Month: April 2018

How Does WebTitan Work?

TitanHQ’s WebTitan is a powerful web filtering solution that helps businesses control the web content that can be accessed by its employees, but how does WebTitan work and how can the solution improve an organization’s security posture?

Why Are Web Filters Necessary?

Many businesses choose to implement a web filtering solution to prevent employees from accessing inappropriate web content such as pornography or to stop work computers from being used to download illegal content such as pirated films, music, and TV shows. A category-based web filter allows businesses to block certain types of web content with ease, such as adult material and P2P file sharing websites.

While content filters can achieve those aims, perhaps a more important function of web filters is to block web-based threats such as malware and phishing websites. Many businesses choose to deploy WebTitan to block these threats, but how does WebTitan work?

How Does WebTitan Work?

WebTitan Cloud is a 100% cloud-based web filtering solution that serves as a semi-permeable membrane between an organisation’s users and the Internet. When an end user attempts to access a particular URL that does not violate an organization’s acceptable Internet use policy, the request is honoured. Since there is no latency, the speed at which the website is loaded is the same as if no filtering mechanism is in place.

Unknown to the user, when an attempt is made to access a webpage, the DNS request is sent to WebTitan Cloud which determines whether the request should be allowed or denied.

If the user attempts to access a gambling website and the gambling category has been blocked through WebTitan Cloud, the user will be advised that their request has been denied and access to the site will be prevented. But how does WebTitan work as far as malicious websites are concerned? How are malicious URLs identified and blocked?

How Does WebTitan Block Access to Malicious Websites?

How does WebTitan determine which URLs are benign and which ones are malicious, and how are those checks performed in real-time?

To block malicious sites, WebTitan uses a crowd-sourced approach and obtains a constant stream of URLs for analysis. These ActiveWeb URLs come from websites actively visited by a global network of customers through high traffic markets such as subscriber analytics, networks security, IOT, and ad tech.

This traffic is used to train WebTitan’s human-supervised Machine Learning Systems to detect, monitor, and categorize threats. Using in house and third-party tools, WebTitan performs link, content, static, heuristic, and behavioural anomaly analyses to categorize threats. When threats are detected, the WebTitan team profiles, tests and validates those threats. Once threats have been validated, they are blocked with false positives used to train the system to improve future accuracy.

In contrast to many DNS-based systems, which only work at the domain level, WebTitan works at the path level and is capable of blocking individual webpages rather than entire domains. The majority of malicious URLs in the WebTitan database are marked as malicious at the path level – 99.7% of IP-based URLs and 88.35% of non-IP-based URLs.

WebTitan performs checks of websites that have previously been marked as malicious to determine whether they still contain malware or other threats. The WebTitan Malicious Detection Solution revisits up to 300,000 sites to check whether they are still infected or have been cleaned, and the database is updated accordingly. Sites previously marked as malicious can be accessed once they have been determined to be safe.

What Web-Based Threats Does WebTitan Block?

There are ten main web-based threats that WebTitan protects against:

  • Malware distribution points
  • Ad fraud
  • Botnets
  • Spyware and questionable software
  • Phishing and other fraudulent sites
  • Command and Control (C2) servers
  • Malware call-home addresses
  • Compromised sites and links to malware
  • Spam URLs
  • Cryptocurrency mining

With WebTitan, businesses not only have highly granular control over the types of sites that can be visited by their employees, a wide range of malicious sites are also blocked, preventing malware and ransomware infections, data theft, data exfiltration and fraud.

You can view further information about WebTitan on this link. (PDF)

Most Common Wireless Network Attacks

In this post we explore some of the common wireless network attacks and offer advice on simple steps that can be taken to secure wireless networks and prevent costly data breaches.

Many Businesses are Neglecting WiFi Security

Many businesses have moved from wired to wireless technologies which has had a negative impact on their security posture. Wired networks are generally a lot easier to secure that wireless networks, and poor implementation often introduces vulnerabilities in WiFi networks. Many businesses also fail to perform a thorough risk analysis which means those vulnerabilities are not identified and addressed. Because of these security flaws, and the ease of exploiting them, wireless networks attacks are common.

The Importance of WiFi Security

Wi-Fi access used to be something you had to pay for, but now free WiFi is something many people take for granted. Visitors to a hotel, coffee shop, bar, retail outlet, or restaurant now expect WiFi to be provided free of charge. The decision to use a particular establishment is often influenced by whether free WiFi is available, but increasingly the quality of the connection is a factor in the decision process.

The quality of the WiFi on offer is not just a question of there being enough bandwidth and fast internet speeds. Parents often choose to visit establishments that provide secure WiFi with content control, for instance, businesses that have been verified under the Friendly WiFi scheme. In order to be accredited under the scheme, businesses must have implemented appropriate filtering controls to ensure minors are prevented from accessing age-inappropriate material.

The massive rise in cyberattacks via public WiFi networks and warnings about WiFi risks in the mainstream media have seen many consumers choose to frequent establishments that offer secure WiFi access.

If you run a business and are providing WiFi to customers or if you are considering adding a WiFi hotspot to attract more customers, be sure to consider the security of the network. The past couple of years have seen many attacks on WiFi networks and customers who use those wireless services. The increase in WLAN attacks means WiFi security has never been so important.

Before covering some of the most common wireless attacks, it is worthwhile exploring some of the common wireless network vulnerabilities that can be exploited to eavesdrop on traffic, infect users with malware, and steal sensitive information.

Common Wireless Vulnerabilities

Listed below are some of the most common wireless network vulnerabilities and steps that can be taken to prevent the vulnerabilities from being exploited. These wireless network vulnerabilities could easily be exploited in real world attacks on wireless networks to steal sensitive data, take control of a router or connected device, or install malware or ransomware.

Use of Default SSIDs and Passwords

WIFi access points are shipped with a default SSID and password which need to be changed, but all too often, those default passwords are left in place. That makes it easy for an attacker to login and take control of the router, change settings or firmware, load malicious scripts, or even change the DNS server so that all traffic is directed to an IP owned by the attacker. Default passwords must be changed to prevent anyone within range of the signal from connecting and sniffing traffic.

If wireless controllers are used to manage WiFi access points via web interfaces, make sure the default passwords are also changed. These default passwords can be easily found online and can be used to attack wireless networks.

Placing an Access Point Where Tampering Can Occur

If the access point is placed in a location where it can be physically accessed, tampering can occur. It takes just seconds to revert the access point to factory default settings. Make sure the access point is located in a secure location, such as a locked closet.

Use of Vulnerable WEP Protocol

The Wired Equivalent Privacy (WEP) protocol was the first protocol used to encrypt wireless traffic. WEP, as the name suggests, was intended to make wireless networks as secure as their wired counterparts, but that does not make WEP wireless networks secure.

WEP is based on the RC4 cypher, which is secure. The problem is how RC4 is implemented in WEP. WEP allows an initialization vector to be re-used, and the re-use of keys is never a good idea. That allows an attacker to crack the encryption with ease. Several other vulnerabilities have been identified in WEP which make it far from secure.

Even though WEP has been depreciated and there are much more secure wireless encryption protocols to use, many businesses continue to use WEP in the mistaken belief that it is secure. WEP is more secure than no encryption at all – bad security is better than no security – but there are much more secure options for encrypting WiFi traffic. If you want to improve security and prevent WLAN attacks, upgrade to WPA2 or WPA3, which use the much more secure Advanced Encryption Standard (AES) and lack the vulnerabilities of WEP.

WPA2 Krack Vulnerability

WPA may be more secure than WEP, but it is not without its own wireless vulnerabilities. Two Belgian researchers – Mathy Vanhoef and Frank Piessens of the University of Leuven – identified a serious flaw in the WPA security protocol.  The flaw was named KRACK, short for Key Reinstallation Attack. The flaw can be exploited in a man-in-the-middle attack to steal sensitive data sent via the WPA encrypted WiFi connection. If the WPA flaw is exploited, an attacker could eavesdrop on traffic and obtain banking credentials, passwords, and credit card information.

The vulnerability exists in the four-way handshake. An encrypted WPA2 connection starts with a four-way handshake, but not all parts of that handshake are required. To speed up re-connections, the third part is retransmitted. That third part of the handshake may be repeated several times, and it is this step that could be used in a wireless network attack.

By repeatedly resetting the nonce transmitted in the third step of the handshake, an attacker can gradually match encrypted packets and discover the full keychain used to encrypt traffic.

A threat actor could set up a clone of a WiFi access point that a user has previously connected to – an evil twin. To the user, nothing would appear untoward as Internet access would be provided via that evil twin. An attacker can force a user to connect to the cloned WiFi network and all information sent via that evil twin WiFi network can be intercepted. While the attack will not work on sites with SSL/TLS encryption, tools can be used that make this possible by forcing a user to visit an HTTP version of the website.

In order to execute a KRACK WiFi attack, the WiFi network must be using WPA2-PSK or WPA-Enterprise and the attacker needs to be within range of the WiFi signal. Virtually all routers currently in use are vulnerable to KRACK WiFi attacks. The best defense is to keep routers up to date and for users to only connect to wireless networks using a paid-for, up to date VPN. The issue has been addressed in WPA3, which is supported by the latest wireless access points. However, even with this exceptionally common wireless network vulnerability, WPA2 is still far more secure than WEP.

NetSpectre – Remote Spectre Exploit

Spectre is a vulnerability that affects microprocessors that perform branch prediction. The vulnerability can be exploited to allow an attacker to access chosen virtual memory locations and thus obtain sensitive data. In order for the flaw to be exploited, an attacker would first need to convince a user to download and run malicious code or to visit a website where JavaScript is run in the browser. Researchers at Graz University of Technology have developed a new type of attack that can be performed via network connections, including WiFi networks. The attack – termed NetSpectre – is fortunately complex so there are far easier ways to attack an organization. The risk of exploitation is therefore low.

What are the Most Common Wireless Network Attacks?

Many of the most common wireless network attacks are opportunistic in nature. WiFi hackers look for wireless networks that are easy to attack.

Hackers are more than happy to take advantage of poor security controls to gain access to sensitive information and distribute malware. Why waste time attacking well secured WiFi networks when there are plenty with scant or no security?

Poorly secured WiFi networks are also targeted by more sophisticated cybercriminals and organized crime groups to gain a foothold in the network. The attacks can be extremely lucrative. Access to a business network can allow ransomware to be installed and if malware can be installed on POS systems, the credit/debit card numbers of tens or hundreds of thousands of customers can be stolen.

Types of Wireless Network Attacks

There are several different types of WiFi attacks that hackers use to eavesdrop on wireless network connections to obtain passwords and banking credentials and spread malware. The main types of WiFi attacks are detailed below.

Fake WiFi Access Points, Evil Twins, and Man in the Middle Attacks

Visitors to hotels, coffee shops and malls often connect to the free WiFi on offer, but various studies have shown that care is not always taken when connecting. Customers often choose the WiFi access point based on the SSID without checking it is the wireless network set up by a particular establishment for customer use.

Criminals can easily set up fake WiFi access points, often using the name of the establishment in the SSID. A SSID called ‘Free Airport WiFi’ would be enough to get many people to connect. When customers connect to these rogue WiFi networks they can still access the Internet, so are unlikely to realize anything is wrong. However, once connected to that network, everything they do online will be monitored by cybercriminals. Sensitive information entered online, such as email addresses and passwords, credit card numbers, or banking credentials, can and will be stolen.

How is this done? The attacker simply creates a hotspot on a smartphone and pairs it with a tablet or laptop. The hacker can then sit in a coffee shop drinking a latte while monitoring the traffic of everyone that connects. Alternatively, they can use a router with the same name and password as the one currently in use. This may also have a stronger WiFi signal, which may see more people connect. Through the “evil twin” all traffic will be plainly visible to the attacker and all data sent over the network can be captured.

Fake access points and evil twins are among the most common wireless network attacks. They are easy to conduct, require little technical skill, and are very effective. One study indicated more than a third of WiFi hotspot users take no precautions when accessing WiFi hotspots and frequently connect to unsecured networks.

Packet Sniffing: Interception of Unencrypted Traffic

Research by Kaspersky Lab in 2016 showed more than a quarter of public Wi-Fi hotspots set up in malls were insecure and lacked even basic security controls. A quarter did not encrypt traffic at all, while research conducted by Skycure showed that five of the 10 busiest malls in the USA had risky WiFi networks.

One mall in Las Vegas was discovered to be operating 14 risky WiFi access points. Hackers can use packet sniffers to intercept traffic on unencrypted WiFi networks. Packet sniffing is one of the most common wireless attacks.

These common wireless network attacks are easy on older routers, such as those using WEP encryption. WPA offers better security, WPA2 is better still, or ideally, the new WPA3 encryption protocol should be used if it is supported by your access point.

Wardriving

War driving is a technique used to identify and map vulnerable access points. The name comes from the fact that attackers drive around a neighborhood and use a laptop with a GPS device, antenna to identify and record the location of wireless networks.  This technique is effective, since many WiFi networks used by businesses extend beyond the confines of the building and poor security controls are applied to secure those networks.

Warshipping

Warshipping is a more efficient method of attacking WiFi networks as it allows attacks to be conducted remotely, even if the attacker is not within range of a WiFi network. The tactic was explained by IBM X-Force Red researchers at Black Hat USA. They used cheap (under $100) and easy to obtain components to create a single-board computer with WiFi and 3G capabilities that runs on a cell phone battery. The device can be used to locally connect to the WiFi network and sends information back to the attackers via the 3G cellular connection.

Since the device is small, it can easily be hidden inside a small package and getting that package into a building is easy. It can just be mailed. Since the package may be addressed to someone not working it the company, it could sit in the mailroom for a while before it is opened. Since the package can be tracked, the attackers will know when it is in the building. Alternatively, it could be hidden in any number of items from plant pots to teddy bears. If the device is within range of WiFi networks, it could be used to attack those networks.

Hashed network access codes can be sent back to the attackers to crack, and the device can then connect to WiFi networks in the building and harvest data. The device could be used in a man-in-the-middle attack by impersonating an internal WiFi network.

MAC Spoofing

Many businesses use MAC filtering to prevent specific devices from connecting to their WiFi networks. While this is useful for preventing individuals from taking advantage of free WiFi for customers, this method of blocking users can be easily bypassed. It is easy to spoof a MAC address and bypass this filtering control.

Examples of WiFi Network Attacks

Attacks on wireless networks are not just theoretical. Listed below are some examples of common wireless networks attacks that have resulted in the installation of malware or theft of sensitive information. These latest wireless security attacks could easily have been prevented had appropriate security controls been implemented.

Latest Wireless Security Attacks

Tel Aviv Free WiFi Network Hacking Incident

One notable example of how easy it can be for a hacker to take over a WiFi network comes from Tel Aviv. Tel Aviv offers a city-wide free WiFi network, which incorporates basic security controls to keep users secure on the network. However, it did not prove to be as secure as city officials thought.

While commuting home, Tel Aviv resident Amihai Neiderman noticed a new WiFi access point had appeared. The FREE_TLV access point was provided by the city and Neiderman decided to test its security controls. After determining the IP address through which WiFi clients accessed the Internet, he disconnected, scanned the router, and discovered the web-based login interface was run through HTTPS port 443.

While he found no major vulnerabilities, after extensive analysis he identified a buffer overflow vulnerability which he successfully exploited to take full control of the router. By doing so, if he was so inclined, he could have intercepted the traffic from tens of thousands of users.

Toasters Used to Hack Unsecured WiFi Networks

Perhaps not one of the most common WiFi network attacks, but notable none the less due to the rise in use of IoT devices. IoT capability has been incorporated into all manner of devices from toasters to washing machines. These devices can be vulnerable to supply chain attacks – Where hardware is altered to allow the devices to be used to attack WiFi networks. In 2016, Russian officials discovered chips imported from China had been altered and were being used to spread malware that could eavesdrop on unsecured WiFi networks from a range of 200 meters. They were used to infect those networks with malware that could steal information.

In Flight WiFi Network Hacking from the Ground

Cybersecurity expert Ruben Santamarta has demonstrated it is possible to hack into airline WiFi networks from the ground and view the internet activity of passengers and intercept their information. More worryingly, he was also able to gain access to the cockpit network and SATCOM equipment. He claims the same technique could be used for ships, industrial facilities and even military installations. He explained how he did it in his “Last Call for SATCOM security” presentation at the 2018 black hat hacker conference.

Orange Modems Leaking Wi-Fi Passwords

A vulnerability has been identified in Orange LiveBox ADSL modems that causes them to leak the SSID and WiFi passwords in plaintext. The flaw was identified by Bad Packets researchers who observed their honeypots being actively attacked. A search on Shodan showed there are nearly 20,000 vulnerable Orange modems than leak Wi-Fi passwords and SSIDs in plaintext. In many cases, the default credentials of admin/admin were still being used! The flaw means the WiFi networks could easily be attacked remotely. Attackers could change device settings, alter firmware, and even obtain the phone number and conduct a range of other attacks.

WeWork WiFi Security Flaws

WeWork, a provider of custom workspaces, private offices, and on-demand workspaces equipped with high-bandwidth WiFi, has made an error implementing those WiFi networks which makes them far from secure.

WeWork used the same WiFi password at many of its shared offices for several years. To make matters worse, that password was weak and regularly features in the top 25 lists of extremely poor passwords. However, there was no need to guess it as it was available in through the WeWork app in plaintext. Such a simple yet serious error placed all users of those workspaces at risk for several years. The researchers investigated several locations in San Francisco and found the same weak password used at multiple locations. Further, the WiFi network was only protected with WPA2 Personal security.

Teemu Airamo checked security of the workspace he had just moved into and found hundreds of other companies’ devices exposed. Subsequent scans on the WeWork network revealed an enormous amount of sensitive data had been exposed. Password reuse is never a good idea, and neither is using dictionary words or heaven forbid, any of the top 25 lists of shockingly awful passwords.

WiFi Networks Can be Used to Gain Access to Business Data

Creating a WiFi network for guests is simple. Ensuring it is secure and cannot be used for attacks on the business network or customers requires more thought and effort. Any business that allows customers to make purchases using credit and debit cards is a major target for hackers and poor WiFi security is likely to be exploited sooner or later. The past few years have seen many major attacks that have resulted in malware being installed on POS systems. These are now some of the most common wireless network attacks.

How Can Businesses Prevent the Most Common Wireless Network Attacks?

How can businesses protect against some of the most common wireless network attacks? While it is difficult to prevent the creation of fake WiFi hotspots, there are steps that can be taken to prevent many common wireless network attacks and keep the WiFi network secure.

Isolate the Guest Network

If your business network is not isolated from your guest WiFi network, it could be used to gain access to business data and could place your POS at risk of compromise. Use a router that offers multiple SSIDs – most modern routers have that functionality. These routers often have a guest SSID option or separate guest portal. Make sure it is activated when it is deployed. Alternatively, your wireless router may have a wireless isolation feature which will prevent WiFi users from accessing your internal network and other client devices. If you require multiple access points throughout your establishment, you are likely to need a VLAN or EoIP tunnel configuration – A more complicated setup that will require you to seek professional advice on security.

Encrypt WiFi Traffic with WPA2 or WPA3

If you have an old router that does not support WPA2 encryption it’s time for an upgrade. WPA2 is the minimum standard for WiFi security, and while it can still be cracked, it is time consuming and difficult. WPA3 has now been released and an upgrade should be considered. You should also make sure that WPS is turned off.

Update Firmware Promptly

All software and devices contain vulnerabilities and require updating. Software should be patched and devices such as routers will need to have their firmware upgraded when new versions are released. Check your device manufacturers website periodically for details of firmware updates and ensure your device is updated.

Create a Secure SSID

Your router will have a default SSID name, but this should be changed to personalize it to your business. If you make it easily identifiable, it will reduce the potential for rogue access points to be confused with your own.  Ensure that you enforce WPA2 encryption with a shared key and post that information for your customers along with your SSID in a prominent place where they can see it.

Restrict WiFi Access

If your wireless router or access point is too powerful, it could be accessed from outside your premises. Choose a router that allows you to alter the strength of your signal and you can ensure only your customers will use your connection. Also ensure that your WiFi access point is only available during business hours. If your access points are left unsupervised when your business is closed, it increases the risk of an attack.

Secure Your Infrastructure

Administrator access can be abused, so ensure that your login name and your passwords are secure. If the default credentials are not changed, it will only be a matter of time before they are abused. Change the username from ‘admin’ or any other default username. Set a strong password that includes upper and lower-case letters, at least one number, and a special character. The password must be at least 8 characters although more is better.  Alternatively use a 14-character+ passphrase.

Use a Web Filter

A web filtering solution is an essential protection for all WiFi networks. Web filters will prevent users from visiting websites and web pages that are known to have been compromised or have been confirmed as malicious. This will protect your customers from web-based threats such as drive by downloads, exploit kits and phishing. A web filter will also allow you to prevent your network from being used to download or view unacceptable content such as pornography and lets you control bandwidth usage to ensure all customers can enjoy decent Internet speeds.

TitanHQ offers a scalable, easy to deploy, granular web filter for WiFi networks. WebTitan Cloud for WiFi requires no hardware purchases or software downloads, and being 100% cloud-based, can be managed and monitored from any location and can help protect you against the most common wireless network attacks.

How Does WebTitan Cloud for WiFi Work?

protection from the common wireless network attacks

Features of WebTitan Cloud for WiFi

  • No hardware or software installation required
    Quick and easy to implement
    Fast: DNS solution provides almost zero additional latency
    Supports both static and dynamic IPs addresses
    No specialist training required
    Protects against all web-based threats
    Precision control over the content that can be accessed over WiFi
    Instant alerts about users trying to access restricted content
    Can be integrated into exisiting systems for easy management
    Available to MSps and resellers in white label form
    Fully multi-tenented platform

WebTitan Cloud for WiFi, live all TitanHQ solutions, is available on a free trial for you to evaluate the full solution in your own environment. During the trial you will receive full product support to ensure you get the most out of your trial.

Contact TitanHQ today to arrange your trial, for details of pricing, or to book a product demonstration. Our Customer Service team will be more than happy to answer any questions you have about the product.

Web Filtering FAQs

How can I make my guest Wi-Fi network secure?

You should change your SSID from the default, set a strong password, enable encryption (WPA2 or WPA3), prevent guests from accessing router settings and local network resources, and set up a web filtering solution to restrict access to potentially harmful web content.

How much does content filtering cost?

You can expect to pay between $1 and $3 per user, per month depending on the Wi-Fi content filtering solution you choose. At TitanHQ, we offer powerful content filtering at an affordable price for all businesses. WebTitan Cloud for Wi-Fi starts at $1.01 per user per month.

What is the best way to block phishing attacks?

Two anti-phishing solutions that businesses should implement are an email security gateway or spam filter to block malicious emails and a web filter to prevent employees from visiting phishing websites, either from links in malicious emails or through web browsing and redirects.

How easy is it to start filtering the Internet?

With WebTitan Cloud for Wi-Fi, content filtering is easy. Simply point your DNS to WebTitan, log in to your web-based user interface, then select the categories of content you want to block. It is that simple. Everything is intuitive and you have additional options if you want more precise control or need to implement different controls for different user groups. If every you get stuck, you benefit from world-class customer support to get you back on track.

Should I enable SSL inspection?

SSL inspection allows you inspect traffic to and from encrypted websites. Since most websites now secure the connection between the site and browser, this traffic will be invisible unless you enable SSL inspection. Malicious websites often have SSL certificates and will pose a serious threat if traffic is not inspected.

EITest Web-Based Malware Distribution Network Disrupted

A web-based malware distribution network that was redirecting around 2 million website visitors a day to compromised websites hosting exploit kits has been disrupted, crippling the malware distribution operation. The web-based malware distribution network – known as EITest – was using compromised websites to redirect web visitors to sites where exploits were used to download malware and ransomware, as well as redirect users to phishing websites and tech support scams that convinced visitors to pay for fake software to remove non-existent malware infections.

Due to the scale of the operation, removing the redirects from compromised websites is a gargantuan task. Efforts to clean up those sites are continuing, with national CERTs notified to provide assistance. However, the web-based malware distribution network has been sinkholed and traffic is now being redirected to a safe domain. Proofpoint researchers were able to seize a key domain that was generating C&C domains, blocking the redirects and re-routing them to four new EITest domains that point to an abuse.ch sinkhole.

The sinkhole has only been in operation for a month – being activated on March 15 – yet already it has helped to protect tens – if not hundreds of millions – of website visitors. In the first three weeks alone, an astonishing 44 million visitors had been redirected to the sinkhole from around 52,000 compromised websites and servers.

The majority of the compromised websites were running WordPress. Malicious code had been injected by taking advantage of flaws in the CMS and plugins installed on the sites. Vulnerabilities in Joomla, Drupal, and PrestaShop had also been exploited to install the malicious code.

The web-based malware distribution network has been in operation since at least 2011, although activity increased significantly in 2014. While previous efforts had been made to disrupt the malware distribution network, most failed and others were only temporarily successful.

The malicious code injected into the servers and websites primarily redirected website visitors to an exploit kit called Glazunov, and to a lesser extent, the Angler exploit kit.  Those exploit kits probed for multiple vulnerabilities in software to download ransomware and malware.

The threat actors behind EITest are believed to have responded and have attempted to gain control of the sinkhole, but for the time being those efforts have been thwarted.

How to Improve Security and Block Web-Based Malware Attacks

While it is certainly good news that such a major operation has been disrupted, the scale of the operation highlights the extent of the threat of web-based attacks. Spam email may have become the main method for distributing malware and ransomware, but organizations should not ignore the threat from web-based attacks.

These attacks can occur when employees are simply browsing the web and visiting perfectly legitimate websites. Unfortunately, lax security by website owners can easily see their website compromised. The failure to update WordPress or other content management systems and plugins along with poor password practices makes attacks on the sites a quick and easy process.

One of the best cybersecurity solutions to implement to reduce the risk of web-based attacks is a web filter. Without a web filter in place, employees will be permitted to visit any website, including sites known to host malware or be used for malicious purposes.

With a web filter in place, redirects to malicious websites can be blocked, downloads of risky files prevented, and web-based phishing attacks thwarted.

TitanHQ is the leading provider of cloud-based web filtering solutions for SMBs and enterprises. WebTitan Cloud and WebTitan Cloud for WiFi allow SMBs and enterprises to carefully control the website content that can be accessed by their employees, guest network users, and WiFi users. The solution features powerful antivirus protections, uses blacklists of known malicious websites, and incorporates SSL/HTTPS inspection to provide protection against malicious encrypted traffic.

The solution also allows SMBs and enterprises to enforce their acceptable internet usage policies and schools to enforce Safe Search and YouTube for Schools.

For further information on how WebTitan can protect your employees and students and prevent malware infections on your network, contact TitanHQ today.