Month: October 2018

Eutelsat Chooses TitanHQ to Secure its Corporate and Guest W-Fi Networks

TitanHQ has announced that the leading satellite operator EutelSat is now protecting its corporate and guest Wi-Fi networks with WebTitan Cloud for Wi-Fi.

Eutelsat is one of the world’s leading satellite operators and provides video, data, broadband, and government services through its high-performance satellites. The company is the leading satellite operator in more than 150 countries throughout Europe, Africa, and the Middle East and employs more than 1,000 commercial and technical staff in 44 countries around the globe.

With so many staff members able to access the Internet at work through company Wi-Fi hotspots, it is essential that cybersecurity solutions are deployed to block access to malicious websites where cybercriminals can phish for sensitive information or malware and ransomware downloads can occur.

In order to protect against these threats, companies need to deploy a powerful and flexible web filtering solution. Eutelsat chose WebTitan Cloud for Wi-Fi – The leading Wi-Fi web filtering solution for enterprises. WebTitan Cloud for Wi-Fi has enabled Eutelsat to crease a safe and secure online environment for all users of its Wi-Fi access points.

With WebTitan Cloud for Wi-Fi deployed, employees are prevented from accessing inappropriate website content and access to websites known to be used for phishing or drive-by malware downloads are blocked.

Naturally different user groups require different levels of content control. Since WebTitan Cloud for Wi-Fi integrates with Active Directory, it is easy for different levels of filtering to be applied by department, user group or individual, in addition to organization-wide controls.

“TitanHQ continues to expand its customer base with the ongoing addition of new customers across multiple industries,” explained TitanHQ CEO Ronan Kavanagh. “Our current levels of achievement and growth, including what we’ve seen in the past six months, prove that companies are recognizing the value of our commitment to Wi-Fi security across our offerings and our customer-first culture. We are extremely excited to see what 2019 will bring for both our newly signed customers and our existing client base.”

If you are interested in securing your wired or wireless networks and blocking access to undesirable and malicious web content, contact the TitanHQ team today for details of pricing, to book a product demonstration, or to sign up for a free trial to see WebTitan in action.

Secure Hotel Wi-Fi Access Points and Gain a Competitive Advantage

Business and leisure travelers are looking for secure hotel Wi-Fi access in addition to fast and reliable Internet access. If you take steps to secure hotel WiFi access points, you can gain a significant competitive advantage.

The Importance of Hotel Wi-Fi to Guests

The number one hotel amenity that most travelers can simply not do without is fast, free, reliable, Internet access. In 2013, a joint study conducted by Forrester Research and Hotels.com revealed that 9 out of ten guests rated Wi-Fi as the top hotel amenity. 34% of respondents to the survey said free Wi-Fi was a ‘deal breaker.’ Now four years on, those percentages will certainly have increased.

Wi-Fi access is essential for business travelers as they need to be able to stay in touch with the office and be able to communicate with their customers. Leisure travelers need free Internet access to keep in touch with friends, look up local attractions, and enjoy cheap entertainment in the comfort of their rooms. Younger travelers need constant access to social media accounts and online games as they get at home.

It doesn’t matter whether you run a small family bed and breakfast or a large chain of hotels, Wi-Fi access for guests is essential. Any hotel that doesn’t have reliable and fast Wi-Fi will lose business to establishments that do.

It is now easy for potential guests to check if an establishment has Wi-Fi and even find out about the speed and reliability of the connection. The hotelwifitest.com website lets travelers check the speed of Internet access in hotels before booking.

Guests don’t post rave reviews based on the speed of Internet connections, but they will certainly make it known if Internet access is poor or nonexistent. Many of the negative comments on hotel booking websites and TripAdvisor are related to Wi-Fi. Put simply, you will not get anywhere near the same level of occupancy if your Wi-Fi network isn’t up to scratch.

Secure Hotel Wi-Fi is Now as Important as Offering Wi-Fi to Guests

Businesses are now directing a considerable percentage of their IT budgets to cybersecurity to prevent hackers from gaining access to their networks and sensitive data. Securing internal systems is relatively straightforward, but when employees have to travel for work and access networks remotely, hackers can take advantage.

When employees must travel for business, their hotel is often the only place where they can connect to the office network and their email. They need to know that they can login securely from the hotel and that doing so will not result in the theft of their credentials or a malware infection. A hotel will be failing its business customers if it does not offer safe and secure Wi-Fi access.

All it takes is for one malware infection or cyberattack to occur while connected to a hotel Wi-Fi network for the reputation of the hotel to be tarnished. Hotels really cannot afford to take any risks.

Multiple Levels of Wi-Fi Access Should be Offered

Parents staying in hotels will want to make sure that their children can access the Internet safely and securely and will not accidentally or deliberately be able to gain access to age-inappropriate websites. If a hotel claims to be family-friendly, that must also extend to the Wi-Fi network. Any hotel that fails to prevent minors from accessing obscene images while connected to hotel Wi-Fi cannot claim it is family-friendly.

Hotels can offer Wi-Fi access for families that blocks adult websites and anonymizers, which are commonly used to bypass filtering controls. Safe Search can also be enforced, but not all users will want that level of control.

To cater to the needs of all guests, different levels of Wi-Fi access are likely to be required. Some guests will want to be able to access the types of websites they do at home without restrictions and business travelers will certainly not want anonymizers to be blocked. Some customers insist on the use of VPNs when employees connect to their business network or email.

Hotels that implement a web filtering solution can easily create different tiers of Internet access. One for families and a less restrictive level for other users. Free internet access could be limited to a basic level that includes general web and email access but blocks access to video streaming services such as YouTube and Netflix. Those services could be offered as part of a low-cost Wi-Fi package to generate some extra revenue. These tiers can easily be created with a web filtering solution.

How to Easily Secure Hotel Wi-Fi

Offering secure hotel Wi-Fi to guests does not require expensive hardware to be purchased. While appliance-based web filters are used by many businesses, there is a much lower cost option that is better suited for hotel use.

A cloud-based web filter for Wi-Fi – such as WebTitan Cloud for Wi-Fi – is the easiest to implement secure hotel Wi-Fi solution. With WebTitan Cloud for Wi-Fi, your Wi-Fi network can be secured with just a simple change to your DNS records. No hardware is required and there is no need to install any software. One solution will protect all Wi-Fi access points and can be up and running in a matter of minutes. There is no limit on the number of access points that can be protected by WebTitan Cloud for Wi-Fi.

Once your DNS is pointed to WebTitan, you can apply your content controls – which is as simple as clicking on a few checkboxes to block categories of web content that your guests shouldn’t be allowed to access.

You can create multiple accounts with different controls – one for business users, one for families, and one for employees for example. No training is required to administer the solution as it has been developed to require no technical skill whatsoever. All of the complex elements of web filtering are handled by TitanHQ.

If you run a hotel and you are not currently filtering the internet, talk to TitanHQ about how you can your secure your hotel Wi-Fi access points, protect your guests, and ensure all users can access the Internet safely and securely.

With WebTitan Cloud for WiFi you can:

  • Filter the Internet across multiple WiFi hotspots
  • Create a family-friendly, safe and secure web browsing environment
  • Manage access points through a single web-based administration panel
  • Delegate management of access points
  • Filter by website, website category, keyword term, or keyword score
  • Block material contained in the child abuse image content URL list (CAIC List)
  • Upload blacklists and create whitelists
  • Reduce the risk of phishing attacks
  • Block malware and ransomware downloads
  • Inspect encrypted websites with SSL certificates
  • Schedule and run reports on demand
  • Gain a real-time view of internet activity
  • Gain insights into bandwidth use and restrict activities to conserve bandwidth
  • Integrate the solution into existing systems through a suite of APIs

Failure to Control Employee Internet Use Results in Malware Download on Government Computer

An IT security audit conducted by the U.S. Geological Survey (USGS) at its Earth Resources Observation and Science Center has highlighted the importance of implementing technical solutions to control employee internet use.

Most organizations and businesses have strict rules covering acceptable use of the Internet on work computers. Those rules are usually explained when a new employee starts work. A document must be signed that confirms that the Rules have been understood and the employee is aware of the repercussions if the rules are violated.

For many organizations and businesses, those measures are deemed to be sufficient. Most employees understand the rules and adhere to them, but even though rule violations will likely result in termination, some employees take the risk as they believe they will not be caught.

Security Audit Reveals Extensive Policy Violations

During a recent USGS IT security audit, suspicious Internet traffic was identified. The discovery prompted an investigation by the U.S. Department of the Interior Office of Inspector General (OIG) to determine the source of the suspicious traffic.

The OIG investigation revealed malware had been installed on an employee’s computer and that the malware was the source of the suspicious communications. Further investigation revealed the employee had been routinely visiting adult websites, which routed through Russian websites that hosted malware. As a result of visiting those websites, the employee had inadvertently downloaded malware onto the work computer. Pornographic images had been downloaded, which were then transferred to an Android mobile and portable USB drive. The mobile was similarly infected with malware.

The employee was discovered to have viewed over 9,000 adult websites, even though USGS Rules of Behavior had been explained and a document was signed confirming those rules had been understood. Annual security training had also been provided in which the Rules of Behavior were reinforced.

Had USGS implemented a technical solution to control employee internet use and enforce its Rules of Behavior, the malware infection would have been avoided.

OIG made several recommendations to prevent future malware infections and similar abuses of its Rules of Behavior, which included enforcing a strong blacklist of URLs and to regularly monitor employee Internet use. Additionally, it was recommended that USGS implement controls that prevent employees from using unauthorized USB devices on their work computers.

In addition to implementing an advanced intrusion detection system and firewall, USGS is now enhancing its preventative countermeasures by detecting and blocking known pornographic websites and other websites with suspicious origins.

This is not the first time that the U.S. government has discovered employees have accessed pornography at work and it certainly will not be the last.

The problem is believed to be so widespread that Rep. Mark Meadows (R-NC11) proposed the Eliminating Pornography from Agencies Act on three occasions. The Act was prompted by the discovery that an Environmental Protection Agency had been accessing pornography at work. In that case, the employee had viewed pornography for 252 hours in a single year without detection.

The Easy Way to Control Employee Internet Use and Block Web-Based Threats

These cases show that organizations and businesses that rely on internal policies to control employee internet use are taking a considerable risk. It is not just the visiting of adult websites that carries an increased risk of malware infections. Malware can be downloaded from an extensive range of websites, even seemingly ‘legitimate’ sites.

Only by implementing a web filtering solution to control employee internet use will organizations and businesses be able to effectively reduce risk. A web filter is an appliance, virtual appliance, or cloud-based solution that prevents employees from accessing website content that violates acceptable Internet usage policies and blocks the accessing of websites that are known to be used for malicious purposes or have been infected with malware and exploit kits.

Control Employee Internet Use with WebTitan

WebTitan is a lightweight but powerful web filtering solution that allows organizations and businesses to carefully control employee internet use and block access to websites known to host pornography and other unsuitable for work content. A comprehensive reporting suite also allows employee internet use to be carefully monitored, including attempts to view prohibited content even if those attempts are not successful.

WebTitan can be deployed as a gateway solution on existing hardware or hypervisors or as a cloud-based solution hosted on TitanHQ servers. The solution is quick and easy to implement and configure and can be up and running in a matter of minutes. In addition to category-based filtering controls, the solution can block by keyword or keyword score and supports whitelists and blacklists.

If you want to control employee internet use and manage risk, call TitanHQ today for further information on WebTitan and find out how it can reduce the risk from web-based threats at your place of work.

FilesLocker Ransomware: A New RaaS Variant Targeting Chinese and English Speakers

A new ransomware threat has been detected called FilesLocker which is currently being offered as ransomware-as-a-service (RaaS) on a TOR malware forum. FilesLocker ransomware is not a particularly sophisticated ransomware variant, but it still poses a significant threat.

FilesLocker ransomware is a dual language ransomware variant that displays ransom notes in both Chinese and English. MalwareHunterTeam has identified a Chinese forum on TOR where it is being offered to affiliates to distribute for a cut of the ransom payments.

Unless advertised more widely, the number of affiliates that sign up may be limited, although it may prove popular. There are several features which could see the ransomware variant favored over other RaaS offerings, notably a sliding scale on commissions. The developers are offering a 60% cut of ransoms, which will increase to 75% if sufficiently high numbers of infections can be generated.

While relatively small and simple, FilesLocker ransomware still uses an RSA 2048+AES algorithm to lock files and it deletes Windows shadow copies to hamper attempts to recover files without paying the ransom. FilesLocker is also capable of file encryption in a broken network environment.

No server is required and the ransomware is effective on all Windows versions later than XP plus 32-bit and 64-bit Windows Server. Users are also able to easily monitor infections through a tracking feature which displays infections by country.

There is no free decryptor for FilesLocker ransomware. Recovery will only be possible by restoring files from backups.

While news of a new RaaS offering is never good, there has at least been some good news on the ransomware front this week, at least for some victims.

Free Decryptor Developed for GandCrab Ransomware

GandCrab ransomware is another RaaS offering that has been available since January 2018. It has been widely adopted, with many affiliates signing up to distribute the ransomware over the past 10 months.

A GandCrab ransomware decryptor was developed by Bitdefender in February that was able to unlock files encrypted by version 1.0 and v1.1 of GandCrab ransomware. The decryptor was developed after private keys were leaked online. However, it didn’t take long for v2.0 to be released, for which no free decryptor is available. There have been several further updates to GandCrab ransomware over the past few months, with v5.0 of the ransomware variant released in late September.

This week, Bitdefender has announced that after collaboration with the Romanian Police, Europol and other law enforcement agencies, a new decryption tool has been developed that allows GandCrab ransomware victims to decrypt files for free, provided they have been attacked with version 1, 4, or 5 of the ransomware.

The version can be determined by the extension used on encrypted files. V1=GDCB; v2/3=CRAB; v4=KRAB; and v5 uses a random 10-character extension.

The free GandCrab ransomware decryptor has been uploaded to the NoMoreRansom Project website. Bitdefender is currently working on a free decryptor for v2 and v3 of GandCrab ransomware.

Stealthy sLoad Downloader Performs Extensive Reconnaissance Before Delivering Payload

The past few months have seen an increase in new, versatile malware downloaders that gather a significant amount of data about users’ systems before deploying a malicious payload. That payload is determined on the users’ system.

Marap malware and Xbash are two notable recent examples. Marap malware fingerprints a system and is capable of downloading additional modules based on the findings of the initial reconnaissance. XBash also assesses the system, and determines whether it is best suited for cryptocurrency mining or a ransomware attack and deploys its payload accordingly.

Stealthy sLoad Downloader Used in Highly Targeted Attacks

A further versatile and stealthy malware variant, known as the sLoad downloader, can now be added to that list. SLoad first appeared in May 2018, so it predates both of the above malware variants, although its use has been growing.

The primary purpose of sLoad appears to be reconnaissance. Once downloaded onto a system, it will determine the location of the device based on the IP address and performs several checks to ascertain the type of system and the software that is running and will determine whether it is on a real device or in a sandbox environment. It checks the processes running on the system, compares against a hardcoded list, and will exit if certain security software is installed to avoid detection.

Provided the system is suitable, a full scan of all running processes will be performed. The sLoad downloader will search for Microsoft Outlook files, ICA files associated with Citrix, and other system information. sLoad is capable of taking screenshots and searches the browser history looking for specific banking domains. All of this information is then fed back to the attackers’ C2 server.

Once the system has been fingerprinted, further malware variants are downloaded, primarily banking Trojans. Geofencing is used extensively by the threat actors using sLoad which helps to ensure that banking Trojans are only downloaded onto systems where they are likely to be effective – If the victim uses one of the banks that the Trojan is targeting.

In most of the campaigns intercepted to date, the banking Trojan of choice has been Ramnit. The attacks have also been highly focused on specific countries including Canada, and latterly, Italy and the United Kingdom – Locations which are currently being targeted by Ramnit. Other malware variants associated with the sLoad downloader include the remote desktop tool DarkVNC, the Ursnif information stealer, DreamBot, and PsiBot.

The sLoad downloader is almost exclusively delivered via spam email, with the campaigns often containing personal information such as the target’s name and address. While there have been several email subjects used, most commonly the emails relate to purchase orders, shipping notifications, and missed packages.

The emails contain Word documents with malicious macros in ZIP files, or alternatively embedded hyperlinks which will download the ZIP file if clicked.

The sLoad downloader may be stealthy and versatile, but blocking the threat is possible with an advanced spam filter. End user training to condition employees never to click on hyperlinks from unknown senders nor open attachments or enable macros will also help to prevent infection.  Web filtering solutions provide an additional layer of protection to block attempts to download malicious files from the Internet.