Month: November 2018

New HookAds Malvertising Campaign Redirects to Sites that Deliver Banking Trojans, Info Stealers and Ransomware

One of the ways that threat actors install malware is through malvertising – The placing of malicious adverts on legitimate websites that direct visitors to websites where malware is downloaded. The HookAds malvertising campaign is one such example and the threat actors behind the campaign have been particularly active of late.

The HookAds malvertising campaign has one purpose. To direct people to a website hosting the Fallout exploit kit. An exploit kit is malicious code that runs when a visitor lands on a web page. The visitor’s computer is probed to determine whether there are any vulnerabilities – unpatched software – that can be exploited to silently install files.

In the case of the Fallout exploit kit, users’ devices are checked for several known Windows vulnerabilities. If one is identified, it is exploited and a malicious payload is downloaded. Several malware variants are currently being delivered via Fallout, including information stealers, banking Trojans, and ransomware.

According to threat analyst nao_sec, two separate HookAds malvertising campaigns have been detected: One is being used to deliver the DanaBot banking Trojan and the other is delivering two malware payloads – The Nocturnal information stealer and GlobeImposter ransomware via the Fallout exploit kit.

Exploit kits can only be used to deliver malware to unpatched devices, so businesses will only be at risk of this web-based attack vector if they are not 100% up to date with their patching. Unfortunately, many businesses are slow to apply patches and exploits for new vulnerabilities are frequently uploaded to EKs such as Fallout. Consequently, a security solution is needed to block this attack vector.

HookAds Malvertising Campaign Highlights Importance of a Web Filter

The threat actors behind the HookAds malvertising campaign are taking advantage of the low prices offered for advertising blocks on websites by low quality ad networks – Those often used by owners of online gaming websites, adult sites, and other types of websites that should not be accessed by employees. While the site owners themselves are not actively engaging with the threat actors behind the campaign, the malicious adverts are still served on their websites along with legitimate ads. Fortunately, there is an easy solution that blocks EK activity: A web filter.

TitanHQ has developed WebTitan to allow businesses to carefully control employee Internet access. Once WebTitan has been installed – a quick and easy process that takes just a few minutes – the solution can be configured to quickly enforce acceptable Internet usage policies. Content can be blocked by category with a click of the mouse.

Access to websites containing adult and other NSFW content can be quickly and easily blocked. If an employee attempts to visit a category of website that is blocked by the filter, they will be redirected to a customizable block screen and will be informed why access has been prohibited.

WebTitan ensures that employees cannot access ‘risky’ websites where malware can be downloaded and blocks access to productivity draining websites, illegal web content, and other sites that have no work purpose.

Key Benefits of WebTitan

Listed below are some of the key benefits of WebTitan

  • No hardware purchases required to run the web filter
  • No software downloads are necessary
  • Internet filtering settings can be configured in minutes
  • Category-based filters allow acceptable Internet usage policies to be quickly applied
  • An intuitive, easy-to-use web-based interface requires no technical skill to use
  • No patching required
  • WebTitan Cloud can be applied with impact on Internet speed
  • No restriction on devices or bandwidth
  • WebTitan is highly scalable
  • WebTitan protects office staff and remote workers
  • WebTitan Cloud includes a full suite of pre-configured and customizable reports
  • Reports can be scheduled and instant email alerts generated
  • Suitable for use with static and dynamic IP addresses
  • White label versions can be supplied for use by MSPs
  • Multiple hosting options are available
  • WebTitan Cloud can be used to protect wired and wireless networks

For further information on WebTitan, for details of pricing, to book a product demonstration, or register for a free trial, contact the TitanHQ team today.

Further information on WebTitan is provided in the video below:

https://www.youtube.com/watch?v=s_c4nB0Rl_g

How to Improve Restaurant Cybersecurity and Prevent Data Breaches

Hackers are targeting healthcare organizations, educational institutions, hotels, and organizations in the financial sector, but restaurants are also in hackers’ cross-hairs. If restaurant cybersecurity solutions are not deployed and security vulnerabilities are not addressed, it will only be a matter of time before hackers take advantage.

Cyberattacks on restaurants can be extremely profitable for hackers. Busy restaurant chains process hundreds of credit card transactions a day. If a hacker can gain access to POS systems and install malware, customer’s credit card details can be silently stolen.

Cheddar’s Scratch Kitchen, Applebee’s, PDQ, Chili’s, B&BHG, Zaxby’s, Zippy’s, Chipotle, and Darden restaurants have all discovered hackers have bypassed restaurant cybersecurity protections and have gained access to the credit card numbers of large numbers of customers.

One of the biggest threats from a data breach is damage to a restaurant’s reputation. The cyberattack and data breach at Chipotle saw the brand devalued by around $400 million.

A restaurant data breach can result in considerable loss of customers and a major fall in revenue. According to a study by Gemalto, 70% of the 10,000 consumers surveyed said that they would stop doing business with a brand if the company suffered a data breach. Most restaurants would not be able to recover from such a loss.

Restaurant Cybersecurity Threats

Listed below are some of the common restaurant cybersecurity threats – Ways that hackers gain access to sensitive information such as customers’ credit card numbers.

Malware

The primary goal of most restaurant cyberattacks is to gain access to customers’ credit card information. One of the most common ways that is achieved is through malware. Malicious software is installed on POS devices to silently record credit card details when customers pay. The card numbers are then sent to the attacker’s server over the Internet.

Phishing Attacks

Phishing is a type of social engineering attack in which employees are fooled into disclosing their login credentials and other sensitive information. Phishing emails are sent to employees which direct them to a website where credentials are harvested. Phishing emails are also used to install malware through downloaders hidden in file attachments.

Web-Based Threats

Whenever an employee or a customer accesses the Internet they will be exposed to a wide range of web-based threats. Websites can harbor malware which is silently downloaded onto devices.

Unsecured Wi-Fi

Restaurants often have Wi-Fi access points that are used by employees and guests. If these access points are not secured, it gives hackers an opportunity to conduct attacks and gain access to the restaurant network, install malware, intercept web traffic, and steal sensitive information.

Restaurant Cybersecurity Tips

Listed below are some of the steps you should take to protect your customers and make it harder for hackers to gain access to your systems and data.

  • Conduct a risk analysis to identify all vulnerabilities that could potentially be exploited to gain access to networks and customer data
  • Develop a risk management plan to address all vulnerabilities identified during the risk assessment
  • Ensure all software and operating systems are kept up to date and are promptly patched
  • Become PCI compliant – All tools used to accept payments must comply with PCI standards
  • Implement security controls on your website to ensure customers can use it securely. Sensitive data such as loyalty program information must be protected.
  • Ensure you implement multi-factor authentication on all accounts to protect systems in case credentials are compromised
  • Ensure all default passwords are changed and strong, unique passwords are set
  • Ensure all sensitive data are encrypted at rest and in transit
  • Secure Wi-Fi networks with a web filter to block malware downloads and web-based threats
  • Implement a spam filter to block phishing attempts and malware
  • Provide cybersecurity training to staff to ensure they can recognize the common restaurant cybersecurity threats

Restaurant Cybersecurity Solutions from TitanHQ

TitanHQ has developed two cybersecurity solutions that can be implemented by restaurants to block the main attack vectors used by hackers. SpamTitan is a powerful email security solution that prevents spam and malicious emails from reaching end users’ inboxes.

WebTitan is a cloud-based web filtering solution that prevents staff and customers from downloading malware and visiting phishing websites. In addition to blocking web-based attacks, WebTitan allows restaurants to prevent customers from accessing illegal and unsuitable web content to create a family-friendly Wi-Fi zone.

Both solutions can be set up in a matter of minutes on existing hardware and require no software downloads.

To find out more about TitanHQ’s restaurant cybersecurity solutions, call the TitanHQ sales team today.

Z Services Expands TitanHQ Partnership with New WebTitan and ArcTitan Integrations

TitanHQ has expanded its partnership with Z Services, the leading SaaS provider of cloud-based cybersecurity solutions in the MENA region.

UAE-based Z Services operates 17 secure data centers in the UAE, Saudi Arabia, Qatar, Egypt, Jordan, Kuwait, Oman, Bahrain, and Morocco and is the only company in the Middle East and North Africa to offer an in-country multi-tenant cloud-based cybersecurity architecture.

In February 2017, Z Services partnered with TitanHQ and integrated TitanHQ’s award-winning email filtering technology into its service stack and started offering SpamTitan-powered Z Services Anti-Spam SaaS to its clients. TitanHQ’s email filtering technology now helps Z Services’ clients filter out spam email and protect against sophisticated email-based threats such as malware, viruses, botnets, ransomware, phishing and spear phishing.

The integration has proved to be a huge success for Z Services, so much so that the firm has now taken its partnership with TitanHQ a step further and has integrated two new TitanHQ-powered SaaS solutions into its service stack. TitanHQ’s award-winning web filtering technology – WebTitan – and its innovative email archiving solution – ArcTitan have both been incorporated into Z Services’ MERALE SaaS offering.  MERALE is a suite of cybersecurity, threat protection, and compliance solutions specifically developed to meet the needs of small to medium sized enterprises.

“With cybersecurity growing as a critical business concern across the region, there is a clear need to make security an operational rather than a capital expense. Hence the paradigm shift in the delivery of effective security solutions from the traditional investment and delivery model to an agile SaaS model through the primary connectivity provider of SMEs – the ISPs,” said Nidal Taha, President – Middle East and North Africa, Z Services. “MERALE will be a game-changer in how small and medium businesses in the region ensure their protection, and as a subscription-based service, it removes the need for heavy investments and long-term commitments.”

“We are delighted to continue our successful partnership with Z Services and share their vision for serving the SME segment with leading edge SaaS based security solutions,” said Ronan Kavanagh, CEO of TitanHQ. “With this development Z Services is strengthening its leadership position as an innovative cloud-based cybersecurity solutions provider in the Middle East and North Africa.”

TitanHQ’s cloud-based cybersecurity solutions have been developed from the ground up specifically to meet the needs of Managed Service Providers. The email filtering, web filtering, and email archiving solutions are currently being used by more than 7,500 businesses around the world and more than 1,500 MSPs are now offering TitanHQ solutions to their clients.

In contrast to many cybersecurity solution providers, TitanHQ offers its products with a range of hosting options – including within an MSP’s own infrastructure – as full white label solutions ready for MSPs to apply their own branding. By protecting clients with TitanHQ solutions MSPs are able to significantly reduce support and engineering costs by blocking a wide range of cyber threats at source. MSPs also benefit from generous margins and industry-leading customer service and support.

If you are a managed service provider and have yet to incorporate email filtering, web filtering, and email archiving solutions into your service stack, if you are unhappy with your current providers, or are looking to increase profits while ensuring your clients have the best protection against email and web-based threats, contact TitanHQ today for further information.

Why is DNS Filtering for Businesses so Important?

DNS filtering for businesses is essential for all companies to protect against web-based threats such as phishing and malware and is particularly important for any business that allows employees to work remotely. In this post we explain the risks, features, and benefits of DNS filtering and how a DNS filter can protect employees and their portable devices from Wi-Fi threats.

Why is DNS Filtering for Businesses so Important?

DNS filtering for businesses can no longer be considered an optional cybersecurity solution due to the high risk of web-based attacks. Phishing attacks on businesses are increasing with many thousands of new phishing web pages created each day. Exploit kits probe for vulnerabilities and silently download malware, and ransomware attacks are rife.  DNS filtering for businesses offers an additional layer of protection that prevents employees from visiting websites known to be used for malicious purposes.

DNS filters also allow businesses to enforce acceptable Internet usage policies and block access to illegal website content, websites containing content unsuitable for the workplace and categories of sites that are a major drain on productivity.

It is easy to set up DNS filtering for businesses’ internal networks and apply content controls and block online threats; however, a DNS filter is not restricted to one physical location. DNS filtering for businesses is not bound to a single location and works on wired networks, internal WiFi networks and even public WiFi hotspots.

The Dangers of Public WiFi Networks

A recent survey conducted by Purple revealed more than 90% of businesses that offer Wi-Fi have open networks without any filters or security applied. Connecting to open Wi-Fi networks without any filtering controls in place increases the risk of virus, malware, and ransomware downloads.

To a certain extent, risk can be reduced if anti-malware software is installed on mobile devices. However, the software is only capable of detecting malware variants if their signatures are in the database. If the database is out of date, malware will not be detected. Anti-malware software also does not provide protection against zero-day malware – new malware variants that have yet to be identified – and offers no protection against phishing attacks.

Further, hackers take advantage of open Wi-Fi networks to conduct man-in-the-middle attacks to intercept sensitive data such as banking credentials and other login information. Mobile workers often connect to their work networks and on portable devices via open Wi-Fi networks such as those offered in coffee shops, even though doing so may be a violation of company policy.

DNS Filtering for Businesses Protects Off-Site Workers from Wi-Fi Threats

A business that issues mobile devices such as smartphones, tablets or laptops to employees can struggle to secure those devices outside the office. DNS filtering for businesses is one solution that can be used to improve security.

DNS filtering solves the security challenge as it acts as a barrier between the end user’s device and the Internet that blocks web-based threats. When a remote worker uses their laptop to connect the Internet through a web browser, a DNS lookup must be performed. Before the website can be loaded it must be found. That requires the fully qualified domain name (FQDN) – google.com for instance – to be matched with an IP address by a DNS server. Only then can the content be displayed.

With DNS filtering, instead of the IP address being identified and the web browser displaying the content of a web page, before any content is displayed certain checks are performed. The requested site/web page is checked against Real Time Blacklists (RBLs). RBLs contain lists of websites and web pages that host illegal web content, are used for phishing, or host malware or exploit kits.  Content controls are also applied. If content violates corporate policies or a match is found in an RBL, the content will not be downloaded. Instead the user will be directed to a block page where they are informed that access to the web page/site has been blocked.

Any business that fails to implement DNS filtering is taking a significant risk if workers can use company-issued smartphones and laptops to access the Internet and web applications outside the protection of the office environment.

WebTitan Cloud – DNS Filtering for Businesses Made Simple

TitanHQ offers DNS filtering for businesses and MSPs through WebTitan Cloud and WebTitan Cloud for Wi-Fi. WebTitan requires no software downloads or hardware purchases and can be used to protect wired and wireless business networks and remote workers using portable devices on public Wi-Fi hotspots.

WebTitan uses six Real Time Blacklists that are constantly updated with new malicious webpages. Any request to access a web page must pass checks on all six RBLs before the URL can be accessed. These checks are performed with no latency – the speed of accessing web content is unaffected.

Once businesses are signed up they can quickly and easily configure the solution to match their requirements through a web-based interface, through which content controls can be applied. WebTitan uses 53 different categories of web-content and has 10 customizable categories. Those categories include 100% of Alexa’s 1 million most visited websites and more than 500 million websites in 200 languages – which equates to 6 billion web pages.

The solution supports whitelists – for companies that want maximum control – and additional blacklists. It is also easy to set custom controls for different workers and user groups, as well as apply controls at the organization level.

An extensive suite of reporting options keeps businesses 100% up to date on user behavior, including sites that have been visited and attempts by employees to access restricted web content.

In short, WebTitan is an invaluable tool that provides protection from web-based threats and allows businesses to have total control over the content that can be accessed on desktop computers and portable devices, regardless of where the employee is located.

Contact TitanHQ for a Product Demonstration and No-Obligation Free Trial

If you are not yet using DNS filtering to block web-based threats and exercise control over the content your employees can access, contact the TitanHQ team today. TitanHQ’s experienced sales staff will answer your questions, provide details of pricing, and can book you in for a product demonstration.

You can also sign up for a 14-day free trial to evaluate WebTitan in your own environment.

The free trial includes full use of the product and experienced sales engineers are on hand to help make sure you get the most out of your free trial.