite the sterling efforts of security researchers, many of the most widely used ransomware strains have so far proved impossible to crack. The authors are also constantly developing new strains and using new methods to avoid detection. The ransomware problem is not going to be resolved any time soon. In fact, the problem is likely to get a lot worse before it gets better.
Last year, an incredible 113 million healthcare records were exposed or stolen. This year looks like it will be a record-breaking year for breaches if incidents continue at the current rate. The sheer number of healthcare records now available to cybercriminals has had a knock-on effect on the selling price. Whereas it was possible to buy a complete set of health data for $75 to $100 last year, the average price for healthcare records has now fallen to between $20 and $50.
Cybercriminals are unlikely to simply accept a lower price for data. That means more attacks are likely to take place or profits will have to be made up by other means. The glut of stolen data is seeing an increasing number of cybercriminals turn to ransomware.
Are you Prepared for a Ransomware Attack?
With the threat from ransomware increasing, organizations need to prepare for an attack and improve defenses against ransomware. Policies should be developed for a ransomware attack so rapid action can be taken if devices are infected. A fast response to an attack can limit the spread of the infection and reduce the cost of mitigation; which can be considerable.
Defending against ransomware attacks is a challenge. Organizations must defend against malicious websites, malvertising, drive-by downloads, malicious spam emails, and network intrusions. Hackers are not only stealing data. Once a foothold has been gained in a network and data are stolen, ransomware is then deployed.
An appropriate defense strategy includes next generation firewalls, intrusion detection systems, web filtering solutions, spam filters, anti-malware tools, and traditional AV products. It is also essential to provide regular security awareness training to staff to ensure all employees are alert to the threat.
Even with these defenses attacks may still prove successful. Unless a viable backup of data exists, organizations will be left with two options: Accept data loss or pay the ransom. Unfortunately, even the latter does not guarantee data can be recovered. It may not be possible for attackers to supply valid keys to unlock the encryption and there is no guarantee that even if the keys are available that they will be sent through.
Since Windows Shadow copies can be deleted and many ransomware variants will also encrypt backup files on connected storage devices, backup devices should be air-gapped and multiple backups should be performed.
With attacks increasing, there is no time to wait. Now is the time to get prepared.
Most employees are required to agree to use the Internet responsibly and are made to sign an acceptable usage policy as part of their induction before being supplied with a user ID. The policies vary in their content from organization to organization, but typically prohibit individuals from using the Internet to access illegal material, visit websites containing pornography, or engage in online activities that have no work purpose. The policies detail prohibited uses and state the penalties if individuals are discovered to have abused their access rights.
For many businesses, this may be deemed to be sufficient. If policies are breached, there are serious repercussions for the individual. For most employees AUPs alone will be sufficient to stop Internet abuse. However, while a breach of AUPs could result in termination of a work contract or serious disciplinary action against an employee, the consequences for a business can be much more severe.
AUPs can cover employers and prevent legal issues resulting from inappropriate Internet use, but they cannot protect against malware and ransomware infections. The consequences of malware and ransomware infections can be considerable. Data can be lost or corrupted by malware, to confidential information stolen, used for nefarious purposes, or sold on the darknet to criminals. The financial and reputational consequences for a business could be catastrophic.
In the case of ransomware infections, the cost can be considerable. Earlier this year, Hollywood Presbyterian Medical Center experienced a ransomware attack that required a ransom payment of $17,000 to be paid to recover data. The costs of dealing with the infection even after the ransom was paid was considerable, not to mention the disruption to operations while data were locked. Full access to data was not regained for more than a week.
AUPs used to be sufficient to reduce risk – legal and otherwise – but today much more rigorous controls are required to keep networks secure. To manage the risk effectively, it is important to enforce acceptable usage policies with a technological solution.
The most effective way of ensuring AUPs are adhered to is to enforce acceptable usage polices with a web filtering solution. A web filter can be configured to ensure the Internet can only be used for activities that an employer permits. Controls can be applied to ensure that illegal websites are not visited or to block pornography in the workplace, or stricter controls can be applied to severely restrict access. Most importantly given the massive rise in ransomware and malware attacks, controls can be enforced to keep networks secure.
To find out more about the benefits of implementing a web filtering solution, how networks can be secured with WebTItan, and for details of pricing, contact the TitanHQ team today.