You will no doubt have heard of a man in the middle (MiTM) attack. Here we define this attack method, explain how a MiTM attack occurs, and show you how to prevent a man in the middle attack and keep your devices and networks secure.
What is a Man in the Middle Attack?
Man in the middle attacks are commonly cited as a threat, but what exactly is a man in the middle attack? As the name suggests, this is a scenario where a person inserts him or herself between two communicating systems and intercepts conversations or data sent between the two. It is the computer equivalent on eavesdropping on a phone call where neither party is aware that their conversation is not private and confidential.
With a phone call, eavesdropping would allow an attacker to gather a host of sensitive information, which is divulged verbally between both parties. In this scenario, the attacker does not influence the conversation. He/she must wait until a valuable nugget of information is disclosed by either party.
A MiTM attack is concerned with intercepting data transferred between two parties. This could be data sent between a smartphone app and a server, between two parties on a messaging app such as WhatsApp, or an email conversation between two parties. It could also be communication between a user’s browser and a website.
In contrast to the telephone call scenario, which is passive, in a MiTM attack the attacker can influence what is being said. In fact, with a MiTM attack, the two people or systems communicating are not really communicating with each other. Each is communicating with the attacker.
Take email for example. Person A initiates an email conversation with Person B and requests a wire transfer to pay for services rendered. Person A supplies the bank details, and Person B agrees to the wire transfer. Various details are discussed, and the transfer is eventually made. There could be 10 or more messages sent by each party in the conversation. Each message between the two is altered by the attacker, crucially including the bank account details for the transfer. Neither party has been communicating with each other, yet both parties would be convinced they are.
Types of Man in the Middle Attack
The goal of a MiTM is to intercept information, usually for financial gain, but there are different ways that this can be achieved. Generally speaking, there are four main ways that a MiTM attack occurs: Packet sniffing, packet injection, session hijacking, and SSL stripping
Packet sniffing is one of the most common MiTM attack methods and is a type of eavesdropping or wiretapping, except it is not phone conversations that are obtained. It is packets of data sent between the two systems. Packet sniffing is much easier when sensitive data is not encrypted, such when information is disclosed between a browser and a HTTP website, rather than HTTPS where the connection is encrypted.
The above email example is a type of packet injection. Data is intercepted, but additional packets are introduced, or data packets are altered. For instance, malware could be introduced.
Session hijacking is where an attacker hijacks a session, such as a session between a browser and a banking website where the user has logged in. In this example, the attacker is the one in control of the session. SSL stripping is where a HTTPS session, which should be secure as the session is encrypted, is stripped of the encryption, turned from HTTPS to HTTP, and data is identified. This latter example is utilized by web filtering solutions that feature SSL inspection. It allows businesses to check for threats in encrypted traffic.
How to Prevent a Man in the Middle Attack
Fortunately, MiTM attacks can be difficult to perform, so the potential for an attack is limited, but there are skilled hackers who can – and do – perform these attacks and gain access to sensitive data and empty bank accounts. One of the most common examples is a coffee shop scenario where an attacker creates an evil twin hotspot. When a user connects to this evil twin – a Wi-Fi network set up to look like the genuine coffee shop Wi-Fi hotspot – all data sent between their browser and the website is intercepted.
There are several steps you can take to prevent a Man in the Middle Attack.
Never disclose sensitive data when connected to an untrusted public Wi-Fi network. Only ever connect via a VPN, and ideally wait until you are on a trusted Wi-Fi network to access online bank accounts.
Ensure the website is protected by an SSL certificate (starts with HTTPS). Bear in mind that hackers also use SSL certificates, so HTTPS does not mean a website is genuine.
Do not use hyperlinks included in emails, always visit the website directly by typing the correct URL into your browser or finding the correct URL through a Google search.
Do not install unauthorized software, apps from third-party app stores, and do not download and use pirated software.
Businesses should implement a DNS filtering solution to protect their workers and prevent them from visiting malicious websites.
Make sure your networks are secured and have appropriate security tools installed.
Disable insecure SSL/TLS protocols on your website (Only TLS 1.1 and TLS 1.2 should be enabled) and implement HSTS.
At face value, SpamTitan and VadeSecure may appear to be equivalent products. In this post we offer a comparison of SpamTitan and VadeSecure to help managed service providers (MSPs) differentiate between the two solutions.
SpamTitan and VadeSecure
SpamTitan and VadeSecure are two email security solutions that block productivity-draining spam emails, phishing emails, and malspam – spam emails that deliver malware or malware downloaders. These cloud-based solutions assess all incoming emails and determine whether they are genuine communications, unwanted spam, or malicious messages and deal with them accordingly to prevent employees from opening the messages.
TitanHQ is the leading provider of cloud-based email and web security solutions for MSPs that serve the SMB market and has been providing email security for MSPs for more than 2 decades. SpamTitan is TitanHQ’s email security offering, which has been developed for SMBs and MSPs that serve the SMB market.
VadeSecure is a French company that has developed an email security solution for the SMB market. As is the case with SpamTitan, VadeSecure offers protection from email-based threats and provides an important extra layer of security, especially for Office 365 environments. The company is now venturing into the MSP market and has recently raised an additional $79 million in venture capital to help it make inroads into the MSP market. However, at present, the solution is primarily geared toward SMBs rather than MSPs that serve them.
Enhanced Phishing Protection for Office 365 Accounts
Office 365 is the most widely used cloud service by user count and 2019 figures show that Office 365 cloud services are used by 1 in 5 corporate employees, with Office 365 email being the most common. With so many businesses using Office 365 for email, it should come as no surprise that Office 365 email accounts are being heavily targeted by hackers and scammers.
Microsoft does have measures in place to block spam and phishing emails, but the level of protection provided by Exchange Online Protection (EOP) is not sufficient for many businesses. A large percentage of phishing emails manage to sneak past Microsoft’s defenses. According to research from Avanan, 25% of phishing emails are delivered to Office 365 inboxes.
Consequently, additional protection is required, and many businesses choose to implement an anti-phishing solution provided by third parties such as SpamTitan and VadeSecure. MSPs also offer third party solutions to block phishing attacks on Office 365 accounts, not only to better protect their customers, but also to reduce the amount of time they spend mitigating phishing attacks that have not been blocked by EOP.
SpamTitan and VadeSecure have been developed to work on top of Office 365 and add an important extra layer of protection for Office 365 email.
Here we will concentrate on a comparison of SpamTitan and VadeSecure with a specific focus on the features and benefits for MSPs rather than SMBs.
Comparison of SpamTitan and VadeSecure for MSPs Serving the SMB Market
Since VadeSecure has historically focused on the Telco market, the email security solution lacks many features to make MSP’s lives easier and does not provide the level of control, flexibility, or the management tools and reports that MSPs seek. SpamTitan has been developed by MSPs for MSPs, so important features for MSPs have always been offered. We will cover these features below, but initially it is useful to include an infographic that summarizes some of the basic features of SpamTitan and VadeSecure for comparison purposes.
Basic Features of SpamTitan and VadeSecure
SpamTitan Features for MSPs Not Offered by VadeSecure
This comparison of SpamTitan and VadeSecure may seem a little one-sided, and that is because VadeSecure is very much focused on end users rather than MSPs. No doubt the solution will be updated to incorporate more MSP-friendly features over time as the company tries to move into the MSP market, but at present, the features below are provided by SpamTitan but are not offered by VadeSecure.
Configuration Flexibility and Customization Potential
One of the biggest bug bears with VadeSecure is the inability to configure the solution to suit the needs of MSPs. It is not possible to create custom rules for instance, and MSPs must therefore use the Exchange Admin functionality of Office 365.
With SpamTitan, MSPs can create rules based on their own requirements and the needs of each individual client, and those rules can be highly granular and can easily be applied to specific groups, users, and for specific domains. That level of granularity and the ease of customization allows MSPs to fine-tune filtering policies to maximize the detection of threats while minimizing false negatives. MSPs can easily select more permissible or more aggressive policies for each client, but with VadeSecure there is no option for customization for each customer.
SpamTitan includes a full multi-tenancy view of all customers, with multiple management roles. This allows MSPs to easily monitor their entire customer base and trial base, assess the health of the deployments, view activity volumes across all customers, and quickly identify issues that require attention. With VadeSecure, there is no possibility of integrating with PSAs and RMMs, and there is no customer-wide view of the entire system.
Highly Granular Reporting
MSPs can tell their clients how important it is to improve their security defenses, but they must also be able to demonstrate that the solutions are proving effective at blocking threats to ensure they can continue to provide those services and receive regular, repeating revenue.
With SpamTitan, MSPs have highly granular reports that give them full visibility into what is happening and a detailed view of system performance. Client reports can easily be generated to show them how effective the solution is and why it is important to keep it in place. Furthermore, this level of reporting – per domain, per group, and at the group domain level – gives MSPs the information they need to identify potential issues and obtain detailed information on spam emails. The solution also has the management capabilities to allow any issues to be quickly identified and corrected to ensure the solution remains effective over time. With VadeSecure, visibility and control options are lacking and there are no options for demonstrating how effective the solution is and to demonstrate that to clients.
High Margins and Significant Revenue Potential
As previously mentioned, the flexibility and scope for customization is a real benefit for MSPs as it allows them to add more value through superior management capabilities. That means MSPs can build solutions that really benefit their clients and it helps them become more of a strategic partner rather than an IT service provider. It is much harder for clients to change a strategic partner than switch IT service providers. VadeSecure lacks this customization which means it is not possible for MSPs to add value to generate reliable, recurring revenue.
Further, with VadeSecure you get one product, but TitanHQ offers a trio of solutions for MSPs to better protect their clients and add more recurring revenue streams. Through the TitanShield for Service Providers program, MSPs also have access to WebTitan DNS filtering and ArcTitan email archiving. This allows MSPs to maximize revenue from each client by cross-selling new services, while also offering a layered security package to protect clients from the full range of email- and web-based threats.
Fully Transparent Pricing
When it comes to pricing, VadeSecure (and many other email security solutions) lack transparency and the pricing model is complex and expensive. Several features are not included as standard with VadeSecure and come at an additional cost. This makes it hard to perform a SpamTitan and VadeSecure pricing comparison.
For instance, with VadeSecure the solution is priced per module, so the Greymail, Spam, and Virus Protection options are not provided as standard and have to be added onto the cost. Based on feedback we have received from MSPs the solution is expensive, which reduces MSP profits and makes the email security solution more difficult to sell to SMBs.
With VadeSecure, the total number of users is not aggregated, which shows a lack of experience of working with MSPs. An MSP with 100 x 10-seat licenses will have that pay at 10 seats each rather than 1,000 seats overall. As such, discounts will be far lower.
With SpamTitan there is just one price which includes all features, including sandboxing, full support, dual anti-virus protection, all security modules, and updates. Furthermore, the price is exceptionally competitive (less than $1 per user). The pricing model was created to incorporate the flexibility for dealing with fluctuating numbers of customers, which often happens when providing managed email services.
Effectiveness at Blocking Threats
Price, usability, and flexibility are all important for MSPs, but features and benefits are the icing on the cake. Email security solutions are used to protect against threats, so the effectiveness of a solution is critical. SpamTitan and VadeSecure are effective at blocking threats and will provide an important additional layer of security for Office 365 users, but feedback we have received from MSPs show there is a clear winner.
VadeSecure includes ‘time-of-click’ protection against embedded hyperlinks, which rewrites URLs and sends them to a scanner. However, MSPs have reported that it can take a long time for phishing emails to be detected, even after threats would be blocked by Chrome. That means that phishing emails are being delivered and there is a window during which a successful attack could occur. This URL click feature only appears to work in OWA or the Outlook client as it is an API integration with Office 365.
SpamTitan includes more advanced detection methods to ensure that malicious URLs are detected and phishing emails are filtered out. SpamTitan includes SURBL filtering and other malicious URL detection mechanisms that complement the default mechanisms in Office 365 such as Recipient Verification Protocols, Sender Policy Frameworks, and Content Filter Agents. This means end users are better protected and there is a much lower probability of a phishing email evading detection.
Dual anti-virus protection is also provided and SpamTitan features a sandbox where suspicious attachments can be safely analyzed for malicious actions. This provides superior protection against malware, ransomware, and zero-day threats that are not detected by the two AV engines.
Any business that processes card payments is a target for cybercriminals, but restaurants in particular are favored by hackers. Over the past few weeks, cybercriminals have stepped up their efforts to attack these businesses and several restaurant chains have had their systems compromised. In all cases, malware has been installed on point-of-sale systems that steals payment card information when diners pay for their meals.
Many of the attacks have hit restaurant chains in the Midwest and East, with credit card data from diners recently having been listed for sale on the underground marketplace, Joker’s Stash. A batch of approximately 4 million credit and debit cards is being offered for sale, which comes from malware attacks at Moe’s, McAlister’s Deli, Krystal, and Schlotzsky’s.
The cyberattack on Krystal was detected in November, with the other three chains, all owned by Focus Brands, attacked in August. In total, the above chains have more than 1,750 restaurants and almost half of those locations, mostly in Alabama, Florida, Georgia and North and South Carolina, were affected.
Catch Hospitality Group also announced in November that it had suffered a cyberattack which had seen malware installed on its point-of-sale system that scraped and exfiltrated payment card data as diners paid for their meals. The data breach affected customers of Catch NYC, Catch Roof, and Catch Steak restaurants. Fortunately, the devices used to process the majority of payments were unaffected. Malware was on the Catch NYC and Catch Roof devices between March 2019 and October 2019, with Catch Steak affected between September 2019 and October 2019.
Church’s Chicken restaurants were also attacked in a separate incident in October. The majority of its 1,000+ restaurants were not affected, but at least 160 restaurants in Alabama, Arkansas, Florida, Georgia, Illinois, Louisiana, Mississippi, Missouri, South Carolina, Tennessee and Texas had malware installed on their POS system.
Other restaurant chains that have been attacked in 2019 include Checker’s Drive-In, Cheddar’s Scratch Kitchen, Huddle House, Applebee’s, Chilli’s, and Earl Enterprises (Buca di Beppo, Chicken Guy, Tequila Taqueria, Mixology, Planet Hollywood). Malware n the systems of Earl Enterprises had been present for almost a year before it was detected.
How to Improve Restaurant Cybersecurity
Restaurants process many thousands of card transactions which makes them an attractive target for hackers. Restaurants often use out-of-date operating systems, have vulnerability-ridden legacy hardware, and their cybersecurity solutions often leave a lot to be desired. Consequently, cyberattacks on restaurants are relatively easy to perform, at least compared to many other types of businesses.
In order to infect the POS system, the attackers will need network access. That is most commonly gained via phishing emails, drive-by malware downloads, or by abusing remote access tools. Direct attacks are also possible using techniques such as SQL injection and weak passwords can be easily guessed using brute force tactics.
The malware that sits on systems and exfiltrates data tends to have a very small footprint and is often stealthy as it needs to be present for long periods of time to collect payment card data. That can make it hard to detect when it has been installed. The key to security is therefore improving defenses to make sure the malware is not installed in the first place, which means preventing the attackers from gaining access to the network.
Listed below are some easy-to-implement steps that will help restaurants improve their security posture and block attacks. The key is defense in depth through layered security.
Use an enterprise-grade firewall –Ensure an enterprise-grade firewall is purchased. A firewall will prevent unauthorized individuals from gaining access to your network resources.
Patch promptly and update all software and firmware – Ensure patches are applied promptly and software and firmware updates are implemented when they are released. That includes all systems and networked devices, not just your POS.
Upgrade hardware – When your hardware is approaching end of life it is time to upgrade. Unsupported hardware (and software) will no longer be updated and vulnerabilities will no longer be fixed.
Lockdown your POS: Use whitelisting or otherwise lock down POS systems to make it harder for malware to operate. Only allow trusted apps to run on your POS systems.
Install powerful antivirus software – Ensure all devices are protected by a powerful anti-virus solution and that it is set to update virus definitions automatically. Regularly scan the network for malware, especially your POS.
Implement an intrusion detection system – These systems monitor the network for unusual activity that could indicate a malware infection, attackers searching the network for the POS system, and unusual traffic that could indicate data exfiltration.
Change all default passwords and set strong passwords – To protect against brute force attacks, ensure strong passwords are set on all systems and all default passwords are changed. Also implement rate limiting to block attempts to access a system or device after a set number of failed password attempts.
Implement a powerful spam filtering solution – A powerful email security solution, such as SpamTitan, is required to prevent spam and malicious emails from being delivered to end users. Even if you have Office 365, you will need a third-party email security solution to block email-based threats.
Restrict Internet access with a DNS filter – A DNS filter such as WebTitan provides protection against drive-by malware downloads and web-based phishing attacks. WebTitan will block all known malicious websites and those with a low trust score. The solution can also be configured to prevent employees from accessing categories of websites where malware downloads are more likely.
Disable Remote Access if Possible – Disable Remote Desktop Protocol and all remote access tools. If remote access tools are required to allow essential maintenance work to be completed, ensure they can only used via a VPN and restrict the people who can use those tools.
The WannaCry ransomware attacks that started on May 12, 2017 were blocked quickly when a kill switch was identified and activated, but how much money did WannaCry make during the time it was active?
WannaCry was a devastating global cyberattack, the likes of which had been predicted by many cybersecurity professionals but had yet to materialize. WannaCry was the fastest spreading ransomware ever created.
WannaCry combined ransomware with a worm, which allowed it to automatically spread and infect huge numbers of devices on a network. The ransomware exploited a vulnerability in Windows Server Message Block (SMBv1) using an NSA exploit called EternalBlue.
The flaw exploited by EternalBlue had been reported to Microsoft and a patch was issued in March 2017, two months before the attacks started. However, many businesses were slow to apply the patch and were vulnerable to attack. Within a matter of hours, around 200,000 computers had been attacked in 150 countries. It is worth noting here that there are still many computers that have not been patched more than 2 and a half years after the patch was released, in spite of widespread news coverage about the threat of attack and its huge cost. WannaCry is still one of the biggest ransomware threats and accounts for a significant percentage of all successful ransomware attacks in 2019.
WannaCry was blocked by a British security researcher who discovered the ransomware checked a domain name prior to encrypting data, but that domain name had not been registered. He purchased the domain name, thus preventing file encryption.
That said, the speed at which the ransomware spread meant many devices were infected and encrypted. Since businesses were not protected if the ransomware encryption had already started by the time the kill switch was activated, the attackers must have had a huge payday. So how much did WannaCry make?
By today’s standards, the ransom demand was very small. Just $300 per infected device, which doubled to $600 if the payment was not paid within 3 days. It is actually easy to see how many payments were made, as the transactions are detailed in the blockchain. The recipient remains anonymous, but the payments can be seen.
The three Bitcoin addresses known to have been used in the WannaCry attacks currently show 430 payments have been made and 54.43228033 BTC has been sent to those accounts. The value of BTC is somewhat volatile and was much higher at points between now and the attacks, but at today’s exchange rate that equates to around $386,905. Most of the BTC payments have now been moved out of the accounts so they attackers have managed to cash out. Payments are also still being made to those accounts. The latest payments to one of the addresses were made in December 2019.
$386,905 may not seem like much of a payday considering the number of devices infected and the damage caused by the attack, and it’s not. Further the attackers will need to convert that total to real money, and a considerable amount will be lost in that process. The payday was tiny considering the scale of the attack. However the cost of the attack to businesses was colossal.
The National Health Service in the United Kingdom was hit bad and the cleanup operation, and loss of business while that occurred, has been estimated to have cost £92 million. That was just one victim, albeit a major one. Estimates on the total cost of WannaCry range from hundreds of millions to $4 billion globally.
Next time you delay applying a patch or updating software, consider WannaCry and the potential costs of exploitation of a vulnerability. In all of the above cases – all 200,000+ attacks – applying the patch would have prevented the attack and the huge cost of remediation.
Black Friday phishing scam are rife this year. With almost a week to go before the big discounts are offered by online retailers, scammers are stepping up their efforts to defraud consumers.
Spam email campaigns started well ahead of Black Friday this year and the scams have been plentiful and diverse. Black Friday phishing emails are being sent that link to newly created websites that have been set up with the sole purpose of defrauding consumers or spreading malware and ransomware. It may be a great time of year to pick up a bargain, but it is also the time of year to be scammed and be infected with malware.
A wide range of spam emails and scam websites have been detected over the past few weeks, all of which prey on shoppers keen to pick up a bargain. This year has seen the usual collection of almost too-good-to-be-true offers on top brands and the hottest products, free gift cards, money off coupons, and naturally there are plenty of prize draws.
Anyone heading online over the next few days to kick start their holiday shopping spree needs to beware. The scammers are ready and waiting to take advantage. With legitimate offers from retailers, speed is of the essence. There is a limited supply of products available at a discount and shoppers are well aware that they need to act fast to secure a bargain. The scammers are playing the same game and are offering limited time deals to get email recipients to act quickly without thinking, to avoid missing out on an exceptional deal.
This time of year always sees a major uptick in spam and scams, but this year has seen much more sophisticated scams conducted than in previous years. Not only are the scammers insisting on a quick response, several campaigns have been identified that get users to help snag more victims. In order to qualify for special offers or get more deals, the scammers require users to forward messages and share social media posts with their friends and contacts. This tactic is highly effective, as people are more likely to respond to a message or post from a friend.
So how active are the scammers in the run up to Black Friday and Cyber Monday? According to an analysis by Check Point, the number of e-commerce phishing URLs has increased by 233% in November. Those URLs are being sent out in mass spam campaigns to direct people fake e-commerce sites that impersonate big name brands. Those sites are virtual carbon copies of the legitimate sites, with the exception of the URL.
While consumers must be wary of Black Friday phishing scams and potential malware and ransomware downloads, businesses should also be on high alert. With genuine offers coming and going at great speed, employees are likely to be venturing online during working hours to bag a bargain. That could easily result in a costly malware or ransomware infection.
The scams are not limited to the run up to Black Friday. Cyber Monday scams can be expected and as holiday season fast approaches, cybercriminals remain highly active. It’s a time of year when it pays to increase your spam protections, monitor your reports more carefully, and alert your employees to the threats. A warning email to employees about the risks of holiday season phishing scams and malicious websites could well help to prevent a costly data breach or malware infection.
Its also a time of year when a web filtering solution can pay dividends. Web filters prevent employees from visiting websites hosting exploit kits, phishing kits, and other known malicious sites. They can also be configured to block downloads of malicious files. A web filter is an important extra layer to add to your phishing defenses and protect against web-based attacks.
If you have yet to implement a web filter, now is the ideal time. TitanHQ is offering a free trial of WebTitan to let you see just how effective it I at blocking web-based threats. What’s more, you can implement the solution in a matter of minutes and get near instant protection from web-based phishing attacks and holiday season malware infections.
According to research from Channel Futures, security is the fastest growing service for 73% of managed service providers (MSPs). If you have yet to start offering security services to your clients, you are missing out on a steady income stream that could really boost your profits. But where should you start? What services should you be offering? In this post we will be exploring the ideal security stack for MSPs and the essential services that should form the core of your security offering.
Why is Managed Security is so Important?
As an MSP, you should be aware of the importance of security. Companies are being targeted by cybercriminals and data breaches are occurring at an alarming rate. It is no longer a case of whether a business will be attacked, it is a case of when and how often.
Many SMBs do not have sufficiently skilled staff to handle IT and it is far easier, and often more cost effective, to outsource their IT to MSPs. The same is true for security, but even more so due to the difficulty finding sufficiently skilled cybersecurity staff. With so many positions available and a national shortage of cybersecurity staff, cybersecurity professionals can afford to pick and choose there they work. SMBs must ensure they are well protected against cyberattacks, so they look to MSPs to provide security-as-a-service either as a stop gap measure while they try to fill internal positions or so they can forget about security and let an MSP look after that side of the business.
If you are not providing security services to your clients, they will most likely search for another MSP that can protect their business from threats such as malware, ransomware, phishing, botnets, and prevent costly data breaches.
What do SMBs Want?
SMBs may be aware of the need for security, but they may not be so clued up about the solutions they need to protect them from cyber threats. You may need to explain to them exactly what they need and why. What is vital when explaining cybersecurity to SMBs is to emphasize the need for layered security. No single solution will provide protection against all threats and you will need to educate your clients about this.
Layered security is essential for protecting against ever increasing cybersecurity threats. No single solution will provide total protection. You need overlapping layers so that if one layer is bypassed, others are there to block the attack.
You should certainly be initiating conversations with your clients about security. Many SMBs only look for security services after they experience a costly data breach. By being proactive and approaching your clients and offering security services, you will not only have a much greater opportunity for increasing sales quickly, you will help them avoid a costly data breach and will not have to clear up the mess that such a breach causes.
What is the Ideal Security Stack for MSPs?
The best place to start is with a cybersecurity package that includes the core security services that all businesses need to protect them from a broad range of threats. Different packages can be offered based on the level of protection your clients need and their level of risk tolerance. Extra services can always be provided as add-ons.
There are four key security services you should be offering to your clients to give them enterprise-grade protection to secure their networks and protect against the main attack vectors. The ideal security stack for MSPs will differ from company to company, depending on the kind of clients that each MSP has. It may take some time to find the ideal security stack, but a good place to start is with core security services that every business will need.
Core Security Services for MSPs
Firewalls are essential for securing the network perimeter and separating trusted from untrusted networks. They will protect network resources and infrastructure against unauthorized access. It may even be necessary to implement multiple firewalls.
Email security is essential as this is the most common attack vector. Without email security, malware and phishing emails will hit inboxes and employees’ security awareness will be regularly put to the test. The threat of email attacks cannot be understated.
Email security must be explained to clients to ensure they understand its importance and why standard email security such as that provided by Microsoft through Office 365 simply doesn’t cut in anymore. Too many threats bypass Office 365 defenses. A study by Avanan showed that 25% of phishing emails bypass Office 365 security and are delivered to inboxes.
DNS filtering is also a requirement to protect against web-based attacks such as malvertising, drive-by downloads, and exploit kits. Even the best email security solutions will not block all phishing threats. DNS filtering provides an additional layer of security to protect against phishing attacks. While email was once the primary method of delivering malware, now malware is most commonly delivered via web-based attacks. The average business user now encounters three malicious links per day and 80% of malware is downloaded via the internet. Further, with more and more employees spending at least some of the week working remotely, protection is needed for public Wi-Fi hotspots. DNS filtering provides that protection when they are off the network.
Endpoint security solutions add another layer to the security stack. If any of the above solutions fail and malware is downloaded, endpoint security solutions will provide extra protection. This can include basic protection such as antivirus software or more advanced solutions such as intrusion detection systems.
When choosing solutions for your security stack, it is important to make sure they work seamlessly together. This can be difficult if you purchase security solutions from a lot of different vendors.
Additional Services to Add to your Security Stack.
The above security services should form the core of your security offering, but there are many additional services you can easily provide to ensure your clients are better protected. These can be offered as addons or as part of more comprehensive security packages.
Data loss protection
Email archiving and backup services
Vulnerability scanning and patch management
Security policy management
Security information and event management (SIEM)
Incident response and remediation
Security awareness training and phishing email simulations
How TitanHQ Can Help
TitanHQ is the global leader in cloud-based email and web security solutions for the MSP that services the SMB market. TitanHQ products are consistently rated highly by MSPs for the level of protection, ease of use, ease of admin, and the level of support provided.
The TitanHQ portfolio of cybersecurity products consists of three core solutions:
SpamTitan Email Security
WebTitan DNS Filtering
ArcTitan Email Archiving
Each of these solutions has a 100% cloud-based architecture and has been developed for MSPs to easily incorporate into their security stacks. TitanHQ offers seamless deployments and easy incorporation into MSP’s management portals via RESTful API.
The above solutions can be supplied with multiple hosting options. You can host with TitanHQ, on your existing infrastructure or in the cloud with AWS, Azure or any other system.
SMBs want to know they are protected, but many don’t care about what solutions are used. This gives you an opportunity to reinforce your brand. This is easily achieved with TitanHQ as the above solutions can be provided in white label form, ready for you to add your own branding. You can even customize the user interface and only include the features that you need to reduce complexity.
Need reports for your clients? No problem. TitanHQ has an extensive range of pre-configured reports that can be scheduled to ease your admin burden, including board-level reports with scope to create your own reports to meet you and your clients’ needs.
Other key features for MSPs include:
Automated policy management
Full visibility of usage
Flexible, affordable, and transparent pricing with monthly billing
Set and forget solutions to ease the admin burden
World-class customer support included with all solutions
Generous margins for MSPs
Excellent MSP program – TitanShield – with dedicated account managers, assigned sales engineers, scalable pre-sales and technical support, and sales and technical training
TitanHQ has made it as easy as possible for MSPs to start offering security services to their clients. These solutions will also help established security-as-a-service providers ease their management burden and improve their margins.
To find out more about the TitanShield program and for further information on any or all of TitanHQ’s security solutions for MSPs, get in touch with the channel team today. Product demonstrations can be arranged and free 14-day trials are available to allow you to see for yourself why TitanHQ is the leading provider of email and web security solutions for MSPs.
The Racoon Stealer is a relatively new form of malware that was first detected in April 2019. The malware is not sophisticated, it does not incorporate any never before seen features, in fact it is pretty unremarkable. The Racoon Stealer can take screenshots, harvest system information, monitor emails, and steal information from browsers, such as passwords, online banking credentials, and credit card numbers.
However, the malware is effective and very popular. In the past six months, the Racoon Stealer has been installed on hundreds of thousands of Windows devices and it is now one of the most talked about malware variants on underground forums.
What makes the Racoon Stealer stand out is a highly aggressive marketing campaign aimed at signing up as many affiliates as possible. Racoon is being marketed as malware-as-a-service on underground forums and affiliates can sign up to use the malware for a flat fee of $200 per month.
The information stealer can be used to steal a range of sensitive information such as passwords, credit card numbers, and cryptocurrencies. Under this distribution model, affiliates do not have to develop their own malware, and little skill is required to start conducting campaigns. The malware developers are also providing bulletproof hosting and are available to give affiliates support 24/7/365, and the package comes with an easy to use backend system.
While the cost is certainly high compared to other malware-as-a-service and ransomware-as-a-service offerings, affiliates are likely to make that back and much more from the information that they can steal. There is no shortage of takers.
How is the Racoon Stealer Being Distributed?
Affiliates are distributing the Racoon Stealer via phishing emails containing Office and PDF files that incorporate code that downloads the Racoon payload. The information stealer has been bundled with software on third-party websites, although a large percentage of the infections come from exploit kits.
The Racoon Stealer has been added to both the Fallout and Rig exploit kits which are loaded onto compromised websites and attacker-owned domains. Traffic is sent to those sites via malicious adverts on third party ad networks (malvertising).
When a user lands on a webpage hosting an exploit kit, their device is probed for vulnerabilities that can be exploited. If a vulnerability is found it is exploited and the Racoon Stealer is silently downloaded.
Once installed, Racoon connects to its C2 server and the resources required to start stealing information are obtained, that information can be sold on darknet marketplaces or used by affiliates to conduct their own attacks.
Given the huge potential for profit, it is no surprise that malware developers are now opting for this business model. The problem is likely to get a lot worse before it gets better and the threat from these malware-as-a-service offerings is significant.
How to Block the Racoon Stealer and Other Web and Email Threats
Fortunately, there are steps that businesses can take to improve their defenses against these MaaS campaigns.
Exploit kits usually incorporate exploits for a small number of known vulnerabilities rather than zero-day vulnerabilities for which no patches have been released. To block these exploit kit attacks, businesses need to apply patches and update software promptly.
It is not always possible for businesses to apply patches promptly as extensive testing may be necessary before the patches can be applied. Some devices may be skipped – accidentally or deliberately due to compatibility issues. Those devices will remain vulnerable to attack.
Patching is important, but it will not stop drive-by malware downloads from the internet that do not involve exploit kits. What is therefore required is a web security solution that can block access to malicious sites and prevent downloads of risky file types.
A DNS filtering solution such as WebTitan provides an additional layer of security to block these web-based threats. Through a combination of blacklists, content control, and scanning websites for malicious content, businesses can protect themselves against web-based attacks. A DNS filter will also prevent employees from visiting websites used for phishing.
Blocking attacks that take place via email requires strong email security defenses. An advanced spam filter such as SpamTitan can prevent malicious emails and attachments from reaching end users’ inboxes. SpamTitan scans all incoming emails for malware using two anti-virus engines but is also effective at blocking zero-day threats. SpamTitan includes a Bitdefender-powered sandbox, where suspicious attachments are subjected to in-depth analysis to identify any potentially malicious actions.
With these two solutions in place, businesses will be well protected from malware threats and phishing attacks and managed service providers can ensure their environment and those of their clients are kept malware free.
To find out more about these two powerful anti-malware solutions and to discover why TitanHQ is the global leader in cloud-based email and web security for the managed service provider serving the SMB market, give the TitanHQ team a call.
The event will be attended by thousands of IT professionals, business owners, and industry leaders who will be discussing the IT industry, recent advances in information technology, and the latest trends affecting MSPs. The conference provides an excellent opportunity for learning, networking, and collaboration and boasts an extensive program of interactive sessions, keynotes, and in-depth training sessions. The event also showcases the latest IT solutions and provides tips and tricks to ensure every ounce of value is squeezed from those tools.
This year’s event promises to be bigger and better than ever before, thanks to an all-star cast of thought leaders and industry professionals who will provide practical advice to help you improve every aspect of your business.
Connect IT Europe covers the entire Kaseya universe and the diverse ecosystem of solutions that serve IT professionals. The conference will help attendees find new revenue streams, increase their profit margins, and simplify IT management through educational presentations, workshops, roundtables, and interactive challenges.
As the leading provider of cloud-based email and web security solutions for MSPs serving the SMB market, TitanHQ is proud to be a Silver sponsor of the event. Attendees will have the opportunity to discover why TitanHQ is the leading provider of cloud-based email and web security solutions for MSPs servicing the SMB marketplace and the features and benefits of SpamTitan email security, WebTitan DNS filtering, and ArcTitan email archiving that make the solutions such a hit with MSPs and IT professionals.
The event will be attended by TitanHQ Strategic Alliance Manager Marc Ludden and Alliances/MSP Partner Manager Eddie Monaghan. Marc and Eddie will be explaining the recently launched TitanShield program for MSPs and how TitanHQ solutions can help MSPs improve efficiency, profitability, and security of their operations and enhance their customers’ security postures.
If you would like further information on TitanHQ products, feel free to reach out to Marc and Eddie ahead of the event:
Eddie Monaghan, MSP Alliance Manager, LinkedIn
Marc Ludden, MSP Alliance Manager, LinkedIn
TitanHQ is proud to be a platinum sponsor of DattCon19, Paris – The leading event for MSPs looking to keep up to date on the latest industry trends, learn best practices, form new and profitable partnerships, and obtain invaluable advice that will help them grow their business and become more successful.
The event gives the TitanHQ team an opportunity to meet with leading MSPs, MSSPs, and ISPs and explain why TitanHQ is the global leader in cloud-based email and web security solutions for the MSP that services the SMB market.
The team will be available to explain the benefits of the TitanShield MSP program and show just how easy it is to integrate TitanHQ products into your service stacks and start rolling out spam filtering, web filtering, and email archiving to your customers… and the best way to sell those services, reduce the time you spend on providing support, and improve the profitability of your business.
The event will be attended by Rocco Donnino, TitanHQ VP of Strategic Partnerships, Marc Ludden, TitanHQ Strategic Alliance Manager, and Eddie Monaghan. Alliances/MSP Partner Manager.
On Tuesday October 22 between 11:15am and 11:35am, Rocco Donnino will be explaining Email & Web Security for the SMB Market. Rocco will talk about the trends TitanHQ are seeing in the email and web security for SMB markets globally, drawing on the experience from working with over 2,200 MSP customers worldwide.
Marc Ludden and Eddie Monaghan will be on hand to meet with MSPs and ISPs to explain the benefits of joining the TitanShield MSP Program and how best to take advantage of TitanHQ’s proven technology and deliver our advanced network security solutions directly to their client base. The pair will be helping MSP partners push TitanHQ products downstream to their customers and grow their businesses.
The event will be attended by more than 1000 MSPs, ITSPs, and industry leaders. Over the three days of the conference, attendees will get to hear from the most successful MSPs and MSSPs and discover what they are doing differently and how they are driving growth.
The sessions, keynotes, and networking opportunities will help you get better at running your business with Datto Solutions and discover how the addition of key products such as SpamTitan email security, WebTitan DNS filtering, and ArcTitan email archiving can improve profitability and add greater value.
The keynotes will be bigger and better than ever before and will be taken by 80 of the best and brightest business tycoons, MSPs, and Datto executives, who will share valuable real-world insights and best practices.
The Peer Forums are more intimate small-group roundtable sessions that provide high-value networking on key topics. These sessions are driven by attendees who will share pain points, success stories, and best practices that have been proven to help MSPs grow their business. This year’s Peer Forums are on the following topics:
Service Delivery: Driving Efficiency & Automation
Selling Networking as a Managed Service
Women in Tech
French Language Peer Forum: Business Strategy
Service Delivery: Service Desk & Professional Services
M&A: How Do I Acquire or Be Acquired?
Security: Securing Your MSP First
German Language Peer Forum: Business Strategy
Service Delivery: Client Engagement & vCIO
Add to that the networking opportunities and the stunning location and you have an invaluable event that is not to be missed.
DattoCon19 Paris will be taking place on October 21st, 22nd and 23rd at the Palais des congrès de Paris, 2 Place de la Porte Maillot, 75017 Paris, France.
Malvertising is the term given to the abuse of ad networks to serve malicious adverts on legitimate websites that scam visitors by displaying popup ads or direct them to malicious websites hosting phishing forms or exploit code to silently deliver malware. Many website owners place third-party advertising blocks on their websites to increase revenue. While the ad networks have controls in place to prevent abuse, cybercriminals often succeed in bypassing those security measures.
One cybercriminal group has been particularly active over the past year and has been conducting attacks on a massive scale. Researchers at Confiant have been tracking the activity of the group – known as eGobbler – and report that the group delivered fake adverts on 500 million user sessions in Europe and the United States in the past week alone. The campaigns are on a truly massive scale. One of the latest campaigns, conducted between August 1 and September 23 involved around 1.16 billion ad impressions.
Typically, the criminals behind these campaigns target mobile users as the security protections on their devices are nowhere near as robust as on desktop computers; however, this campaign has targeted desktop users on Windows, Linux, and macOS.
Several content delivery networks have been used to serve the malicious adverts, which redirect users to websites that exploit two browser vulnerabilities to deliver their malicious payloads. The first is a bug in the Chrome browser – CVE-2019-5840 – which was patched by Google in June. The second is a zero-day vulnerability in WebKit, the browser engine used by old Chrome versions and the Safari web browser. The bug has already been patched for Safari, but currently Google has not patched Chrome. Since the latest browser engine used by Chrome is based on WebKit, later versions are also affected.
While sandboxing features protect advertising iframes, the zero-day vulnerability has allowed the group to break out of the iframes and display malicious code to visitors and perform redirects.
This cybercriminal group is atypical of most groups that use malvertising to deliver malware. The group is highly skilled and capable of finding bugs in the source code of browsers and conducts campaigns on a massive scale. The group poses a significant threat to internet users although there are steps that can be taken to reduce the likelihood of an attack.
Personal users can harden their defenses by using ad-blockers and ensuring they keep their browsers updated. Businesses similarly need to ensure browsers are updated and block these malicious adverts using a web filtering solution.
In addition to blocking malicious adverts, a web filter can be configured to block the download of malicious files and prevent employees from visiting phishing websites and other malicious websites. A web filter can also be used by businesses to enforce acceptable internet usage policies.
TitanHQ has developed a powerful DNS-based web filtering solution for SMBs and MSPs – WebTitan – that provides protection against malvertising and other types of web-based attacks. The solution is easy to use and can be implemented in just a few minutes. No technical skill is required.
Considering the level of protection provided by WebTitan, you are likely to be surprised at how little the solution costs. To find out more, to arrange a product demonstration, or to set up free trial of the full solution, give the TitanHQ sales team a call.
In Idaho, library content filtering is now mandatory. H.B.194, which was signed into law in April, requires llibraries in Idaho to implement a content filtering system by July 2020 that is capable of preventing minors from accessing objectionable content. Not only does that content filtering system need to prevent library computers from being used to access undesirable content, the content filter must also cover library WiFi networks.
The law change was introduced in to prevent children from accessing pornography on library computers, which various studies have shown can cause considerable harm. Without filters in place, children could access adult content or inadvertently see adult content on other users’ screens. There have been many reports in the media and on internet forums of library patrons catching glimpses of pornography being accessed in plain sight of others.
Some library directors and library boards are unhappy with the law change for two main reasons. The first concerns a potential violation of First Amendments rights. The American Civil Liberties Union has voiced its concerns, stating “Ultimately, blocking software prevents users from accessing a wide range of valuable information, including such topics as art, literature, women’s health, politics, religion and free speech, which is in direct violation of our First Amendment rights.”
The view that filtering means other content will also be blocked is outdated. While the overblocking of internet content was once a concern, modern internet content filters for libraries are much more advanced and allow highly granular control of internet content. Modern filters are also much better at categorizing content than they once were. Further, easy-to-use interfaces reduce the potential for user error setting the content controls.
The filters also prevent malware downloads and block access to phishing forms, which further enhances protection for users and protects library networks from malware and ransomware attacks.
The other main issue is one of cost. While libraries can obtain discounts under the e-rate program if they implement content filters to comply with the the Children’s Internet Protection Act (CIPA), Idaho libraries otherwise have to cover the cost of the filtering controls themselves. No additional money has been made available.
Implementing Library Content Filtering for WiFi Networks is Easy
Little guidance has been provided on how libraries should implement the filters and there is confusion over how the filters can be applied to wired and WiFi networks.
Traditional filters require an appliance to be purchased which is costly. The appliance sits between the user and the internet and all traffic passes through that device and content controls are applied. This is problematic, especially when library devices are supplied for use off-site as all traffic must be hauled back to the appliance and then back to the device, which can result in significant latency (slow internet speeds).
A more cost-effective and trouble-free solution is a DNS-based filter. DNS-based filters apply filtering controls at the DNS level. No appliance needs to be purchased – which means a significant cost saving – and there is no latency. All the filtering takes place on the service provider’s server, not locally on an appliance device.
This system also allows filtering to take place on WiFi networks. Any device that connects to the WiFi network will only be able to access the filtered Internet service. Blocks can also be placed on anonymizer services to prevent filtering controls from being bypassed and DNS filtering can also be used to protect mobile devices, even those used off site.
TitanHQ’s content filtering solution for libraries – WebTitan Cloud and WebTitan Cloud for WiFi – not only incorporate highly granular controls to prevent overblocking of internet content, the solution requires no technical skill to operate, no hardware purchases are required, and no software downloads are necessary. WebTitan Cloud and WebTitan Cloud for WiFi are also low-cost content filtering solutions for libraries. Typical licensing costs are less than $1 per user per month.
If you are struggling to find a content filtering solution for your library, give the TitanHQ team a call. You will be able to have your questions answered about how to implement the solution, you can schedule a product demonstration to see how easy the solution is to operate, and can also take advantage of a free trial to see for yourself how precise the filtering controls are.
Due to the high cost per user, many SMBs and managed service providers (MSPs) are looking for an OpenDNS alternative that provides the same or better protection at a much lower cost. At TitanHQ, we have the solution. We offer an advanced cloud-based web filtering solution that provides excellent protection from online threats with highly granular filtering controls for precision control over the types of web content that can be accessed by end users.
In this post we will explain why so many SMBs and MSPs have signed up for our OpenDNS alternative, and why WebTitan Cloud is, in general terms, a direct swap out for OpenDNS. However, first, lets consider one of the most important reasons for seeking an OpenDNS alternative. Cost.
OpenDNS Cost Per User
Cisco’s OpenDNS (Cisco Umbrella) is a popular choice with enterprises, SMBs, and MSPs for good reason. It is an accomplished web filtering solution but that comes at a price. At the time of writing, the OpenDNS cost per user is $2.20 per month (based on 100 users). While that is a small price to pay for the level of protection that a web filter provides and the potential for productivity increases through careful content control, the cost adds up. For 100 users, that’s $220 per month and $2,640 per year.
WebTitan costs $0.90 per user, per month. That’s just $90 per month and only $1,080 per year. That provides a saving of $1,560 per year based on a 1-year subscription and the cost can be lowered further with a 3-year subscription.
Such a major cost saving makes WebTitan Cloud a very attractive proposition, but price isn’t everything and lowest cost choices are not always the best. In this case however, it is possible to save a small fortune without compromising security and control, while improving usability.
A Direct Swap Out for OpenDNS That Will Save a Small Fortune
OpenDNS Cisco Umbrella and WebTitan are best-of-breed DNS-based web filtering solutions that combine advanced protection against malware, phishing, and other web-based threats. They also offer precision control for restricting access to certain types of online material.
Both solutions have been designed with the same core principles and both can be used to block downloads of file types commonly associated with malware and ransomware, such as .exe, .js, .scr, and other executable file types.
To protect against phishing, both solutions support the use of blacklists – Lists of websites and IPs that have previously been identified as malicious or have a low trust score. These phishing web pages are often visited by end users after clicking embedded hyperlinks in emails. Both web filters therefore serve as an important additional layer of protection against phishing.
Both solutions allow filtering controls to be set for different users, at the individual, user group, department, or organization level via category-based filters, which makes it easy to quickly apply and enforce your acceptable Internet usage policies.
Both solutions offer a high level of protection, but for many SMBs and MSPs, the price of WebTitan is the deal clincher. However, there are several other benefits of WebTitan Cloud over OpenDNS.
WebTitan Cloud Advantages
Some of the key advantages of WebTitan Cloud over OpenDNS are detailed below.
Certain types of businesses, such as MSPs, will be reluctant to direct users to an external cloud service. To meet the needs of those businesses, TitanHQ offers different hosting options. Typically, WebTitan is hosted within TitanHQ’s own environment, but it is also possible for the solution to be hosted locally to give users greater control and privacy.
The WebTitan pricing model is perfectly transparent and all features are included in the price, including customer support at no additional cost. TitanHQ can also offer flexible licensing and can negotiate commercial arrangements that suit both parties. OpenDNS Cisco Umbrella has a multi-tiered pricing system with some of the advanced features only available as an add-on which further increases the cost.
World Class Support
All WebTitan Cloud users benefit from industry leading, world class support, including scalable pre-sales and technical support and sales & technical training. Support is provided for all users at no additional cost. Support is also provided to customers taking advantage of the free trial.
There will be times when organization-wide or individual filtering controls need to be bypassed. Rather than changing a policy for a particular user and then having to revert back to the original policy, TitanHQ developed bypass codes called cloud keys. These cloud keys can be used to temporarily bypass filtering policies. They can be set to expire after a certain time period or after a certain number of uses.
An Ideal OpenDNS Alternative for Managed Service Providers
The biggest exodus from OpenDNS to WebTitan is MSPs. As mentioned in the previous section, the ability to host WebTitan locally is a major benefit for many MSPs who prefer to host their solutions in their own private clouds.
As an additional benefit, WebTitan Cloud can be supplied in full white-label form and is completely rebrandable. The solution allows customized block pages to be created – these pages are displayed when a user attempts to visit a webpage that contravenes company policies. The UI can also be rebranded and customized to include corporate branding. OpenDNS does not offer MSPs a white-label solution and cannot be rebranded.
TitanHQ also ensures WebTitan Cloud fits seamlessly into MSPs service stacks through the use of APIs and RMM integrations. The multi-tenant dashboard allows MSPs to keep clients separated and apply controls on an individual client basis and also to manage client settings in bulk.
The low price of the solution allows MSPs to add web filtering to their existing security packages to better protect their customers while saving themselves a great deal of support time. TitanHQ also offers monthly billing and high margins for MSPs. With WebTitan it really is possible to make 100 points.
How Does WebTitan and OpenDNS Compare?
One of the best ways to find out about how the two different solutions compare is to use independent review sites such as G2 Crowd. The site includes more than 650,000 reviews from verified users. Those users consistently rate WebTitan Cloud higher than alternative web filtering solutions and across the 6 rating areas, WebTitan Cloud achieves higher ratings than OpenDNS.
Speak to TitanHQ About Changing from OpenDNS to WebTitan
If you are looking for an OpenDNS alternative and would like further information about WebTitan Cloud, would like to book a product demonstration to see WebTitan Cloud in action, or are interested in signing up for a free trial of the full solution, contact the TitanHQ team today and our friendly sales staff will be happy to help.
Over the next three months, TitanHQ will be travelling throughout Europe and the United States to meet with managed services providers (MSPs) at some of the biggest trade shows serving the MSP community.
The trade shows and conferences bring together the best MSPs from around the world and gives them the opportunity to learn about new industry trends, best practices, and proven tactics for increasing growth. The shows provide a tremendous opportunity for networking and bring together MSPs and companies offering MSP-focused cybersecurity solutions.
For the past 20 years, TitanHQ has been developing cybersecurity solutions for MSPs and the SMBs marketplace. From humble beginnings, the company has grown into a leading provider of cloud-based email security, web security, and email archiving solutions for MSPs. TitanHQ products have now been adopted by more than 7,500 businesses and 2,000 MSPs around the globe.
TitanHQ products are much loved by MSPs as they have been developed specifically to meet their needs. The solutions are quick and easy to implement and maintain and they save MSPs a considerable amount of support and engineering time by blocking email and web-based cyberattacks at source.
At these MSP events you will be able to find out more about the benefits of cloud-based spam filtering and the importance of adding web filtering to your service stack. The TitanHQ team will be on hand to answer questions about the products and will explain how the solutions can be seamlessly integrated into your client management platforms and how they can make your life easier and improve your bottom line.
Come and Meet the TitanHQ Team at these fall MSP Trade Shows and Conferences
September 17, 2019
The Alex Hotel, Dublin, Ireland
September 18, 2019
155 Bishopsgate, London, UK
October 6-10, 2019
Dubai World Trade Centre, Dubai, UAE
October 7-8, 2019
CompTIA EMEA Show
Park Plaza Westminster Bridge,
October 16-17, 2019
Canalys Cybersecurity Forum
SOFIA Barcelona, Spain
October 21-23, 2019
Palais des Congrès de Paris, Paris, France
October 30, 2019
MSH Summit North
Hilton Hotel, Manchester, UK
October 30, 2019
IT Nation Evolve (HTG 4)
Hyatt Regency, Orlando, Florida, USA
October 30, 2019
IT Nation Connect
Hyatt Regency, Orlando, Florida, USA
November 5-7, 2019
NH Collection Amsterdam Gran Hotel Krasnapolsky, Amsterdam, Netherlands
If you are planning on attending any of the above events this fall, be sure to come and visit the TitanHQ team to discuss your options and feel free to reach out in advance of the event to arrange a meeting.
Rocco Donnino, Executive Vice President-Strategic Alliances, LinkedIn
Eddie Monaghan, MSP Alliance Manager, LinkedIn
Marc Ludden, MSP Alliance Manager, LinkedIn
If you are unable to attend any of these exciting events, give the team a call for further product information, to book a product demonstration, or to sign up for a free trial of SpamTitan, WebTitan, and ArcTitan.
Exploit kit activity may be at a fraction of the level of 2016 when peak activity was reached, but the threat has not gone away. In fact, the mid-year cybersecurity roundup from Trend Micro shows exploit kit activity is now triple the level of mid-2018. Websites hosting exploit kits still pose a significant threat to businesses.
Exploit kits are toolkits that contain exploits for vulnerabilities in popular software applications, such as Internet Explorer and Adobe Flash Player. When a user lands on a web page that hosts an exploit kit, it will scan the user’s browser for vulnerabilities. If an exploitable flaw is identified, malware is automatically downloaded and executed on the user’s device. In many cases, the downloading of a Trojan, ransomware, or other form of malware is not identified by the user.
Traffic is sent to exploit kits through malvertising – malicious advert – on high traffic websites. User’s can be directed to malicious websites through phishing emails, and it is also common for hackers to hijack high traffic websites and use them to host their exploit kit. That means users could visit a malicious website just through general web browsing.
There are several exploit kits currently in use such as Magnitude, Underminer, Fallout, Green Flash/Sundown, Rig, GrandSoft, and Lord. These exploit kits are pushing cryptocurrency miners and botnet loaders, although ransomware and banking Trojans are the most common payloads.
Many of the exploits used by these toolkits are for old vulnerabilities, but since businesses are often slow to apply patches, they still pose a major threat. Exploit kits such as GrandSoft and Rig are regularly updated and now host exploits for much more recently disclosed vulnerabilities.
One of the most recently identified campaigns has seen the threat actors behind Nemty ransomware team up with the operators of RIG to push their ransomware on businesses still using old, vulnerable versions of Internet Explorer.
A new exploit kit named Lord is being used to infect users with Eris ransomware. In this case, traffic is being directed to the exploit kit through malvertising on the PopCash ad network. The EK primarily uses exploits for flaws in Adobe Flash Player such as CVE-2018-15982.
Protecting against exploit kits is straightforward on paper. Businesses need to ensure that vulnerabilities are identified and patched promptly. If there are no vulnerabilities to exploit, no malware can be downloaded. Unfortunately, in practice things are not quite so simple. Many businesses are slow to patch or fail to apply patches on all devices in use.
Anti-spam software can help to reduce risk by blocking phishing emails containing links to exploit kits, but most of the traffic comes from search engines and malvertising, which anti-spam software will do nothing to block. To improve your defenses against exploit kits, drive-by downloads, and phishing websites, one of the best cybersecurity solutions to deploy is a DNS filtering solution.
A DNS filter allows businesses to carefully control the websites that employees can access when connected to the business’s wired and wireless networks. Controls can be set to block different types of web content such as gambling, gaming, and adult websites but crucially, the DNS filter also blocks all known malicious websites. DNS filters use blacklists of known malicious websites such as those hosting exploit kits or phishing forms. If a web site or web page is included in the blacklist, it will automatically be blocked. Websites are also scanned in real time to identify malicious content.
Since all filtering takes place at the DNS level, access to malicious or undesirable content is blocked without any content being downloaded. Setting up the solution is also quick and easy, as it only requires a change to the DNS record to point it to the service provider. No hardware is required and there is no need to download any software.
If you want to improve your defenses against malware, ransomware, botnets, and phishing and are not yet controlling the web content that your employees can access, contact TitanHQ today and ask about WebTitan. Alternatively, sign up for a free trial of the solution by clicking the image below.
The year 2018 saw a reduction in ransomware attacks on businesses as cybercriminals opted for alternative means to make money. Major ransomware attacks were still occurring, just at a slightly lower rate than in 2017.
Some reports were released that suggested ransomware was no longer such a massive threat as it was in 2016 and 2017, but the number of reported attacks in 2019 have shown that is definitely not the case. Any business that has not implemented defenses to protect against ransomware attacks could well be the next victim and have to pay millions to recover from an attack.
Make no mistake. Ransomware is one of the most dangerous threats faced by businesses. If ransomware is installed on the network, all files, including backups, could be encrypted. That could prove catastrophic, as one small Michigan medical practice discovered.
The two-doctor practice in Battle Creek, MI suffered an attack that resulted in the encryption of all patient data. A ransom demand was issued by the attackers, but as there was no guarantee that files could be recovered after the ransom was paid, the decision was taken not to pay up. The hackers then deleted all the encrypted files. Faced with having to rebuild the practice from scratch, the doctors decided to call it quits and took early retirement.
Ransomware attacks on healthcare providers are now being reported at an alarming rate and government entities, cities, and municipalities are being extensively targeted. The city of Baltimore suffered a major attack in May involving a ransomware variant called RobbinHood. The attack brought down the city’s servers and systems, causing major disruption across the city. A ransom of $6 million was paid for the keys to regain access to the encrypted files.
Two small cities in Florida also suffered major attacks. Lake City was forced to pay a ransom of $460,000 and Riviera Beach paid a ransom of $600,000, while Jackson County in Georgia paid $400,000 after its court system was attacked.
As the year has progressed, the attacks have increased. A report from Malwarebytes indicates there was a 195% increase in ransomware attacks in Q1, 2019. Figures from Kaspersky Lab show ransomware attacks almost doubled in Q2, 2019, with 46% more attacks reported than the corresponding period in 2018.
The increase in attacks means businesses need to be prepared and have the necessary security tools in place to make it difficult for the attacks to succeed.
There is no one cybersecurity solution that can be implemented to eliminate the threat of attack, as hackers are using a variety of methods to gain access to networks and download their malicious payloads. Layered defenses are key to repelling an attack.
Email is the primary method of delivering ransomware. All it takes if for a malicious email to arrive in an inbox and for an employee to be fooled into opening a malicious attachment or clicking on a hyperlink for ransomware to be installed. An advanced email filtering solution such as SpamTitan Cloud is therefore needed to block malicious emails and ensure they do not reach employees’ inboxes.
SpamTItan includes Domain-based Message Authentication, Reporting, and Conformance (DMARC) to block email impersonation attacks and a sandbox where suspicious attachments can be executed in safety and studied for malicious activity. Sandboxing is essential as it allows zero-day ransomware threats to be identified and blocked.
Not all attacks occur via email. Attacks over the Internet are also common. A web filtering solution should therefore be implemented to block these web-based attacks. A web filter will prevent employees from accessing known malicious sites where ransomware is automatically downloaded. With these two technical measures in place, businesses will be well protected from attacks. Along with security awareness training for staff and the adoption of good data backup practices, businesses can mount a strong defense against ransomware attacks.
Taxpayers and tax professionals are being targeted by scammers posing as the Internal Revenue Service (IRS). The goal of this new IRS tax return phishing scam is to deliver information-stealing malware. The malware harvests credentials that are used to gain access to and empty financial accounts.
The campaign uses at least two subject lines for the emails – “Electronic Tax Return Reminder” and “Automatic Income Tax Reminder.” The emails contain a hyperlink that directs the user to a website that closely resembles the IRS.gov website. The emails include a one-time password to use to login in to submit a claim for a tax refund.
When the user logs in to the site, they are told that they need to download a file in order to submit their refund. The file is actually keylogging malware which records keystrokes on an infected computer and sends a range of sensitive information to the attackers.
The IRS warning was issued after several taxpayers and tax professionals reported the phishing emails to the IRS. Efforts are ongoing to disrupt the campaign, but the IRS notes that dozens of compromised websites and malicious URLs are being used by the scammers. The IRS is contacting hosting companies to get the websites shut down, but the number of URLs being used makes this a major challenge. As soon as one URL is shut down, there are others to take its place.
The offer of a tax refund or a threat of legal action over tax issues prompts many people to click without first assessing the content of the message and the legitimacy of the request, which is what the scammers are banking on.
The advice of the IRS is never to click on any link in an unsolicited email claiming to be from the IRS. The IRS does not initiate contact with taxpayers by email, text message or social media channels, and no requests are sent for personal information.
The latest warning comes just a couple of months after the IRS and Security Summit partners issued a reminder that all professional tax preparers are required by law – The FTC Safeguards Rule – to implement a written information security plan to ensure the tax information of their clients is properly protected.
The reminder was issued as it had become clear that many tax professionals were unaware of their obligations to implement a security plan to protect client tax data.
There are several required elements of the information security plan:
Designate an employee or employees to coordinate the information security plan
Conduct a risk analysis to identify risks to the confidentiality of client data
Assess the effectiveness of current safeguards
Implement, monitor, and test the safeguards program
Only use service providers that can maintain appropriate safeguards and oversee the handling of client data
Evaluate and update the security program, as appropriate, in response to changes to business practices and operations
The requirements for the information security plan are flexible. For instance, tax preparers can choose the safeguards to implement based on their own circumstances and the findings of their risk analyses.
Two important safeguards that protect businesses from phishing and malware attacks are a spam filter and a web filter. The spam filter protects the email system by identifying and blocking malicious messages such as phishing emails and malspam (malicious spam email), while a web filter blocks web-based attacks and malware downloads. Both of these solutions are highly effective at blocking phishing and malware attacks yet are cheap to implement.
To find out more about how spam filters and web filters can protect your business and help you meet your legal responsibilities contact TitanHQ today.
A highly convincing Instagram phishing campaign has been identified that uses warnings about attempted fraudulent logins to trick users into visiting a phishing webpage where they are required to confirm their identity by signing in to their account.
The messages include the Instagram logo with a warning that someone attempted to login to the user’s Instagram account. The message is a virtual carbon copy of the genuine 2-factor authentication messages that are sent to users to confirm their identity when a suspicious login attempt is detected.
The messages include a 6-digit code that must be entered when logging into the account, together with an embedded “sign in” hyperlink. The user is told to login to confirm their identity and secure their account.
The messages are well written, although there are some punctuation errors which suggest that the email may not be what it seems. These could easily be overlooked by someone worried that their account has been hacked.
Not only is the message almost identical to Instagram’s 2FA warning, the website to which the user is directed is also a perfect clone of the genuine Instagram login page. The webpage has a valid SSL certificate and starts with HTTPS and displays the green padlock to confirm that the connection between the browser and the web page is secure.
The only sign that the web page is not genuine is the domain name. The scammers have chosen a free .CF – Central African Republic – domain name, which is a clear indication that the web page is a fake. However, the presence of HTTPS and a green padlock could fool many people into providing their login credentials in the mistaken belief they are on a secure website.
Many people mistakenly believe that the presence of HTTPS at the start of a website and a green padlock means the website is genuine and secure. However, the green padlock only means the connection between the browser and the website is secure and any sensitive information provided to the website will be protected against unauthorized access in a man-in-the-middle attack. It does not mean the content on the webpage is genuine.
HTTPS websites are often used for phishing as many people look for the green padlock to confirm that the website is secure. Unfortunately, SSL certificates are often provided for free by hosting companies and checks on site content are not conducted.
This is an important issue for businesses to cover in security awareness training. Employees should be taught the true meaning of the green padlock and told to always check the domain name carefully before disclosing any sensitive information.
Businesses can further improve their defenses against phishing with a web filtering solution such as WebTitan. With WebTitan in place, businesses can carefully control the types of website that their employees can visit on their work computers. WebTitan also prevents users from accessing any website known to be used for phishing, malware distribution, or other malicious purposes. WebTitan also performs checks in real-time to assess the legitimacy of a website. If the checks are failed, the user is presented with a block screen and will not be able to access the site.
For further information on how a web filter can improve your organization’s security posture and better protect the business from phishing attacks, contact the TitanHQ team today.
A new phishing campaign has been detected that uses Google Drive links to avoid detection by Office 365 Exchange Online Protection and ensure messages are delivered to inboxes.
The emails, reported through Cofense Intelligence, impersonated the CEO of the company who was attempting to share an important document. The document had been shared via Google Drive and came with the message, “Important message from – CEO.”
Google Drive allows files and collaboration requests to be easily sent to other individuals. The account holder chooses who to share a file with and the system generates an email alert containing a link to the shared file.
In this case, the name of the CEO was correct, but the email address used was different to the format used by the company. While this is a clear sign that the emails are not what they seem, some employees would likely be fooled by the message.
Importantly, the messages are not detected as malicious by EOP and are delivered to inboxes. A scan of the message would reveal nothing untoward, as the embedded URL is a legitimate shared link to a genuine cloud service operated by Google.
The shared document itself is not malicious, but it does link to another Google Docs document and a phishing URL. Any anti-phishing solution that only assesses the embedded hyperlink in the email to determine whether it is malicious would allow the email to be delivered. Only a deeper inspection would reveal the true nature of the URL.
If the link is visited by an end user, a fake login window is presented. If login credentials are entered, they are captured and stored on the attacker’s server.
This campaign highlights the importance of multi-layered anti-phishing defenses and the risks of relying on EOP to provide protection against phishing attacks.
An advanced spam filtering solution should be implemented on top of Office 365 to provide greater protection from phishing and other email-based attacks. This will ensure more sophisticated phishing attacks are blocked.
If a malicious message is delivered and a link is clicked, the connection to the malicious webpage could be blocked using a web filtering solution.
WebTitan is a DNS-based content filtering solution that serves as an additional layer in organization’s anti-phishing defenses. Should an attempt be made by an employee to visit a malicious website or suspicious domain, the attempt would be blocked before any content is downloaded. WebTitan assesses each website when the DNS query is made. Malicious websites and those that violate an organization’s content control policies are blocked.
To find out more about how a DNS filter can improve your defenses against phishing attacks and malware downloads, contact TitanHQ today.
Malware creators are constantly developing new techniques to circumvent traditional anti-virus defenses and ensure their malicious code can run undetected on a targeted machine.
Zero-day malware variants, those which have never been seen before, are not picked up by signature-based AV solutions. However, the malware will need to communicate with its owner, so the source code will contain URLs and IPs for that purpose. These URLs can be detected when scanning files. If the URLS are detected and they are known to be malicious, the file will be deemed to be malicious and will be quarantined.
To ensure this does not happen, malware developers use a variety of techniques to hide the URLs and IPs in the source code. This is often achieved by converting the IP address into a decimal value, which is stored as XML content. When in decimal format, even a malicious URL would not be detected as such by most antivirus software. When the IP address is needed by the malware, it can be converted back to its original form and then reconverted to digital when no longer required.
Similarly, a URL – or part of a URL – could be encoded in its hexadecimal equivalent. That URL would be unlikely to be detected as malicious yet can be read by a browser. AV software would likely detect the file example.com/maliciousfile.exe as malicious in nature and would block it accordingly. In hexadecimal, that translates to:
That address would not be recognizable as malicious and would likely go undetected during a scan by an AV solution. The use of both obfuscation techniques together is not unusual, to make it even harder for AV solutions to detect malicious URLs and IPs.
While these techniques can be used to fool endpoint AV solutions, connections to those malicious servers can be blocked using a DNS-based content filter such as WebTitan.
It doesn’t matter how the URL or IP address is masked. Before a connection can be made, it is necessary to make a DNS query, and the collection must be permitted by the DNS-based filter. If the URL is malicious, the DNS filter will block the attempt to connect before any content is downloaded.
WebTitan works in conjunction with a real time database of millions of malicious URLS and uses a real-time classification system to assign websites to one of 53 categories. Those categories can be allowed or blocked with the click of a mouse. In addition to blocking access to malicious content, the category-based controls can be used to prevent employees from accessing content that could cause offense or lower productivity.
To find out more about how WebTitan can benefit your organization and improve your security posture, contact the TitanHQ team today.
OneStopIT, one of the leading Managed Service Providers (MSPs) in the UK, has partnered with TitanHQ and will be incorporating TitanHQ cloud-based email and web security solutions into its service stack to better protect its customer base.
Businesses in the UK are increasingly being targeted by cybercriminals. A variety of tactics are used to obtain company funds, sensitive data, and company secrets. Attacks may be diverse, but they typically start with a phishing email and/or visit to a malicious website.
Cyberattacks are now being reported at record levels and business leaders are understandably worried. To better protect their networks and data, many turn to MSPs such as OneStopIT for help protecting their networks and data.
“The proliferation of phishing threats across Office 365 is a real problem for SME’s in the UK and we’re partnering with a key vendor in this space to protect our customers and also give them the OneStopIT premium service they are used to,” said Ally Hollins-Kirk, CEO of OneStopIT.
TitanHQ has developed powerful email and web security solutions for the SMB marketplace that have been developed to be easily delivered via MSPs. SpamTitan is a cloud-based anti-spam and anti-phishing solution that incorporates DMARC authentication and a sandboxing feature to protect against email impersonation, phishing, and email-based malware attacks. WebTitan is a DNS-based web filtering solution for content control and protection from web-based threats. The solution is backed up by a threat intelligence database of 650 million people. TitanHQ’s email archiving service, ArcTitan, allows MSPs to offer a secure, email archiving service to help businesses meet their compliance obligations.
Under the new partnership agreement, OneStopIT will be offering its customers advanced email security and anti-phishing protection, DNS-based web filtering, and an email archiving service powered by TitanHQ technology.
“TitanHQ is pleased to add our advanced threat protection layer for email and web security to the OneStopIT security stack,” said Rocco Donnino, President of Strategic Alliances, TitanHQ. “OneStopIT has excelled in the areas of customer service and security, our partnership further cements this commitment.”
We have performed a 2019 email archiving price comparison to help you choose the best value email archiving solution for your business.
An email archive is a depository for all emails that are no longer required but cannot be deleted for legal and compliance reasons. The email archive contains an exact copy of every message that is sent from a company email account along with all messages that are received by the company. Those messages are moved out of the mailbox to the archive to free up space.
In contrast to a backup, an email archive is searchable. Emails can be found and retrieved quickly and easily on demand. An email archive is therefore a useful email repository that can be used on a daily basis to store and retrieve emails.
There are many reasons for creating an email archive, but one of the most important is for eDiscovery. Court orders for email communications may be received and emails are often required as part of eDiscovery. That means emails must be found and produced quickly. Since an email archive is searchable, recovering messages from the archive takes seconds or minutes. Finding and recovering emails from backups can take days, if they can be recovered at all.
The failure to produce emails on request can result in significant fines. In the case Coleman Holdings v. Morgan Stanley, a Florida Circuit Court awarded $15 million in damages for the failure to comply with email discovery obligations. In Zubulake v. USB Warburg, $29 million in damages was awarded to the plaintiff as the defendant was unable to locate and produce important emails.
State and federal laws in the United States are not the only reason for implementing an email archive. Since the EU’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018, all businesses that collect or process the personal data of EU citizens must implement safeguards to protect personal data. GDPR also gave EU citizens new rights such as the right to be forgotten.
If that right is exercised, all data relating to that individual must be deleted. That includes personal data in emails. With an email archive, locating those emails is quick and easy. The failure to respect GDPR rights and process requests in a timely fashion can lead to fines of up to €20 million, or 4% of global annual turnover, whichever is greater.
2019 Email Archiving Price Comparison Grid
TitanHQ has created an email archiving price comparison grid to help you find the most cost-effective email archiving solution. The grid below has been compiled using pricing information based on 100 users with the figures correct as of 04/05/2018.
As you can see, TitanHQ’s email archiving solution, ArcTitan, is extremely competitively priced and costs less than $3 per person per year.
Email is now the main method of communication for businesses. Each day, a typical business will receive thousands of emails. Those messages need to be retained for several years to satisfy state and federal laws.
There are two options available to businesses to meet data retention laws for email. Businesses can backup all email data or create an email archive. While businesses will be familiar with the former, there is considerable confusion about the latter.
In this post we will explore some of the common myths of email archiving and will explain the important differences between email backups and archives.
One of the commonest misconceptions about email archiving is an archive is not necessary because data backups are already performed. Backups are essential as they ensure that data can be recovered in the event of disaster. Backups allow a business to create a restore point so that in the event of a catastrophe, systems can be restored to their state at a specific moment in time – When the backup was created.
An email archive is different. An email archive is used for long term storage of emails. Emails are archived with metadata and can be searched and recovered quickly. Backups are not searchable, so finding and recovering specific emails or conversation threads can be incredibly time consuming.
An archive makes legal discovery, investigating complaints, and providing evidence for compliance audits simple. With an email archive, single messages, threads, and conversations can be quickly and easily recovered.
Another common myth about email archiving is it is only a requirement for businesses in certain industries such as finance and healthcare. While email archiving is essential for meeting regulatory requirements in certain industries, it does not mean that email archiving is just for highly regulated industries.
The U.S. Federal Rules of Civil Procedure require emails to be producible in the event of legal action. If emails cannot be produced, the company could be liable for the destruction of evidence and face stiff financial penalties.
Another common myth is email archives increase risk. Many companies choose a short email retention period, such as 90 days, and require all complaints to be submitted in the same time frame. After 90 days, emails are deleted as they are no longer required. That, however, is a dangerous strategy.
Deleting emails from the email server only deletes local copies. It is probable that emails will have been retained on the recipient’s server. Short retention periods also make the process of eDiscovery more time consuming, expensive, and difficult.
The other risk is that of exposure of sensitive information. Many companies believe that it is more secure to create email archives on on-premises hardware. Security is naturally a concern, but cloud-based email archives are just as secure, if not more, as on-premises archives.
Cloud-based archives also have considerable advantages. They are scalable, so when more storage space is required it is available immediately. With on-premises archives, businesses are limited by their IT hardware and software. Purchasing additional hardware can be expensive and resources must be devoted to managing and maintaining that hardware. Cloud-based archiving is more cost effective and does not involve sacrificing security.
With an email archiving solution, businesses can meet their regulatory obligations, will be able to respond quickly to eDiscovery requests, and will have easy and fast access to any email, even if that message was received several years previously. With an email archive, all critical email data is safely and securely saved and can be recovered quickly on demand.
Ransomware attacks have been increasing since late December 2018 and attacks have been reported with increasing frequency as 2019 has progressed. Ransomware may have fallen out of favor with cybercriminals in 2018, but it is once again a firm favorite as it was in 2016 and 2017.
In recent months there has been an extensive ransomware campaign targeting local government offices, cities, and municipalities. These attacks have caused massive disruption, and many have resulted in ransoms being paid.
In the past few days alone, three ransomware attacks have been reported that have seen more than $1,200,000 in ransoms paid. Riviera Beach in Florida paid a ransom of $600,000 for the keys to unlock its encrypted files and Lake City in Florida paid around $460,000. Most recently, La Porte County in Indiana paid a ransom demand of $130,000.
These are just three of many. According to the United States Conference of Mayors, in the past 6 years, more than 170 city, county, or state government systems have been taken out of action as a result of ransomware attacks and there have been 22 attacks so far in 2019.
Cybercriminals will continue to conduct attacks as long as it is profitable to do so. When ransoms are paid, it simply encourages further attacks. The United States Conference of Mayors has decided to take a stand. The organization represents more than 1,400 majors across the United States and has vowed that in the event of attack, ransom demands will not be paid.
That is a necessary step to take to de-incentivize attacks but it could potentially be very costly. In 2018, the City of Atlanta was attacked with ransomware and refused to pay the $50,000 ransom demand. The city has ended up spending tens of millions of dollars on recovery.
The high cost of recovery without paying the ransom could prove too much for small cities, which is why several have been advised by their insurers to pay the ransoms.
In such cases, help is required from the federal government. The majors have urged Congress to pass the State Cyber Resiliency Act, which would give state and local governments the support needed to help them implement their cyber resiliency plans
What is also needed is greater investment in cybersecurity defenses. Attacks are being conducted because there are security holes that can be easily exploited. Until those holes are plugged, the attacks will continue.
TitanHQ can help plug those holes and thwart ransomware attacks by blocking the main attack vectors. SpamTitan is a powerful email security solution that blocks email-threats at source and keeps inboxes threat free. WebTitan protects users while online and blocks malicious websites and malware downloads. With both of these powerful, but low-cost solutions in place, you will be well protected against ransomware attacks.
There has been a spate of ransomware attacks on cities, municipalities, mayor’s offices, and local government facilities in recent weeks.
The latest attack was on La Porte County in Indiana. The attack started on July 6, 2019, but prompt action by the IT department allowed the ransomware to be contained. That rapid response meant only 7% of the laptops used by the county were affected. However, two domain controllers were also affected and that rendered the network unavailable.
Experts were brought in to try to restore files from backups and bring the network back online, but those attempts failed as the backup servers had also been infected with the ransomware. La Porte County was left with no alternative other than to pay the ransom demand. The Bitcoin ransom equated to around $130,000, $100,000 of which was covered by an insurance policy.
This attack involved Ryuk ransomware – The same ransomware variant that was used in the attack on Lake City in Florida on June 10, 2019. For Lake City, Ryuk ransomware was delivered by the Trickbot Trojan, which was in turn deployed by the Emotet Trojan. Lake City paid approximately $500,000 to the attackers to obtain the keys to unlock the encryption. Riviera Beach in Florida was also attacked and paid a ransom of around $600,000.
These are just three cases out of several recent attacks. Those three attacks alone have resulted in more than $1,200,000 being paid to cybercriminals. That sends a very clear message to other cybercriminals that these attacks can be extremely profitable. That is the reason the FBI advice is never to pay.
2018 saw a decline in ransomware attacks as cybercriminals pursued other strategies for attacking businesses, but ransomware is now certainly back in favor and is being used in an increasing number of attacks.
Something that several of the targets in the recent ransomware campaigns have in common is they are relatively small cities that have limited resources to devote to cybersecurity. They have hardware and software that has reached end of life and, due to limited funds, security gaps have started to appear.
Riviera Beach, for instance, is a city of 35,000 people with limited resources. It had recently undergone a period of turmoil in management, had suffered scandals, and during the upheaval its cybersecurity contract had been allowed to lapse. That left the door wide open to attack.
These attacks have proven incredibly costly, yet they could have been prevented with a very small spend on a select number of security solutions. The attacks on Rivera Beach and Lake City could have been prevented with an advanced email security solution such as SpamTitan. The ransomware was installed in both of these attacks as a result of employees opening malware-infected email attachments.
SpamTitan incorporates dual anti-virus engines to detect malicious software and a Bitdefender-powered sandbox for deep analysis of suspicious email attachments. SpamTitan incorporates DMARC email authentication to counter email impersonation attacks and a host of other anti-spam and anti-phishing controls.
SpamTitan can be deployed as a gateway solution on existing hardware or as a cloud-based solution, and can be easily layered on top of Office 365 to improve protection against phishing and ransomware attacks.
Further, the cost of protection against ransomware and phishing attacks is likely to be much lower than you think. For more information, contact TitanHQ today.
There has been a spate of ransomware attacks on cities and government agencies in recent months and the healthcare industry sees more than its fair share of attacks, but they are not the only industries being targeted.
Schools, colleges, and universities are prime targets for hackers and ransomware attacks are common. One recent attack stands out due to its scale and the massive ransom demand that was issued. The attackers demanded $2 million (170 BTC) for the keys to unlock the encryption.
Monroe College in New York City was attacked at 6:45am on Wednesday, July 10, 2019. The ransomware quickly spread throughout the network, shutting down the computer systems at its campuses in Manhattan, New Rochelle and St. Lucia and taking down the college website.
The college has switched to pen and paper and is finding workarounds to ensure students taking online courses receive their assignments. No mention has been made about whether files will be recovered from backups or if the ransom will need to be paid.
This is one of many recent ransomware attacks in the United States. Ransomware may have fallen out of favor with cybercriminals in 2018, but it now appears to be back in vogue and attacks are rising sharply. So too have the ransom demands.
$2 million is particularly high, but there have been several recent attacks involving ransom demands for hundreds of thousands of dollars. In several cases, the ransom has been paid.
Riviera Beach City in Florida was attacked and was forced to pay a $600,000 ransom to regain access to its files and bring its computer systems back online. Lake City in Florida also paid a sizeable ransom – $500,000. Jackson County was also attacked and paid a $400,000 ransom.
There have been several cases where ransoms have not been paid. The City of Atlanta was attacked and around $51,000 in Bitcoin was demanded. Atlanta refused to pay. Its cleanup bill has already reached $3 million. With such high costs it is clear to see why many choose to pay up.
In all of the above cases, the cost of implementing cybersecurity solutions to protect against the main attack vectors would have cost a tiny fraction of the cost of the ransom payment or the mitigation costs after an attack.
For less than $2 per employee, you can ensure that the email network is secured and you are well protected against web-based attacks. To find out more, call TitanHQ today.
Sodinokibi and Buran ransomware are being pushed via the RIG exploit kit and now another exploit kit has joined the ranks, although its payload is currently banking Trojans.
Exploit kits are utility programs on websites that conduct automated attacks on visitors. When a visitor lands on a page hosting the exploit kit, the user’s browser and browser-based applications are probed to determine whether vulnerabilities exist.
Exploit kits contain exploits for several vulnerabilities, only one of which is required to silently download and execute a malicious payload on a visitor’s device. Traffic to these malicious pages is generated through malvertising/malicious redirects. The exploit kit code is also commonly added to compromised high-traffic websites.
Exploit kits were once the malware delivery mechanism of choice, but they fell out following a law enforcement crackdown. The threat from exploit kits has never disappeared, but activity has been at a much-reduced level. In recent months however, exploit activity has been at an elevated level.
The new exploit kit is called Spelevo and its purpose is to deliver two banking Trojans – Dridex and IceD – via a business to business website. The exploit kit was discovered by a security researcher named Kafeine in March 2019.
The exploit kit currently hosts multiple exploits for Adobe Flash and one for Internet Explorer. A user visiting a web page hosting the Spelevo exploit kit would unlikely tell that anything untoward was occurring. A tab would be opened to the gate and the browser would appear to go through a series of redirects before landing on Google.com. The entire process from the user landing on a page hosting the exploit kit, to a vulnerably being identified, exploited, and the user redirected to Google.com takes just a few seconds.
The exploit kit could be hosted on an attacker-owned domain, but it is easy to add the exploit kit to any website. All that is required is the addition of four lines of code once a website has been compromised.
Exploit kits are an efficient, automated way of delivering a malware payload, but they are reliant on users that have not patched their browsers and plugins. If browsers and plugins are kept up to date, there are no vulnerabilities to exploit.
The Spelevo exploit kit appears to be used in a campaign targeting businesses. IT teams often struggle to keep on top of patching and have poor visibility into the devices that connect to the network. As a result, it is easy for devices to be missed and remain unpatched. If one device is compromised, an attacker can use a variety of tools to spread laterally and infect other devices and servers.
The primary defense against exploit kits is patching, but additional protections are required. To protect against attacks while patching takes place, to prevent attacks from succeeding using zero-day exploits, and to stop users from visiting websites hosting exploit kits, a web filter is required.
WebTitan is a DNS filter that provides real-time, automated threat detection and blocking and protects against exploit kits and web-based phishing attacks. The WebTitan database contains three million malicious URLs that are blocked to protect end users. More than 300,000 malware and ransomware websites are blocked every day.
If you want to improve protection against web-based threats, exercise control over the content that your employees can access, and gain visibility into what your employees are doing online, WebTitan Cloud is the answer and it can be set up in minutes.
As one ransomware-as-a-service operation shuts down, another is vying to take its place. Sodinokibi ransomware attacks are increasing and affiliates are trying to carve out their own niche in the ransomware-as-a-service operation.
Developing ransomware and staying one step ahead of security researchers is important, but what made the GandCrab operation so successful were the affiliates conducting the campaigns that generated the ransom payments. The GandCrab developers have now shut down their operation and that has left many affiliates looking for an alternative ransomware variant to push.
Sodinokibi ransomware could well fill the gap. Like GandCrab, the developers are offering their creation under the ransomware-as-a-service model. They already have a network of affiliates conducting campaigns, and attacks are on the increase.
As is the case with most ransomware-as-a-service operations, spam email is one of the most common methods of ransomware delivery. One Sodinokibi ransomware campaign has been detected that uses spoofed Booking.com notifications to lure recipients into opening a Word document and enabling macros. Doing so triggers the download and execution of the Sodinokibi payload.
Download websites are also being targeted. Access is gained the websites and legitimate software installers are replaced with ransomware installers. Managed Service Providers (MSPs) have also been targeted. The MSP attacks have exploited vulnerabilities in RDP to gain access to MSP management consoles.
Two cases have been reported where an MSP was compromised and malicious software was pushed to its clients through the client management console. In one case, the Webroot Management Console and the Kaseya VSA console in the other.
Recently, another attack method has been detected. Sodinokibi ransomware is being distributed through the RIG exploit kit. Malvertising campaigns are directing traffic to domains hosting RIG, which is loaded with exploits for several vulnerabilities.
With so many affiliates pushing Sodinokibi ransomware and the wide range of tactics being used, no single cybersecurity solution will provide full protection against attacks. The key to preventing attacks is defense in depth.
TitanHQ can help SMBs and MSPs secure the email and web channels and block the main attack vectors. Along with security awareness training and good cybersecurity best practices, it is possible to mount a formidable defense against ransomware, malware, and phishing attacks.
The excitement is building as DattoCon19 draws ever closer. Starting on June 17, 2019 in San Diego and running for three days, DattoCon19 is an unmissable event for managed service providers (MSPs).
At the conference, attendees benefit from practical advice and best practices to grow their businesses, increase sales, and boost monthly recurring revenue (MRR). A huge range of vendors will be on hand to offer information on exciting products and attendees will have the opportunity to learn strategies to increase business impact growth, boost profitability, and broaden their service stacks.
Sessions will be taken by industry experts and leading MSPs who will share tips and tricks to take back home and apply at the office. On average, attendees at DattoCon achieve 41% sales growth year-over-year as a result of attending the conference.
TitanHQ is sponsoring DattoCon19 and is excited about having the opportunity to meet new MSPs and help them grow their businesses. As a Datto Select Vendor, TitanHQ offers MSPs three cloud-based solutions that can be easily integrated into existing MSPs service stacks: Anti-phishing and anti-spam protection, DNS-based web filtering, and email archiving. All three solutions are available through the TitanShield program for MSPs.
MSPs can meet the TitanHQ team at booth 23 at DattoCon19 to find out more about the TitanShield program and the exciting opportunities for MSPs that work with TitanHQ. TitanHQ will be on hand to help MSPs that support Office 365 to improve protection against phishing attacks and malware. MSPs can also find out more about the TitanHQ threat intelligence that protects Datto DNA and D200 boxes, and how TitanHQ’s DNS filter is a direct swap out for Cisco Umbrella and the cost advantages of doing so.
TitanHQ Executive Vice President-Strategic Alliances, Rocco Donnino, is one of the panel members for the Datto Select Avendors event on Monday. The event brings together experts from different fields to help come up with solutions for some of the major problems faced by MSPs in today’s marketplace.
TitanHQ at DattoCon19
TitanHQ will be at booth 23
Special Show Pricing available
Daily TitanHQ vintage Irish whiskey raffle
TitanHQ and BVOIP are sponsoring a GasLamp District Takeover Party on Monday 6/17 and Wed, 6/19.
DattoCon19 will be taking place in San Diego, California on June 17-19, 2019. If you are not yet registered for the event you can do so here
The leading review website, G2, has published its 2019 Best Software Companies in EMEA list. This is the first time that the company has produced the list, which ranks the best software companies doing business in EMEA based on the feedback provided by users of those products.
G2 is one of the most well-respected business software review websites. Software solutions may appear to tick all the right boxes, but in practice the solutions can be time consuming and difficult to use and fail to live up to expectations. Since the G2 reviews are from registered users of the products, businesses can not only rely on the reviews but can also use them to make smarter buying decisions.
To compile the list, G2 compiled the reviews of over 66,000 users in the software category. More than 900 companies were represented, but only those that performed best in the reviews have made the cut in their respective categories.
TitanHQ has been awarded top spot in the list of the best software companies of 2019 in EMEA.
TitanHQ has developed powerful cybersecurity solutions to meet the needs of businesses and MSPs, but the solutions have also been developed to be easy to use. The solutions are versatile, flexible,and scalable, and can be managed via an intuitive web-based management console with a full reporting suite. A full range of APIs are supplied to allow the solutions to be integrated into existing management software and industry-leading customer support ensures that help is always available to resolve any customer issues.
“TitanHQ is delighted to have been included in the 2019 Best Software Companies in EMEA list. The inclusion shows the value our customers place on the uncompromised security and real-time threat detection we provide,” said Ronan Kavanagh, CEO, TitanHQ. “The overwhelmingly positive feedback from on G2 Crowd is indicative of our commitment to ensuring the highest levels of customer success.”
“With 750,000+ user reviews, 80,000+ products and 1,600+ tech and service categories on G2, TitanHQ’s recognition on the prestigious Best Software Companies in EMEA list is an exceptional achievement: One that can only be earned through the endorsement of its users,” said CEO Godard Abel.
TitanHQ has announced a new partnership with the French Value Added Distributor (VAD) Exer that will see the company’s award-winning cloud-based spam filtering, DNS filtering, and email archiving solutions offered to Exer partners throughout France.
Exer is a leading VAD in France. The company currently works with more than 600 value added resellers (VARs) and integrators in France and specializes in network security, enterprise mobile infrastructure, Wi-Fi, and a range of cybersecurity and managed services. The new collaboration will increase the choice of solutions available to French VARs and will help them improve security for their clients and meet their compliance requirements.
For more than two decades, TitanHQ has been developing innovative cybersecurity solutions for SMBs and MSPs to protect against the ever-growing range of cyberthreats. Starting off by offering anti-spam solutions, the company’s product portfolio has been expanded to include DNS filtering and email archiving.
The solutions have now been adopted by more than 7,500 businesses and are offered by over 1,500 MSPs around the globe. SpamTitan now blocks more than 7 billion spam emails each month, WebTitan blocks more than 60 million malicious websites every month, and ArcTitan is used to securely archive and store more than 10 million emails a month.
Over the past few years, TitanHQ has enjoyed excellent growth and has expanded its global footprint considerably. One of the company’s aims in 2019 is to increase its client base in France. The partnership with Exer was therefore a no brainer.
“Our advanced threat protection for email and web security was designed to keep businesses productive and information secure. We are pleased to be offering the Exer partner community choice, enhanced functionality and greater overall value,” explained TitanHQ Executive VP, Rocco Donnino.
Exer was keen to expand its range of cybersecurity solutions to better protect its clients from an ever-increasing range of web-based and email-based threats. The volume of cyberattacks now being conducted means cybersecurity has never been so important.
“Collaboration with TitanHQ is an opportunity to represent a brand internationally recognized on 3 key technologies: Web Content Filtering, Anti-Spam, and Email Archiving. We are eager to propose these security solutions to ours VARs,” explained Exer CEO, Michel Grunspan. “Our regional presence and our expertise will be our strength for asserting the presence of TitanHQ in the French market”
French VARs can find out more about TitanHQ’s email security, web security, and email archiving solutions at Exer’s Tour De France events over the next few months. The events start in Lille on May 23, 2019 at Hameau de la Becque and will be taking place at various cities throughout France over the following months.
TitanHQ, the leading provider of cloud security solutions for SMBs, has announced a new partner program has been launched to support Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), Cloud Distributors, Wi-Fi Providers, OEM Partners and Technology Alliance Partners..
TitanHQ started its journey in 1999. Initially, the company provided anti-spam solutions to local businesses in Ireland. Over the next two decades, the company expanded its range of products to include DNS filtering and email archiving solutions and is now a leading global player of cloud-based cybersecurity solutions.
While TitanHQ initially focused on meeting the needs of the SMB market, its products have been developed to meet the needs of MSPs. For instance, TitanHQ solutions are available with a range of hosting options, including the ability to host the solution within the MSPs own environment, and they can be provided in white-label form ready to take MSP’s branding.
TitanHQ’s cloud-based solutions have been developed to be easy to implement, use, and manage and are already a firm favorite with MSPs.
To make TitanHQ cloud security solutions even more attractive for MSPs, the existing partner program has been significantly enhanced and relaunched as TitanShield.
The TItanShield Partner Program makes it even easier to offer TitanHQ cloud security products to clients. Partners benefit from access to engineers, a highly capable support team that understands the needs of MSPs, and a dedicated account manager.
Partners have access to APIs to allow them to easily sell, onboard, manage and deliver advanced network security solutions directly to their client base from within their own user interfaces. In addition, partners receive free access to sales and technical resources, deal registration and lead generation resources, and benefit from flexible, volume-based monthly pricing models and profitable margins.
Under the new, enhanced partner program, customers are separated into their specific areas of expertise to ensure that each can be provided with focused information for the markets and customers they serve.
“Our program takes a unique and strategic approach for our partners and can be customized to fit all business models,” said Rocco Donnino, Executive VP of Strategic Alliances at TitanHQ.
If you want to become a highly valued member of the TitanHQ TitanShield Partner Program, enrollment is now open. Call TitanHQ today or email email@example.com for further information.
In our previous post we explained why managed service providers (MSPs) should be offering a web filtering service to their customers and the benefits that can be gained by customers and MSPs alike. In this post we explain what makes WebTitan Cloud the go-to web filtering solution for MSPs and why so many MSPs have chosen TitanHQ as their web filtering partner.
Why WebTitan Cloud is the Best Web Filter for MSPs
One problem MSPs face before they can start offering a web filtering service to their clients is how to incorporate the solution into their service stacks and their existing cloud offerings. While there are many providers of web filtering services, not all solutions have been developed with MSPs in mind. TitanHQ differs in that respect.
TitanHQ’s web filtering solution, WebTitan Cloud, has been developed specifically to meet the needs of MSPs and make it as easy as possible for the solution to be added to their existing cloud offerings. WebTitan Cloud seamlessly integrates within existing workflows regardless of whether MSPs self-host, use AWS, Azure, or other cloud platforms.
How Does WebTitan Cloud Integrate into MSPs Management Systems?
To make integration as easy as possible, TitanHQ uses RESTful API, which allows fast and risk-free integration into MSPs management systems. WebTitan Cloud uses the OAuth 1.0 protocol for authentication and has a full set of keys and secrets in the WebTitan Cloud user interface (UI). Once an MSP has signed up, no further registration or authentication is necessary. The API client provides the appropriate oauth_signature to authorize requests to protected resources.
Overly complex user interfaces are a problem with many cloud-based solutions. With WebTitan Cloud, the UI is made as clean and easy to use as possible. MSPs can remove all elements from the UI that are not required to keep the UI clean and simple. WebTitan Cloud can also be integrated into MSP cloud interfaces to create a better user experience and greater consistency for customers.
Having information at your fingertips is important when customers send in requests or when reports are required on web use and blocking. WebTitan Cloud allows MSPs to create and integrate a full suite of high-level system and customer reports into their own management consoles.
Onboarding new customers is also a quick and simple process, which can be integrated into current MSP on-boarding processes. New customer accounts can easily be created (or deleted) from within an MSP’s own UI, in addition to performing updates and listing all current customer accounts.
MSPs can connect to WebTitan Cloud to manage their customers settings, including locations, whitelists, and blacklists. Customers that would prefer to manage their own settings can perform a limited number of operations themselves using APIs. Since WebTitan Cloud is available in a full white label, customers who do access their own settings can be given a UI with MSP branding rather than TitanHQ’s to maintain consistency and help reinforce the MSPs brand.
TitanHQ also operates an extremely competitive pricing strategy with generous margins for MSPs and aligned monthly billing cycles through the TitanShield MSP Program.
If you have yet to start offering web filtering to your clients as part of your service stack or if you are unhappy with your current provider’s product, contact TitanHQ today and as about becoming a member of the TitanShield MSP Program. Product demonstrations can also be scheduled on request.
A web filtering service allows Managed Service Providers (MSPs) to better protect their clients from accidental malware downloads and phishing attacks while improving their bottom lines. Further, by preventing phishing attacks and malware infections, they can reduce the amount of time they spend fighting fires. For busy MSPs, the latter will be especially beneficial.
Why is Web Filtering Important?
There are several reasons why MSP clients will benefit from a web filtering service. First and foremost, a web filter will help to prevent their customers’ employees from visiting phishing websites and malicious URLs. Most phishing attacks start with a phishing email, so a powerful spam filtering solution is essential. While commercial spam filters such as SpamTitan will block more than 99% of spam and phishing emails, additional protections are required to protect against the 1% that bypass spam defenses.
Naturally end user security awareness training will help in this regard, but as the 2018 Verizon Data Breach Investigations Report shows, 30% of delivered phishing messages are opened by end users and 12% of those users also click on malicious links in the messages.
A web filter is an additional layer of anti-phishing and anti-malware defenses that kicks in when malicious links are clicked and when end users attempt to visit other malicious sites while browsing the Internet. With a web filter in place, when an employee attempts to access a malicious web page, that attempt will be blocked before any content is downloaded. Instead of displaying the web page, a block page will be displayed.
Web filters also allow companies to carefully control the types of content their employees can access. This allows them to enforce acceptable internet usage policies with ease. Employers can prevent their employees from accessing NSFW content such as pornography, illegal content and, if tighter controls are required to improve productivity, other categories of web content such as dating sites, social media networks, gambling sites, and gaming sites.
With a web filter in place, security and productivity can both be quickly improved and the gains in both of those areas is likely to more than pay for the cost of the web filtering package provided by their MSP.
Cloud Based Web Filtering Solutions for MSPs
Convincing customers to implement a web filtering solution should be straightforward given the number of phishing attacks that are now being conducted and the cost of mitigating phishing attacks and malware infections. The cost of web filtering is tiny by comparison.
For MSPs, cloud-based filtering solutions are the natural choice. They can be implemented in minutes once a customer request has been received, no hardware is required, there is no software to install, and patching is handled by the service provider. All that is required from the MSP is a brief set up and configuration for each customer and ongoing management and reporting.
However, not all cloud-based web filtering solutions make set up, management and reporting simple. WebTitan Cloud differs in this respect. Not only does the solution offer excellent protection, the solution has been developed specifically with MSPs in mind. The ease of integration into MSP’s back-end systems and management has made WebTitan Cloud the go-to web filtering solution for MSPs.
In our next post we will explain how WebTitan Cloud differs from other web filtering solutions, why it is the easiest solution for MSPs to integrate into their existing cloud offerings, and how TitanHQ makes getting started, provisioning new customers, and managing customer accounts a quick and easy process requiring the minimal management overhead.
TitanHQ has released WebTitan Cloud version 4.12. The new version of the award-winning 100% cloud-based web filtering solution incorporates new features at tweaks to improve the user experience and make the solution an even more attractive option for managed service providers (MSPs).
One of the most exciting new features that will benefit businesses and MSPs alike is the ability to implement location-based filtering controls, naturally accompanied by granular, location-based reports.
It was already possible to implement organization-wide filtering controls and set different policies for departments, user groups, roles, and individuals in an organization. The new feature increases the flexibility of the solution with location-based controls. The new feature will be of great benefit to businesses operating across multiple locations, where content control requirements may need to be different for satellite offices. MSPs will be able to offer location-based controls to clients and better manage web filtering for customers with a presence in multiple countries. The location controls can be applied to control content whether users are on or off the network.
As with user and role-based content controls, when a user attempts to access a web page that contravenes the policy that they have been assigned, the content will be blocked and no web page content will be downloaded – in contrast to many appliance-based web filtering solutions. The user will be presented with a customizable block screen that can incorporate the company or MSP’s branding.
There will be occasions when an individual or group needs to bypass policy controls. With WebTitan, this can easily be achieved using cloud keys rather than making changes to policies. The cloud key can be used to bypass the block pages and access content that would normally be blocked by location, company, or other policies.
To make management as easy as possible, all policies and locations are managed through a single user interface. MSPs can manage all locations and customer accounts through a single pane of glass, which improves visibility into all customers’ accounts and locations.
Also of interest to MSPs will be WebTitan’s enhanced search functionality. While it was possible to run reports to obtain information about a specific customer and their traffic, a search filter has now been added to the history page. This allows administrators to search by location name with autocomplete. When a customer account is selected, admins can get second-by-second information about all traffic within that location without having to run a location report.
MSPs already have a multi-tenant, highly scalable, brandable, and easy to use web filtering solution with multiple hosting options that can be offered to customers at an attractive price point, which is why the solution has proven so popular with the MSP market. It is hoped that the new additional features will make the solution even more useful for MSPs to allow them to better serve their SMB clients while making web filtering for SMBs even more straightforward.
For many people, Game of Thrones Season 8 is the TV highlight of the past 12 months, but not all fans of the series are keen to pay for the channel to watch the latest installments of this hugely popular series.
Some fans are turning to P2P file sharing sites to download the latest episodes, but hackers are ready and waiting. Many illegal video files of Game of Thrones episodes have been embedded with malware, most commonly adware and Trojans.
Research from Kaspersky Lab revealed Trojans to be the most common form of malware to be embedded in rogue video files. A third of all fake TV show downloads that have been impregnated with malware include a Trojan.
When one of these infected files is opened after it has been downloaded, the Trojan is launched and silently runs in the background on the infected device.
Many of the Trojans embedded into video files are brand new. These zero-day malware variants are not detected by traditional AV solutions as their signatures are not present in malware definition lists. That means malware infections are likely to go undetected. When signatures are updated, the malware may continue to run until a full system scan is completed. Either way, during the time that the malware is active it could be collecting a range of sensitive data including usernames and passwords.
Malware can also be installed that gives the attacker access to an infected device and the ability to run commands, change programs, download further malware variants, and add the infected device to a botnet.
File sharing websites offer an easy way of distributing malware. Users of the platforms voluntarily download the files onto their computers. However, only a small percentage of internet users visit P2P file sharing sites. Hackers therefore have turned to other methods to get users to execute their infected video files.
Prior to the release date of Game of Thrones Season 8, offers of free access to the TV show were being distributed via email. Campaigns were also detected offering episodes in advance of the release date to tempt GOT fans into installing malicious software or visiting malicious websites.
It is no surprise that fake Game of Thrones video files have been embedded with malware, given the huge popularity of the show. However, Game of Thrones fans are not the only people targeted using this tactic of malware distribution. In the past few months, malware has been detected in fake videos files claiming to be the latest episodes of the Walking Dead, Suits, and the Vikings to name but a few.
Some people feel the risk of a malware infection from downloading pirated video files to be low, or they do not even consider the risks. That is bad news for businesses. When employees ignore the risks and download illegal files at work, they risk infecting their network with malware.
The easiest solution to prevent illegal downloads at work and the visiting of other malicious websites is to use a web filtering solution. A web filter – WebTitan for instance – can be configured to prevent users from accessing file sharing and torrents websites. WebTitan uses a continuous stream of ActiveWeb URLs from over 550 million end users, which provides important threat intelligence to TitanHQ’s machine learning technology. This allows new, malicious URLs to be identified, and users are then prevented from visiting those malicious URLs.
Blocking email attacks is simple with SpamTitan. SpamTitan blocks 99.97% of spam emails to prevent malicious messages from reaching end users, including messages offering free access to Game of Thrones and other TV shows. In addition to dual AV engines to protect against known malware, SpamTitan also now has a sandboxing feature. Suspicious attachments can be safely executed and analyzed in the sandbox to identify potentially malicious actions. The sandboxing feature provides superior protection against zero-day malware which AV software does not block.
With both of these solutions in place, businesses will be well protected against malware, ransomware, botnets, viruses, and phishing attacks.
Each solution is available with a range of different deployment options to suit the needs of all businesses. For a product demonstration and further information, contact the TitanHQ team today.
G2 Crowd, a peer-to-peer review platform trusted by millions of businesses, has named SpamTitan the leading email security gateway solution in its Spring G2 Crowd Grid Report for Email Security Gateways.
TitanHQ’s SpamTitan email security gateway solution was named the leader in the category of secure email gateway performance
SpamTitan was assessed along with other popular email security solutions from big name companies such as Cisco, Barracuda, Proofpoint, Mimecast, and SolarWinds, but took top spot thanks to consistently high ratings for all key metrics assessed for the report.
The G2 Crowd platform allows businesses to find out important information about software solutions that is not often included in the product spiel offered by software providers: What the solutions are actually like to use and whether they match up to expectations. The platform is trusted by businesses thanks to its honest reviews from genuine customers. The company was formed in 2012 and now attracts more than 1.5 million visitors a month to its website.
For the report, each product was assessed based on market presence and four areas of customer satisfaction: Quality of support, ease of use, meets requirements, and ease of administration. SpamTitan scored highly in all four categories, outperforming all other solutions for customer satisfaction and market presence.
SpamTitan ranked highest for meeting requirements and quality of support, achieving a score of 94% in both categories. The average for all 10 email security gateways was 88% and 84% respectively. SpamTitan achieved a score of 92% for ease of use and 90% for ease of administration. The average for all products in these areas was 82% and 83% respectively.
It was clear from the report that TitanHQ customers were extremely happy with the products and service provided by TitanHQ. The user reviews praised SpamTitan for many aspects of the product, two examples of which have been listed below.
“SpamTitan has some of the best filtering we’ve seen compared to other products, it does an excellent job when configured right of capturing a high volume of spam. It’s relatively simple to get around and set it up, and runs in a very lightweight VMware appliance.”
“The degree of customization and logging is amazing. You can account for everything going in or out of your organization and set filtering rules to match any scenario. Performance of the web UI and functions like searching and reporting are lightning quick.
G2 Crowd also released a Spring G2 Crowd Grid Report for Secure Web Gateways and TitanHQ’s WebTitan solution was rated a high performer, achieving a customer satisfaction score of 94% against an average of 87% across all 10 solutions under assessment.
If you are unhappy with your current email or web security gateway product or you have yet to implement one of these important cybersecurity solutions, contact TitanHQ today to arrange a product demonstration. The full versions of both solutions are available on a free trial to allow you to see for yourself how effective they are and how easy they are to use.
If you have any questions about either product, contact the TitanHQ today to have your questions answered.
Supply chain attacks allow cybercriminals to attack businesses through weak links in the supply network. Smaller companies are attacked, which gives hackers access to larger and better secured businesses: Businesses that would be harder to attack directly.
This attack method was used to spread NotPetya malware in Ukraine. A software supply company was breached which allowed the malware to be spread to the software supplier’s clients. The massive data breach at Target in 2014 was made possible by first attacking an HVAC system provider. The attack allowed hackers to install malware on the Target’s POS system and obtain the credit card numbers of millions of its customers. According to Symantec, supply chain attacks doubled in 2018.
There are many different types of supply chain attacks, but all serve a similar purpose. By attacking one company it is then possible to attack a bigger fish, or in the case of attacks on cloud service providers and managed service providers, a single attack will give a hacker access to the networks of all MSP clients.
Large businesses often have the budgets to hire their own IT and security staff and can implement robust defenses to prevent attacks. Smaller businesses often struggle to recruit security professionals as they are in high demand. With the shortage of skilled cybersecurity staff and an inability to pay the large salaries that skilled cybersecurity professionals demand, SMBs often turn to MSPs to provide those services.
In order to be able to provide those services, managed service providers are given remote access to their client’s networks. Many of the tasks that need to be performed by MSPs require administrative privileges. Managed service providers also hold login credentials to their clients’ routers and cloud accounts. All of those credentials are extremely valuable to hackers.
Given the typical number of clients each MSP has, a successful attack on an MSP could prove very profitable for a hacker. It is therefore no surprise that there has been an increase in cyberattacks on MSPs and CSPs.
While MSPs are usually good at securing their clients’ networks and ensuring they are well protected, they also need to ensure their own house is in order. Patches must be applied promptly, vulnerabilities must be addressed, and security solutions must be put in place to protect MSPs systems.
MSP staff should be security aware, but when they are busy resolving their clients’ problems, mistakes can easily be made such as responding to a well-crafted spear phishing email. All it takes is for one MSP employee to respond to such an email for a hacker to gain a foothold in the network.
Naturally, security awareness training should be provided to all MSP employees and security solutions need to be deployed to protect against email and web-based attacks.
This is an area where TitanHQ can help. TitanHQ’s anti-spam solution, SpamTitan, offers advanced protection against phishing and spear phishing attacks. A recent update has also seen DMARC email authentication and sandboxing features added to better protect users from phishing and malware attacks.
TitanHQ’s DNS-based content filtering solution further enhances protection against phishing attacks and prevents MSP employees from visiting malicious websites. Being DNS-based, malicious websites are blocked before any content can be downloaded.
In addition to helping MSPs protect their own networks, both solutions are ideal for MSPs to offer to their SMB clients and have been developed to perfectly meet the requirements of MSPs.
If you are an MSP and you have yet to implement a web filter or you are looking for an advanced spam filtering solution for you or your clients, give the MSP team at TitanHQ a call today to find out more about both solutions and how they can protect your business and better protect your clients.
Traditional email security solutions are effective at keeping inboxes free from spam email, but many fall short when it comes to blocking phishing and spear phishing attacks. Cybercriminals are conducting ever more sophisticated campaigns that manage to bypass traditional email security defenses by impersonating legitimate companies and spoofing their domains.
In addition to phishing attacks that attempt to obtain sensitive information, email is often used to spread malware, ransomware and botnets. Traditional anti-virus solutions are effective at blocking known malware threats, but signature-based AV solutions are not effective at blocking never-before-seen malware variants.
Today, new malware variants are being released at record pace. To block these zero-day malware attacks, an advanced email security solution is required which does not rely on signatures to identify malicious file attachments.
SpamTitan was already a powerful email security solution for SMBs and MSPs serving the SMB market and was capable of blocking sophisticated phishing emails and new malware threats. However, new features have now been added that improve detection rates further still and provide superior protection against zero-day malware and phishing attacks that spoof legitimate domains.
TitanHQ has updated SpamTitan to include a DMARC email authentication feature which is capable of detecting and blocking spoofed emails to better protect users from sophisticated phishing attacks.
To better protect against malware, ransomware, botnets, and zero-day attacks, TitanHQ has incorporated a new Bitdefender-powered sandboxing feature into SpamTitan. Email attachments that pass standard checks are safely detonated in the sandbox and are analyzed for malicious activity. The sandboxing feature provides an additional layer of security and greatly enhances protection against malicious attachments. This feature also helps to ensure that more legitimate emails and attachments are delivered to end users.
To explain how these new features work and the benefits to users, TitanHQ is running a webinar. In the webinar, TitanHQ will cover the new features in detail and will explain how SpamTitan can protect against the full range of email-based threats.
Date: Thursday, April 4, 2019
Time: 12pm, EST
The webinar will last 30 minutes and advance registration is necessary.
A new report has confirmed the need for robust, multi-layered cybersecurity protections for SMBs to prevent successful cyberattacks. SMBs are increasingly being targeted by cybercriminals as security is often weak and attacks are easy to pull off.
While large corporations are an attractive target for cybercriminals, large corporations tend to have mature cybersecurity programs and they are usually very well protected. A successful attack could prove extremely profitable but breaking through the cybersecurity defenses of large corporations is difficult and attacks can be extremely time consuming and labor intensive.
Cybercriminals often choose the path of least resistance, even though the potential for profit may not be so high. Cyberattacks on SMBs are much easier and hackers are concentrating their efforts on SMB targets. This was clearly demonstrated in the latest cybersecurity report from Beazley Breach Response (BBR) Services.
BBR Services analyzed all of the data breaches that it investigated in 2018. 9% of the successful attacks involved ransomware and 71% of those ransomware attacks were on SMBs. The healthcare industry suffered the highest number of ransomware attacks, and accounted for one third of successful attacks. Companies in the professional and financial services sectors accounted for 12% of ransomware attacks each, followed by the retail industry with 8% of attacks.
The costs of those ransomware attacks can be considerable. If companies are unable to recover data from backups, a sizable ransom must be paid to recover encrypted data. In 2018, the average ransom demand was $116,400 and the median ransom demand was $10,310. One client was issued a ransom demand of $8.5 million. The highest ransom demand paid was $935,000.
Massive demands for payment for the keys to unlock encrypted files may not be the norm, but even at the lower end of the spectrum SMBs may struggle to find the money to pay. The ransom demand is also likely to be considerably higher than the cost of cybersecurity protections for SMBs to prevent ransomware attacks.
One of the main ways that hackers gain access to the networks of SMBs is by exploiting flaws in Remote Desktop Protocol. SMBs that leave RDP ports open are at a much higher risk of being attacked. RDP is required by many SMBs because they outsource IT to managed service providers, which need to use RDP to access their systems. In such cases it is essential for default RDP ports to be changed and for very strong passwords to be implemented to reduce the risk of brute force attacks succeeding.
There was also an increase in sextortion scams in 2018. These scams attempt to extort money by threatening to expose victims’ use of adult websites. While these scams usually contain empty threats, they are often successful. In addition to attempting to extort money, the scams are used to install malware or ransomware. Email attachments are sent which claim to contain videos of the victim accessing adult websites, which the scammers claim to have been recorded using the computer’s webcam. When the files are opened to be checked, malware or ransomware is installed.
2018 also saw a 133% increase in Business Email Compromise attacks. These attacks spoof the email address of a senior executive to make the emails and requests seem more plausible. These scams are usually conducted to obtain sensitive information or to get employees to make fraudulent wire transfers. BEC attacks accounted for 24% of all breaches investigated by BBR Services in 2018.
One of the most important cybersecurity protections for SMBs to implement to prevent these attacks is an advanced email filtering solution – One that is capable of detecting spoofed emails. SpamTitan, TitanHQ’s cloud-based spam filtering solution, has recently been updated to include DMARC authentication to detect email impersonation attacks such as BEC scams. The solution also now includes a new sandboxing feature that allows potentially malicious attachments to be analyzed in detail in the sandbox where no harm can be caused. This helps to identify more malicious attachments and better protect SMBs from zero-day malware and other malicious files.
TitanHQ’s powerful cybersecurity protections for SMBs can greatly improve email security and block a wide range of web-based attacks. For further information on effective cybersecurity protections for SMBs to deploy to improve security posture and block costly attacks, contact TitanHQ today.
TitanHQ has announced its award-winning anti-spam solution, SpamTitan, has been updated and now has two powerful new features to better protect users from phishing, spear phishing, malware, ransomware, botnets, and APT threats.
SpamTitan has long been the go-to solution for SMBs to improve email security and the solution is popular with managed service providers serving the SMB market. SpamTitan is quick and easy to install, simple to use, and provides excellent protection against a wide range of email threats.
As email threats have become more sophisticated and zero-day attacks and new malware variants have skyrocketed, new features are needed to keep end users protected.
To maintain pace and better protect SpamTitan users, two important new features have now been rolled out with the latest release of SpamTitan: Sandboxing and DMARC authentication.
Sandboxing Feature Added to SpamTitan Product Suite
Blocking known threats is one thing, but detecting and blocking brand new threats that evade AV solutions is another matter, yet businesses need protection from these zero-day threats as well. SpamTitan already incorporates a range of mechanisms to detect these new threats but the latest feature takes protection to the next level.
SpamTitan now incorporates a new next-gen sandboxing feature. The Bitfedender-powered sandbox is a virtual environment that is totally separate from other systems. When an email is sent to a SpamTitan user, the message will be subjected to a range of checks to determine whether it is genuine, benign, and should be delivered or if it is malicious and needs to be rejected. If the message contains a suspicious attachment that is not picked up as a threat from those checks, it is sent to the sandbox.
The SpamTitan sandbox service has been designed to appear as a normal endpoint. Malicious files are opened or executed in the sandbox and any malicious code is run as it would on a standard machine. Its actions are logged and subjected to an in-depth analysis, including its self-protection mechanisms and attempts to evade detection. All actions are then assessed by advanced machine learning algorithms and the results of the analysis are then checked against a wide range of online repositories.
Opening potentially malicious files on an endpoint is dangerous, but in the isolated sandbox all risks are eliminated. Once the analysis is complete, which takes just a few minutes, if the file is determined to be benign it will be released and can be delivered to the end user. If it is malicious, the sandbox solution will automatically report the file to Bitdefender’s cloud threat intelligence service. That threat will then be blocked for all SpamTitan users, so the file will not need to be analyzed again.
This new feature greatly increases detection of elusive threats, provides end users with even greater protection, and it also helps to ensure that more genuine messages are delivered.
Businesses that want sandboxing technology usually need to purchase a separate solution. With SpamTitan, advanced emulation-based malware analysis is provided free of charge.
DMARC Email Authentication Now Included in SpamTitan
Email impersonation attacks are a major threat. They abuse trust in a known contact, company, or government organization to fool end users into taking a specific action – disclosing sensitive information, installing malware, or visiting a phishing webpage, for instance.
While SpamTitan already incorporates several mechanisms to identify email impersonation attacks, DMARC authentication has now been added to block even more threats. DMARC is a powerful tool for identifying the true sender of an email to determine if that individual is authorized to use a particular domain.
Detailed checks of the email header are performed and the sender is checked against DMARC records. If the checks are passed, the message can be delivered. If DMARC authentication fails, the message is rejected.
The new anti-spoofing feature protects SMBs and MSPs against data loss, date breaches, zero-day threats, and highly sophisticated email threats, while the sandboxing feature protects against malware, advanced persistent threats (APTs), malicious URLs, and offers insight into new threats to help mitigate risks.
Both of these features have been made available to current and new TitanHQ customers at no extra charge.
The poor state of cybersecurity in K-12 schools is making it too easy for criminals to conduct cyberattacks. As 2018 figures show, attacks are coming thick and fast. Action is needed to shore up security and keep cybercriminals at bay.
2018 Cyberattacks on K-12 Schools
Education has long been one of industries most commonly targeted by cybercriminals and 2018 was no exception. Last year there were several major cyberattacks on K12 schools that resulted in data theft and huge financial losses.
The 2018 State of K-12 Cybersecurity report from the K12 Cybersecurity Resource Center revealed 122 cyberattacks on K-12 schools were reported in 2018. 119 public K-12 education agencies in 38 states reported attacks. 60% of those cyberattacks resulted in the personal data of students being compromised.
North Dakota schools were hit particularly hard. In February 2018, one third of schools in the state experienced malware attacks. In many cases, the malware infections were the result of staff and students clicking on links in emails, visiting malicious websites, or opening malware-laced email attachments.
The 2019 State of Malware report from Malwarebytes reveals that in 2018, education was the number one industry targeted with Trojans and was second for ransomware attacks. Business email compromise scams are also common and many K12 school districts suffered W-2 phishing attacks and were fooled into sending scammers copies of employees’ tax information.
There have also been several successful email scams that have resulted in staff being fooled into making fraudulent transfers of school funds to criminals’ accounts. A school district in Texas was scammed out of $2 million in construction funds as a result of a phishing attack that fooled a staff member into making payments to fraudulent accounts. The high number of these types of scams prompted the FBI to issue a warning to schools in September 2018 about phishing scams that attempt to steal employees’ credentials.
K-12 schools are an attractive target for cybercriminals because attacks are relatively easy and the potential rewards are high. Student information sells for big bucks on the black market. Personal information along with Social Security numbers can be used for identity theft. It typically takes longer for identity theft to be detected with minors. If student data are stolen, thieves can rack up huge debts in students’ names over the course of several years before fraud is detected.
The State of Cybersecurity in K-12 Schools
Even though the risk of cyberattacks is high, many school leaders fail to appreciate the seriousness of the problem and how even simple changes to improve cybersecurity in K-12 schools can prevent most cyberattacks.
A Consortium for School Networking/Education Week Research Center survey in late 2017 showed that only 48% of school leaders considered the threat from phishing to be significant or very significant, with the numbers falling to under 30% for malware and ransomware attacks. Only 15% of K-12 schools have implemented a cybersecurity plan, just 29% have purchased cybersecurity products and services, and 31% had not provided end-user training.
The high value of student data, the opportunity to conduct multiple types of fraud, and poor cybersecurity defenses is a winning combination for cybercriminals. Unfortunately, there is no single solution that can be implemented to improve cybersecurity and prevent costly cyberattacks and data breaches. What is needed is an effective cybersecurity plan, policies and procedures, training, and technology.
How to Improve Cybersecurity in K-12 Schools
School budgets are usually stretched so it can be difficult to find the funds to improve cybersecurity in K-12 schools. It is therefore important to choose cybersecurity solutions wisely and select products that provide protection against the most common methods used by cybercriminals to attack schools.
Many of the attacks start with a single phishing email. It is therefore critical for K12 schools to improve email security, and for that, an advanced spam filtering solution is essential. SpamTitan blocks more than 99.9% of spam and phishing emails and is an ideal, low-cost, easy-to-implement spam filtering solution for K12 schools.
A web filtering solution is also an important cybersecurity measure. In addition to blocking students’ access to obscene content, as required for CIPA compliance, web filters can prevent users from visiting phishing websites and will block ransomware and malware downloads. The cost of a web filter can be partially offset by discounts obtained through the E-rate program.
End user training is also important. K12 schools need to include cybersecurity awareness training as part of their staff development program. Rather than providing a one-off or annual training session, training needs to be conducted regularly to keep staff up to speed on the latest threats.
Doing nothing to improve cybersecurity in K-12 schools is now simply not an option. If costly cyberattacks are to be avoided, is not improved, cybersecurity in K-12 schools must be improved.
If you want to find out more about email and web security and just how affordable these solutions can be for schools, contact the TitanHQ team today.
Businesses that want to start content filtering have a choice: A DNS filter or appliance, but which is best? In this post we explain the benefits of DNS filtering over on-premise solutions.
Traditionally, businesses that wanted to restrict Internet access and block web-based threats would purchase a physical appliance through which all internet traffic would flow. The appliance would be installed on-premise and controls would be applied to cover anyone connected to the network. The appliance would prevent employees and guest users from accessing certain types of web content, block malicious traffic, and ensure malware is not downloaded onto endpoints.
Today, businesses have a choice. They can purchase a physical appliance or they can install a virtual appliance. A virtual appliance performs the same functions as a physical appliance, but it is software-based solution that is installed on existing hardware. This means it is not necessary to purchase any hardware and businesses can save money. In this article we will treat physical and virtual appliances as one.
Another alternative is a DNS filter. A DNS filter requires no hardware purchases or software downloads. The filter works at the DNS level and all filtering takes place in the cloud.
Both types of content filtering solutions allow businesses to prevent users from accessing malicious websites when connected to the network and restrict the types of content that can be accessed.
DNS Filter or Appliance?
If you are unsure whether to opt for a DNS filter or appliance, consider the following benefits of DNS filtering over appliances.
No costly appliance to purchase and quick and easy filtering
Appliances can be costly and they need to be ordered, delivered, and installed. That means the IT team will need to be on site to complete the install. The hardware will also need to be maintained. With a DNS filter deployment is quick and easy. Simply point the DNS to the service provider and you can be up and running in minutes.
Avoid scalability issues
An appliance can be used for a limited number of users. If the business grows or if more devices need to connect the internet, it may be necessary to upgrade the appliance or buy multiple appliances. Similarly, if the number of users falls, you will be left with an expensive appliance that is surplus to requirements. With a DNS filter, you just pay for the number of users and can scale up and down as necessary.
Appliances require content to be downloaded
With an appliance the filtering takes place on the appliance itself, which means any malicious content must be accessed and downloaded before it is blocked. A connection must be made to a malicious site before any filtering takes place, however briefly. Further, since content is downloaded, that has an impact on bandwidth. With a DNS filter, the filtering takes place at the DNS level before a connection to a site is established which means threats are eliminated before any malicious code reaches the perimeter. A DNS filter can also block command and control center callbacks and data exfiltration attempts and protects all ports and protocols, not just port 53.
DNS filters inspect SSL traffic using the service providers resources
Most websites are now SSL enabled, which means web traffic must be decrypted, inspected, then re-encrypted. That requires a lot of processing power which can have a negative impact on end users. During heavy usage, slow downs are inevitable and CPU usage can be intensive. With a cloud-based DNS filter, the service provider performs the processing and, regardless of traffic volume, the user experience is the same.
DNS Filters make it easy to filter at multiple locations
If you buy an appliance, protecting remote workers and satellite offices is a problem. You need to backhaul traffic to the location where the appliance is located, so regional offices and remote workers will have slower internet speeds. With a DNS filter, it is possible to filter in multiple locations and to protect remote workers no matter where they are located, without the need to backhaul traffic. That means no latency.
DNS filters allow managed service providers to offer filtering to their clients
A DNS filter makes it easy for managed service providers to add content filtering to their service stacks. There is no need for an appliance to be sent to a client and installed by MSP staff. A cloud-based DNS filter is a turnkey solution that can easily be set up and managed remotely. All clients can be managed through a single pane of glass, making monitoring and management simple with little time investment required.
In short, for the majority of businesses considering a DNS filter or appliance, a DNS filter wins hands down. It is quick, easy, simple, efficient, and is the most cost-effective way of content filtering and blocking web-based threats.
Further, you can try DNS filtering before committing to a purchase. With TitanHQ’s WebTitan Cloud, you can have a two-week trial of the full product to evaluate it in your own environment.
To register for a trial, for a product demonstration, and to have any questions answered, contact the TitanHQ team today.
The threat of malware downloads from visiting adult websites has long been thought to be a major risk; however, not all studies on the subject have demonstrated that the risk is any higher than visiting other types of websites. The owners of adult websites, as legitimate business owners, have a vested interest in keeping their sites malware free.
However, new research from Kaspersky suggests the threat of malware downloads from visiting adult websites is real, and adult-themed phishing attacks increased in 2018.
Is There a High Risk of Malware Downloads from Visiting Adult Websites?
According to its latest report, there is a real risk of malware downloads from visiting adult websites. Naturally for consumers who visits adult websites, the risk is theirs to take. For businesses however, risks taken by employees can prove incredibly costly.
One of the major stories to be covered in the media on this theme in 2018 involved a government employee with a prolific thirst for such content. He was discovered to have accessed more than 9,000 adult websites and had inadvertently downloaded malware onto his work computer and the network. After visiting so many sites, that is perhaps understandable, but there have been many such malware downloads from far less prolific surfing of adult sites.
Kaspersky Lab’s research indicates that most malware downloads from malicious websites involves malware disguised as videos. Oftentimes, users are required to download a supposedly benign but malicious file in order to access the video.
Cybercriminals are also using black-hat techniques to poison the search results and get malicious sites appearing high up in the listings. The top 20% of porn-related search terms accounted for 80% of malware disguised as porn. Kaspersky’s tracking indicated 87,227 users had downloaded malware-disguised as porn and 8% of those did so via their work network.
The use of these porn tags is also common to get users to download non-malware threats such as adware and downloaders, although the latter are often capable of downloading much more malicious files. While the number of these attacks decreased by 36% year-over-year, attacking people searching for adult content is still common.
The most common threats associated with adult content were Trojan downloaders (45%) and Trojans (20%), followed by adware (9%) and worms (8%).
Adult-Themed Phishing Attacks Increased by 1,000% in Q4, 2018
While it was previously uncommon for phishing scams to use porn as a lure, that changed in 2018. It is still common for cybercriminals to use impersonate or create fake hookup sites to lure people into divulging credentials but there was also a 1,000% increase in phishing attacks using websites that masquerade as porn websites. Most commonly these were spoofed versions of the top 10 adult sites on the web. The rise in these types of phishing scams could be indicative of a trend that will grow in 2019.
The research shows that malware downloads from visiting adult websites is still a risk and the threat from adult-themed phishing attacks has grown at an alarming rate. Businesses should take note and take steps to limit risk.
The easiest way to do that is with a DNS web filter – A solution that allows businesses to carefully control the web content that can be accessed on work devices and via their wireless networks. With a DNS web filtering solution in place, businesses can block access to adult websites, commonly spoofed hookup and dating sites, and web-based phishing threats.
Not only will a DNS web filter provide protection against phishing, ransomware, and malware downloads, by blocking access to these adult sites, legal liability can be reduced and staff issues can be avoided.
If you have yet to start filtering the internet and preventing your users from accessing adult websites, other NSFW web content, and sites that are a drain on productivity, TitanHQ can help.
For a very low cost, businesses can protect all users of their wired and wireless networks and block a wide range of web-based threats. MSPs can also start providing filtered internet service to better protect their clients.
For further information, contact TitanHQ today and ask about WebTitan Cloud and WebTitan Cloud for WiFi – TitanHQ’s award winning web filtering solution for businesses.
TitanHQ has launched a busy campaign of MSP roadshows and conferences with two Valentine’s Day events in London and Tampa, Florida.
Over the coming five months, the TitanHQ team will be attending 15 events in Ireland, the Netherlands, the UK, and the USA, and will be meeting with managed service providers (MSPs), Wi-Fi providers, ISPs, and technology partners to introduce and explain about TitanHQ’s award-winning suite of email security, web filtering, and email archiving solutions.
The 2019 roadshow campaign started in London where Alliance Manager Eddie Monaghan met with current and prospective MSP partners at the IT Nation Q1 EMEA Meeting. Eddie will be at the event all week and will be discussing TitanHQ’s MSP solutions and finding out more about what is happening in the MSP world. TitanHQ has learned a great deal since joining the IT Nation community two years ago and has really enjoyed the experience thus far.
TitanHQ Alliance Manager, Eddie Monaghan
On the other side of the Atlantic, Alliance Manager Patrick Regan has been meeting with MSPs from Florida and beyond at the TitanHQ-sponsored Datto Roadshow in Tampa. Since joining the Datto community as a strategic partner, TitanHQ has worked closely with Datto MSP partners helping them to integrate email security, DNS filtering, and email archiving into their product offerings and providing tips and tricks to help them to get the most out of the products.
TitanHQ has been increasing its technology partners over the past year and is now working closely with industry giants Comcast, BitDefender, Microsoft, Kaseya, and ViaSat and is a proud member of IT Nation (HTG Peer Groups), Datto Roadshows, COMPTIA, and ASCII.
From humble beginnings as an indigenous Irish company providing anti-spam appliances to the local market, over the following 20 years TitanHQ has developed an innovative range of cloud-based solutions and has matured into a global provider of network security solutions for enterprises, SMBs, and MSPs. TitanHQs award-winning cybersecurity solutions are now offered by a network of more than 1,500 MSP partners and have been adopted by several thousand businesses in 200 countries around the globe.
The TitanHQ product suite has been developed to meet the exacting needs of MSP partners and are delivered via the TitanShield Program. The products help MSPs to protect themselves and their clients, while saving valuable time and effort by blocking threats at source before they can cause any harm.
TitanHQ’s spam filtering solution – SpamTitan – and web filtering solution – WebTitan – help MSPs keep their clients protected from malware, ransomware, viruses, botnets, phishing attacks and other email and web-based threats.
The cloud-based solutions are easy for MSPs to slip into their service stacks to build a high-margin security practice offering clients world-class network security services.
If you are already a TitanHQ TitanShield partner or want to find out more about the MSP program and TitanHQ products, be sure to attend one of the upcoming events and come and meet the TitanHQ team.
We look forward to meeting you at one of the upcoming roadshow events in 2019.
Web filtering at multiple locations can be a headache but it is a necessity. Human error can easily result in an email account breach, malware download, or ransomware attack. Every employee is a potential security risk, so it is important for controls to be implemented to reduce the risk of mistakes leading to a costly security incident.
One of the main ways that data breaches occur is through phishing. The web pages used in phishing attacks host phishing kits that collect login credentials and send them to the scammers. The web pages usually contain identical copies of the login boxes used by the likes of Microsoft Office 365, Google, and Facebook. The web pages are incredibly realistic and can be difficult for employees to identify as malicious.
Hyperlinks in emails also direct employees to websites containing exploit kits which probe for vulnerabilities and silently download malware. A user could visit a website for a couple of seconds, yet still trigger a malware download. Even general web surfing can see users redirected to malicious websites.
The solution is to implement a web filter. A web filter allows businesses to control the web content that users can visit, and it also blocks access to malicious web sites.
Web Filtering at Multiple Locations
While a web filter is easy to implement on premises, protecting mobile workers and multiple offices can be more of a challenge. Traditionally, web filters were physical appliances through which all Internet traffic flowed. Rules were applied to the appliance to control what sites can be visited by employees.
One of the main disadvantages when web filtering multiple locations, is a separate appliance needs to be used at each location. Not only is this costly, installing and maintaining the appliance requires technicians to be available on site. For many businesses running multiple offices, IT is managed remotely. IT staff are not available at each site. An appliance-based filter at each site is far from ideal.
An alternative is to backhaul Internet traffic to the corporate office, but this has a major impact on Internet speed. The latency issued can cause major problems for remote offices so this option is also not ideal.
The best solution is a cloud-based DNS web filter. A DNS web filter can be applied, configured and maintained remotely without the need for site visits or on-site support staff. No hardware is required and no software needs to be downloaded. All that is required is for a change be made to internal DNS servers or DNS settings.
Not only does this approach eliminate the need for any costly hardware purchases, with a cloud-based DNS filter there is no latency. The DNS-filter can be applied for all locations and managed through a single web-based interface. Controls can also be applied for different locations via an AD/LDAP client.
A cloud-based DNS filter is ideal for web filtering multiple locations, but what about protecting employees on the move? When employees travel for business, their mobile devices similarly need to be protected. A DNS filter can protect those employees online no matter where they access the Internet without the need to backhaul traffic.
Cloud-based DNS web filters are also the ideal solution for managed service providers (MSPs) who want to offer web filtering to their clients. The filters are highly scalable, and they offer multitenant management for MSPs and allow all clients settings to be configured and managed through a single pane of glass. Separate polices can be applied for each clients and reports can be easily generated. There is no need for any site visits, no need for patching, and web filtering can be offered no matter where the client is based.
WebTitan Cloud – Web Filtering Multiple Locations Made Simple
TitanHQ is a leading provider of DNS-based web filtering for businesses. WebTitan Cloud is an enterprise-class DNS-based web filtering solution that makes web filtering multiple locations effortless. The solution takes minutes to implement and requires no training to use. All web filtering controls can be applied remotely via an intuitive user interface.
If you run a business in multiple geographical locations, want to protect remote workers, or if you are a managed service provider that wants to add web filtering to your service stack, contact TitanHQ for further information on WebTitan Cloud.
A phishing campaign has been detected that uses Google Translate to make phishing web pages appear legitimate when visited through mobile browsers. The novel tactic makes it harder for end users to see that the website they have been directed to is not an official website.
The phishing attack starts with an email that indicates the user’s password has been used to access their Google account from an unfamiliar device. Many users will be familiar with these messages. They are generated when a user logs into their own account using a different device or from an unfamiliar location. The messages are also triggered when a user attempts to login to their account using a VPN that has previously not been used to access the account.
In this campaign, the standard Google Security Alert has been copied exactly and includes the Google logo, standard formatting, and text that users will be familiar with. The message tells the user to click on a link – A button below the warning message – to visit their account to review the activity and take action to secure their account.
If the user is on a desktop or laptop, they will be directed to a standard phishing page which has a copy of the Google login window. It should be apparent that the user is not on the legitimate Google site as the URL clearly nothing to do with Google although end users do not always check the URLs carefully, especially when there is an urgent reason for visiting a website such as a security alert.
If the user has opened the email on a mobile device and clicks the hyperlink button, the URL displayed in the browser will be different and they are much ore likely to be fooled. The phishing webpage uses Google Translate to display a URL containing a random string of characters, but crucially, the visible part of the URL displayed in the browser starts with translate.googleusercontent.com/translate_
The URL does contain the web page which the user is on, which is a page on mediacity.co.in that clearly has nothing to do with Google, but it is detailed much later in the URL so will not be displayed to the user unless they click the address bar to check the web page. Many users will not do that since the visible part of the URL appears to be a genuine Google page.
While the phishing campaign is unlikely to work on desktops or laptops, many mobile users will likely be fooled by the scam and will provide their Google credentials. They may not fall for the Facebook login request, as being redirected to Facebook from Google is odd, but by that time the attacker will have full access to the user’s Google account. Google accounts can contain a wealth of sensitive data and can be used for further phishing attacks on the user’s contacts.
Security awareness training will help to prevent employees from falling for phishing scams such as this. By conditioning employees to always check the sender of a message before taking any action, and to always take the time to carefully check the full URL of a website before disclosing any sensitive information, scams like this can be easily identified. Even with security awareness training, employees make mistakes. To improve protection against phishing attacks, businesses should deploy an advanced spam filter to prevent malicious messages from being delivered to corporate inboxes. A web filter is also strongly recommended. A cloud-based web filter can prevent users from accessing phishing web pages, even when they are not onsite and are using mobile devices remotely.
For further information on spam filtering and web filtering for businesses, contact the TitanHQ team today and ask about SpamTitan and WebTitan: TitanHQ’s leading spam filtering and web filtering solutions for businesses.
Anatova ransomware is a new cryptoransomware variant that appears to have been released on January 1, 2019. It is stealthy, can infect network shares, has already been used in attacks in many countries around the world. It could well prove to become a major ransomware threat in 2019.
Ransomware has somewhat fallen out of favor with cybercriminals as cryptocurrency mining malware offers greater potential for profit. The development of new ransomware variants has slowed, but new variants are still emerging and the threat from ransomware is not going away any time soon. Ransomware attacks are still profitable for cybercriminals and as long as that remains the case the attacks will continue.
Anatova ransomware was identified and named by security researchers at McAfee. The name was taken from the name on the ransomware note. The previously unknown ransomware variant has been used in at least 10 countries, with over 100 Anatova ransomware attacks identified in the United States, more than 65 in Belgium, and over 40 in France and Germany.
Not only does the ransomware variant employ a range of techniques to avoid detection, infection can cause major damage and widespread file encryption. Further, the modular design allows the developers to easily add new functionality in the future.
Most of the strings in Anatova ransomware have been encrypted and different keys are required to decrypt them. Those keys have been embedded in the executable. 90% of calls are dynamic and use non-suspicious Windows APIs and standard C-programming language.
Once downloaded and executed, the ransomware performs a check of the name of the logged in user against a list of encrypted names and will exit if there is a match. Names that prompt an exit include tester, lab, malware, and analyst. These names are commonly used on virtual machines and sandboxes. A check will also be performed to determine the country in which the device is located. The ransomware will exit if the device is in any CIS country, Egypt, Syria, Morocco, Iraq, or India.
Anatova ransomware scans for files smaller than 1MB and checks for network shares, although care is taken not to disrupt the operating system during this process and raise a flag before files are encrypted. Once files have been identified, the encryption routine starts. The ransomware uses its own key, so each victim requires a separate key to unlock the encryption.
Once the encryption process has run, the ransom note is dropped on the desktop, the memory is cleaned, and volume shadow copies are overwritten 10 times to ensure files cannot be recovered from local backup files.
The ransom demand is relatively high – Around $700 (10 DASH) per infected machine. Since multiple devices can be infected with a single installation, the total ransom demand could well be considerable.
What is not 100% certain is how the ransomware is being distributed. McAfee detected one sample on a P2P file sharing network which masquerades as a free software program complete with game/application icon to encourage users to download and run the installer. Other attack vectors may also be used. Based on the current distribution vector, a web filter will offer protection against attacks if P2P file sharing/torrents sites are blocked.
The researchers believe Anatova ransomware has been created by highly skilled malware authors who are currently distributing a prototype of the ransomware. More widespread attacks are to be expected once this testing phase has been completed.
Hackers are taking advantage of poor Wi-Fi security to attack small businesses. This post covers simple steps to take to improve Wi-Fi security to block cyberattacks.
Small businesses can implement a robust firewall to protect against cyberattacks, but the Wi-Fi router is often a weak point. A Wi-Fi router providers wireless coverage for your business and it is a likely attack vector if security is lax. By attacking wireless routers, hackers can bypass your firewall.
Fortunately, there are simple steps you can take to improve Wi-Fi security and block attacks. Seven simple steps to take to improve Wi-Fi security have been listed below.
Simple Steps for Small Businesses to Take to Improve Wi-Fi Security
Some of the steps below are obvious security measures, but there have been many instances when small businesses have overlooked these simple protections, only for them to be exploited by hackers.
Change Router Admin Credentials
Changing default credentials is one of the easiest but most important steps to take to improve Wi-Fi security. Because it is so simple, no business should be guilty of this security faux pas, but many are, even large businesses. In November, a school system discovered that its WAN provider had not changed the passwords on routers that had been in use for years. This is not the login for Wi-Fi, but the password for the router itself. These default administrator passwords can be found with a simple Internet search.
Disable Remote Administration on Your Router
Many wireless routers allow users to access and change router settings from outside the network. For the majority of businesses, remote administration is not necessary so it should be disabled. While this setting can be convenient, there are other more secure ways to access router settings remotely such as using a VPN. Allowing remote administration makes it far too easy for hackers to access your router.
Monitor Your DNS Settings
In January 2019, the U.S. Department of Homeland Security issued an emergency directive to all government agencies instructing them to perform an urgent audit of their DNS records after it was discovered that a threat group was targeting government agencies and changing their DNS records. By hijacking the DNS, all employees could be directed to malicious websites – clones of legitimate sites. Businesses that do not have an internal DNS server often use their wireless routers for this. Businesses should regularly monitor their DNS settings to ensure that no changes have been made.
Limit the Range of Your Wi-Fi Signal
You will want to make sure that everyone on the premises can access your Wi-Fi network, but it is important that no one outside your offices can do so too. If your Wi-Fi signal is too strong, it could be accessed by someone outside your offices and out of sight – In a car parked in your lot for instance. An overly strong Wi-Fi signal makes it easy for an attacker to conduct brute force attacks without being seen.
Keep Firmware Updated
New router firmware will be periodically released by the manufacturer and, as with all other software updates, they should be applied as soon as possible. Firmware updates are issued to improve security and functionality. They address known vulnerabilities for which exploits exist. Some routers will be set to update automatically, others may require a manual update through the web-based interface. Be sure to check the manufacturers web page, as your router may no longer be supported, which means it is time for an upgrade.
Make Use of Your Guest Network
One of the most important security measures is to segment your network and this is especially important for Wi-Fi. You should not allow any untrusted device to connect to your network, such as those used by visitors. You should have a separate SSID for your employees and guests. This will keep guests away from your primary network.
Ensure Your Wi-Fi Network is Encrypted
You should ensure that your Wi-Fi network is encrypted with WPA as an absolute minimum. Without encryption your network will be open and hackers will be able to intercept wireless traffic. Currently the encryption standard is WPA2, although this will change to WPA3 in 2019. If you are planning on replacing your Wi-Fi router, make sure the new model supports WPA3. If your router only supports WEP it is time to upgrade.
Hackers are increasingly targeting small businesses. These 10 cybersecurity tips for small businesses can be implemented to improve security, prevent successful cyberattacks, and avoid costly data breaches.
Many small business owners misguidedly think that their company is too small to be a target for hackers but cyberattacks on small businesses are common and they are increasing. A successful attack on a Fortune 500 company is likely to be far more profitable for the hacker, but also much harder. Small businesses are relatively easy targets and attacks can be highly profitable.
Small business owners cannot afford to take cybersecurity lightly. A successful cyberattack could prove catastrophic. With this in mind, we have compiled 10 cybersecurity tips for small businesses that can easily be implemented to improve security.
Top Cybersecurity Tips for Small Businesses
Implement a Robust Firewall
A firewall is a cybersecurity solution that sits between a small business network and the outside world and prevents unauthorized individuals from gaining access to the network and stored data. Not all firewalls are created equal. Extra investment in a next generation firewall is money well spent. Don’t forget to also protect remote workers. Ensure that they are also protected by a firewall.
Create and Enforce Password Policies
You should implement password policies that require all users to set strong, secure passwords. A strong, unique password should be used for all systems. Passwords should include capitals, lower-case letters, a number, and a special character, and should be at least 10 digits long. Teach employees how to create secure passwords and enforce your password policies. Consider using a password manager so passwords do not need to be remembered. Consult NIST for the latest password guidance.
Security Awareness Training
Make sure you provide the workforce with regular security awareness training. This is the only way that you can create a culture of cybersecurity. Be sure to cover the security basics, safe Internet use, how to handle sensitive data, creation of passwords, and mobile device security. You should provide training to help employees avoid phishing attacks and consider phishing simulation exercises to test the effectiveness of your training program.
Multi-factor authentication involves the use of a password and at least one other method of authentication. If login credentials are compromised, an additional factor is required to gain access to an account or the network such as an SMS message to a user’s smartphone.
It is essential to have a good backup policy. In the event of disaster, such as a ransomware attack, you need to be able to recover critical data. Backups must also be tested to make sure files can be recovered. Don’t wait until disaster strikes to test whether data can be recovered. A good strategy is the 3-2-1 approach. Three backup copies, on two different types of media, with one copy stored securely offsite.
Software and Firmware Updates
Vulnerabilities are regularly found in computer software. Patches are released to correct those vulnerabilities, including those that are being actively exploited. Make sure patches are applied promptly, software is kept 100% up to date, and the most up to date firmware has been installed. Implement automatic updates where possible and create a schedule for updates if they need to be performed manually.
It is a standard best practice to segment networks and split them into subnetworks. Not only will this improve security it can also improve performance. By preventing access between segments, if one part of the network is compromised, an attacker will not have access to all systems and data. Also make sure you limit access to sensitive data and restrict the use of admin credentials. Apply the rule of least privilege. Do not give employees access to data, networks, and software that they do not need for day to day work duties.
Implement a Spam Filter
Arguably the biggest cyber threat that small businesses face is phishing. A single phishing email could allow an attacker to bypass your perimeter defenses and obtain login credentials or install malware. An advanced spam filter will allow you to improve productivity by blocking non-malicious spam emails and prevent phishing emails from being delivered to inboxes.
Secure Wi-Fi Networks
If you have a wireless network in your workplace it needs to be protected. Ensure that it is secured, data are encrypted, and that it is hidden and does not broadcast its SSID. Use WPA2 for encryption (or WPA3 if possible). Change default passwords and ensure your wireless router cannot be accessed from outside the network.
Consider Implementing a Web Filter
A web filter provides protection against web-based attacks by preventing employees from visiting phishing websites and sites that host malware. A DNS-based web filter can protect wired and wireless networks and even remote workers. It will block malware downloads and prevent users from accessing dangerous websites and those that serve no work purpose thus improving productivity.
Email archiving for small businesses is now more important than ever. Not only do state and federal laws require data to be retained for long periods, the EU’s General Data Protection Regulation (GDPR) has introduced new requirements for businesses covering email retention. These requirements for email are best met by using an email archive, although many small businesses are still relying on email backups.
Are Email Backups and Email Archives the Same?
In basic terms, an email backup and an email archive serve the same purpose. They allow emails to be stored so they can be recovered if needed. However, there are important differences between an email backup and an email archive, which have become even more important since the introduction of the GDPR.
Emails may need to be recovered for a variety of reasons. If an important email is lost, if emails have been corrupted, in the event of an audit, for legal discovery, in order to resolve customer disputes, or to find and delete emails when a customer exercises their right to be forgotten under GDPR rules.
Backups are useful, but they are far from ideal for most of the above reasons. Backups allow email data to be restored in the event of loss or if email has been corrupted – Due to a ransomware attack or a hardware failure for instance. In such cases, email backups allow the email system to be quickly restored to the point when the backup was made.
A backup is simply a copy of email data and is a snapshot of data in the email system at any given time. It is ideal as a short-term solution to protect against data loss. However, each time a backup is made, it typically replaces a previous copy. This means that it is possible for emails to be lost. If an email is deleted or corrupted, and a new backup is made that overwrites the last copy, deleted and corrupted emails may be lost forever. Restoring backups may require the entire database to be restored, even when only a few emails need to be recovered. That is hardly an ideal situation.
How Does an Email Archive Differ from an Email Backup?
An email archive is not a copy of email data. With an email archive, emails are moved from the mail system into the archive for long term storage. In addition to emails, tasks, email attachments, and calendars can be archived. Many companies choose to implement an archive not for disaster recovery as backups are still used for that purpose, but to decreases the workload of an email server, improve performance, and eliminate the need for mailbox limits.
One of the most important differences between a backup and an email archive is an archive is searchable, which makes it a quick and easy process to find a specific email or set of email messages that need to be recovered. They could be emails sent to or from a specific person or those that contain an individual’s personal data.
Backup allows emails to be retained and restored, but backups are not searchable. If an email is lost or needs to be recovered, finding messages can be a very time-consuming process.
In the event of legal action against a company, as part of the discovery process an organization will have to produce emails related to the case. A limited amount of time is provided to respond, so it is essential that information can be found quickly and efficiently. The same is true for compliance audits, GDPR requests, and to settle customer disputes.
In contrast to a backup, emails that are archived cannot be lost as no data is overwritten. Archives are also tamperproof and an audit trail is maintained.
Failure to retain data, missing deadlines for producing data, and accidental deletion of email data can attract major financial penalties. Those fines can prove catastrophic for small businesses. Email archiving for small businesses ensures that these issues never arise.
With an email archive, emails are instantly encrypted to prevent data from being intercepted or accessed by unauthorized individuals and with cloud-based archives there is no limit on storage space. Users can continue to use their mail clients or browsers and can easily access archived emails. Email archives are easy to use, manage, maintain, and it is quick and easy to recover emails on demand.
In short, email archiving for small businesses:
Adds legal safeguards
Ensures protection against data loss
Maintains an audit trail
Ensures emails can be quickly found and recovered
Eliminates the need for mailbox quotas
Increases efficiency and productivity
Allows long term storage of emails to meet compliance requirements
TitanHQ has developed ArcTitan to meet the needs of small to medium sized businesses and managed service providers. ArcTitan is email archiving solution for small businesses that is cost effective, secure, easy to use, effortless to maintain, and ensures businesses meet their legal responsibilities with respect to email retention. The solution works with all major email clients and Office 365.
If you have any questions about email archiving for small businesses, if you want to set up an email archive, or would like information on the best solution to meet the needs for your business, contact the TitanHQ team today.
The news headlines frequently warn businesses of the need to improve cybersecurity protections to thwart hackers, but not all threats come from outside the company. There are various types of insider threats that need to be managed and mitigated, yet these are all too often overlooked or insufficient controls are put in place to reduce the risk of a deliberate or accidental breach.
What are Insider Threats?
An insider threat is one that comes from within the company, typically an employee who accidentally or deliberately takes an action that causes harm or loss to the company.
Hackers attack companies to gain access to their networks to spy on companies, obtain secrets, steal data or sabotage systems. Breaking through perimeter defenses can be time consuming and difficult but if an insider wants to steal data or sabotage a system, it is far easier as they already have network access.
Not all insider threats involve intentional malicious actions by employees. An employee can also act in a way that negatively affects their company without intending to cause any harm.
This could be intentionally violating company policies in a non-malicious manner. An example would be the installation of software to save the employee time or to allow them to work more efficiently. Installing unauthorized software carries a risk of a malware or spyware infection. An employee could violate company policies which could lead to an accidental data breach. Then there is human error, such as sending an email containing sensitive information to the wrong person. Such actions could prove costly.
Businesses need to protect against all insider threats if they are to avoid costly data breaches. A great many data breaches result from too little focus on cybersecurity defenses to block the threat from within.
Malicious Acts by Employees
Anyone that has access to sensitive company data could potentially abuse their access rights to view or steal data. There is no particular profile of a malicious insider. Everyone could decide one day to steal information or sabotage systems, but you can protect against malicious insiders and manage the risk.
Cover insider threats in security awareness training and encourage employees to be vigilant and report suspicious activity. Provide them with an easy way to report their concerns.
Implement tools that monitor for anomalous behavior
Implement controls to prevent the use of portable storage devices such as thumb drives
Implement tools that prevent employees from downloading and running certain files types – Executable files for instance.
Apply the rule of least privilege – Don’t let employees access data/systems that they do not need to access to complete their day to day work duties
Accidents Will Happen…
The insider threats that can be the hardest to defend against are mistakes by employees. These types of insider threats include responding to a phishing email and disclosing login credentials, sending sensitive data to the wrong email recipient, accidentally visiting malicious websites, and inadvertently downloading malware. These threats need to be managed and mitigated through policies and procedures, training, and software solutions.
…But You Can Minimize Risk!
Phishing is arguably the biggest threat. Hackers know all too well that people make mistakes and can easily be fooled. Priority number one should be blocking phishing emails and making sure they are not delivered. For that you need an advanced spam filter. The more phishing emails that are blocked, the lower the risk of a click.
Security awareness training is also essential. When a phishing email lands in an inbox, employees need to have the skills to recognize it as such. Provide training and make the training interesting to engage employees. Interactive training courses can help in that respect. Make sure you test your employees’ knowledge afterwards with phishing email simulations. They will let you know who has taken the training on board and who needs further training.
Training needs to cover all security threats, not just phishing. Teach employees security best practices, including checking badges before allowing someone into the building, password security, keeping credentials private, and safe use of WiFi.
Another important technical control to implement is a web filter. A web filter allows businesses to control what employees can do online. They block access to phishing websites, block drive-by malware downloads, and prevent employees from visiting questionable websites that carry a high risk of malware infections or malvertising redirects: Adult sites and torrents/P2P file sharing sites for instance. Some web filters will also keep employees safe and secure when working remotely.
The important thing for businesses is not to leave things to chance or to assume they are too small to worry about insider threats and data breaches. Every business is at risk, regardless of size.
For further information on software solutions that can protect against data security threats give the TitanHQ team a call.
A new form of MongoLock ransomware is actively being used in a global campaign. A 0.1 BTC ransom is demanded, although file recovery may not be possible. The ransomware immediately deletes files and formats backup drives and a recoverable copy may not be retained by the attackers.
MongoLock ransomware was first detected in January 2017. A major campaign involving the ransomware was detected in September 2018 with the latest attacks having been ongoing since December 2018. The attackers are gaining access to unprotected or poorly protected MongoDB databases and are deleting data and replacing the databases with a new database. Inside the database is a file called readme that contains the ransom demand.
The attackers claim to have exported the database before encrypting it. Victims are required to make a 0.1 BTC payment to a supplied Bitcoin wallet or contact the attackers via email. Many victims have chosen to pay the ransom; however, there is no guarantee that data can be recovered. It is unclear whether the attackers are making a copy of the database or are simply deleting it.
The attacks are automated and scripts are used to delete the database and create the ransomware note, but the scripts are not always effective. Even if it is the intention of the attackers to obtain a copy of the database, that may not always happen.
The latest version of MongoLock ransomware also conducts a scan of local drives and deletes important data, including files saved to the Desktop, My Documents folder, Recent files, favorites, and any backup files that can be located. The drives are then formatted. This makes payment of the ransom all the more likely. Users are advised they have just 24 hours to make payment before the database is permanently deleted.
The file deletion routine is executed after the files have been uploaded to the attackers’ C2 server, so they can potentially be recovered if the ransom payment is made. However, if the computer is taken offline, file deletion continues but no copy of the file will be obtained by the attackers.
These attacks are primarily conducted on exposed MongoDB databases, which can easily be found using the Shodan search engine. Any businesses that uses MongoDB should ensure that the databases are properly secured, and that authentication is required to gain access. It is also important to ensure the databases cannot be accessed remotely over the Internet.
It is also essential to adopt a good backup strategy. The 3.2.1 approach is recommended. Make three backups, stored on two separate devices, with one copy stored securely off site on a non-networked device.
A malvertising campaign has been detected that delivers two forms of malware: The new, previously unknown Vidar information stealer and subsequently, the latest version of GandCrab ransomware.
The packaging of multiple malware variants is nothing new of course, but it has become increasingly common for ransomware to be paired with information stealers. RAA ransomware has been paired with the Pony stealer, njRAT and Lime ransomware were used together, and Reveton ransomware is used in conjunction with password stealers.
These double-whammy attacks help threat actors increase profits. Not everyone pays a ransom, so infecting them with an information stealer can make all infections profitable. In many cases, information can be obtained and sold on or misused and a ransom payment can also be obtained.
The latest campaign uses the Vidar information stealer to steal sensitive information from a victim’s device. The Vidar information stealer is used to obtain system information, documents, browser histories, cookies, and coins from cryptocurrency wallets. Vidar can also obtain data from 2FA software, intercept text messages, take screenshots, and steal passwords and credit/debit card information stored in browsers. The information is then packaged into a zip file and sent back to the attackers’ C2 server.
The Vidar information stealer is customizable and allows threat actors to specify the types of data they are interested in. It can be purchased on darknet sites for around $700 and is supplied with an easy to use interface that allows the attacker to keep track of victims, identify those of most interest, find out the types of data extracted, and send further commands.
Vidar also acts as a malware dropper and has been used to deliver GandCrab ransomware v5.04 – The latest version of the ransomware for which no free decryptor exists.
While many ransomware variants are delivered via spam email or are installed after access to systems is gained using brute force tactics on RDP, this campaign delivers the malicious payload through malvertising that directs traffic to a websites hosting the Fallout or GrandSoft exploit kits. Those EKs exploits unpatched vulnerabilities in Internet Explorer and Flash Player. The campaign targets users of P2P file sharing sites and streaming sites that attract large amounts of traffic.
Infection with the Vidar information stealer may go undetected. New malware variants such as this may be installed before AV software malware signatures are updated, by which time highly sensitive information may have been stolen, sold on, and misused. If GandCrab ransomware executes, files will be permanently encrypted unless a ransom is paid or files can be recovered from backups.
Businesses can protect against attacks such as these by ensuring that all operating systems and software are promptly patched. Drive-by downloads will not occur if the exploits for vulnerabilities used by the exploit kit are not present.
An additional, important protection is a web filter. Web filters prevent users from visiting websites known to host exploit kits and also sites that commonly host malicious adverts – torrents sites for instance. By carefully controlling the sites that employees can access, businesses can add an extra layer of protection while avoiding legal liability from illegal file downloads and improving productivity by blocking access to non-work-related websites.
For further information on web filters for businesses and MSPs, contact the TitanHQ team today.
The U.S. government has issued a warning following a spate of MSP cyberattacks by nation-state sponsored hackers.
Homeland Security Warns of Targeted MSP Cyberattacks
Managed service providers (MSPs), cloud service providers (CSPs), and managed security service providers (MSSPs) have been warned about an increase in malicious cyber activity and targeted attacks on IT service providers. Nation-state sponsored hackers are targeting IT service providers in an attempt to gain access to their networks, and ultimately, those of their clients.
It is not difficult to see why MSPs, CSPs, and MSSPs are such an attractive target. These IT service providers usually have administrator access to their clients’ networks or certainly elevated privileges that could allow an attacker to gain access to servers, security appliances, and databases of multiple clients.
The threat of attack is theoretical. There has been an increase in MSP cyberattacks in recent months, so much so that the U.S. Department of Homeland Security (DHS) has issued a warning to all IT service providers specifically due to an increase in attacks on IT service providers by Chinese government-backed hackers.
The DHS Cybersecurity and Infrastructure Security Agency (CISA) has issued cybersecurity guidance for IT service providers on steps that need to be taken to improve security, detect attacks quickly, and prevent threat actors from gaining access to their clients’ networks. Since companies that use IT service providers have also been warned of the risk of attack through their IT companies, MSPs, MSSPs and CSPs are likely to be contacted by clients wanting reassurances.
IT service providers should therefore be proactive and n ensure that CISA guidance is being followed to better protect themselves and their clients.
Feds Launch Campaign to Raise Awareness of Cyber Risks
CISA is not the only government agency to issue a warning in the past few days. The Trump administration has launched a new campaign to raise awareness of cyber risks in all industry sectors. The “Know the Risk, Raise your Shield campaign is being spearheaded by the National Counterintelligence and Security Center (NCSC) at the Office of the Director of National Intelligence. The campaign has been launched in response to increased cyberattacks from state sponsored hackers in Russia, China, Iran, and North Korea and independent hackers.
The aim of the campaign is to ensure that cybersecurity best practices are being followed to make it much harder for the attackers to succeed. The NCSC is aware that improved cybersecurity comes at a cost, but explains that investment in cybersecurity defenses is money very well spent and reminds businesses that an ounce of security equates to a pound of protection.
How Can Businesses and MSPs Improve Their Defenses?
With MSP cyberattacks on the increase it is essential that defenses are improved. While there are many ways that MSPs and businesses can be attacked, one of easiest ways is phishing. Phishing targets a weak link in security defenses: Employees. If a phishing email is delivered to an inbox and an employee responds, credentials will be obtained by the attacker that gives them a foothold to launch further attacks on other employees and MSP clients.
It is therefore important to improve awareness of the risks and train employees how to recognize email threats and how to react. It is also important to ensure that technical spam defenses are implemented to make sure phishing threats are blocked on the server and are not delivered to end users’ inboxes or local spam folders. SpamTitan is an ideal solution for MSPs to implement to block these phishing attacks on their employees and their clients.
A DNS based web filter should also be implemented to ensure that should a malicious email make it past the spam defenses, employees are prevented from visiting malicious websites. A DNS-based web filter blocks attempts to access malicious sites during the DNS lookup process and adds an extra layer of security against phishing.
For further information on spam filtering and web filtering for businesses and MSPs, speak to the TitanHQ team today.
Other important steps to take to improve security include:
Use of strong password policies
Applying the principle of least privilege
Ensuring network and host-based monitoring systems are implemented and logs are regularly checked for signs of malicious activity
Performing regular vulnerability scans to identify security weaknesses before they are exploited.
New figures released by anti-virus firms McAfee and Symantec have shown the extent to which hackers are using cryptocurrency mining malware in attacks on consumers and businesses.
Cryptocurrency mining malware hijacks system resources and uses the processing power of infected computers to mine cryptocurrencies – Validating transactions so they can be added to the blockchain public ledger. This is achieved by solving difficult computational problems. The first person to solve the problem is rewarded with a small payment.
For cryptocurrency mining to be profitable, a lot of processing power is required. Using one computer for mining cryptocurrency will generate a few cents to a few dollars a day; however, hackers who infect thousands of computers and use them for cryptocurrency mining can generate significant profits for little work.
The use of cryptocurrency mining malware has increased considerably since Q4, 2017 when the value of Bitcoin and other cryptocurrencies started to soar. The popularity of cryptocurrency mining malware has continued to grow steadily in 2018. Figures from McAfee suggest cryptocurrency mining malware has grown by 4,000% in 2018.
McAfee identified 500,000 new coin mining malware in the final quarter of 2017. In the final quarter of 2018, the figure had increased to 4 million. Figures from Symantec similarly show the scale of the problem. In July 2018, Symantec blocked 5 million cryptojacking events. In December, the firm blocked 8 million.
There are many different ways of infecting end users. Hackers are exploiting unpatched vulnerabilities to silently download the malware. They package coin mining malware with legitimate software, such as the open-source media player Kodi, and upload the software to unofficial repositories.
One of the easiest and most common ways of installing the malware is through email. Spam emails are sent containing a hyperlink which directs users to a website where the malware is silently downloaded. Links are similarly distributed through messaging platforms such as Slack, Discord, and Telegram. One campaign using these messaging platforms included links to a site that offered software that claimed to fix coin mining malware infections. Running the fake software installer executed code on the computer which silently downloaded the malware payload.
Unlike ransomware, which causes immediate disruption, the presence of cryptocurrency mining malware may not be noticed for some time. Computers infected with coin mining malware will slow down considerably. There will be increased energy usage, batteries on portable devices will be quickly drained, and some devices may overheat. Permanent damage to computers is a possibility.
The slowdown of computers can have a major impact for businesses and can result in a significant drop in productivity if large numbers of devices are infected. Businesses that have transitioned to cloud computing that are charged for CPU usage can see their cloud bills soar.
Anti-virus software can detect known coin mining malware, but new malware variants will be unlikely to be detected. With so many new malware variants now being released, AV software alone will not be effective. It is therefore important to block the malware at source. Spam filters, such as SpamTitan, will help to prevent malicious emails from reaching end users’ inboxes. Web filters, such as WebTitan, prevent users from accessing infected websites, unofficial software repositories, and websites with coin-mining code installed that uses CPU power through browser sessions.
A new variant of capitalinstall malware is being used in targeted attacks on a variety of organizations, in particular those in the healthcare and retail industries.
The main purpose of capitalinstall malware is to install an adware package named Linkury that is used to hijack browser sessions on Windows devices. When Linkury adware has been installed, web search results can be altered to display results which would otherwise not be displayed. An infected machine will display unwanted adverts but could also download unwanted programs, some of which may pose a security risk.
Capitalinstall malware has been linked to various malicious websites, although the adware package is actually being hosted on Azure blog storage which is often trusted by organizations and is often whitelisted.
The malware is installed via an executable file that has been packaged inside an ISO file, with the ISO file hosted on websites that offer keys to unlock popular software such as Adobe Creative Cloud.
Upon running the file, a crack for the software claims to be installing and the user is directed to a website where they are urged to install other programs and browser add-ons, such as cryptocurrency miners, with various enticing reasons provided for installing those programs.
This method of distributing unwanted and potentially harmful software is likely to grow in popularity as it offers a way of bypassing security solutions by taking advantage of inherent trust in cloud storage providers.
A web filtering solution can offer protection against downloads of unwanted programs by preventing end users from visiting potentially malicious websites. WebTitan scans and assesses web pages in real time and prevents users from accessing malicious websites and other sites that violate corporate Internet usage policies. With WebTitan in place, users can be prevented from visiting websites that are used for distributing potentially unwanted programs (PUPs) and malware.
In addition to technical controls, it is important to cover the risks of installing unauthorized software in security awareness training, especially the use of software license cracks. These executable files commonly have spyware, adware, and other forms of malware packaged into the installers.
Managed Service Providers can spend a significant amount of time dealing with phishing attacks and other security breaches. While MSPs provide an invaluable service and help their clients deal with cyberattacks, by providing security services, MSPs can not only protect their clients and prevent attacks, but also save themselves a considerable amount of time and improve their bottom lines.
The Devastating Consequences of an SMB Cyberattack
Successful cyberattacks on businesses can be catastrophic. The average cost of a data breach has now risen to $3.86 million, according to the Ponemon Institute. Such a high cost means many SMBs struggle to stay in business following a major breach.
A data breach can cause a significant drop in share price. While many businesses see share prices return to near pre-breach levels around 6 months after a major breach, many SMBs do not survive that long. Figures from the National Cyber Security Alliance show that up to 60% of SMBs permanently close their doors within 6 months of suffering a data breach.
Not only do businesses have to cover the cost of remediating a breach, they can lose market share which can be difficult to recover. Customers can also be very unforgiving. If customers’ personal information is exposed as a result of a data breach, the loss of business can be considerable. The damage caused to the reputation of a business by a cyberattack can take a very long time to repair.
Many SMBs believe they are too small to be worth hacking, yet the National Cyber Security Alliance’s figures show that is far from the case. 70% of cyberattacks target small businesses, and while not all of those attempts are successful, nearly 50% of SMBs around the globe report that they have experienced at least one successful cyberattack.
Cybersecurity Solutions for MSPs
MSPs that start offering cybersecurity to their clients can prevent the majority of these cyberattacks, providing the right solutions are chosen. Businesses will naturally need a robust firewall to prevent direct attacks, but many attackers are able to bypass this perimeter control by targeting the weakest link in security: Employees.
Cybercriminals are able to bypass perimeter controls by sending phishing emails to employees. Two recent examples have clearly demonstrated this. The San Diego School District discovered a hacker had gained access to its network and a database of 500,000 staff and student records with phishing emails. 50 email accounts were compromised in that attack. Cape Cod Community College also experienced a phishing attack targeting the finance department, the end result of which was fraudulent transfers being made to criminal-controlled bank accounts totaling more than $800,000. End user training could have made all the difference, as could an advanced spam filtering solution – both of which could easily be provided by MSPs.
Why Web Filtering Should be Part of Your Security Stack
Email security is an area often lacking at SMBs, even though email is the most common attack vector. Web-based attacks are also common, and this is an area where many SMBs are particularly vulnerable. This is another area where MSPs can help improve security.
Web filtering is often overlooked as traditionally this has been a security control that is difficult for MSPs to implement. Appliance-based filters require hardware purchases and site visits. Standard web filters require content to be downloaded before access is blocked and that they can cause major latency problems. DNS filtering solves these problems. Since filtering takes place at the DNS level, controls are applied before any content is downloaded and latency issued are avoided and web-based threats are blocked at source. Since there is no need for hardware to be purchased, it is cost effective for most businesses to implement. There are also no software downloads and deploying the solution is a quick and easy Process. Everything can be set up remotely in a matter of minutes and clients can be protected from malware attacks, phishing, and ransomware downloads while also controlling content and blocking illegal and unacceptable web activity.
WebTitan: MSP-Friendly Web Filtering to Protect Wired and Wireless Networks
In contrast to many DNS-based web filtering solutions, WebTitan has been developed to meet the needs of MSPs. One of the main problems with most DNS-based web filters for MSPs is the inability to add MSP branding. It is abundantly clear it is a third-party solution.
WebTitan can be totally rebranded, allowing MSPs to add their own logos and reinforce their brand image. WebTitan can be hosted on TitanHQ’s servers or within an MSPs own environment. WebTitan also has a well-established channel program and offers special pricing packages specifically for MSPs with generous margins and monthly billing. No other web filtering solution is as MSP friendly.
Other key features of WebTitan include:
Highly granular filtering controls: Filter by category, content, and keyword
Supports whitelists and blacklists
Intuitive control panel requiring no user training
Highly scalable solution with virtually no upper limit on number of clients or users
Embedded malware filter supported by dual AV engines
Extensive reporting suite and ability to brand and schedule client reports
Real time view of web activity
Remote management and monitoring via APIs and easy integration into billing and auto-provisioning systems
Flexible polices for different environments and users
Protection for wired and WiFi networks
Ability to provision new clients in minutes
Full product available on a free trial
Industry leading customer support
For further information on TitanHQ’s cybersecurity solutions for MSPs including WebTitan Cloud, WebTitan Cloud for WiFi, and the TitanHQ spam filter, SpamTitan Cloud, contact the MSP Program Team today.
Local authorities and private sector bus companies are now adding Wi-Fi services to their bus fleets, but without appropriate Wi-Fi security for busses, bus fleet operators can run into problems.
There is no doubt that Wi-Fi is a big hit with passengers, especially for long distance travel. Business commuters can connect to email and their work network without having to use their own data and all passengers can enjoy a variety of digital entertainment, such as Internet-based games, online crosswords, YouTube videos, or all manner of Internet based applications, all without eating into their monthly data allowance.
In locations where people have a choice of different transport, the provision of a reliable Wi-Fi network can be a big attraction that can win more business.
Wi-Fi Security for Busses
There are some considerations when providing Wi-Fi on busses. Wi-Fi security for busses is important to ensure that the Wi-Fi network cannot be used for malicious purposes. Over the summer, it was clearly demonstrated how this can easily happen. A hacker was able to hack into the Wi-Fi network on planes and view the Internet activity of passengers, as well as gain access to other important devices on airplanes – All from the ground.
Appropriate Wi-Fi security for busses should be implemented to protect the privacy of passengers, but also to ensure they can use the Wi-Fi network safely. Bus companies should be taking steps to protect passengers from harmful content, such as sites hosting malware and phishing websites.
Content Control for Busses
A third-party Wi-Fi network offers anonymity and some users take advantage and access types of content that they would not access on their home networks. Bus fleet operators have a responsibility to block illegal activity on their Wi-Fi networks.
If a passenger accesses adult content on the Wi-Fi network of a bus, there is a risk that other passengers will catch a glimpse of the screen and children could be exposed to obscene content. It is the responsibility of bus fleet operators to implement content controls to prevent passengers from accessing inappropriate content.
Controlling Bandwidth Use on Busses
There is also the issue of bandwidth. Ensuring all users have decent bandwidth and can connect to the network and enjoy reasonable Internet speeds comes at a cost. If several passengers are using applications or visiting websites that require a considerable amount of bandwidth, that will naturally have an impact on other users of the Wi-Fi network. Limiting what users can do while connected to Wi-Fi networks can save bandwidth and costs. Preventing, or restricting, high bandwidth applications such as video streaming, online games such as Fortnite, and large file downloads can help to conserve bandwidth.
DNS-Level Content Filtering
All of the above issues can be easily solved with a single, cost effective solution – A web filter. A web filter allows network administrators to carefully control what users can do online. It offers both content control and Wi-Fi security for busses by blocking access to illegal content, preventing malware downloads, and offering protection from phishing. Categories of web content can be blocked to create a family-friendly Wi-Fi network and control bandwidth use.
Traditional web filters require an appliance through which Internet traffic is routed. This is a costly way of adding Wi-Fi security for busses. A DNS-level filter on the other hand is a low cost, flexible solution that serves the same purpose. When a user connects to the Wi-Fi network, the DNS process sends domain names to the name server and the name server returns the IP address associated with the application server. When content is filtered at the DNS level, no software needs to be downloaded and no appliances need to be purchased.
Not only do DNS-level filters offer excellent Wi-Fi security for busses, they also save on bandwidth as content is not downloaded before the decision is taken to block the content.
WebTitan Cloud for Wi-Fi – Content Filtering and Wi-Fi Security for Busses
WebTitan Cloud for Wi-Fi is an ideal web filtering solution for bus fleets. Since it is DNS-based it is easy to implement, highly scalable, and is cost-effective to set up and run. WebTitan Cloud for Wi-Fi can protect entire bus fleets, in multiple cities, and licenses can be easily scaled up and down to meet bus operators’ needs.
Some of the key features of WebTitan Cloud for Wi-Fi are detailed below:
No hardware purchases or software downloads required
No patching or software updates required
Protects multiple Wi-Fi routers from a single, web-based administration control panel
Protects against malware with dual anti-virus engines
Protects users from phishing and other malicious websites
Allows network administrators to protect the Wi-Fi network from unauthorized users
Highly granular controls allow precise content control without overblocking content
Block content by category with a single click
No latency – Internet speeds are unaffected
Supports static and dynamic IPs
Supports whitelists and blacklists
No restriction on bandwidth, number of devices, or the number of hotspots
Full suite of reports gives network administrators full visibility into their Wi-Fi networks and user activity
If you are looking to improve Wi-Fi security for busses and want to implement content controls to keep your Wi-Fi networks family-friendly, contact TitanHQ today for further information on WebTitan Cloud for Wi-Fi.
Many businesses now offer their customers free access to their Wi-Fi networks, but if guest Wi-Fi best practices are not followed, opening up Wi-Fi networks to guest users is not without risk. You may have provided security awareness training to your employees, but guest users are unlikely to be as careful while connected to your network. Customers and guests may accidentally download malware or visit malicious websites, or even engage in illegal activities due to the anonymity offered by someone else’s Wi-Fi network.
If guest Wi-Fi best practices are not followed, there will be people that take advantage of your lax security. They could launch an attack on your business network, explore your network assets, change router settings, or even gain access to confidential data.
If you run a hotel, restaurant, shop, or another business that provides Wi-Fi access to customers, it is important to create a safe browsing environment for all Wi-Fi users and take steps to secure your access points and control the activities that users can engage in while connected.
Guest Wi-Fi Best Practices for Hotspot Providers
Create A Separate Wi-Fi Network for Guests and Employees
You will no doubt have a Wi-Fi network that is used by your employees. It is important that this is totally separate from the one used by guests and customers. Guest users should access a totally separate network. Ideally, there should be a network firewall that separates guest users from employees. If you use enterprise switches, create a separate VLAN for access points that broadcast the guest wireless SSID. Also make sure you use a software firewall to block traffic from the guest network from your company’s servers and computers. Also make sure guest users can only access the Internet while connected.
Naming Your SSID
An SSID is the name you give to your Wi-Fi network that identifies it as belonging to your business. Care should be taken when choosing a name. Your choice should depend on the nature of your business and who the Wi-Fi network serves. If you run a coffee shop, for instance, you should make it clear which is your Wi-Fi network and prominently display that information. That will make it harder for rogue hotspots to be created to fool customers into connecting to an evil twin – A hotspot set up and controlled by a hacker to fool customers into connecting in the belief it is your hotspot.
Encrypt your Wireless Signals
Unsecured Wi-Fi networks may be easier to set up and use, but they also allow anyone within range to connect, even if they are not in your establishment. To connect, it should be necessary for a password to be entered. You should also encrypt your wireless network to make it harder for hackers to intercept users’ data. Secure your wireless network with WPA2 encryption or, even better, WPA3 if it is supported by your access point.
Create a Safe Browsing Experience and Control the Internet Content That Can be Accessed
You should develop and implement a guest Wi-Fi access policy covering what is and is not permitted on your Wi-Fi network. You should also enforce that policy with technical controls. A cloud-based web filter is ideal for this.
It is easy to deploy and configure and will allow you to carefully control the content that can be accessed while connected. You should block access to known malicious sites and illegal web content through blacklists. Category based filters are useful for blocking access to inappropriate content such as pornography and restricting bandwidth-heavy activities that can slow down Internet speeds for all users. By filtering content, not only will you keep your Wi-Fi users protected, you will also reduce legal liability and ensure that your Wi-Fi network is family friendly.
Adopt these guest Wi-Fi best practices to improve safety and security, keep your customers protected, and make it harder for cybercriminals to attack your network or your guest users.
It’s the time of year when the poor password practices of users are highlighted. This month has seen the list of the worst passwords of 2018 published and a list of 2018’s worst password offenders.
The Worst Passwords of 2018
So, what were the worst passwords of 2018? SplashData has recently published a list of the worst passwords of 2018 which shows little has changed since last year. End users are still making very poor password choices.
To compile the list, SplashData analyzed passwords that had been revealed through data dumps of passwords obtained in data breaches. More than 5 million exposed passwords were sorted to find out not only the weakest passwords used, but just how common they were. The list of the top 100 worst passwords of 2018 was published, although we have only listed the top 25 worst passwords of 2018:
Unsurprisingly, there has been no change in the top two passwords this year. 123456 and password have held number 1 and 2 spots for the past five years. Donald is a new addition but would not keep a user’s account secure for long, even if their name isn’t Donald. 654321 is also new this year but offers little more protection than 123456.
Other new entries include qwerty123 and password1 – Clear attempts to get around the requirement of including numbers and letters in a password.
How common are the worst passwords of 2018? According to SplashData, 3% of users have used 123456 and 10% of people have used at least one password in the list of the top 25 worst passwords of 2018!
Poor Password Practices and the Worst Password Offenders of 2018
DashLane has published its list of the worst password offenders of the year. In addition to the list containing users who have made very poor password choices by selecting some of the worst passwords of 2018, the report highlights some of the terrible password practices that many individuals are guilty of. Poor password practices that render their passwords absolutely useless.
This year has seen many major password failures, several of which came from the White House, where security is critical. Topping the list was a password faux pas by a visitor to the oval office – Kanye West. Not only was ‘Ye’ guilty of using one of the worst possible passwords on his phone ‘000000’, he also unlocked his phone in full view of an office full of reporters who were filming his meeting with President Trump. Ye’s poor password was broadcast to the nation (and around the world). This incident highlights the issue of ‘shoulder surfing.’ Looking over someone’s shoulder at their screen to see passwords being entered. Something that can easily happen in public places.
Another White House password failure concerned a staffer who committed the cardinal password sin of writing down a username and password to make it easier to remember. It is something that many employees do, but most do not write it on White House stationary and then leave the document at a bus stop.
Password security should be exemplary at the White House, but even more so at the Pentagon. Even staff at the Pentagon are guilty of poor password hygiene, as was discovered by Government Accountability Office (GAO) auditors. GAO auditors discovered default passwords were used for software associated with weapons systems. Default passwords are publicly available online which renders them totally useless. GAO auditors were also able to guess admin passwords with full privileges in only 9 seconds.
These are just three examples of terrible password practices. While they are shocking given the individuals concerned, they are sadly all too common.
Password Best Practices to Keep Accounts Secure
A password prevents other individuals from gaining access to an account and the sensitive information contained therein. Choose a strong password or passphrase and it will help to make sure that personal (or business) information remains confidential. Choose a weak password and an account can easily get hacked. Choose an exceptionally weak password and you may as well have no password at all.
To ensure passwords are effective, make sure you adopt the password best practices detailed below:
Make sure you set a password – Never leave any account open
Always change default passwords – They are just placeholders and are next to useless
Never reuse old passwords
Use a unique password for all accounts – Never use the same password for multiple accounts
Do not use names, dictionary words, or strings of consecutive numbers or letters
Ensure passwords are longer than 8 characters and contain at least one number, lowercase letter, uppercase letter, and a symbol – Long passphrases that are known only to you are ideal
Use a random mix of characters for passwords and use a password manager so you don’t have to remember them. Just make sure you set a very strong password for your password manager master password.
Set up multi-factor authentication on all of your accounts
Never write down a password
Never share passwords with others, no matter how much you trust them
Password Best Practices for Businesses
Verizon’s 2018 Data Breach Investigations Report revealed 81% of hacking-related data breaches were due to weak passwords or stolen credentials. It is therefore critical that businesses adopt password best practices and ensure users practice good password hygiene. Businesses need to:
Train end users on good password hygiene and password best practices
Enforce the use of strong passwords: Blacklist dictionary words, previously exposed passwords, previously used passwords, and commonly used weak passwords
Set the minimum password length to 8 characters (or more) and avoid setting a maximum length to encourage the use of passphrases.
Follow the password advice published by the National Institute of Standards and Technology (NIST)
Don’t enforce password changes too often. End users will just reuse old passwords or make very minor changes to past passwords.
Implement multi-factor authentication
Encrypt all stored passwords
Consider the use of other authentication methods – Fingerprint scanners, facial recognition software, voice prints, or iris scans
Educational institutions are being targeted by cybercriminals for all manner of nefarious purposes: To obtain the personal information of staff and students for identity theft and tax fraud, to steal university funds, and to steal university research.
University research theft is an easy income stream for hackers. Research papers can command high prices on the black market and are highly sought after by nation state governments and businesses.
This fall, the UK’s Daily Telegraph revealed Iranian hackers were selling research papers that had been stolen from top British Universities including Oxford and Cambridge. Several Farsi websites were identified advertising free access to university research papers, including an offer of university research theft to order. Provide the details and, for a price, the research be found and sent through an encrypted channel.
There were papers for sale on highly sensitive subjects such as nuclear research and cybersecurity defenses. Even less sensitive subjects are valuable to foreign businesses. The research could help them gain a competitive advantage at the expense of universities. In the case of Iran, universities are being used to gain access to Western research that would otherwise be off limits due to current sanctions.
It is not just British universities that are being targeted. The hackers are infiltrating university research databases the world over, and it is not just Iranian hackers that have tapped into this income stream. University research theft is a growing problem.
How Are University Databases Breached?
One of the main ways access to research databases is gained is through phishing – A simple method of attack that requires no programming know-how and no malicious software. All that is required is a little time and the ability to create a website.
Phishing emails are sent to staff and students that request a visit a webpage where they are required to enter their credentials to academic databases. If the credentials are disclosed, the phishers have the same access rights as the user. The phishers then download papers or advertise and wait for requests to roll in. They then just search the database, download the papers, and provide them to their customers.
Various social engineering techniques are used to entice users to click the links. Requests are sent instructing the user that they need to reset their password, for instance. The web pages they are directed to are exact copies of the sites used by the universities. Apart from the URL, the websites appear perfectly genuine.
Unfortunately, once credentials have been obtained it can be difficult for universities to discover there has been a breach since genuine login credentials are used to access the research databases.
How to Prevent University Research Theft
No single cybersecurity solution will protect universities from all phishing attacks. The key to mounting an effective defense against phishing is layered phishing defenses.
The primary cybersecurity solution to implement is an advanced spam filter to ensure as many phishing emails as possible are blocked and messages containing malicious attachments do not reach inboxes. SpamTitan for instance, blocks more than 99.9% of spam and phishing messages and 100% of known malware. Even advanced spam filtering solutions will not block all phishing emails, so additional controls are required to deal with the <0.1% of phishing emails that are delivered.
While a web filter can be used to block access to categories of web content such as pornography, it will also block access to known malicious websites: Websites used for phishing and those that host malware.
End user security awareness training is also essential. End users are the last line of defense and will remain a weak link unless training is provided to teach them how to identify malicious emails. Staff and students should be conditioned to report threats to their security teams to ensure action can be taken and to alert first responders when the university is under attack.
Multi-factor authentication should also be implemented. If credentials are stolen and used to access a database, email account, computer, or server, from an unfamiliar device or location, a further form of authentication is required before access is granted.
Universities should have security monitoring capabilities. Logs of access attempts and should generated and network and user activity should be monitored for potential compromises.
For further information on anti-phishing defenses and cybersecurity solutions that can help prevent university research theft, contact the TitanHQ team today.
There has been much debate over the use of web filters for libraries. On one side are those that believe that as places of learning, there should be no restrictions placed on the types of information that can be accessed through libraries. Libraries house books that are sexually explicit, racist, or contain material some may find distasteful or offensive, but banning those books would be inappropriate.
That same thinking has been applied to the Internet, access to which is often provided in libraries. The application of a web filter to block certain types of content is viewed as unacceptable by some people, even if as a result of a lack of technical controls library computers are used to access hardcore pornography. The American Library Association does not advocate the use of web filters for libraries, instead suggesting acceptable usage policies and educational programs are more appropriate.
The other camp considers the use of web filters in libraries to be a necessity to ensure libraries can be used by children and adults without others subjecting them to obscene and potentially harmful web content. Acceptable usage policies only discourage users from accessing pornography. Policies do not prevent such activities.
New Hampshire Library Considers Using Web Filtering Technology to Block Porn
The use of public library computers for viewing offensive sexual content is common. There have been many cases of library patrons discovering other users accessing adult content on computers in full sight of other users, as was recently the case at the Lebanon Public Library in New Hampshire.
A complaint was made to Lebanon Public Library about two children (of middle school age) who are alleged to have used the library computers to access pornography. Jim Vanier, youth center coordinator for the Carter Community Building Association, overheard the children discussing pornography at the computers, although they denied accessing adult content.
Vanier’s complaint prompted the Library Board of Trustees to form a task force to investigate current internet usage policies and the task force will consider whether a web filter is appropriate for the library.
While web filters for libraries are available to prevent obscene videos and images from being accessed, relatively few libraries have started implementing even the most basic content controls. The Children’s Internet Protection Act requires the use of web filters in libraries and schools, but only as a condition to obtain e-rate discounts and federal grants. In order to qualify for funds, obscene images, child pornography, and other information deemed harmful to minors must be blocked.
The municipal libraries in Lebanon have taken steps to curb Internet misuse and have introduced policies that prohibit computers from being used for any disruptive or inappropriate behavior, including the viewing of images of a pornographic nature. However, policies alone are insufficient to prevent all cases of inappropriate Internet use.
The reason why many libraries choose not to apply filters is often because web filters for libraries are not perfect, and as a result, they could filter out unintended content.
Accuracy of Content Blocking by Web Filters for Libraries
While there have been issues with web filters for libraries overblocking content in the past, there have been major advances in web filtering technology over the past 10 years. Web filters can now more accurately assess and categorize content.
WebTitan Cloud, for instance, has highly granular controls and allows libraries to carefully control the content that can be accessed without overblocking.
While there is potential for user error when setting policies, WebTitan Cloud solves this issue by having an easy to use user interface that requires no technical skill to use. This helps to eliminate user error that often leads to overblocking of web content.
With WebTitan Cloud, libraries can easily filter out pornography, child pornography, and other obscene and harmful content to comply with CIPA and meet parents’ expectations without restricting access to valuable, educational websites.
WebTitan Cloud also blocks access to websites that host malware to prevent malicious software from being downloaded onto library computers, as well as blocking a wide range of Internet threats such as phishing.
WebTitan Cloud – An Accurate and Easy to Use Web Filter for Libraries
WebTitan Cloud is an ideal web filter for libraries. It is 100% cloud-based so not costly hardware purchases are required. It is easy to implement, simple to use, and allows Internet content to be carefully controlled without blocking access to valuable educational material.
Some of the key features in TitanHQ’s web filters for libraries have been detailed below:
WebTitan Cloud Features
Highly granular controls to allow precise filtering of Internet content
Unmatched combination of coverage, accuracy, and flexibility
Real-time classification of more than 500 million websites and 6 billion web pages in 200 languages
100% coverage of the Alexa 1 million most visited websites
Easy to use interface requiring no technical skill
100% cloud-based filtering – No hardware purchases or software downloads required
Supports Safe Search and YouTube for Schools
Supports whitelists and blacklists for creating exceptions to allow/block content outside general policy controls
Category-based filtering allows blocking through 53 pre-defined website categories and 10 customizable categories
Customizable block pages
Supports time-controlled cloud keys to allow certain users to bypass filtering controls – for research purposes for instance
Provides full visibility into network usage
Full reporting suite including real-time Internet activity
For further information on TitanHQ’s web filter for libraries, to arrange a product demonstration, and to register for a free trial to evaluate WebTitan Cloud in your own environment, contact the TitanHQ team today.
Are you looking for a Cisco OpenDNS alternative that is both easier to use and much more cost effective? On Wednesday December 5, 2018, you can discover how you can save money on web filtering without cutting any corners on protection.
A web filter is now an essential cybersecurity solution to protect against web-based threats such as phishing, viruses, malware, ransomware, and botnets. A web filter also allows businesses to carefully control the online activities of employees by restricting access to NSFW web content such as pornography and curb productivity-draining Internet use.
In addition to offering threat protection and content control on wired networks, a DNS-based web filter offers protection for BYOD and company owned devices regardless where they connect to the Internet. Multiple locations can be protected through a central web-based console.
A DNS-based web filter is cost effective to implement as no hardware purchases are required and no software needs to be installed. A DNS-based filter is also easy to maintenance and requires no software updates or patches.
With DNS-based filters, content control and online threat protection is simple; but what about cost? Many businesses have looked at Cisco OpenDNS to meet their web filtering requirements but are put off due to the high cost. Fortunately, there is a more cost-effective way of filtering the Internet.
TitanHQ and Celestix are hosting a webinar on a WebTitan-powered Cisco OpenDNS alternative, Celestix WebFilter Cloud.
Celestix will be joined by by TitanHQ EVP of Strategic Alliances, Rocco Donnino, and Senior Sales Engineer, Derek Higgins, who will explain how Celestix WebFilter Cloud works, why it is an ideal Cisco OpenDNS alternative, and how you can have total protection against web-based threats at a fraction of the cost of running OpenDNS.
The webinar will be taking place on Wednesday December 5, 2018 at 10:00 AM US Pacific Time
A massive Marriott data breach has been detected which could affect as many as 500 million individuals who previously made bookings at Starwood Hotels and Resorts. While the data breach is not the largest ever reported – The 2013 Yahoo breach exposed around 3 billion records – it shares second place with the 2014 Yahoo data breach that also impacted around half a billion individuals.
Largest Ever Hotel Data Breach
The Marriott data breach may not have affected as many people as the 2013 Yahoo data breach but due to the types of information stolen it is arguably more serious. Approximately 173 million individuals have had their name, mailing address, email address stolen and around 327 million individuals have had a combination of their name, address, phone number, email address, date of birth, gender, passport number, booking data, arrival and departure dates, and Starwood Guest Program (SPG) account numbers stolen. Further, Marriott also believes credit card details may have been stolen. While the credit card numbers were encrypted, Marriott cannot say for certain whether the two pieces of information required to decrypt the credit card numbers was also obtained by the hacker.
In addition to past guests at Starwood Hotels and Resorts and Starwood-branded timeshare properties, guests at Sheraton Hotels & Resorts, Westin Hotels & Resorts, W Hotels, St. Regis, Aloft Hotels, Element Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, and Four Points by Sheraton have been affected, along with guests at Design Hotels that participate in SPG program.
The data breach was detected by Marriott on September 8, 2018, following an attempt by an unauthorized individual to access the Starwood database. The investigation revealed the hacker behind the attack first gained access to the Starwood database in 2014. It is currently unclear how access to the database was gained.
The Marriott hotels data breach is naturally serious and will prove costly for the hotel group. Marriott has already committed to offering U.S. based victims free enrollment in WebWatcher, has paid for third party experts to investigate and help mitigate the data breach, and the hotel group will be bolstering its security and phasing out Starwood systems.
Even though the Marriott hotels data breach has only just been announced, two class action lawsuits have already been filed. One of the lawsuits seeks damages totaling $12.5 billion – $25 per breach victim.
There is also a possibility of a E.U. General Data Protection Regulation (GDPR) fine. Fines of up to €20 million are possible, or 4% of global annual turnover, whichever is greater. That could place Marriott at risk of a $916 million (€807 million) fine. The UK’s Information Commissioner’s Office – the GDPR supervisory authority in the UK – has been notified of the breach and is making enquiries.
Harder to calculate is the damage to the Marriott brand. Share prices dropped by 8.7% following the Marriott data breach announcement, and they are currently around $5 down. While share prices will likely recovery over time, the breach will almost certainly result in loss of business.
Risk of Marriott Data Breach Related Phishing Attacks
Email notifications sent to breach victims by Marriott came from the domain: email-marriott.com. Rendition Infosec/FireEye researchers purchased the domains email-marriot.com and email.mariott.com shortly after the announcement to keep them out of the hands of scammers. Other similar domains may be purchased by less scrupulous individuals to be used for phishing.
A breach on this scale is also ideal for speculative phishing attempts that spoof the email domain used by Marriott. Mass email campaigns are likely to be sent randomly in the hope that they will reach breach victims or individuals that have previously stayed at a Marriott hotel or one of its associated brands.
Consequently, any email received that is related to the breach should be viewed as potentially malicious.
In 2016, Starbucks agreed to filter out pornography from its WiFi networks, but two years on and a Starbuck WiFi filter has yet to be applied anywhere other than the UK.
The 2016 promise came in response to public pressure to take action to prevent customers from abusing its free WiFi network to view pornography. While Starbucks had an acceptable use policy and prohibited the viewing of pornography on its WiFi network, there were no controls in place to prevent customers from accessing such content.
Leading the campaign for a Starbucks WiFi filter was the Internet safety group Enough is Enough. Back in 2016, as part of its Porn Free WiFi Campaign (since renamed SAFE WiFi Campaign) the group stepped up its efforts to convince big businesses to take the lead and implement filtering technology to enforce acceptable internet usage policies on their free WiFi networks. McDonalds and Starbucks were two such brands that were petitioned by the group – a coalition of 75 partner organizations.
More than 50,000 petitions were sent to Starbucks and McDonald’s in 2016, and in response, both agreed to start filtering pornographic web content on their WiFi networks. While McDonald’s acted quickly and started blocking adult content, the Starbucks WiFi filter failed to materialize. The coffee shop chain did implement a WiFi filter in its UK locations, but the Starbucks WiFi filter was not rolled out in other countries.
Since McDonalds took the lead and created a family-friendly free WiFi network, Chick-fil-A has followed suit and has implemented a WiFi filter in its 2,200 restaurants, as have many other restaurant and coffee shop chains. However, two years on and Starbucks has not made good on its promise. The lack of apparent action prompted Enough is Enough to issue a new call for the coffee shop chain to take action.
Enough is Enough Issues Fresh Call for Starbucks WiFi Filter Rollout
“Starbucks has had a tremendous opportunity to put its best foot forward in protecting its customers from images deemed obscene and illegal under the law, but they haven’t budged, despite their promise two years ago and despite the fact that they voluntarily filter this same content in the UK,” said Enough is Enough president and CEO, Donna Rice Hughes. “By breaking its commitment, Starbucks is keeping the doors wide open for convicted sex offenders and others to fly under the radar from law enforcement and use free, public WiFi services to access illegal child porn and hard-core pornography.”
Despite the promise, there has been little news issued on the Starbucks WiFi filter front. “To date, no action has taken place to suggest Starbucks has moved forward with its public commitment. EIE has made repeated attempts to reach out to Starbucks executives by phone, e-mail and certified mail since 2016. Starbucks has remained unresponsive with the exception of a form letter from customer relations,” explained Donna Rice Hughes on November 26, 2018.
Enough is Enough has called for members of the public to petition Starbucks once again and demand a WiFi filtering solution be applied to prevent customers from accessing inappropriate content in its coffee shops.
Starbucks has now confirmed to Business Insider that the chain has been taking action and has been evaluating WiFi filtering solutions to determine whether they can be applied to block access to pornography without inadvertently blocking other types of content. A solution has now been chosen at last and it will be rolled out in 2019.
WiFi Filtering Made Simple with WebTitan Cloud for WiFi
While web filters have been criticized in the past for overblocking web content, today, web filters such as TitanHQ’s WebTitan Cloud for WiFi allow fine control of Internet content thanks to highly granular controls. Blocking access to pornography, or any other category of Internet content, requires just a couple of clicks of a mouse.
WebTitan Cloud for WiFi includes 53 preset categories of Internet content that can be filtered out in seconds once the solution has been implemented. Implementing WebTitan Cloud for WiFi, configuring the filter, and protecting customers (and employees) takes just a few minutes. No hardware purchases are required, and no software downloads are necessary. Simply change the DNS to point to WebTitan and controls can easily be applied.
In addition to blocking pornography, illegal content such as child pornography and copyright-infringing file downloads via P2P file sharing sites and be blocked. WiFi users will also be protected from malicious sites that download malware, phishing websites, and other web-based threats.
WebTitan Cloud for WiFi is highly scalable and can be used to protect multiple WiFi access points, regardless of where they are located, through an easy-to-use web-based interface. With WebTitan Cloud for WiFi, filtering the Internet and protecting customers could not be any easier.
If you run a business and you offer your customers free, unfiltered WiFi access, now is the perfect time to make a change and send a message to your customers that you are leading the fight against online pornography and are taking action to protect customers by creating a family-friendly WiFi environment.
Contact TitanHQ today for more information, to book a product demonstration, or to sign up for a free WebTitan Cloud for WiFi trial.
Managed Service providers that want to start offering WiFi filtering to clients should contact the TitanHQ MSP Program team to find out how WebTitan (and other TitanHQ products) can be integrated into their security stacks.
Business email compromise (BEC) attacks cost businesses billions of dollars each year, and business email account compromises are soaring.
What is a Business Email Compromise Attack?
As the name suggests, these attacks involve the hijacking of business email accounts. The primary aim is to compromise the account of the CEO or CFO, which is usually achieved through a spear phishing attack. Once the email account has been compromised, it is used to send phishing emails to other employees in the company, most commonly, employees in the accounts, finance, and payroll departments.
The emails commonly request wire transfers be made to accounts under the control of the attackers. Requests are also made for sensitive information such as the W-2 Forms of employees.
Since the emails are sent from the CEO or CFO’s own account, there is a much higher chance of an employee responding to the request than to a standard phishing attempt from an external email address. Since the emails come from within an organization, they are also much harder to detect as malicious – a fact not lost on the scammers.
With access to the email account, it is much easier to craft convincing messages. The signature of the CEO can be copied along with their style of writing from sent messages. Email conversations can be started with employees and messages can be exchanged without the knowledge of the account holder.
Fraudulent transfers of tens or hundreds of thousands of dollars may be made and the W-2 Forms of the entire workforce can be obtained. The latter can be used to submit fake tax returns in victims’ names to obtain tax refunds. The profits for the attackers can be considerable, and with the potential for a massive payout, it is no surprise that these attacks are on the rise.
Business Email Account Compromises Have Increased by 284% in a Year
FBI figures in December 2016 suggest $5.3 billion had been lost to BEC scams since October 2013. That figure had now increased to $12.5 billion. More than 30,000 complaints of losses due to BEC attacks were reported to the FBI’s Internet Crime Complaints Center (IC3) between June 2016 and May 2018.
The specialist insurance service provider Beazley has been tracking business email account compromises. The firm’s figures show business email account compromises have increased each quarter since Q1, 2017. In the first quarter of 2017, 45 business email account compromises were detected. In Q2, 2018, 184 business email account compromises were detected. Between 2017 to 2018, there was a 284% increase in compromised business email accounts.
While the CEO’s email credentials are often sought, the credentials of lowlier employees are also valuable. Any email account credentials that can be obtained can be used for malicious purposes. Email accounts can be used to send phishing messages to other individuals in an organization, and to business contacts, vendors, and customers.
Beazley notes that once one account has been compromised, others will soon follow. When investigating business email account compromises, businesses often discover that multiple accounts have been compromised. Typically, a company is only aware of half the number of its compromised accounts.
The High Cost of Resolving Business Email Account Compromises
Business email account compromises can be extremely costly to resolve. Forensic investigators often need to be brought in to determine the full extent of the breach. Each breached email account must then be checked to determine what information has been compromised. While automated searches can be performed, manual checks are inevitable. For one client, the automated search revealed 350,000 document attachments had potentially been accessed, and each of those documents had to be checked manually to determine the information IT contained. The manual search alone cost the company $800,000.
How to Protect Your Organization from Business Email Compromise Attacks
A range of measures are required to protect against business email compromise attacks. An advanced spam and anti-phishing solution is required to prevent phishing and spear phishing emails from being delivered to inboxes.
SpamTitan is an easy-to-implement spam filtering solution that blocks advanced phishing and spear phishing attacks at source. In contrast to basic email filters, such as those incorporated into Office 365, SpamTitan uses heuristics, Bayesian analysis, and machine learning to identify highly sophisticated phishing attacks and new phishing tactics. These advanced techniques ensure more than 99.9% of spam and malicious messages are blocked.
The importance of security awareness training should not be underestimated. End users should be trained how to recognize phishing attempts. Training should be ongoing to ensure employees are made aware of current campaigns and new phishing tactics. Phishing simulation exercises should also be conducted to reinforce training and identify weak links.
Multi-factor authentication is important to prevent third parties from using stolen credentials to access accounts. If a login attempt is made from an unfamiliar location or unknown device, an additional form of identification is required to access the account.
Password policies should be enforced to ensure that employees set strong passwords or passphrases. This will reduce the potential for brute force and dictionary attacks. If Office 365 is used, connection to third party applications should be limited to make it harder for PowerShell to be used to access email accounts. A web filtering solution should also be implemented to block access to phishing accounts where email credentials are typically obtained.
Defense in depth is the key to protecting against BEC attacks. For more information about email and web security controls to block BEC attacks, give the TitanHQ team a call. Our experienced advisers will recommend the best spam and web filtering options to meet the needs of your business and can book a product demonstration and set you up for a free trial.
A massive malvertising campaign has been detected that has so far hijacked at least 300 million browser sessions in the space of just 48 hours.
What is Malvertising?
Malveristing is a method of generating traffic to websites that would otherwise be unlikely to be visited by Internet users. The technique involves using code in adverts submitted to advertising networks to redirect users to a specific website. Clicking a link in one of the adverts can trigger multiple redirects, first to the site detailed in the Ad code, then onto another web page.
Malvertising is often used to direct Internet users to malicious websites, such as those hosting exploit kits that probe for vulnerabilities and silently download malware or phishing websites, tech support scams, and other scam sites.
As spam filtering technology has improved, fewer spam emails are being delivered to inboxes, which means fewer individuals click links in emails and visit malicious websites. Malvertising is a suitable alternative that generates huge volumes of traffic.
Users Directed to Phishing Websites
The latest malvertising campaign is being used to direct Internet users to a variety of web pages, including adult websites and ‘You’ve Won a Gift Card’ scams.
Malvertising is nothing new and there are more than a dozen threat actors that are primarily using this method to generate traffic to web pages, but this campaign stands out due to its scale and the volume of visitors that have been redirected to malicious websites.
How to Protect Your Business from Malvertising Attacks
As with spam email, malvertising is a serious risk for businesses. The majority of businesses now use a spam filtering solution to prevent malicious messages from reaching inboxes, but fewer businesses have protections in place to prevent their employees from malvertising and other web-based attacks.
Anti-virus and anti-malware solutions may identify malware downloads that take place through these malicious websites, but usually only once the malware has been downloaded. Since most AV solutions are signature-based, if a new malware variant is downloaded it will not be detected.
The most effective way of blocking malvertising is a web filtering solution. A web filter is most commonly used to control the types of content that can be accessed by employees and serves a similar purpose to parental control software. However, in contrast to parental control solutions, enterprise class-web filtering solutions also prevent network users from accessing malicious websites such as those used for phishing and to distribute malware.
WebTitan Cloud – An Easy to Use, Powerful Web Filtering Solution
WebTitan Cloud is an enterprise-class web filtering solution that has been developed to offer protection against web-based attacks, including malvertising.
WebTitan Cloud is a 100% cloud-based web filtering solution. As such, it requires no hardware purchases or software downloads. Implementation is quick and easy and only takes a few minutes. No technical skill is required to start filtering the Internet and start protecting your business from web-based threats.
In addition to blocking access to malicious websites, WebTitan Cloud allows users to restrict internet activity through 53 category-based filters. More than 700 million URLs are crawled, analyzed, and categorized every day, and the solution provides 100% coverage of the Alexa top 1 million most visited websites and blocks more than 3 million malicious URLS at any one time. More than 7,500 businesses around the world trust WebTitan to protect them from malicious web content.
WebTitan Cloud is also an ideal web filtering solution for managed service providers (MSPs), allowing them to easily add web filtering to their security stacks. WebTitan Cloud comes with a variety of hosting options, including the option of hosting the solution within an MSP’s own data center. The solution can also be provided as a white-label ready to take MSP branding.
For further information on WebTitan Cloud for managed service providers and SMBs, details of pricing, and to book a product demonstration, contact the TitanHQ team today.
WiFi networks are a potential security weak point for businesses, although the introduction of WPA3 will improve Wi-Fi security. WPA3 Wi-Fi security enhancements address many WP2 vulnerabilities, but WPA3 alone is not enough to block all WiFi threats.
WiFi Security Protocols
The WPA WiFi security protocol was introduced in 1999, and while it improved security, cracking WPA security is far from difficult. Security enhancements were introduced with WPA2 in 2004, but while more secure, WPA2 does not fix all vulnerabilities. Little has changed in the past 14 years, but at long last, WPA3 is here. Use WPA3 and Wi-Fi security will be significantly enhanced, as several important WP2 vulnerabilities have been fixed.
WPA3 WiFi Security Enhancements
One of the biggest WiFi security threats is open networks. These are WiFi networks that require no passwords or keys. Users can connect without entering a pre-shared key. All a user needs to know is the SSID of the access point to connect. These open networks are used in establishments such as coffee shops, hotels, and restaurants as it is easy for customers to connect. The problem is users send plain text to the access point, which can easily be intercepted.
WPA3 spells an end to open networks. WPA3 uses Opportunistic Wireless Encryption (OWE). Any network that does not require a password, will encrypt data without any user interaction or configuration. This is achieved through Individualized Data Protection or IDP. Any device that attempts to connect to the access point receives its own key from the access point, even if no connection to the AP has been made before. This control means the key cannot be sniffed and even if a password is required, having access to that password does not allow the data of other users to be accessed.
Another security enhancement that has been made in WP3 reduces potential for password cracking attacks such as the WPA2 KRACK Attack. WPA2 is vulnerable to brute force and dictionary-based attacks. That is because security relies on the AP provider setting a secure password and many establishments don’t. With WPA3, the Pre-Shared Key (PSK) exchange protocol is replaced with Simultaneous Authentication of Equals (SAE) or the Dragonfly Key Exchange, which improves security of the initial key exchange and offers better protection against offline dictionary-based attacks.
WPA3 also addresses security vulnerabilities in the WiFi Protected Setup (WPS) that made it easy to link new devices such as a WiFi extender. In WPA3, this has been replaced with Wi-Fi Device Provisioning Protocol (DPP).
Configuring IoT devices that lack displays has been made easier, the 192-bit Commercial National Security Algorithm is used for enhanced protection for government, defense and industrial networks, and better controls have been implemented against brute force attacks. These and other enhancements mean WPA3 is far more secure.
Unfortunately, at present, very few manufacturers support WPA3, although that is likely to change in 2019.
WPA3 WiFi Security Issues
Even with WPA3 WiFi security enhancements, WiFi networks will still be vulnerable. WPA3 includes encryption for non-password-protected networks, but it does not require authentication. That is up to hotspot providers to set. WPA3 it is just as susceptible to man-in-the-middle attacks and offers no protection against evil twin attacks. The user must ensure they access the genuine access point SSID.
The connection to the AP may be more secure, but WPA3 does not offer protection against malware downloads. Users will still be at risk from malicious websites unless a DNS filtering solution is used – A web filter to protect WiFi networks.
Improve WiFi Security with a DNS-Based WiFi Filtering Solution
A DNS-based WiFi filtering solution such as WebTitan Cloud for WiFi protects users of a WiFi network from malware attacks, ransomware downloads, and phishing threats. The cloud-based filter also allows businesses that provide WiFi access points to carefully control the content that can be accessed by employees, customers, and other guest users.
By upgrading to WPA3 WiFi security will be improved. With WebTitan Cloud for WiFi, users will also be protected once they are connected to the network.
Further information on WebTitan Cloud for WiFi is detailed in the video below. For further information on WiFi security, including WebTitan pricing and to book a product demonstration, contact the TitanHQ team today.
Businesses that fail to secure their WiFi networks are taking a huge risk, and one that could prove catastrophic. In this article we explain why WiFi security is so important and cover the main WiFi filtering security benefits for businesses.
What are the Consequences of Poor Cybersecurity?
Customers often feel loyal to a particular brand. The company gives them what they want, the prices are reasonable, the quality of products/services are good. One of the most important factors influencing customer loyalty is trust in a brand. If trust in a brand is lost, it can be difficult win customers back. They may be permanently lost. Those customers then speak to their friends and colleagues and word spreads and further business can be lost.
One of the easiest ways to lose the trust of customers is a data breach. Ask customers why they love a particular brand, and “The company keeps my data safe” will not make the top ten list. That said, if a company experiences a data breach, customers will leave in droves.
Some industries are more prone to high customer churn rates following a data breach than others. The healthcare and insurance industries do experience customer loss, but many breach victims are tied to those providers and leaving is not straightforward. The banking and retail industries on the other hand see high churn rates. There is usually plenty of choice and customers explore other options after a breach.
A study of 10,000 consumers by Gemalto in November 2017 showed 70% of customers would stop doing business with a company after a data breach. Could your business cope with an overnight loss of 70% of your customers?
Further, the cost of a data breach report revealed the average cost of a data breach has now risen to $3.86 million. A 70% loss of customers and a $3.86 million data breach bill would prove catastrophic for many businesses. It is therefore no surprise that the National Cyber Security Alliance reports that 60% of SMBs go out of business within 6 months of a data breach.
Defense in Depth is Essential
The Gemalto study found that 62% of consumers felt that a company that holds their data is responsible for security, highlighting the importance customers place on the privacy of their data.
For businesses, ensuring systems and data are kept secure can be a major challenge. The only way to meet that challenge is through defense in depth. A range of cybersecurity solutions are required to secure systems and data, block cyberattacks, and prevent data breaches.
The best place to start is by performing a risk assessment to highlight all potential risks to your systems and data. Consider all possible ways that an attack can occur, assess the risk of each, and develop a risk management plan to address those risks, addressing the highest risk areas first.
While many companies implement a host of network and email security solutions, one area of security that is often overlooked is the WiFi network, even though WiFi poses a considerable risk, not only to the business but also to customers that are allowed to connect to the WiFi network. Some of the important WiFi filtering security benefits are detailed in the section below.
Important WiFi Filtering Security Benefits for Businesses
There are many WiFi filtering security benefits for businesses. Implementing a WiFi filter will not only improve security for the business and its customers, it can also help to improve the productivity of the workforce.
Some of the most important WiFi security benefits are detailed below:
Block Malware and Ransomware Downloads
One of the most important WiFi filtering security benefits for businesses is protection from malware and ransomware downloads. Malware allows hackers to steal customer data, intellectual property, and obtain credentials to plunder corporate bank accounts. Malware infections can prove incredibly costly to resolve and ransomware attacks can bring businesses to a grinding halt. A WiFi filter help improve security by blocking access to sites hosting exploit kits and preventing drive-by malware downloads.
Prevent WiFi Users from Visiting Phishing Websites
Phishing is a major risk for all businesses. While most phishing attacks start with an email, they invariably link to websites that harvest credentials. A WiFi filter ensures that employees and guest users cannot access websites known to be used for phishing.
Stop Users from Accessing Illegal Website Content
Businesses have a responsibility to ensure that their WiFi networks cannot be used to access illegal content such as child pornography or to perform copyright-infringing file downloads. In addition to the potential for these actions to lead to legal problems for employers, these illegal online activities increase the risk of a malware infection.
Prevent Users from Accessing Inappropriate Websites
Businesses should take steps to prevent employees and guest WiFi users from accessing inappropriate websites – Websites that have no work purpose and those that are likely to cause offense to other individuals – adult content for example. Inappropriate internet use is a major drain of productivity and poses a security risk.
Other Important WiFi Filtering Benefits
All companies must take steps to reduce legal liability and employee Internet access is one area where companies can experience legal problems. Web content that seems funny to some employees could be highly offensive to others and lead to the creation of a hostile working environment and subsequent legal action by employees. Any company that fails to block illegal online activities such as copyright-infringing downloads, could be found to be vicariously liable for the actions of its WiFi users.
Businesses can use a WiFi filter to control bandwidth use. By blocking access to bandwidth heavy activities such as video streaming at busy times, business can ensure all users can enjoy fast Internet speeds.
WebTitan Cloud for WiFi: WiFi Filtering Made Simple
Gaining the above WiFi filtering security benefits is easy with TitanHQ’s innovative WiFi filtering solution – WebTitan Cloud for WiFi.
WebTitan Cloud for WiFi is easy to implement, simple to use, and effortless to maintain. WebTitan Cloud for WiFi allows businesses to carefully control Internet access, reduce risk, make important productivity gains, and improve their security posture.
WebTitan Cloud for WiFi can be implemented in minutes, requires no hardware purchases and needs no software downloads. An intuitive user interface can be accessed from anywhere with an internet connection and no technical skill is required to configure and maintain the solution.
WebTitan Cloud for WiFi allows business of all sizes to gain the WiFi filtering security benefits with no slowing of Internet speeds.
WebTitan WiFi Filtering Security Benefits
Blocks access to web pages hosting malware
Blocks ransomware, malware, virus, and botnet downloads
Prevents employees and guests from accessing phishing websites
Requires no user updates or patches
Blocks the use of anonymizers
Inspects all Internet traffic, including encrypted content
Reports can be generated to show which employees are attempting to bypass filtering controls
Policies can be created for different users, departments, or locations
Different filtering controls can be set for employees and guest WiFi users
For further information on WebTitan Cloud for WiFi, details of pricing, to book a product demonstration, or to sign up for a free 14-day trial of the full solution, contact the TitanHQ team today.
Many employees access their work emails and work networks via public Wi-Fi hotspots, even though there is a risk that sensitive information such as login credentials could be intercepted by hackers. Many employees are unaware of the Wi-Fi security threats that lurk in their favorite coffee shop and fail to take precautions. Even employees who are aware of the Wi-Fi security threats often ignore the risks.
This was highlighted by a 2017 survey by Symantec. 55% of survey participants said they would not hesitate to connect to a free Wi-Fi hotspot if the signal was good and 46% said they would rather connect to a free, open wireless network than to wait to get a password to a secure access point.
60% of survey participants believed public Wi-Fi networks are safe and secure but even though 40% are aware of the Wi-Fi security threats, 87% said that they would access financial information such as their online banking portal or view their emails on public Wi-Fi networks.
The majority of users of public Wi-Fi networks who were aware of the Wi-Fi security threats said they ignored the risks. Millennials were the most likely age group to ignore Wi-Fi security threats: 95% of this age group said they had shared sensitive information over open Wi-Fi connections.
Consumers may be willing to take risks on public Wi-Fi networks, but what about employees? According to a 2018 Spiceworks survey, conducted on 500 IT professionals in the United States, employees are also taking risks.
61% of respondents to the survey said their employees connect to public Wi-Fi hotspots in coffee shops, hotels, and airports to work remotely. Only 64% of respondents said their employees were aware of the Wi-Fi security threats. A similar percentage said their employees were aware of the risks and connect to their work networks using a VPN, which means that 4 out of 10 workers were unaware of the importance of establishing a secure connection.
Even though 64% of respondents were confident that employees were aware of the risks, only half were confident that data stored on mobile devices was adequately protected against threats from public Wi-Fi hotspots. 12% of respondents said they have had to deal with a public Wi-Fi related security incident, although a further 34% were not sure if there had been a security breach as many incidents are never reported.
WiFi Security Threats Everyone Should be Aware of
All employers should now be providing security awareness training to their employees to make the workforce more security aware. Employees should be trained how to identify phishing attempts, warned of the risk from malware and ransomware, and taught about the risks associated with public Wi-Fi networks.
Five threats associated with open public Wi-Fi hotspots are detailed below:
Evil Twins – Rogue Wi-Fi Hotspots
One of the most common ways of obtaining sensitive information is for a cybercriminal to set up an evil twin hotspot. This is a fake Wi-Fi access point that masquerades as the legitimate access point, such as one offered by a coffee shop or hotel. An SSID could be set up such as “Starbuck Guest Wi-Fi” or even just state the name of the establishment. Any information disclosed while connected to that hotspot can be intercepted.
Using a packet sniffer, a hacker can identify, intercept, and monitor web traffic over unsecured Wi-Fi networks and capture personal information such as login credentials to bank accounts and corporate email accounts. If credentials are obtained, a hacker can gain full control of an account.
Many people have file-sharing enabled on their devices. This feature is useful at home and in the workplace, but it can easily be abused by hackers. It gives them an easy way to connect to a device that is connected to a Wi-Fi hotspot. A hacker can abuse this feature to drop malware on a device when it connects to a hotspot.
Not all threats are hi-tec. One of the simplest methods of obtaining sensitive information is to observe someone’s online activities by looking over their shoulder. Information such as passwords may be masked so the information is not visible on a screen, but cybercriminals can look at keyboards and work out the passwords when they are typed.
Malware and Ransomware
When connecting to a home or work network, some form of anti-malware control is likely to have been installed, but those protections are often lacking on public Wi-Fi hotspots. Without the protection of AV software and a web filter, malware can be silently downloaded.
Employers can reduce risk by providing comprehensive training to employees to make sure they are aware of the risks from public Wi-Fi hotspots and make sure that employees are aware they should only connect to public Wi-Fi networks if they use a VPN. Employers can further protect workers with WebTitan Cloud – An enterprise-class web filter that protects workers from online threats, regardless of where they connect.
Hotspot providers can protect their customers by securing their Wi-Fi hotspots with WebTitan Cloud for Wi-Fi. WebTitan Cloud for Wi-Fi is a powerful web filter that protects all users of a hotspot from malware and phishing attacks, and can also be used to control the types of sites that can be accessed. If you offer Wi-Fi access, yet are not securing your hotspot, your customers could be at risk. Contact TitanHQ today to find out how you can protect your customers from online threats, control the content that can be accessed, and create a family-friendly Wi-Fi environment.
In this post we explain the importance of WiFi filtering and brand protection. It can take years of hard work for businesses to develop trust in their brand. That trust can easily be lost if customers are not protected while connected to business WiFi networks and come to harm or suffer losses.
If Trust is Lost in a Brand it Can Take Years to Recover
Trust is a cornerstone of all successful brands, but it is not something that can be developed overnight. Developing trust in a brand takes an extraordinary amount of time and money, but once established, companies will be rewarded by customer loyalty.
While trust can be difficult to earn, it is certainly not difficult to lose. One of the easiest ways for consumers to lose trust in a brand is through privacy breaches and cyberattacks. If the personal data of customers is exposed or stolen, customers will lose faith in the brand and are likely to take their business elsewhere.
A 2017 study by Gemalto revealed 70% of customers would stop doing business with a company that failed to protect their personal data and suffered a data breach. Regaining customers trust after a data breach can take years. Protecting customer data is therefore essential if a business is to succeed and continue to enjoy success.
Wi-Fi Security and Brand Protection
One aspect of security that is often overlooked is protecting customers who connect to Wi-Fi networks. Many businesses offer free Wi-Fi access to their customers yet fail to implement controls over what customers can do while connected. Consequently, customers may be exposed to malware, phishing, and other harmful content.
Even businesses that claim to be family friendly often do not always filter the Internet and block access to adult and other age-inappropriate web content. It was only relatively recently that McDonald’s started filtering its WiFi networks to protect customers. Starbucks has also agreed to implement WiFi filters to block porn next year.
How are Wi-Fi filtering and brand protection related? Imagine someone uses your WiFi network to access pornography and a child views their screen? Or a parent finds out their child has been viewing adult content on the establishment’s Wi-Fi network? It only takes one person to complain via a social media network for the story to go viral and for the company’s reputation to be tarnished. The same goes for a malware infection as a result of an establishment failing to implement anti-malware controls on its WiFi network.
Implementing a WiFi filter shows customers that you are doing all you can to protect them from online threats and harmful content. WiFi security is therefore important for brand protection.
There have also been cases of businesses temporarily losing Internet access over illegal Internet activity – Employees who have used a corporate WiFi network to engage in illegal activities such as downloading pirated content. ISPs can terminate internet access if complaints are received and loss of Internet access can cripple a business. Legal action can also be taken by the copyright holder against the business.
WebTitan Cloud for WiFi: The Easy Way to Secure Wi-Fi Networks
TitanHQ has been protecting SMBs from cyber threats for more than 20 years and has expanded its portfolio of solutions to cover WiFi security and brand protection solutions.
TitanHQ has developed WebTitan Cloud for WiFi to make it easy for businesses to secure their WiFi networks and for MSPs to offer WiFi filtering to their clients.
WebTitan Cloud for WiFi is a 100% cloud based WiFi filtering solution that is quick and easy to implement and requires no hardware purchases or software downloads. The solution blocks malware downloads, access to malicious websites, lets businesses carefully control the content that can be accessed via their Wi-Fi networks and control bandwidth use by employees and customers. In short, WebTitan Cloud for WiFi lets businesses create a safe environment to access the Internet.
To find out more about WebTitan Cloud for WiFi, including details on pricing, contact TitanHQ today. All businesses can book a product demonstration and sign up for a free WebTitan Cloud for WiFi trial to evaluate the solution in their own environment.
On May 25, 2018, the EU’s General Data Protection Regulation came into effect. While all businesses should now be compliant, there are still GDPR opportunities for MSPs. Smart MSPs see GDPR as an opportunity for profit and are winning business by helping companies streamline their data management processes. The compliance deadline may have already passed, but there are many GDPR opportunities for MSPs. MSPs can help companies stay compliant, reduce the time their clients have to spend on compliance-related tasks, improve security, and save businesses money.
Key GDPR Opportunities for MSPs
GDPR compliance and security services are a potential gold mine for MSPs. MSPs will have had to go through the GDPR compliance process themselves, so they should already be well versed in what is required. They will have gained valuable insights into GDPR through that process, which can be passed on to their clients.
GDPR compliance solutions that MSPs use could be offered to clients as a service. GDPR also provides an opportunity to sell clients additional security services to ensure the data of their customers are properly protected. With fines up to €20 million or 4% of global income possible, there is a major incentive for ensuring continued compliance with the GDPR.
There are security opportunities such as data encryption, spam filtering, and web filtering, which can be grouped together and sold as a GDPR security package. MSPs can offer auditing services to ensure their clients are fully compliant with GDPR.
It is a requirement of GDPR for companies to appoint a Data Protection Officer (DPO), but many SMBs lack the internal talent. While a DPO may have been assigned, the time that is spent on that role could be put to better use. One of the GDPR opportunities for MSPs is offering a DPO-as-a-service to fulfil that aspect of GDPR compliance for their clients.
Email Archiving for MS Exchange – An Easy Win for MSPs
Any business that collects or processes the data of EU citizens must have mechanisms in place that allow them to find all data related to an individual. An EU citizen can contact a company and request a copy of the information that is held on them, and if they so wish, can request that the processing of their data is stopped and have their data deleted.
When individuals exercise their right to erasure – or right to be forgotten – a company is required to honor that request within 30 days. In order to be able to process those requests efficiently, a company must know the location of all its data. Companies should therefore have conducted an audit of their systems to identify all locations where personal data are stored. When a request is received, the individual’s data can then be quickly found and deleted.
Personal data may also be detailed in emails and locating those emails can be a major challenge. Any company that does not use an email archive is likely to face problems finding all emails in backups. Since an email archive is searchable, it is a quick and easy process to locate all emails related to a specific individual. The introduction of GDPR creates a compelling case for purchasing an email archiving solution – which is another of the GDPR opportunities for MSPs.
By offering email archiving for MS Exchange or other mail services, MSPs can help their clients comply with GDPR requirements for security, data retention, auditing, and the right to erasure.
ArcTitan: An Easy Email Archiving Service for MSPs
ArcTitan is an easy to use and easy to manage email archiving service that has been developed to meet the needs of businesses and managed service providers.
ArcTitan is a cloud-based secure archive deployed on AWS that is compliant with GDPR for email retention and auditing as well and all major regulatory standards. ArcTitan is compatible with all major mail servers and email services and will meet the requirements of the most demanding clients.
The solution provides almost instant access to data, gives instant search results, and allows instant archiving. A search of 30 million emails takes less than a second and messages are archived at a rate of more than 200 per second. The solution is also scalable to more than 60,000 users.
To meet the needs of MSPs, ArcTitan is available with a range of hosting options – In the TitanHQ Cloud, a dedicated private cloud, or ArcTitan can be deployed in an MSP’s own data center. API integration allows MSPs to provision customers through their own centralized management system, there is a growth-enabling licensing program, and usage-based pricing and monthly billing. ArcTitan is also rebrandable and can be supplied as a white label ready to take an MSP’s logos and corporate colors.
If you have yet to offer email archiving to your clients or you are unhappy with your current provider’s service or the margin, contact the TitanHQ team today.
A new phishing campaign is bypassing Office 365 anti-phishing defenses and arriving in employees’ inboxes; one of several recent campaigns to slip through the net and test end users’ security awareness knowledge.
The aim of this campaign is not to obtain login credentials or install malware. It is a sextortion scam that aims to get email recipients to make a payment to the scammers.
The scam itself is straightforward. The sender of the email claims to be a hacker who has gained access to the victim’s computer and has installed malware. That malware allowed full access to the user’s device, including control of the webcam. The email claims that the webcam was used to record the victim while he/she was accessing adult web content. The attacker claims to have spliced the webcam recording with the images/videos that were being viewed at the time. The attacker claims the video will be sent to the user’s contacts on social media and via email.
Several similar sextortion scams have been conducted in the past few months, but what makes this campaign different is the extent of the deception. In this campaign, the attacker includes the user’s password in the email body.
I’m a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
This is your password from [user’s email]on moment of hack: [user’s password]”
The password may not be the one currently used, but it is likely to be recognized as it has been taken from a previous data breach. However, its inclusion will be especially worrying for any user who does not regularly change their password and for users that share passwords across multiple sites or reuse old passwords. Changing the password will not block access, according to the email
“Of course, you can and will change it, or already have changed it.
But it doesn’t matter, my malware updated it every time.”
For anyone who has viewed adult content on a laptop or other device with a webcam, this message will no doubt be extremely concerning. Especially, as the email contains ‘evidence’ of email compromise. The From field of the email displays the user’s own email address, indicating that the attacker has sent it from the user’s email account.
The attacker notes in the email, “Do not try to contact me or find me, it is impossible, since I sent you an email from your account.”
While scary, the attacker does not have access to the user’s email account. The From field has been spoofed. This is actually straightforward with a Unix computer set up with mail services. Mass emails can be sent out using the same email address in the From field as the Address field, giving the impression that the messages have been sent from the users’ accounts.
The hacker notes that this is not his/her usual modus operandi. “You are not my only victim, I usually lock computers and ask for a ransom. But I was struck by the sites of intimate content that you often visit.” That will be a particular worry for some users.
To prevent distribution of the video, the user must pay $892 in Bitcoin to the specified address and many email recipients have chosen to pay to avoid exposure. The Bitcoin wallet used for the scam has received 450 payments totaling 6.31131431 BTC – around $27,980. Multiple Bitcoin wallets are often used by scammers, so the actual total is likely to be far higher.
Bypassing of Office 365 Anti-Phishing Defenses a Cause for Concern
This scam may not have any direct impact on a business, as no credentials are compromised, and malware is not installed; however, what is of concern is how the messages have bypassed Office 365 phishing defenses and are arriving in inboxes. The scam was first identified in late September and the messages continued to be delivered to Office 365 inboxes, even those with Advanced Threat Protection that companies pay extra for to provide greater protection against spam and phishing emails.
This is of course just one scam. Others have similarly breached Office 365 anti-phishing defenses, many of which are much more malicious in nature and pose a very real and direct threat to businesses. Office 365 anti-phishing protections do block a lot of threats, and protection is improved with Advanced Threat Protection, but the controls are not particularly effective at blocking sophisticated phishing attempts and zero-day attacks.
The volume of phishing attacks on businesses that are now being conducted, the sophisticated nature of those attacks, and the high cost of mitigating a phishing attack and data breach mean businesses need to improve Office 365 anti-phishing defenses further. That requires a third-party spam solution.
For more than 20 years, TitanHQ has been developing security solutions to protect inboxes and block web-based attacks. During that time, our spam filtering solution, SpamTitan, has been gathering threat intelligence, analyzing spamming and phishing tactics, and protecting end users. Over the years, SpamTitan has receive many updates to improve protection against new threats and phishing tactics. Independent tests have shown SpamTitan now has a catch rate in excess of 99.9%.
The incorporation of a range of predictive techniques ensure SpamTitan is not reliant on signatures and can detect never-before seen phishing attempts and zero-day attacks, and provide superior protection against spam, phishing, malware, viruses, ransomware, and botnets for Office 365 users.
To better protect your email channel and keep your Office 365 inboxes threat free, contact TitanHQ today to schedule a full personalized demo of SpamTitan and to find out just how cost effective the solution is for SMBs and enterprises.
If you are using Umbrella and are finding the web filtering solution to be a drain of your time or your budget, consider making the switch from Umbrella to WebTitan.
Web Filtering Doesn’t Have to be Complicated
There are many factors that need to be considered when choosing a web filtering solution. Aside from allowing you to identify and block threats and control the content that can be accessed by network users, a web filter should be easy to configure and maintain.
To get the most benefit from your chosen solution, you will need to have all the information you need at your fingertips. You should be able to tweak settings, block/unblock sites, and get the reports you need on users that are attempting to, or succeeding in, accessing dangerous web content.
All too often, it is only when the solution is set up that the discovery is made that it is a pig to use. The information you need is not easily accessible and maintaining and managing the solution is headache inducing. However, it needn’t be that way.
Usability is one area where WebTitan excels. WebTitan is powerful, feature rich, yet simple to use. WebTitan can be used by anyone, regardless of their level of IT knowhow. The user interface is crisp, clean, and provides all the important information in one place.
Complex interfaces mean more time is spent making minor changes and accessing reports, which takes time away from more important tasks. Further, if Your IT team hates using a solution, they will spend as little time as possible using it, and that could jeopardize security.
That is exactly what was happening with Saint Joseph Seminary College, which, after experiencing problems, made the switch from Cisco Umbrella to WebTitan.
Benefits of Switching from Umbrella to WebTitan: A Case Study
Web filter usability was a key issue for Saint Joseph Seminary College, which had been using Cisco Umbrella to control the web content staff and students could access. While Umbrella did allow content controls to be applied, using the solution was time consuming and difficult. Finding information, generating reports, and changing settings was just taking too much time. So much time that IT department avoided using the solution as far as possible. Hardly an ideal situation for such an important college cybersecurity control.
“I prefer an interface to be simple while giving me as much information as possible in one place. I don’t need rounded corners and elegant fonts when I am trying to see who has been visiting dangerous websites. I need to clearly see domain names and internal IPs,” explained Saint Joseph’s IT Director, Todd Russell. Russell went on to explain that it wasn’t always that way. “In my opinion, after Cisco bought OpenDNS, they made some major changes to the UI which made it virtually useless for quickly looking through blocked traffic for signs of particular types of usage.”
This is sadly a common problem. In an attempt to cram in as many features as possible into a user interface, too little consideration is given to the people that have to use and manage the solution. For busy IT departments, it is important to make things as simple as possible. Sysadmins have more than their fair share of complexity as it is.
It was the complexity of Umbrella – and the cost – that led Saint Joseph’s to see an Umbrella alternative.
An Easy to Use, More Cost-Effective Alternative to Umbrella
When looking for an Umbrella alternative, several solutions were considered; however, TitanHQ’s feature-rich web filter, WebTitan, stood out from the crowd and warranted closer inspection.
“It didn’t take long to realize that WebTitan was the best alternative for an efficient, cost-effective, and easy to use filtering solution to replace Cisco Umbrella,” explained Russell.
WebTitan has been developed with usability at the heart of the design process. Before UI changes are made, they are extensively tested to make sure they do not negatively impact the user experience.
After switching from Umbrella to WebTitan, the benefit was immediately gained. The IT department had easy access to actionable insights into threat traffic and web activity. Reports could be generated and viewed with two clicks of the mouse, The IT department liked using the solution, and further, an enormous amount of time was saved, and costs were slashed.
“WebTitan immediately gave us visibility into our users’ traffic. Within days, the UI allowed us to see clear signals of dangerous activity. Thanks to the easily accessible and understandable data available on the WebTitan UI, we have been able to launch investigations more quickly and work on remediation.” Said Russell. “The whole experience with WebTitan has been terrific.”
Benefits Gained from the Switch from Umbrella to WebTitan
By changing from Umbrella to WebTitan, Saint Joseph’s was able to:
Have easy access to actionable insights on threats and web activity
Remediate issues far more quickly
Quickly generate basic and advanced reports
Secure data and users more effectively
Slash administration and remediation time
Reduce the cost of web security by 50%
Block thousands more threats per hour
Time to Change from Umbrella to WebTitan?
If you want to gain the above benefits, it could not be simpler. Contact the TitanHQ team to schedule a product demonstration to see just how easier WebTitan is to use. You can also trial WebTitan before you make a decision to confirm the benefits for yourself. You will get access to the full product in the trial, assistance will be provided to get you up and running, and full support is available through out the trial period.
Why is DNS filtering for MSPs so important? Find out how you can better protect your clients against web-based attacks and the MSP benefits of offering this easy to implement cybersecurity solution.
A recent survey conducted by Spiceworks has revealed that DNS filtering is now considered an essential element of cybersecurity defenses at the majority of large firms. A survey was conducted on companies with more than 1,000 employees which revealed 90% of those firms are using a solution such as a DNS filter to restrict access to the internet to protect against malware and ransomware attacks.
89% of firms use DNS filters or other web filtering technology to improve productivity by blocking access to sites such as social media platforms, 84% of firms block access to inappropriate websites, and 66% use the technology to avoid legal issues.
Given the risk of a malware or ransomware download over the Internet and the high cost of mitigating such an attack, it is no surprise that so many large firms are using web filtering technology to reduce risk.
Why DNS Filtering is so Important for SMBs
Phishing attacks and ransomware/malware downloads are major risks for large businesses, but SMBs face the same threats. SMBs are also less likely to have the resources to cover the cost of such an attack. For example, the average cost of a ransomware attack on an SMB is $46,800, according to Datto, and many SMBs fold within 6 months of experiencing a data breach.
DNS filtering is an important control to prevent malware and ransomware attacks over the Internet, both by blocking downloads and preventing employees from visiting malicious websites where malware is downloaded. Web filters are also essential as part of phishing defenses.
According to the Spiceworks survey, 38% of organizations have experienced at least one security incident as a result of employee Internet activity. By restricting access to certain categories of website and blocking known malicious websites, SMBs will be much better protected against costly attacks.
Add to that the amount of time that is lost to casual internet surfing and web filtering is a no-brainer. 28% of employees waste more than 4 hours a week on websites unrelated to their work, but the percentages rise to 45% in mid-sized businesses and 51% of employees in small businesses.
There is no latency with DNS filtering, plus controls can be implemented to restrict certain bandwidth heavy activities to improve network performance.
DNS Filtering for MSPs – The Ideal Web Filtering Solution
DNS web filtering is a low-cost cybersecurity solution that actually pays for itself in terms of the productivity gains and the blocking of cyber threats that would otherwise lead to data breaches. Further, in contrast to appliance-based web filters, DNS filtering requires no hardware purchases or software installations which means no site visits are required. DNS filtering can be set up for clients remotely in a matter of minutes.
DNS filtering is ideal for MSPs as it is hardware and software independent. It doesn’t matter what devices and operating systems your clients have because DNS filtering simply forwards web traffic to a cloud-based filter without the need to install any clients or agents on servers or end points.
TitanHQ’s DNS filtering for MSPs has a low management overhead, so there is little in the way of ongoing maintenance required. A full suite of customizable reports can be automatically generated and sent to clients to show them what threats have been blocked, and who in the organization has been trying to access restricted content, and the employees who are the biggest drain on network performance.
MSPs can easily add in web filtering to existing security packages to provide greater value or offer web filtering as an add-on service to generate extra, recurring monthly revenue and attract more business.
If you are yet to offer web filtering to your clients, call TitanHQ today for more information on our DNS filtering for MSPs and for further information on the MSP Program program.
One of the ways that threat actors install malware is through malvertising – The placing of malicious adverts on legitimate websites that direct visitors to websites where malware is downloaded. The HookAds malvertising campaign is one such example and the threat actors behind the campaign have been particularly active of late.
The HookAds malvertising campaign has one purpose. To direct people to a website hosting the Fallout exploit kit. An exploit kit is malicious code that runs when a visitor lands on a web page. The visitor’s computer is probed to determine whether there are any vulnerabilities – unpatched software – that can be exploited to silently install files.
In the case of the Fallout exploit kit, users’ devices are checked for several known Windows vulnerabilities. If one is identified, it is exploited and a malicious payload is downloaded. Several malware variants are currently being delivered via Fallout, including information stealers, banking Trojans, and ransomware.
According to threat analyst nao_sec, two separate HookAds malvertising campaigns have been detected: One is being used to deliver the DanaBot banking Trojan and the other is delivering two malware payloads – The Nocturnal information stealer and GlobeImposter ransomware via the Fallout exploit kit.
Exploit kits can only be used to deliver malware to unpatched devices, so businesses will only be at risk of this web-based attack vector if they are not 100% up to date with their patching. Unfortunately, many businesses are slow to apply patches and exploits for new vulnerabilities are frequently uploaded to EKs such as Fallout. Consequently, a security solution is needed to block this attack vector.
HookAds Malvertising Campaign Highlights Importance of a Web Filter
The threat actors behind the HookAds malvertising campaign are taking advantage of the low prices offered for advertising blocks on websites by low quality ad networks – Those often used by owners of online gaming websites, adult sites, and other types of websites that should not be accessed by employees. While the site owners themselves are not actively engaging with the threat actors behind the campaign, the malicious adverts are still served on their websites along with legitimate ads. Fortunately, there is an easy solution that blocks EK activity: A web filter.
TitanHQ has developed WebTitan to allow businesses to carefully control employee Internet access. Once WebTitan has been installed – a quick and easy process that takes just a few minutes – the solution can be configured to quickly enforce acceptable Internet usage policies. Content can be blocked by category with a click of the mouse.
Access to websites containing adult and other NSFW content can be quickly and easily blocked. If an employee attempts to visit a category of website that is blocked by the filter, they will be redirected to a customizable block screen and will be informed why access has been prohibited.
WebTitan ensures that employees cannot access ‘risky’ websites where malware can be downloaded and blocks access to productivity draining websites, illegal web content, and other sites that have no work purpose.
Key Benefits of WebTitan
Listed below are some of the key benefits of WebTitan
No hardware purchases required to run the web filter
No software downloads are necessary
Internet filtering settings can be configured in minutes
Category-based filters allow acceptable Internet usage policies to be quickly applied
An intuitive, easy-to-use web-based interface requires no technical skill to use
No patching required
WebTitan Cloud can be applied with impact on Internet speed
No restriction on devices or bandwidth
WebTitan is highly scalable
WebTitan protects office staff and remote workers
WebTitan Cloud includes a full suite of pre-configured and customizable reports
Reports can be scheduled and instant email alerts generated
Suitable for use with static and dynamic IP addresses
White label versions can be supplied for use by MSPs
Multiple hosting options are available
WebTitan Cloud can be used to protect wired and wireless networks
For further information on WebTitan, for details of pricing, to book a product demonstration, or register for a free trial, contact the TitanHQ team today.
Further information on WebTitan is provided in the video below:
Hackers are targeting healthcare organizations, educational institutions, hotels, and organizations in the financial sector, but restaurants are also in hackers’ cross-hairs. If restaurant cybersecurity solutions are not deployed and security vulnerabilities are not addressed, it will only be a matter of time before hackers take advantage.
Cyberattacks on restaurants can be extremely profitable for hackers. Busy restaurant chains process hundreds of credit card transactions a day. If a hacker can gain access to POS systems and install malware, customer’s credit card details can be silently stolen.
Cheddar’s Scratch Kitchen, Applebee’s, PDQ, Chili’s, B&BHG, Zaxby’s, Zippy’s, Chipotle, and Darden restaurants have all discovered hackers have bypassed restaurant cybersecurity protections and have gained access to the credit card numbers of large numbers of customers.
One of the biggest threats from a data breach is damage to a restaurant’s reputation. The cyberattack and data breach at Chipotle saw the brand devalued by around $400 million.
A restaurant data breach can result in considerable loss of customers and a major fall in revenue. According to a study by Gemalto, 70% of the 10,000 consumers surveyed said that they would stop doing business with a brand if the company suffered a data breach. Most restaurants would not be able to recover from such a loss.
Restaurant Cybersecurity Threats
Listed below are some of the common restaurant cybersecurity threats – Ways that hackers gain access to sensitive information such as customers’ credit card numbers.
The primary goal of most restaurant cyberattacks is to gain access to customers’ credit card information. One of the most common ways that is achieved is through malware. Malicious software is installed on POS devices to silently record credit card details when customers pay. The card numbers are then sent to the attacker’s server over the Internet.
Phishing is a type of social engineering attack in which employees are fooled into disclosing their login credentials and other sensitive information. Phishing emails are sent to employees which direct them to a website where credentials are harvested. Phishing emails are also used to install malware through downloaders hidden in file attachments.
Whenever an employee or a customer accesses the Internet they will be exposed to a wide range of web-based threats. Websites can harbor malware which is silently downloaded onto devices.
Restaurants often have Wi-Fi access points that are used by employees and guests. If these access points are not secured, it gives hackers an opportunity to conduct attacks and gain access to the restaurant network, install malware, intercept web traffic, and steal sensitive information.
Restaurant Cybersecurity Tips
Listed below are some of the steps you should take to protect your customers and make it harder for hackers to gain access to your systems and data.
Conduct a risk analysis to identify all vulnerabilities that could potentially be exploited to gain access to networks and customer data
Develop a risk management plan to address all vulnerabilities identified during the risk assessment
Ensure all software and operating systems are kept up to date and are promptly patched
Become PCI compliant – All tools used to accept payments must comply with PCI standards
Implement security controls on your website to ensure customers can use it securely. Sensitive data such as loyalty program information must be protected.
Ensure you implement multi-factor authentication on all accounts to protect systems in case credentials are compromised
Ensure all default passwords are changed and strong, unique passwords are set
Ensure all sensitive data are encrypted at rest and in transit
Secure Wi-Fi networks with a web filter to block malware downloads and web-based threats
Implement a spam filter to block phishing attempts and malware
Provide cybersecurity training to staff to ensure they can recognize the common restaurant cybersecurity threats
Restaurant Cybersecurity Solutions from TitanHQ
TitanHQ has developed two cybersecurity solutions that can be implemented by restaurants to block the main attack vectors used by hackers. SpamTitan is a powerful email security solution that prevents spam and malicious emails from reaching end users’ inboxes.
WebTitan is a cloud-based web filtering solution that prevents staff and customers from downloading malware and visiting phishing websites. In addition to blocking web-based attacks, WebTitan allows restaurants to prevent customers from accessing illegal and unsuitable web content to create a family-friendly Wi-Fi zone.
Both solutions can be set up in a matter of minutes on existing hardware and require no software downloads.
To find out more about TitanHQ’s restaurant cybersecurity solutions, call the TitanHQ sales team today.
TitanHQ has expanded its partnership with Z Services, the leading SaaS provider of cloud-based cybersecurity solutions in the MENA region.
UAE-based Z Services operates 17 secure data centers in the UAE, Saudi Arabia, Qatar, Egypt, Jordan, Kuwait, Oman, Bahrain, and Morocco and is the only company in the Middle East and North Africa to offer an in-country multi-tenant cloud-based cybersecurity architecture.
In February 2017, Z Services partnered with TitanHQ and integrated TitanHQ’s award-winning email filtering technology into its service stack and started offering SpamTitan-powered Z Services Anti-Spam SaaS to its clients. TitanHQ’s email filtering technology now helps Z Services’ clients filter out spam email and protect against sophisticated email-based threats such as malware, viruses, botnets, ransomware, phishing and spear phishing.
The integration has proved to be a huge success for Z Services, so much so that the firm has now taken its partnership with TitanHQ a step further and has integrated two new TitanHQ-powered SaaS solutions into its service stack. TitanHQ’s award-winning web filtering technology – WebTitan – and its innovative email archiving solution – ArcTitan have both been incorporated into Z Services’ MERALE SaaS offering. MERALE is a suite of cybersecurity, threat protection, and compliance solutions specifically developed to meet the needs of small to medium sized enterprises.
“With cybersecurity growing as a critical business concern across the region, there is a clear need to make security an operational rather than a capital expense. Hence the paradigm shift in the delivery of effective security solutions from the traditional investment and delivery model to an agile SaaS model through the primary connectivity provider of SMEs – the ISPs,” said Nidal Taha, President – Middle East and North Africa, Z Services. “MERALE will be a game-changer in how small and medium businesses in the region ensure their protection, and as a subscription-based service, it removes the need for heavy investments and long-term commitments.”
“We are delighted to continue our successful partnership with Z Services and share their vision for serving the SME segment with leading edge SaaS based security solutions,” said Ronan Kavanagh, CEO of TitanHQ. “With this development Z Services is strengthening its leadership position as an innovative cloud-based cybersecurity solutions provider in the Middle East and North Africa.”
TitanHQ’s cloud-based cybersecurity solutions have been developed from the ground up specifically to meet the needs of Managed Service Providers. The email filtering, web filtering, and email archiving solutions are currently being used by more than 7,500 businesses around the world and more than 1,500 MSPs are now offering TitanHQ solutions to their clients.
In contrast to many cybersecurity solution providers, TitanHQ offers its products with a range of hosting options – including within an MSP’s own infrastructure – as full white label solutions ready for MSPs to apply their own branding. By protecting clients with TitanHQ solutions MSPs are able to significantly reduce support and engineering costs by blocking a wide range of cyber threats at source. MSPs also benefit from generous margins and industry-leading customer service and support.
If you are a managed service provider and have yet to incorporate email filtering, web filtering, and email archiving solutions into your service stack, if you are unhappy with your current providers, or are looking to increase profits while ensuring your clients have the best protection against email and web-based threats, contact TitanHQ today for further information.
DNS filtering for businesses is essential for all companies to protect against web-based threats such as phishing and malware and is particularly important for any business that allows employees to work remotely. In this post we explain the risks, features, and benefits of DNS filtering and how a DNS filter can protect employees and their portable devices from Wi-Fi threats.
Why is DNS Filtering for Businesses so Important?
DNS filtering for businesses can no longer be considered an optional cybersecurity solution due to the high risk of web-based attacks. Phishing attacks on businesses are increasing with many thousands of new phishing web pages created each day. Exploit kits probe for vulnerabilities and silently download malware, and ransomware attacks are rife. DNS filtering for businesses offers an additional layer of protection that prevents employees from visiting websites known to be used for malicious purposes.
DNS filters also allow businesses to enforce acceptable Internet usage policies and block access to illegal website content, websites containing content unsuitable for the workplace and categories of sites that are a major drain on productivity.
It is easy to set up DNS filtering for businesses’ internal networks and apply content controls and block online threats; however, a DNS filter is not restricted to one physical location. DNS filtering for businesses is not bound to a single location and works on wired networks, internal WiFi networks and even public WiFi hotspots.
The Dangers of Public WiFi Networks
A recent survey conducted by Purple revealed more than 90% of businesses that offer Wi-Fi have open networks without any filters or security applied. Connecting to open Wi-Fi networks without any filtering controls in place increases the risk of virus, malware, and ransomware downloads.
To a certain extent, risk can be reduced if anti-malware software is installed on mobile devices. However, the software is only capable of detecting malware variants if their signatures are in the database. If the database is out of date, malware will not be detected. Anti-malware software also does not provide protection against zero-day malware – new malware variants that have yet to be identified – and offers no protection against phishing attacks.
Further, hackers take advantage of open Wi-Fi networks to conduct man-in-the-middle attacks to intercept sensitive data such as banking credentials and other login information. Mobile workers often connect to their work networks and on portable devices via open Wi-Fi networks such as those offered in coffee shops, even though doing so may be a violation of company policy.
DNS Filtering for Businesses Protects Off-Site Workers from Wi-Fi Threats
A business that issues mobile devices such as smartphones, tablets or laptops to employees can struggle to secure those devices outside the office. DNS filtering for businesses is one solution that can be used to improve security.
DNS filtering solves the security challenge as it acts as a barrier between the end user’s device and the Internet that blocks web-based threats. When a remote worker uses their laptop to connect the Internet through a web browser, a DNS lookup must be performed. Before the website can be loaded it must be found. That requires the fully qualified domain name (FQDN) – google.com for instance – to be matched with an IP address by a DNS server. Only then can the content be displayed.
With DNS filtering, instead of the IP address being identified and the web browser displaying the content of a web page, before any content is displayed certain checks are performed. The requested site/web page is checked against Real Time Blacklists (RBLs). RBLs contain lists of websites and web pages that host illegal web content, are used for phishing, or host malware or exploit kits. Content controls are also applied. If content violates corporate policies or a match is found in an RBL, the content will not be downloaded. Instead the user will be directed to a block page where they are informed that access to the web page/site has been blocked.
Any business that fails to implement DNS filtering is taking a significant risk if workers can use company-issued smartphones and laptops to access the Internet and web applications outside the protection of the office environment.
WebTitan Cloud – DNS Filtering for Businesses Made Simple
TitanHQ offers DNS filtering for businesses and MSPs through WebTitan Cloud and WebTitan Cloud for Wi-Fi. WebTitan requires no software downloads or hardware purchases and can be used to protect wired and wireless business networks and remote workers using portable devices on public Wi-Fi hotspots.
WebTitan uses six Real Time Blacklists that are constantly updated with new malicious webpages. Any request to access a web page must pass checks on all six RBLs before the URL can be accessed. These checks are performed with no latency – the speed of accessing web content is unaffected.
Once businesses are signed up they can quickly and easily configure the solution to match their requirements through a web-based interface, through which content controls can be applied. WebTitan uses 53 different categories of web-content and has 10 customizable categories. Those categories include 100% of Alexa’s 1 million most visited websites and more than 500 million websites in 200 languages – which equates to 6 billion web pages.
The solution supports whitelists – for companies that want maximum control – and additional blacklists. It is also easy to set custom controls for different workers and user groups, as well as apply controls at the organization level.
An extensive suite of reporting options keeps businesses 100% up to date on user behavior, including sites that have been visited and attempts by employees to access restricted web content.
In short, WebTitan is an invaluable tool that provides protection from web-based threats and allows businesses to have total control over the content that can be accessed on desktop computers and portable devices, regardless of where the employee is located.
Contact TitanHQ for a Product Demonstration and No-Obligation Free Trial
If you are not yet using DNS filtering to block web-based threats and exercise control over the content your employees can access, contact the TitanHQ team today. TitanHQ’s experienced sales staff will answer your questions, provide details of pricing, and can book you in for a product demonstration.
You can also sign up for a 14-day free trial to evaluate WebTitan in your own environment. The free trial includes full use of the product and experienced sales engineers are on hand to help make sure you get the most out of your free trial.
TitanHQ has announced that the leading satellite operator EutelSat is now protecting its corporate and guest Wi-Fi networks with WebTitan Cloud for Wi-Fi.
Eutelsat is one of the world’s leading satellite operators and provides video, data, broadband, and government services through its high-performance satellites. The company is the leading satellite operator in more than 150 countries throughout Europe, Africa, and the Middle East and employs more than 1,000 commercial and technical staff in 44 countries around the globe.
With so many staff members able to access the Internet at work through company Wi-Fi hotspots, it is essential that cybersecurity solutions are deployed to block access to malicious websites where cybercriminals can phish for sensitive information or malware and ransomware downloads can occur.
In order to protect against these threats, companies need to deploy a powerful and flexible web filtering solution. Eutelsat chose WebTitan Cloud for Wi-Fi – The leading Wi-Fi web filtering solution for enterprises. WebTitan Cloud for Wi-Fi has enabled Eutelsat to crease a safe and secure online environment for all users of its Wi-Fi access points.
With WebTitan Cloud for Wi-Fi deployed, employees are prevented from accessing inappropriate website content and access to websites known to be used for phishing or drive-by malware downloads are blocked.
Naturally different user groups require different levels of content control. Since WebTitan Cloud for Wi-Fi integrates with Active Directory, it is easy for different levels of filtering to be applied by department, user group or individual, in addition to organization-wide controls.
“TitanHQ continues to expand its customer base with the ongoing addition of new customers across multiple industries,” explained TitanHQ CEO Ronan Kavanagh. “Our current levels of achievement and growth, including what we’ve seen in the past six months, prove that companies are recognizing the value of our commitment to Wi-Fi security across our offerings and our customer-first culture. We are extremely excited to see what 2019 will bring for both our newly signed customers and our existing client base.”
If you are interested in securing your wired or wireless networks and blocking access to undesirable and malicious web content, contact the TitanHQ team today for details of pricing, to book a product demonstration, or to sign up for a free trial to see WebTitan in action.
Business and leisure travelers looking for secure hotel Wi-Fi access in addition to fast and reliable Internet access. If you take steps to secure hotel WiFi access points, you can gain a significant competitive advantage.
The Importance of Hotel Wi-Fi to Guests
The number one hotel amenity that most travelers can simply not do without is fast, free, reliable, Internet access. In 2013, a joint study conducted by Forrester Research and Hotels.com revealed that 9 out of ten gusts rated Wi-Fi as the top hotel amenity. 34% of respondents to the survey said free Wi-Fi was a ‘deal breaker.’ Now four years on, those percentages will certainly have increased.
Wi-Fi access is essential for business travelers as they need to be able to stay in touch with the office and be able to communicate with their customers. Leisure travelers need free Internet access to keep in touch with friends, look up local attractions, and enjoy cheap entertainment in the comfort of their rooms. Younger travelers need constant access to social media accounts and online games such as Fortnite as they get at home.
It doesn’t matter whether you run a small family bed and breakfast or a large chain of hotels, Wi-Fi access for guests is essential. Any hotel that doesn’t have reliable and fast Wi-Fi will lose business to establishments that do.
It is now easy for potential guests to check if an establishment has Wi-Fi and even find out about the speed and reliability of the connection. The hotelwifitest.com website lets travelers check the speed of Internet access in hotels before booking.
Guests don’t post rave reviews based on the speed of Internet connections, but they will certainly make it known if Internet access is poor or nonexistent. Many of the negative comments on hotel booking websites and TripAdvisor are related to Wi-Fi. Put simply, you will not get anywhere near the same level of occupancy if your Wi-Fi network isn’t up to scratch.
Secure Hotel Wi-Fi is Now as Important as Offering Wi-Fi to Guests
Businesses are now directing a considerable percentage of their IT budgets to cybersecurity to prevent hackers from gaining access to their networks and sensitive data. Securing internal systems is relatively straightforward, but when employees have to travel for work and access networks remotely, hackers can take advantage.
When employees must travel for business, their hotel is often the only place where they can connect to the office network and their email. They need to know that they can login securely from the hotel and that doing so will not result in the theft of their credentials or a malware infection. A hotel will be failing its business customers if it does not offer safe and secure Wi-Fi access.
All it takes is for one malware infection or cyberattack to occur while connected to a hotel Wi-Fi network for the reputation of the hotel to be tarnished. Hotels really cannot afford to take any risks.
Multiple Levels of Wi-Fi Access Should be Offered
Parents staying in hotels will want to make sure that their children can access the Internet safely and securely and will not accidentally or deliberately be able to gain access to age-inappropriate websites. If a hotel claims to be family-friendly, that must also extend to the Wi-Fi network. Any hotel that fails to prevent minors from accessing obscene images while connected to hotel Wi-Fi cannot claim it is family-friendly.
Hotels can offer Wi-Fi access for families that blocks adult websites and anonymizers, which are commonly used to bypass filtering controls. Safe Search can also be enforced, but not all users will want that level of control.
To cater to the needs of all guests, different levels of Wi-Fi access are likely to be required. Some guests will want to be able to access the types of websites they do at home without restrictions and business travelers will certainly not want anonymizers to be blocked. Some customers insist on the use of VPNs when employees connect to their business network or email.
Hotels that implement a web filtering solution can easily create different tiers of Internet access. One for families and a less restrictive level for other users. Free internet access could be limited to a basic level that includes general web and email access but blocks access to video streaming services such as YouTube and Netflix. Those services could be offered as part of a low-cost Wi-Fi package to generate some extra revenue. These tiers can easily be created with a web filtering solution.
How to Easily Secure Hotel Wi-Fi
Offering secure hotel Wi-Fi to guests does not require expensive hardware to be purchased. While appliance-based web filters are used by many businesses, there is a much lower cost option that is better suited for hotel use.
A cloud-based web filter for Wi-Fi – such as WebTitan for Wi-Fi -is the easiest to implement secure hotel Wi-Fi solution. With WebTitan Cloud for Wi-Fi, your Wi-Fi network can be secured with just a simple change to your DNS records. No hardware is required and there is no need to install any software. One solution will protect all Wi-Fi access points and can be up and running in a matter of minutes. There is no limit on the number of access points that can be protected by WebTitan Cloud for Wi-Fi.
Once your DNS is pointed to WebTitan, you can apply your content controls – which is as simple as clicking on a few checkboxes to block categories of web content that your guests shouldn’t be allowed to access.
You can create multiple accounts with different controls – one for business users, one for families, and one for employees for example. No training is required to administer the solution as it has been developed to require no technical skill whatsoever. All of the complex elements of web filtering are handled by TitanHQ.
If you run a hotel and you are not currently filtering the internet, talk to TitanHQ about how you can your secure your hotel Wi-Fi access points, protect your guests, and ensure all users can access the Internet safely and securely.
An IT security audit conducted by the U.S. Geological Survey (USGS) at its Earth Resources Observation and Science Center has highlighted the importance of implementing technical solutions to control employee internet use.
Most organizations and businesses have strict rules covering acceptable use of the Internet on work computers. Those rules are usually explained when a new employee starts work. A document must be signed that confirms that the Rules have been understood and the employee is aware of the repercussions if the rules are violated.
For many organizations and businesses, those measures are deemed to be sufficient. Most employees understand the rules and adhere to them, but even though rule violations will likely result in termination, some employees take the risk as they believe they will not be caught.
During a recent USGS IT security audit, suspicious Internet traffic was identified. The discovery prompted an investigation by the U.S. Department of the Interior Office of Inspector General (OIG) to determine the source of the suspicious traffic.
The OIG investigation revealed malware had been installed on an employee’s computer and that the malware was the source of the suspicious communications. Further investigation revealed the employee had been routinely visiting adult websites, which routed through Russian websites that hosted malware. As a result of visiting those websites, the employee had inadvertently downloaded malware onto the work computer. Pornographic images had been downloaded, which were then transferred to an Android mobile and portable USB drive. The mobile was similarly infected with malware.
The employee was discovered to have viewed over 9,000 adult websites, even though USGS Rules of Behavior had been explained and a document was signed confirming those rules had been understood. Annual security training had also been provided in which the Rules of Behavior were reinforced.
Had USGS implemented a technical solution to control employee internet use and enforce its Rules of Behavior, the malware infection would have been avoided.
OIG made several recommendations to prevent future malware infections and similar abuses of its Rules of Behavior, which included enforcing a strong blacklist of URLs and to regularly monitor employee Internet use. Additionally, it was recommended that USGS implement controls that prevent employees from using unauthorized USB devices on their work computers.
In addition to implementing an advanced intrusion detection system and firewall, USGS is now enhancing its preventative countermeasures by detecting and blocking known pornographic websites and other websites with suspicious origins.
This is not the first time that the U.S. government has discovered employees have accessed pornography at work and it certainly will not be the last.
The problem is believed to be so widespread that Rep. Mark Meadows (R-NC11) proposed the Eliminating Pornography from Agencies Act on three occasions. The Act was prompted by the discovery that an Environmental Protection Agency had been accessing pornography at work. In that case, the employee had viewed pornography for 252 hours in a single year without detection.
The Easy Way to Control Employee Internet Use and Block Web-Based Threats
These cases show that organizations and businesses that rely on internal policies to control employee internet use are taking a considerable risk. It is not just the visiting of adult websites that carries an increased risk of malware infections. Malware can be downloaded from an extensive range of websites, even seemingly ‘legitimate’ sites.
Only by implementing a web filtering solution to control employee internet use will organizations and businesses be able to effectively reduce risk. A web filter is an appliance, virtual appliance, or cloud-based solution that prevents employees from accessing website content that violates acceptable Internet usage policies and blocks the accessing of websites that are known to be used for malicious purposes or have been infected with malware and exploit kits.
Control Employee Internet Use with WebTitan
WebTitan is a lightweight but powerful web filtering solution that allows organizations and businesses to carefully control employee internet use and block access to websites known to host pornography and other unsuitable for work content. A comprehensive reporting suite also allows employee internet use to be carefully monitored, including attempts to view prohibited content even if those attempts are not successful.
WebTitan can be deployed as a gateway solution on existing hardware or hypervisors or as a cloud-based solution hosted on TitanHQ servers. The solution is quick and easy to implement and configure and can be up and running in a matter of minutes. In addition to category-based filtering controls, the solution can block by keyword or keyword score and supports whitelists and blacklists.
If you want to control employee internet use and manage risk, call TitanHQ today for further information on WebTitan and find out how it can reduce the risk from web-based threats at your place of work.
A new ransomware threat has been detected called FilesLocker which is currently being offered as ransomware-as-a-service (RaaS) on a TOR malware forum. FilesLocker ransomware is not a particularly sophisticated ransomware variant, but it still poses a significant threat.
FilesLocker ransomware is a dual language ransomware variant that displays ransom notes in both Chinese and English. MalwareHunterTeam has identified a Chinese forum on TOR where it is being offered to affiliates to distribute for a cut of the ransom payments.
Unless advertised more widely, the number of affiliates that sign up may be limited, although it may prove popular. There are several features which could see the ransomware variant favored over other RaaS offerings, notably a sliding scale on commissions. The developers are offering a 60% cut of ransoms, which will increase to 75% if sufficiently high numbers of infections can be generated.
While relatively small and simple, FilesLocker ransomware still uses an RSA 2048+AES algorithm to lock files and it deletes Windows shadow copies to hamper attempts to recover files without paying the ransom. FilesLocker is also capable of file encryption in a broken network environment.
No server is required and the ransomware is effective on all Windows versions later than XP plus 32-bit and 64-bit Windows Server. Users are also able to easily monitor infections through a tracking feature which displays infections by country.
There is no free decryptor for FilesLocker ransomware. Recovery will only be possible by restoring files from backups.
While news of a new RaaS offering is never good, there has at least been some good news on the ransomware front this week, at least for some victims.
Free Decryptor Developed for GandCrab Ransomware
GandCrab ransomware is another RaaS offering that has been available since January 2018. It has been widely adopted, with many affiliates signing up to distribute the ransomware over the past 10 months.
A GandCrab ransomware decryptor was developed by Bitdefender in February that was able to unlock files encrypted by version 1.0 and v1.1 of GandCrab ransomware. The decryptor was developed after private keys were leaked online. However, it didn’t take long for v2.0 to be released, for which no free decryptor is available. There have been several further updates to GandCrab ransomware over the past few months, with v5.0 of the ransomware variant released in late September.
This week, Bitdefender has announced that after collaboration with the Romanian Police, Europol and other law enforcement agencies, a new decryption tool has been developed that allows GandCrab ransomware victims to decrypt files for free, provided they have been attacked with version 1, 4, or 5 of the ransomware.
The version can be determined by the extension used on encrypted files. V1=GDCB; v2/3=CRAB; v4=KRAB; and v5 uses a random 10-character extension.
The free GandCrab ransomware decryptor has been uploaded to the NoMoreRansom Project website. Bitdefender is currently working on a free decryptor for v2 and v3 of GandCrab ransomware.
The past few months have seen an increase in new, versatile malware downloaders that gather a significant amount of data about users’ systems before deploying a malicious payload. That payload is determined on the users’ system.
Marap malware and Xbash are two notable recent examples. Marap malware fingerprints a system and is capable of downloading additional modules based on the findings of the initial reconnaissance. XBash also assesses the system, and determines whether it is best suited for cryptocurrency mining or a ransomware attack and deploys its payload accordingly.
Stealthy sLoad Downloader Used in Highly Targeted Attacks
A further versatile and stealthy malware variant, known as the sLoad downloader, can now be added to that list. SLoad first appeared in May 2018, so it predates both of the above malware variants, although its use has been growing.
The primary purpose of sLoad appears to be reconnaissance. Once downloaded onto a system, it will determine the location of the device based on the IP address and performs several checks to ascertain the type of system and the software that is running and will determine whether it is on a real device or in a sandbox environment. It checks the processes running on the system, compares against a hardcoded list, and will exit if certain security software is installed to avoid detection.
Provided the system is suitable, a full scan of all running processes will be performed. The sLoad downloader will search for Microsoft Outlook files, ICA files associated with Citrix, and other system information. sLoad is capable of taking screenshots and searches the browser history looking for specific banking domains. All of this information is then fed back to the attackers’ C2 server.
Once the system has been fingerprinted, further malware variants are downloaded, primarily banking Trojans. Geofencing is used extensively by the threat actors using sLoad which helps to ensure that banking Trojans are only downloaded onto systems where they are likely to be effective – If the victim uses one of the banks that the Trojan is targeting.
In most of the campaigns intercepted to date, the banking Trojan of choice has been Ramnit. The attacks have also been highly focused on specific countries including Canada, and latterly, Italy and the United Kingdom – Locations which are currently being targeted by Ramnit. Other malware variants associated with the sLoad downloader include the remote desktop tool DarkVNC, the Ursnif information stealer, DreamBot, and PsiBot.
The sLoad downloader is almost exclusively delivered via spam email, with the campaigns often containing personal information such as the target’s name and address. While there have been several email subjects used, most commonly the emails relate to purchase orders, shipping notifications, and missed packages.
The emails contain Word documents with malicious macros in ZIP files, or alternatively embedded hyperlinks which will download the ZIP file if clicked.
The sLoad downloader may be stealthy and versatile, but blocking the threat is possible with an advanced spam filter. End user training to condition employees never to click on hyperlinks from unknown senders nor open attachments or enable macros will also help to prevent infection. Web filtering solutions provide an additional layer of protection to block attempts to download malicious files from the Internet.
Find out why WiFi filters for coffee shops are so important and how the failure to filter the Internet could prove to be extremely harmful to your brand.
Serving the best coffee in town will certainly bring in the crowds, but there is more to a successful coffee shop than providing patrons with a morning jolt of caffeine and comfy chairs. Coffee is big business and there is stiff competition when it comes to providing jitter juice to the masses.
In addition to free newspapers, high quality flapjacks and a fine blend of beans, patrons look for the other necessity of modern life: Free Internet access. Establishments that offer free, reliable WiFi access with decent bandwidth stand a much better chance of attracting and retaining customers.
However, simply setting up a WiFi router is no longer enough. Coffee shops also need to make sure that the WiFi network that their customers connect to is safe and secure. Just as the provision of free WiFi can translate into positive TripAdvisor and Yelp reviews, coffee shops that fail to secure their connections and exercise control over the content that can be accessed can easily get the reverse. WiFi filters for coffee shops ensure that customers’ activities online can be carefully controlled.
Why Unfiltered WiFi Networks Can Result in Bad Reviews
It is important for all shops to ensure that their WiFi networks cannot be used for any illegal or unsavory activities. If a webpage is not suitable for work, it is not suitable for a coffee shop. While there all manner of sites that should be blocked with WiFi filters for coffee shops, one of the most important categories of content is Internet porn.
While enjoying a nice coffee, patrons should not be subjected to obscene videos, images or audio. All it takes is for one patron to catch a glimpse of porn on another customer’s screen to trigger a bad review. The situation would be even worse if a minor caught a glimpse or even deliberately accessed adult content while connected to the WiFi network. A bad TripAdvisor review could easily send potential customers straight to the competition and a social media post could all too easily go viral.
What are the chances of that happening? Well, it’s not just a hypothetical scenario, as Starbucks discovered. In 2011, Starbucks received a warning that minors had been subjected to obscene content in its coffee shops and the chain did little about the complaints. The following year, as the bad feedback continued, the story was picked up by the media.
The bad feedback mounted and there were many calls for the public to boycott Starbucks. In the UK, Baroness Massey announced to the House of Lords that she had boycotted the brand and heavily criticized the chain for failing to set an example. Naturally, competitors – Costa Coffee for example – were more than happy to point out that they had been proactive and already provided filtered Internet to prevent minors from accessing adult content on their WiFi networks.
It was not until 2016 when Starbucks took action and implemented WiFi filters for coffee shops in the UK and started providing family-friendly WiFi access. A chain the size of Starbucks could weather the bad press. Smaller coffee shops would no doubt fare far worse.
WiFi Filters for Coffee Shops are Not Only About Blocking Adult Content
WiFi filters for coffee shops are important for blocking obscene content, but that is far from the only threat to a brand. The Internet is home to all manner of malicious websites that are used to phish for sensitive information and spread malicious software such as malware and ransomware. WiFi filters for coffee shops can be used to carefully control the content that can be accessed by consumers, but they can also keep them protected from these malicious sites.
Just as users have safe search functionality on their home networks, they expect the same controls on public WiFi access points. Phishing attacks and malware infections while connected to coffee shop WiFi networks can also be damaging to a brand. With WiFi filters for coffee shops, instead of being phished, a user will be presented with a block screen that explains that the business has blocked access to a malicious site to keep them protected and that will send a positive message that you care about your customers.
Once WiFi filters for coffee shops have been implemented, it is possible to apply to be assessed under the government’s Friendly Wi-Fi scheme. That will allow a coffee shop to display the friendly WiFi symbol and alert potential customers that safe, secure, family-friendly filtered Internet access is provided.
WebTitan – TitanHQ’s Easy to Implement WiFi Filters for Coffee Shops
Fortunately, WiFi filters for coffee shops are not expensive or difficult to implement. If you use a cloud-based solution such as WebTitan Cloud for WiFi, you will not need to purchase any hardware or install any software. Your WiFi network can be secured in a matter of minutes. A simple change to point your DNS to WebTitan is all that is required (you can be talked through that process to get you up and running even faster).
Since the controls are highly granular, you can easily block any type of web content you wish with a click of a mouse, selecting the categories of content you don’t want your users to access through the web-based control panel. Malicious sites will automatically be blocked via constantly updated blacklists of known malicious and illegal web pages.
With WebTitan you are assured that customers cannot view adult and illegal content, you can block illegal file sharing, control streaming services to save bandwidth, and enforce safe search on Google and apply YouTube controls.
To find out more about the features and benefits of WebTitan, details of pricing, and to sign up for a demo and free trial, contact the TitanHQ team today.
The U.S. midterm elections have been attracting considerable attention, so it is no surprise that cybercriminals are taking advantage and are running a midterm elections SEO poisoning campaign. It was a similar story in the run up to the 2016 presidential elections and the World Cup. Whenever there is a major newsworthy event, there are always scammers poised to take advantage.
Thousands of midterm elections themed webpages have sprung up and have been indexed by the search engines, some of which are placing very highly in the organic results for high-traffic midterm election keyword phrases.
The aim of the campaign is not to influence the results of the midterm elections, but to take advantage of public interest and the huge number of searches related to the elections and to divert traffic to malicious websites.
What is SEO Poisoning?
The creation of malicious webpages and getting them ranked in the organic search engine results is referred to as search engine poisoning. Search engine optimization (SEO) techniques are used to promote webpages and convince search engine algorithms that the pages are newsworthy and relevant to specific search terms. Suspect SEO practices such as cloaking, keyword stuffing, and backlinking are used to fool search engine spiders into rating the webpages favorably.
The content on the pages appears extremely relevant to the search term to search engine bots that crawl the internet and index the pages; however, these pages do not always display the same content. Search engine spiders and bots see one type of content, human visitors will be displayed something entirely different. The scammers are able to differentiate human and bot visitors through different HTTP headers in the web requests. Real visitors are then either displayed different content or are redirected to malicious websites.
Midterm Elections SEO Poisoning Campaign Targeting 15,000+ Keywords
The midterm elections SEO poisoning campaign is being tracked by Zscaler, which notes that the scammers have managed to get multiple malicious pages ranking in the first page results for high traffic phrases such as “midterm elections.”
However, that is just the tip of the iceberg. The scammers are actually targeting more than 15,000 different midterm election keywords and are using more than 10,000 compromised websites in the campaign. More sites are being compromised and used in the campaign each day.
When a visitor arrives at one of these webpages from a search engine, they are redirected to one of many different webpages. Multiple redirects are often used before the visitor finally arrives at a particular landing page. Those landing pages include phishing forms to obtain sensitive information, host exploit kits that silently download malware, or are used for tech support scams and include various ruses to fool visitors into installing adware, spyware, cryptocurrency miners, ransomware or malicious browser extensions. In addition to scam sites, the campaign is also being used to generate traffic to political, religious and adult websites.
This midterms elections SEO poisoning campaign poses a significant threat to all Internet users, but especially businesses that do not control the content that can be accessed by their employees. In such cases, campaigns such as this can easily result in the theft of credentials or malware/ransomware infections, all of which can prove incredibly costly to resolve.
One easy-to-implement solution is a web filter such as WebTitan. WebTitan can be deployed in minutes and can be used to carefully control the content that can be accessed by employees. Blacklisted websites will be automatically blocked, malware downloads prevented, and malicious redirects to phishing websites and exploit kits stopped before any harm is caused.
For further information on the benefits of web filtering and details of WebTitan, contact the TitanHQ team today.
A new and improved version of Azorult malware has been identified. The latest version of the information stealer and malware downloader has already been used in attacks and is being distributed via the RIG exploit kit.
Azorult malware is primarily an information stealer which is used to obtain usernames and passwords, credit card numbers, and other information such as browser histories. Newer versions of the malware have seen cryptocurrency wallet-stealing capabilities added.
Azorult malware was first identified in 2016 by researchers at Proofpoint and has since been used in a large number of attacks via exploit kits and phishing email campaigns. The latter have used links to malicious sites, or more commonly, malicious Word files containing malware downloaders.
Back in 2016, the malware variant was initially installed alongside the Chthonic banking Trojan, although subsequent campaigns have seen Azorult malware deployed as the primary malware payload. This year has seen multiple threat actors pair the information stealer with a secondary ransomware payload.
Campaigns have been detected using Hermes and Aurora ransomware as secondary payloads. In both campaigns, the initial aim is to steal login credentials to raid bank accounts and cryptocurrency wallets. When all useful information has been obtained, the ransomware is activated, and a ransom payment is demanded to decrypted files.
A new version of the Azorult was released in July 2018 – version 3.2 – which contained significant improvements to both its stealer and downloader functions. Now Proofpoint researchers have identified a new variant – version 3.3 – which has already been added to RIG. The new variant was released shortly after the source code for the previous version was leaked online.
The new variant uses a different method of encryption, has improved cryptocurrency stealing functionality to allow the contents of BitcoinGold, electrumG, btcprivate (electrum-btcp), bitcore, and Exodus Eden wallets to be stolen, a new and improved loader, and an updated admin panel. The latest version has a lower detection rate by AV software ensuring more installations.
If your operating systems and software are kept fully patched and up to date you will be protected against these exploit kit downloads as the vulnerabilities exploited by RIG are not new. However, many companies are slow to apply patches, which need to be extensively tested. It is therefore strongly advisable to also deploy a web filtering solution such as WebTitan to provide additional protection against exploit kit malware downloads. WebTitan prevents end users from visiting malicious websites such as those hosting exploit kits.
The latest version of Azorult malware was first listed for sale on October 4. It is highly probable that other threat actors will purchase the malware and distribute it via phishing emails, as was the case with previous versions. It is therefore strongly advisable to also implement an advanced spam filter and ensure that end users are trained how to recognize potentially malicious emails.
TitanHQ, the leading provider of spam filtering, web filtering, and email archiving solutions for managed service providers (MSPs) recently partnered with Datto Networking, the leading provider of MSP-delivered IT solutions to SMBs.
The partnership has seen TitanHQ’s advanced web filtering technology incorporated into the Datto Networking Appliance to provide secure internet access to all users connected the network.
The new technology providing enhanced protection against web-based threats while allowing administrators to carefully control the web content that can be accessed by employees and guest users.
On October 18, 2018, Datto and TitanHQ will be hosting a webinar that will explain the new functionality of the Datto Networking Appliance to MSPs, including a deep dive into the new web filtering technology.
The use of fake software updates to spread malware is nothing new, but a new malware campaign has been detected that is somewhat different. Fake Adobe Flash updates are being pushed that actually do update the user’s Flash version, albeit with an unwanted addition of the XMRig cryptocurrency miner on the side.
The campaign uses pop-up notifications that are an exact replica of the genuine notifications used by Adobe, advising the user that their Flash version needs to be updated. Clicking on the install button, as with the genuine notifications, will update users’ Flash to the latest version. However, in the background, the XMRig cryptocurrency miner is also downloaded and installed. One installed, XMRig will run silently in the background, unbeknown to the user.
The campaign was detected by security researchers at Palo Alto Network’s Unit 42 team. The researchers identified several Windows executable files that started with AdobeFlashPlayer that were hosted on cloud servers not controlled by Adobe.
An analysis of network traffic during the infection process revealed most of the traffic was linked to updating Adobe Flash from an Adobe controlled domain, but that soon changed to traffic through a domain associated with installers known to push cryptocurrency miners. Traffic was later identified over TCP port 14444 that was associated with the XMRig cryptocurrency miner.
Further analysis of the campaign revealed it has been running since mid-August, with activity increasing significantly in September when the fake Adobe Flash updates started to be distributed more heavily.
End users are unlikely to detect the downloading and installation of the XMRig cryptocurrency miner, but there is likely to be a noticeable slowdown in the speed of their computer. The installation of the XMRig cryptocurrency miner may be stealthy, but when it runs it uses almost all of the computer’s CPU for cryptocurrency mining. Any user that checks Task Manager will see Explorer.exe hogging their CPU. As with most cryptocurrency miners, XMRig mines Monero. What is not currently known is which websites are distributing the fake Adobe Flash updates, or how traffic is being generated to those sites.
Any notification about a software update that pops up while browsing the internet should be treated as suspicious. The window should be closed, and the official website of that software provider should be visited to determine if an update is necessary. Software updates should only ever be downloaded from official websites, in the case of Adobe Flash, that is Adobe.com.
The Palo Alto researchers note “Organizations with decent web filtering and educated users have a much lower risk of infection by these fake updates.”
In May, security researchers at Proofpoint discovered a spam email campaign that was distributing a new banking Trojan named DanaBot. At the time it was thought that a single threat actor was using the DanaBot Trojan to target organizations in Australia to obtain online banking credentials.
That campaign has continued, but in addition, campaigns have been identified in Europe targeting customers of banks in Italy, Germany, Poland, Austria, and the UK. Then in late September, a further DanaBot Trojan campaign was conducted targeting U.S. banks.
The DanaBot Trojan is a modular malware written in Delphi that is capable of downloading additional components to add various different functions.
The malware is capable of taking screenshots, stealing form data, and logging keystrokes in order to obtain banking credentials. That information is sent back to the attackers’ C2 server and is subsequently used to steal money from corporate bank accounts.
An analysis of the malware and the geographical campaigns shows different IDs are used in the C2 communication headers. This strongly suggests that the campaigns in each region are being conducted by different individuals and that the DanaBot Trojan is being offered as malware-as-a-service. Each threat actor is responsible for running campaigns in a specific country or set of countries. Australia is the only country where there are two affiliates running campaigns. In total, there appears to currently be 9 individuals running distribution campaigns.
The country-specific campaigns are using different methods to distribute the malicious payload, which include the new Fallout exploit kit, web injects, and spam email. The latter is being used to distribute the Trojan in the United States.
The U.S. campaign uses a fax notice lure with the emails appearing to come from the eFax service. The messages look professional and are complete with appropriate formatting and logos. The emails contain a button that must be clicked to download the 3-page fax message.
Clicking on the button will download a Word document with a malicious macro which, if allowed to run, will launch a PowerShell script that downloads the Hancitor downloader. Hancitor will then download the Pony stealer and the DanaBot Trojan.
Proofpoint’s analysis of the malware revealed similarities with the ransomware families Reveton and CryptXXX, which suggests that DanaBot has been developed by the same group responsible for both of those ransomware threats.
The U.S. DanaBot campaign is targeting customers of various U.S. banks, including RBC Royal Bank, Royal Bank, TD Bank, Wells Fargo, Bank of America, and JP Morgan Chase. It is likely that the campaigns will spread to other countries as more threat actors are signed up to use the malware.
Preventing attacks requires defense in depth against each of the attack vectors. An advanced spam filter is required to block malspam. Users of Office 365 should increase protection with a third-party spam filter such as SpamTitan to provide better protection against this threat. To prevent web-based attacks, a web filtering solution should be used. WebTitan can block attempts by end users to visit websites known to contain exploit kits and IPs that have previously been used for malicious purposes.
End users should also trained never to open email attachments or click on hyperlinks in emails from unknown senders, or to enable macros on documents unless they are 100% certain that the files are genuine. Businesses in the United States should also consider warning their employees about fake eFax emails to raise awareness of the threat.
Its conference season and the TitanHQ team is hitting the road again. The TitanHQ team will be travelling far and wide and will be attending the major MSP industry events in the United States and Europe throughout October and November.
The conferences give new and current MSP partners the chance to meet the TitanHQ team face to face, get answers to questions, pick up tips and tricks to get the most out of TitanHQ products, and find out about the latest innovations for MSPs from TitanHQ.
Conference season kicks off with the third annual Kaseya Connect Europe Conference in Amsterdam (October 2-4) at the NH Collection Amsterdam Grand Hotel Krasnapolsky in Amsterdam. Kaseya is the leading provider of complete IT infrastructure management solutions for MSPs, offering best-in-class solutions to help MSPs efficiently manage and secure IT environments for their clients.
TitanHQ is an Emerald Sponsor for the event and will be showcasing its SpamTitan spam filtering and WebTitan web filtering solutions for MSPs. TitanHQ will be at booth 4 at the event, next to Datto and Bitdefender – both of which are TitanHQ partners.
Next stop for the TitanHQ tour bus is the CompTIA EMEA Member & Partner Conference at Etc. Venues County Hall on the south bank of the Thames in London (October 16-17). The Computing Technology Industry Association is the world’s leading tech association, providing education, training, certification, advocacy, philanthropy and market research. The conference brings together members and thought leaders from the entire tech industry with panel discussions, keynote speeches, and the latest news and advice about the key trends and topics impacting the tech industry.
TitanHQ is a key sponsor of the event and will be on hand give product demonstrations and explain about the opportunities that exist for MSPs to add web filtering, spam filtering, and email archiving services to their client offerings.
At the end of October, the TitanHQ team will be heading to sunny Spain for DattoCon18 at the Fairmont Rey Juan Carlos I in Barcelona (October 29-31). The conference is focused on helping business owners run their businesses more effectively through the use of Autotask + Datto solutions. There will be a host of educational sessions and keynote speeches at the event, with plenty of opportunities for networking. TitanHQ will be showcasing its security solutions for MSPs at the conference.
At the start of November, TitanHQ will be in attendance at the leading conference for the WiFi industry. The WiFi Now Europe conference is being held in Berlin ((November 6-8) at the Holiday Inn Berlin City-West. The event offers three full days dedicated to all things WiFi. Attendees will find out about key developments in WiFi and the latest industry trends, with opportunities to learn from industry experts, meet key industry influencers, and discover new business opportunities.
TitanHQ will be showcasing its WebTitan Cloud for WiFi solution at the event and will be explaining how MSPs can incorporate web filtering into their service stacks to provide greater value to their clients and improve their bottom lines
Next comes a quick hop across the Atlantic to the HTG Peer Groups Q4 conference in at the Omni Orlando Resort in Orlando, Florida (October 10-16). HTG is an international consulting, coaching and peer group organization that helps business by igniting personal, leadership, business and legacy transformation to get companies to achieve their full potential.
There will be a full program of events throughout the week including peer group meeting and opportunities for learning and building relationships. TitanHQ will be in attendance and will be showcasing its innovative business security solutions.
Summary of TitanHQ Conference Schedule 2018
October 2-4: Kaseya Connect Europe, Amsterdam, Netherlands. Booth #4
October 16-17: CompTia EMEA Member & Partner Conference; London, UK. Booth #28
October 29-31: DattoCon18, Barcelona, Spain.
November 6-8: WiFi Now, Berlin, Germany.
November 10-16: HTG Peer Groups Q4 Conference, Orlando, FL, USA.
A new version of GandCrab ransomware (GandCrab v5) has been released. GandCrab is a popular ransomware threat that is offered to affiliates under the ransomware-as-a-service distribution model. Affiliates receive a cut of the profits from any ransoms payed by individuals they manage to infect.
GandCrab was first released in January 2018 and fast grew into one of the most widely used ransomware variants. In July it was named the top ransomware threat and is regularly updated by the authors.
There have been several changes made in GandCrab v5, including the change to a random 5-character extension for encrypted files. The ransomware also uses an HTML ransom note rather than dropping a txt file to the desktop.
Bitdefender released free decryptors for early versions of the ransomware, although steps were taken by the authors to improve security for version 2.0. Since version 2.0 was released, no free decryptors for GandCrab ransomware have been developed.
Recovery from a GandCrab v5 infection will only be possible by paying the ransom – approximately $800 in the Dash cryptocurrency – or by restoring files from backups. Victims are only given a limited time for paying the ransom before the price to decrypt doubles. It is therefore essential that backups are created of all data and for those backup files to be checked to make sure files can be recovered in the event of disaster.
Since this ransomware variant is offered under the ransomware-as-a-service model, different vectors are used to distribute the ransomware by different threat actors. Previous versions of the ransomware have been distributed via spam email and through exploit kits such as RIG and GrandSoft. GandCrab v5 has also been confirmed as being distributed via the new Fallout exploit kit.
Traffic is directed to the exploit kit using malvertising – malicious adverts that redirect users to exploit kits and other malicious websites. These malicious adverts are placed on third party advertising networks that are used by many popular websites to provide an extra income stream.
Any user that clicks one of the malicious links in the adverts is redirected to the Fallout exploit kit. The Fallout exploit kit contains exploits for several old vulnerabilities and some relatively recent flaws. Any user that has a vulnerable system will have GandCrab ransomware silently downloaded onto their device. Local files will be encrypted as well as files on all network shares, not just mapped drives.
Whenever a new zero-day vulnerability is discovered it doesn’t take long for an exploit to be incorporated into malware. The publication of proof of concept code for a Task Scheduler ALPC vulnerability was no exception. Within a couple of days, the exploit had already been adopted by cybercriminals and incorporated into malware.
The exploit for the Task Scheduler ALPC vulnerability allows executable files to be run on a vulnerable system with System privileges and has been incorporated into GandCrab v5. The exploit is believed to be used to perform system-level tasks such as deleting Windows Shadow Volume copies to make it harder for victims to recover encrypted files without paying the ransom. Microsoft has now issued a patch to correct the flaw as part of its September Patch Tuesday round of updates, but many companies have yet to apply the patch.
The most important step to take to ensure that recovery from a ransomware attack is possible is to ensure backups are created. Without a viable backup the only way of recovering files is by paying the ransom. In this case, victims can decrypt one file for free to confirm that viable decryption keys exist. However, not all ransomware variants allow file recovery.
Preventing ransomware infections requires software solutions that block the main attack vectors. Spam filtering solutions such as SpamTitan prevent malicious messages from being delivered to inboxes. Web filters such as WebTitan prevent end users from visiting malicious sites known to host exploit kits. Remote desktop services are often exploited to gain system access, so it is important that these are disabled if they are not required, and if they are, they should only be accessible through VPNs.
Patches should be applied promptly to prevent vulnerabilities from being exploited and advanced antimalware solutions should be deployed to detect and quarantine ransomware before files are encrypted.
A new malware threat – named Viro botnet malware – has been detected that combines the file-encrypting capabilities of ransomware, with a keylogger to obtain passwords and a botnet capable of sending spam emails from infected devices.
Viro botnet malware is one of a new breed of malware variants that are highly flexible and have a wide range of capabilities to maximize profit from a successful infection. There have been several recently discovered malware variants that have combined the file-encrypting properties of ransomware with cryptocurrency mining code.
The latest threat was identified by security researchers at Trend Micro who note that this new threat is still in development and appears to have been created from scratch. The code is dissimilar to other known ransomware variants and ransomware families.
Some ransomware variants are capable of self-propagation and can spread from one infected device to other devices on the same network. Viro botnet malware achieves this by hijacking Outlook email accounts and using them to send spam email containing either a copy of itself as an attachment or a downloader to all individuals in the infected user’s contact list.
Viro botnet malware has been used in targeted attacks in the United States via spam email campaigns, although bizarrely, the ransom note dropped on the victims’ desktops is written in French. This is not the only new ransomware threat to include a French ransom note. PyLocky, a recently detected new ransomware threat that masquerades as Locky ransomware, also had a French ransom note. This appears to be a coincidence as there are no indications that the two ransomware threats are related or are being distributed by the same threat group.
With Viro botnet, Infection starts with a spam email containing a malicious attachment. If the attachment is opened and the content is allowed to run, the malicious payload will be downloaded. Viro botnet malware will first check registry keys and product keys to determine whether its encryption routine should run. If those checks are passed, an encryption/decryption key pair will be generated via a cryptographic Random Number Generator, which are then sent back to the attacker’s C2 server. Files are then encrypted via RSA and a ransom note is dropped on the desktop.
Viro botnet malware also contains a basic keylogger which will log all keystrokes on an infected machine and send the data back to the attacker’s C2 server. The malware is also capable of downloading further malicious files from the attacker’s C2.
While the attacker’s C2 server was initially active, it has currently been taken down so any further devices that are infected will not have data encrypted. Connection to the C2 server is necessary for the encryption routine to start. Even though the threat has been neutralized this is expected to only be a brief hiatus. The C2 is expected to be resurrected and larger distribution campaigns can have been predicted.
Protecting against email-based threats such as Viro botnet malware requires an advanced spam filtering solution such as SpamTitan to prevent malicious messages from being delivered to end users. Advanced antimalware software should be installed to detect malicious files should they be downloaded, and end users should receive security awareness training to help them identify security threats and respond appropriately.
Multiple backups should also be created – with one copy stored securely offsite – to ensure files can be recovered in the event of file encryption.
Xbash malware is one of several new malware threats to be detected in recent weeks that incorporate the file-encrypting properties of ransomware with the coin mining functionality of cryptocurrency mining malware.
This year, several cybersecurity and threat intelligence companies have reported that ransomware attacks have plateaued or are in decline. Ransomware attacks are still profitable, although it is possible to make more money through cryptocurrency mining.
The recent Internet Organized Crime Threat Report released by Europol notes that cryptojacking is a new cybercrime trend and is now a regular, low-risk revenue stream for cybercriminals, but that “ransomware remains the key malware threat”. Europol notes in its report that a decline has been seen in random attacks via spam email, instead cybercriminals are concentrating on attacking businesses where greater profits lie. Those attacks are highly targeted.
Another emerging trend offers cybercriminals the best of both worlds – the use of versatile malware that have the properties of both ransomware and cryptocurrency miners. These highly versatile malware variants provide cybercriminals with the opportunity to obtain ransom payments as well as the ability to mine for cryptocurrency. If the malware is installed on a system that is not ideally suited for mining cryptocurrency, the ransomware function is activated and vice versa.
Xbash malware is one such threat, albeit with one major caveat. Xbash malware does not have the ability to restore files. In that respect it is closer to NotPetya than Cerber. As was the case with NotPetya, Xbash malware just masquerades as ransomware and demands a payment to restore files – Currently 0.2 BTC ($127). Payment of the ransom will not result in keys being supplied to unlock encrypted files, as currently files are not encrypted. The malware simply deletes MySQL, PostgreSQL, and MongoDB databases. This function is activated if the malware is installed on a Linux system. If it is installed on Windows devices, the cryptojacking function is activated.
Xbash malware also has the ability to self-propagate. Once installed on a Windows system it will spread throughout the network by exploiting vulnerabilities in Hadoop, ActiveMQ and Redis services.
Currently, infection occurs through the exploitation of unpatched vulnerabilities and brute force attacks on systems with weak passwords and unprotected services. Protection against this threat requires the use of strong, unique non-default passwords, prompt patching, and endpoint security solutions. Blocking access to unknown hosts on the Internet will prevent communication with its C2 if it is installed, and naturally it is essential that multiple backups are regularly made to ensure file recovery is possible.
Kaspersky Lab determined there has been a doubling of these multi-purpose remote access tools over the past 18 months and their popularity is likely to continue to increase. This type of versatile malware could well prove to be the malware of choice for advanced threat actors over the course of the next 12 months.
A Bristol Airport ransomware attack has resulted in its customer display screens being taken offline for two days. Staff at the airport have had to resort to using dry markers and whiteboards to display flight arrival and departure information while the malicious software was removed and files were decrypted.
Ransomware was installed on its administrative computer system in the early hours on Friday, 14 September. As a result of the attack, several applications had to be taken offline as part of the airport’s efforts to contain the attack and prevent critical airport systems from being affected. The application used to display arrival and departure information throughout the airport was one of the casualties.
A statement was provided to the media confirming that a ransom demand had been received but the decision was taken not to give in to the attacker’s demand. Instead, IT staff at the airport chose to restore affected systems from backups. That process continued throughout the weekend. Screens in key locations throughout the airport were slowly brought back online on Sunday and efforts are continuing to restore files on all other affected computers at the airport.
Bristol Airport spokesman, James Gore, said initial investigations suggest this was a speculative rather than a targeted attack on the airport and that it was an online attack on its administrative systems. The exact nature of the Bristol Airport ransomware attack has not yet been disclosed and it is not known what variant of ransomware was used.
The recovery process has taken longer than was expected as the airport has adopted a particularly cautious approach due to the number of critical and security systems at the airport which could potentially have been affected. As it was, customer and airport safety were not affected by the ransomware attack and flights were not delayed.
Ransomware Still Poses a Major Threat to Businesses
Ransomware attacks have declined in recent months as many cybercriminals have turned to cryptocurrency mining as an easier way of generating an income, but the Bristol Airport ransomware attack shows that the threat of ransomware attacks is ever present. Cybercriminals have certainly not totally abandoned ransomware and it remains a serious threat.
Online attacks are also common. Ransomware is still widely distributed via exploit kits – Software loaded onto compromised websites that probes for vulnerabilities in browsers and plugins. When vulnerabilities are identified, they are exploited and ransomware is silently downloaded.
How to Prevent Ransomware Attacks
Protecting against ransomware attacks requires layered security solutions to block the key attack vectors. Spam filtering software will block the majority of malicious emails and prevent them from being delivered to end users’ inboxes. Security awareness training will help to ensure that employees can identify any malicious emails than make it past perimeter email security controls.
One of the most effective solutions for blocking web-based attacks is a web filter. Web filters can be configured to prevent end users from visiting malicious websites and will block drive-by downloads of malware. Naturally, all software, including browsers and browser plugins, should be kept up to date and fully patched to prevent vulnerabilities from being exploited. Anti-virus software on all servers and end points is also a must.
As was the case with the Bristol airport ransomware attack, files could be recovered from backups without the need to pay the ransom demand. To ensure file recovery is possible, regular backups must be made.
A good backup practice will see at least three backup copies created, on at least two separate media, with one copy stored securely offsite on a device that is not connected to a network or the Internet.
For more information on anti-ransomware solutions for businesses, speak to TitanHQ today. TitanHQ offers award-winning spam filtering and web filtering technology that blocks malware and ransomware attacks and other email and web-based threats.
There are many new services that managed service providers (MSPs) can add to their service stacks, such as cloud migration and digitization services, but the biggest area for growth is currently cybersecurity services.
The number of cyberattacks on SMBs and enterprises has increased substantially in recent years. More attacks are now being conducted than ever before, and many of those attacks are succeeding.
A successful attack can prove extremely profitable for an attacker and extremely costly for an enterprise. When a network or email account is breached, sensitive information can be stolen, such as the personal data of customers and employees and corporate secrets and proprietary data.
When customer information is stolen, the damage to a company’s reputation can be considerable. Customer churn rate increases, business is lost, and there may be regulatory fines to cover and lawsuits to fight. Notifications need to be issued and credit monitoring and identity theft protection services may need to be provided to customers. When proprietary data is stolen, a company’s competitive advantage can easily be lost.
Following any security breach, hours must be committed to forensic analyses to search for possible backdoors and malware. The breach cause must be identified and security holes must be plugged. All those costs (and more) add up. This year’s Cost of a Data Breach study conducted by the Ponemon Institute/IBM Security revealed the average cost of a data breach of up to 100,000 personal records has risen to $3.86 million in 2018 – a 6.4% increase since 2017.
The massive disruption to businesses caused by cyberattacks and the considerable cost of mitigating data breaches means SMBs and enterprises need to take precautions and invest in cybersecurity defenses. However, the shortage of skilled staff in this area and already overworked IT departments has meant many companies have had to turn to MSPs and managed security service providers (MSSPs) to help shore up their defenses, monitor for potential intrusions, and respond to breaches when they occur.
Many MSPs have responded to the demand and are now offering security services to their clients to meet the demand. That demand is so great, that managed security services are now a huge growth area for MSPs.
Each year, Channel Futures conducts its MSP 501 survey, which evaluates the revenue growth, service deliverables, and business models and strategies adopted by the most progressive and forward-thinking MSPs around the globe. This year, the survey revealed that the biggest growth area is security services. 73% of all surveyed MSPs said security was their fastest growing service. As a point of comparison, the next biggest growth area was professional services (55%), followed by Office 365 (52%) and consulting (51%).
With huge demand for managed security services, it is no longer a question of whether they should be added to MSPs service stacks, but more a question of how they can be integrated, how to architect those services, and how to package security services together to meet customers’ needs.
What Security Services are Being Offered by MSPs?
Many enterprises and SMBs that attempt to go it alone end up deploying dozens of different security solutions at considerable cost, only to discover they are still attacked and suffer network breaches. Most businesses do not have the staff to commit to implementing, monitoring, and managing large numbers of cybersecurity solutions. This creates an opportunity for MSPs.
Some MSPs have opted to provide clients with a suite of cybersecurity solutions from a single provider, as the solutions work seamlessly together and there is less potential for security gaps to exist. While this has worked for some MSPs, the problem with this approach is clients could approach that vendor and decide to go direct. MSPs that have succeeded with this model are adding considerable value – such as their expertise in running those solutions.
Logicalis, ranked #10 in the MSP 501 list, has taken a different approach and is bundling together a range of solutions that can be easily managed together and match customers’ needs exactly. “We pick our swim lanes, we pick our areas that are most relevant to our skills, to our customers, and we make sure we have the disciplines and domain expertise to deliver against that,” said Logicalis’ chief sales officer Mike Houghton.
Clients often get the best value – and protection – when MSPs package together cybersecurity products from a wide range of cybersecurity solution providers to provide a comprehensive security service, as Tom Clancy, CEO of Valiant Technology and #206 in Channel Future’s MSP 501 list explained. “Providing a bundle of offerings from different vendors that work well together is the most effective way for an MSP to retain its role as a trusted adviser.”
Valiant Technology has even taken this a step further and is moving towards making security a ‘non-optional’ offering. Clancy explained to Channel Futures that, “Our managed services plans will say, ‘It costs this much per seat, and it’s this much if you want the security package. And by the way, you really want the security package, otherwise here’s my limitation of liability.”
Naturally, putting together a package of security services requires considerable research and planning, new staff may need to be hired, and training on the products must be provided. It is a lot of work, but the potential rewards are considerable.
How Can TitanHQ Help?
TitanHQ has developed a suite of security products that are ideally suited for MSPs, offering a winning combination of easy deployment, remote management, superb protection against a wide range of threats, and excellent margins. The solutions mitigate the threat from web and email-based attacks integrate seamlessly into MSPs existing service stacks.
SpamTitan provides world-class protection from spam and malicious emails, preventing malware, ransomware, and phishing emails from reaching end users’ inboxes. The solution is complimented by WebTitan, a powerful web filtering solution that prevents end users from visiting malicious websites, blocks drive-by downloads of malicious software, and enforces acceptable Internet usage policies.
To find out more about how these two solutions benefit MSPs and their clients, and the tools available to seamlessly integrate these technology-agnostic security services into MSPs security packages, contact the TitanHQ team today.
Vulnerabilities in the VPNs NordVPN and ProtonVPN have been identified that allow execution of arbitrary code with system level privileges, highlighting the risk that can be introduced if VPN software is not kept fully patched and up to date.
VPNs May Not be As Secure as You Think
One common method used to securely access the Internet on public WiFi networks is to connect through a VPN. A VPN helps to prevent man-in-the-middle attacks and the interception of data by creating a secure tunnel through which data flows. Using VPN software means a user’s data is encrypted preventing information from being accessed by malicious actors.
While the connection is secured using a VPN, that does not always mean that a user is well protected. VPNs may not be quite as secure as users believe. Like any software, there can be vulnerabilities in VPNs that can be exploited. If the latest version of VPN software is not used, data may be vulnerable.
High Severity Vulnerabilities Identified in Popular VPNs
Recently, two of the most popular VPN clients have been found to contain a privilege escalation bug that could be exploited to allow an attacker to execute arbitrary code with elevated privileges.
The bug is present in NordVPN and ProtonVPN clients, both of which use the open-source OpenVPN software to create a tunnel through which information passes. In April, a flaw was identified which allowed an attacker with low level privileges to run arbitrary code and elevate their privileges to system level. Further, the flaw was not difficult to exploit.
A change could easily be made to the OpenVPN configuration file, adding parameters such as “plugin”, “script-security”, “up”, and “down”. Files specified within those parameters would be executed with elevated privileges. The flaw was identified by security researcher Fabius Watson of VerSprite Security, and prompt action was taken to patch the flaw.
However, while patches were issued by NordVPN and ProtonVPN that prevented the “plugin”, “script-security”, “up”, and “down” parameters from being added to the configuration file by standard users, the flaw had only been partially corrected.
Researchers at Cisco Talos discovered the same parameters could still be added to the configuration file if they were added in quotation marks. Doing that would bypass the mitigations of the patches. These vulnerabilities have been tracked under separate CVE codes – CVE-2018-3952 for ProtonVPN and CVE-2018-4010 for NordVPN. Both flaws are considered high-severity and have been assigned a CVSS v3 base score of 8.8 out of 10.
NordVPN and ProtonVPN have now released an updated patch which prevents the addition of these parameters using quotation marks, thus preventing threat actors from exploiting the vulnerability. Both vendors have tackled the problem in different ways, with ProtonVPN opting to put the configuration file in the installation directory to prevent standard users from making any changes, while NordVPN used an XML model to generate the configuration file. Standard users are not able to modify the template.
Securing Connections on Public WiFi Access Points
VPNs are an excellent way of improving security when connecting to public WiFi networks, but policies and procedures should be implemented to ensure that patches are applied promptly. It is not always possible to configure VPN clients to automatically update to the latest version. If vulnerabilities in VPNs are not addressed, they can be a major security weak point.
An additional protection that can be implemented to protect remote workers when connecting to WiFi networks is a web filtering solution such a WebTitan. WebTitan allows businesses to carefully control the web content that can be accessed by employees no matter where they connect – through wired networks, business WiFi networks, and when connecting to the Internet through public WiFi networks.
By controlling the types of sites that can be accessed, and using blacklists of known malicious sites, the potential for malware downloads can be greatly reduced.
If you want to improve WiFi security or implement web filtering controls for remote workers, contact the TitanHQ team today to find out more about WebTitan and the difference it can make to your security posture.
A new exploit kit has been detected that is being used to deliver Trojans and GandCrab ransomware. The Fallout exploit kit was unknown until August 2018, when it was identified by security researcher Nao_sec. Nao_sec observed the Fallout exploit kit being used to deliver SmokeLoader – a malware variant whose purpose is to download other types of malware.
Nao_sec determined that once SmokeLoader was installed, it downloaded two further malware variants – a previously unknown malware variant and CoalaBot – A HTTP DDoS Bot that is based on August Stealer code. Since the discovery of the Fallout exploit kit in August, it has since been observed downloading GandCrab ransomware on vulnerable Windows devices by researchers at FireEye.
While Windows users are being targeted by the threat group behind Fallout, MacOS users are not ignored. If a MacOS user encounters Fallout, they are redirected to webpages that attempt to fool visitors into downloading a fake Adobe Flash Player update or fake antivirus software. In the case of the former, the user is advised that their version of Adobe Flash Player is out of date and needs updating. In the case of the latter, the user is advised that their Mac may contain viruses, and they are urged to install a fake antivirus program that the website claims will remove all viruses from their device.
The Fallout exploit kit is installed on webpages that have been compromised by the attacker – sites with weak passwords that have been brute-forced and those that have out of date CMS installations or other vulnerabilities which have been exploited to gain access.
The two vulnerabilities exploited by the Fallout exploit kit are the Windows VBScript Engine vulnerability – CVE-2018-8174 – and the Adobe Flash Player vulnerability – CVE-2018-4878, both of which were identified and patched in 2018.
The Fallout exploit kit will attempt to exploit the VBScript vulnerability first, and should that fail, an attempt will be made to exploit the Flash vulnerability. Successful exploitation of either vulnerability will see GandCrab ransomware silently downloaded.
The first stage of the infection process, should either of the two exploits prove successful, is the downloading of a Trojan which checks to see if certain processes are running, namely: filemon.exe, netmon.exe, procmon.exe, regmon.exe, sandboxiedcomlaunch.exe, vboxservice.exe, vboxtray.exe, vmtoolsd.exe, vmwareservice.exe, vmwareuser.exe, and wireshark.exe. If any those processes are running, no further action will be taken.
If those processes are not running, a DLL will be downloaded which will install GandCrab ransomware. Once files are encrypted, a ransom note is dropped on the desktop. A payment of $499 is demanded per device to unlock the encrypted files.
Exploit kits will only work if software is out of date. Patching practices tend to be better in the United States and Europe, so attackers tend to rely on other methods to install their malicious software in these regions. Exploit kit activity is primarily concentrated in the Asia Pacific region where software is more likely to be out of date.
The best protection against the Fallout exploit kit and other EKs is to ensure that operating systems, browsers, browser extensions, and plugins are kept fully patched and all computers are running the latest versions of software. Companies that use web filters, such as WebTitan, will be better protected as end users will be prevented from visiting, or being redirected to, webpages known to host exploit kits.
To ensure that files can be recovered without paying a ransom, it is essential that regular backups are made. A good strategy is to create at least three backup copies, stored on two different media, with one copy stored securely offsite on a device that is not connected to the network or accessible over the Internet.
The CamuBot Trojan is a new malware variant that is being used in vishing campaigns on employees to obtain banking credentials.
Cybercriminals Use Vishing to Convince Employees to Install CamuBot Trojan
Spam email may be the primary method of delivering banking Trojans, but there are other ways of convincing employees to download and run malware on their computers.
In the case of the CamuBot Trojan the method used is vishing. Vishing is the voice equivalent of phishing – The use of the telephone to scam people, either by convincing them to reveal sensitive information or to take some other action such as downloading malware or making fraudulent bank transfers.
Vishing is commonly used in tech support scams where people are convinced to install fake security software to remove fictitious viruses on their computers. The campaign used to install the CamuBot Trojan is a variation on this theme and was uncovered by IBM X-Force researchers.
The attack starts with some reconnaissance. The attackers identify a business that uses a specific bank. Individuals within that organization are then identified that are likely to have access the bank accounts used by the business – payroll staff for example. Those individuals are then contacted by telephone.
The attackers claim that they are calling from the bank and are performing a check of security software on the user’s computer. The user is instructed to visit a webpage where a program will run a scan to find out if they have an up-to-date security module installed on their computer.
The fake scan is completed, and the user is informed that their security module is out of date. The caller then explains that the user must download the latest version of the security module and install it on their computer.
Once the file is downloaded and executed, it runs just like any standard software installer. The user is advised of the minimum system requirements needed for the security module to work and the installer includes the bank’s logo and color scheme to make it appear genuine.
The user is guided through the installation process, which first requires them to stop certain processes that are running on their computer. The installer displays the progress of the fake installation, but in the background, the CamuBot Trojan is being installed. Once the process is completed, it connects to its C2 server.
The user is then directed to what appears to be the login portal for their bank where they are required to enter their login credentials. The portal is a phishing webpage, and the credentials to access the users bank account are captured by the attacker.
Many banks require a second factor for authentication. If such a control is in place, the attackers will instruct the user that a further installation is required for the security module to work. They will be talked through the installation of a driver that allows a hardware-based authentication device to be remotely shared with the attacker. Once that has been installed and approved, the attackers are able to intercept any one-time passwords that are sent by the bank to the user’s device, allowing the attackers to take full control of the bank account and authorize transactions.
The CamuBot Trojan shows that malware does not need to be stealthy to be successful. Social engineering techniques can be just a effective at getting employees to install malware.
The CambuBot Trojan campaign is primarily being conducted in Brazil, but the campaign could be rolled out and used in attacks in other countries. The techniques used in this campaign are not new and have ben used in several malware campaigns in the past.
Consequently, it is important for this type of attack to be covered as part of security awareness training programs. Use of a web filter will also help to prevent these attacks from succeeding by blocking access to the malicious pages where the malware is downloaded.
A massive MagnetoCore malware campaign has been uncovered that has seen thousands of Magneto stores compromised and loaded with a payment card scraper. As visitors pay for their purchases on the checkout pages of compromised websites, their payment card information is sent to the attacker’s in real time.
Once access is gained to a website, the source code is modified to include the MagnetoCore malware, which is hidden among legitimate files in the Magnetocore.net domain.
The hacking campaign was detected by Dutch security researcher Willem de Groot. Over the past six months, the hacker behind the campaign has loaded MagnetoCore malware on at least 7,339 Magneto stores. The number of compromised websites is believed to be increasing at a rate of around 50 or 60 new stores per day.
Site owners have been informed of the MagentoCore malware infections, although currently more than 5,170 Magneto stores still have the script on the site.
The campaign was discovered when de Groot started scanning Magneto stores looking for malware infections and malicious scripts. He claims that around 4.2% of Magneto stores have been compromised and contain malware or a malicious script.
While a high number of small websites have been infected, according to de Groot, the script has also been loaded onto the websites of multi-million-dollar publicly traded companies, suggesting the hacker behind the attack has been able to steal tens, or most likely, hundreds of thousands of payment cards.
With a full set of payment card data selling for between $5 and $30 per card on darknet marketplaces, the individual(s) or hacking group behind the campaign has likely made a substantial profit.
Further information on the threat actor(s) responsible for the attacks has come from RiskIQ, which reports that the MagnetoCore malware campaign is part of much larger payment card scraping campaign known as MageCart. RiskIQ reports that MageCart has been in operation since at least 2015 and says the campaign being run by three groups. One of the groups was responsible for the TicketMaster breach reported in June that affected 5% of its customers.
All three groups are using the same tactics as part of a single campaign. It is likely the MagnetoCore malware campaign is being run by the same individuals responsible for MageCart.
Access to the sites is gained through a simple but time-consuming process – Conducting a brute force attack to guess the password for the administrator account on the website. According to de Groot, it can take months before the password is guessed. Other tactics known to be used are the use of malware such as keyloggers to obtain the login credentials and the exploitation of vulnerabilities in unpatched content management systems.
Preventing website compromises requires the use of very strong passwords and prompt patching to ensure all vulnerabilities are addressed. CMS systems should also be updated as soon as a new version is released.
It is also important for site owners to conduct regular scans of website CMSs to search for malicious scripts or code alterations, and to use a security solution that alerts the webmaster when a code change is detected on a website.
Unfortunately, finding out that a site has been compromised and removing the malicious code will not be sufficient. A painstaking check of the codebase is required as multiple backdoors are often added to compromised websites to ensure access can still be gained should the malicious code be discovered and removed.