Month: December 2018

2018 Has Seen a 4,000% Increase in Cryptocurrency Mining Malware

New figures released by anti-virus firms McAfee and Symantec have shown the extent to which hackers are using cryptocurrency mining malware in attacks on consumers and businesses.

Cryptocurrency mining malware hijacks system resources and uses the processing power of infected computers to mine cryptocurrencies – Validating transactions so they can be added to the blockchain public ledger. This is achieved by solving difficult computational problems. The first person to solve the problem is rewarded with a small payment.

For cryptocurrency mining to be profitable, a lot of processing power is required. Using one computer for mining cryptocurrency will generate a few cents to a few dollars a day; however, hackers who infect thousands of computers and use them for cryptocurrency mining can generate significant profits for little work.

The use of cryptocurrency mining malware has increased considerably since Q4, 2017 when the value of Bitcoin and other cryptocurrencies started to soar. The popularity of cryptocurrency mining malware has continued to grow steadily in 2018. Figures from McAfee suggest cryptocurrency mining malware has grown by 4,000% in 2018.

McAfee identified 500,000 new coin mining malware in the final quarter of 2017. In the final quarter of 2018, the figure had increased to 4 million. Figures from Symantec similarly show the scale of the problem. In July 2018, Symantec blocked 5 million cryptojacking events. In December, the firm blocked 8 million.

There are many different ways of infecting end users. Hackers are exploiting unpatched vulnerabilities to silently download the malware. They package coin mining malware with legitimate software, such as the open-source media player Kodi, and upload the software to unofficial repositories.

One of the easiest and most common ways of installing the malware is through email. Spam emails are sent containing a hyperlink which directs users to a website where the malware is silently downloaded. Links are similarly distributed through messaging platforms such as Slack, Discord, and Telegram. One campaign using these messaging platforms included links to a site that offered software that claimed to fix coin mining malware infections. Running the fake software installer executed code on the computer which silently downloaded the malware payload.

Unlike ransomware, which causes immediate disruption, the presence of cryptocurrency mining malware may not be noticed for some time. Computers infected with coin mining malware will slow down considerably. There will be increased energy usage, batteries on portable devices will be quickly drained, and some devices may overheat. Permanent damage to computers is a possibility.

The slowdown of computers can have a major impact for businesses and can result in a significant drop in productivity if large numbers of devices are infected. Businesses that have transitioned to cloud computing that are charged for CPU usage can see their cloud bills soar.

Anti-virus software can detect known coin mining malware, but new malware variants will be unlikely to be detected. With so many new malware variants now being released, AV software alone will not be effective. It is therefore important to block the malware at source. Spam filters, such as SpamTitan, will help to prevent malicious emails from reaching end users’ inboxes. Web filters, such as WebTitan, prevent users from accessing infected websites, unofficial software repositories, and websites with coin-mining code installed that uses CPU power through browser sessions.

 

Capitalinstall: A New Malware Threat Targeting the Healthcare Industry

A new variant of capitalinstall malware is being used in targeted attacks on a variety of organizations, in particular those in the healthcare and retail industries.

The main purpose of capitalinstall malware is to install an adware package named Linkury that is used to hijack browser sessions on Windows devices. When Linkury adware has been installed, web search results can be altered to display results which would otherwise not be displayed. An infected machine will display unwanted adverts but could also download unwanted programs, some of which may pose a security risk.

Capitalinstall malware has been linked to various malicious websites, although the adware package is actually being hosted on Azure blog storage which is often trusted by organizations and is often whitelisted.

The malware is installed via an executable file that has been packaged inside an ISO file, with the ISO file hosted on websites that offer keys to unlock popular software such as Adobe Creative Cloud.

Upon running the file, a crack for the software claims to be installing and the user is directed to a website where they are urged to install other programs and browser add-ons, such as cryptocurrency miners, with various enticing reasons provided for installing those programs.

This method of distributing unwanted and potentially harmful software is likely to grow in popularity as it offers a way of bypassing security solutions by taking advantage of inherent trust in cloud storage providers.

A web filtering solution can offer protection against downloads of unwanted programs by preventing end users from visiting potentially malicious websites. WebTitan scans and assesses web pages in real time and prevents users from accessing malicious websites and other sites that violate corporate Internet usage policies. With WebTitan in place, users can be prevented from visiting websites that are used for distributing potentially unwanted programs (PUPs) and malware.

In addition to technical controls, it is important to cover the risks of installing unauthorized software in security awareness training, especially the use of software license cracks. These executable files commonly have spyware, adware, and other forms of malware packaged into the installers.
 

Why Managed Service Providers Should Add DNS Filtering to Their Security Stack

Managed Service Providers can spend a significant amount of time dealing with phishing attacks and other security breaches. While MSPs provide an invaluable service and help their clients deal with cyberattacks, by providing security services, MSPs can not only protect their clients and prevent attacks, but also save themselves a considerable amount of time and improve their bottom lines.

The Devastating Consequences of an SMB Cyberattack

Successful cyberattacks on businesses can be catastrophic. The average cost of a data breach has now risen to $3.86 million, according to the Ponemon Institute. Such a high cost means many SMBs struggle to stay in business following a major breach.

A data breach can cause a significant drop in share price. While many businesses see share prices return to near pre-breach levels around 6 months after a major breach, many SMBs do not survive that long. Figures from the National Cyber Security Alliance show that up to 60% of SMBs permanently close their doors within 6 months of suffering a data breach.

Not only do businesses have to cover the cost of remediating a breach, they can lose market share which can be difficult to recover. Customers can also be very unforgiving. If customers’ personal information is exposed as a result of a data breach, the loss of business can be considerable. The damage caused to the reputation of a business by a cyberattack can take a very long time to repair.

Many SMBs believe they are too small to be worth hacking, yet the National Cyber Security Alliance’s figures show that is far from the case. 70% of cyberattacks target small businesses, and while not all of those attempts are successful, nearly 50% of SMBs around the globe report that they have experienced at least one successful cyberattack.

Cybersecurity Solutions for MSPs

MSPs that start offering cybersecurity to their clients can prevent the majority of these cyberattacks, providing the right solutions are chosen. Businesses will naturally need a robust firewall to prevent direct attacks, but many attackers are able to bypass this perimeter control by targeting the weakest link in security: Employees.

Cybercriminals are able to bypass perimeter controls by sending phishing emails to employees. Two recent examples have clearly demonstrated this. The San Diego School District discovered a hacker had gained access to its network and a database of 500,000 staff and student records with phishing emails. 50 email accounts were compromised in that attack. Cape Cod Community College also experienced a phishing attack targeting the finance department, the end result of which was fraudulent transfers being made to criminal-controlled bank accounts totaling more than $800,000. End user training could have made all the difference, as could an advanced spam filtering solution – both of which could easily be provided by MSPs.

Why Web Filtering Should be Part of Your Security Stack

Email security is an area often lacking at SMBs, even though email is the most common attack vector. Web-based attacks are also common, and this is an area where many SMBs are particularly vulnerable. This is another area where MSPs can help improve security.

Web filtering is often overlooked as traditionally this has been a security control that is difficult for MSPs to implement. Appliance-based filters require hardware purchases and site visits. Standard web filters require content to be downloaded before access is blocked and that they can cause major latency problems. DNS filtering solves these problems. Since filtering takes place at the DNS level, controls are applied before any content is downloaded and latency issued are avoided and web-based threats are blocked at source. Since there is no need for hardware to be purchased, it is cost effective for most businesses to implement. There are also no software downloads and deploying the solution is a quick and easy Process. Everything can be set up remotely in a matter of minutes and clients can be protected from malware attacks, phishing, and ransomware downloads while also controlling content and blocking illegal and unacceptable web activity.

WebTitan: MSP-Friendly Web Filtering to Protect Wired and Wireless Networks

In contrast to many DNS-based web filtering solutions, WebTitan has been developed to meet the needs of MSPs. One of the main problems with most DNS-based web filters for MSPs is the inability to add MSP branding. It is abundantly clear it is a third-party solution.

WebTitan can be totally rebranded, allowing MSPs to add their own logos and reinforce their brand image. WebTitan can be hosted on TitanHQ’s servers or within an MSPs own environment. WebTitan also has a well-established channel program and offers special pricing packages specifically for MSPs with generous margins and monthly billing. No other web filtering solution is as MSP friendly.

Other key features of WebTitan include:

  • Highly granular filtering controls: Filter by category, content, and keyword
  • Supports whitelists and blacklists
  • Intuitive control panel requiring no user training
  • Highly scalable solution with virtually no upper limit on number of clients or users
  • Embedded malware filter supported by dual AV engines
  • Extensive reporting suite and ability to brand and schedule client reports
  • Real time view of web activity
  • No latency
  • Remote management and monitoring via APIs and easy integration into billing and auto-provisioning systems
  • Flexible polices for different environments and users
  • Protection for wired and WiFi networks
  • Ability to provision new clients in minutes
  • Full product available on a free trial
  • Industry leading customer support

For further information on TitanHQ’s cybersecurity solutions for MSPs including WebTitan Cloud, WebTitan Cloud for WiFi, and the TitanHQ spam filter, SpamTitan Cloud, contact the MSP Program Team today.

Content Filtering and Wi-Fi Security for Busses

Local authorities and private sector bus companies are now adding Wi-Fi services to their bus fleets, but without appropriate Wi-Fi security for busses, bus fleet operators can run into problems.

There is no doubt that Wi-Fi is a big hit with passengers, especially for long distance travel. Business commuters can connect to email and their work network without having to use their own data and all passengers can enjoy a variety of digital entertainment, such as Internet-based games, online crosswords, YouTube videos, or all manner of Internet based applications, all without eating into their monthly data allowance.

In locations where people have a choice of different transport, the provision of a reliable Wi-Fi network can be a big attraction that can win more business.

Wi-Fi Security for Busses

There are some considerations when providing Wi-Fi on busses. Wi-Fi security for busses is important to ensure that the Wi-Fi network cannot be used for malicious purposes. Over the summer, it was clearly demonstrated how this can easily happen. A hacker was able to hack into the Wi-Fi network on planes and view the Internet activity of passengers, as well as gain access to other important devices on airplanes – All from the ground.

Appropriate Wi-Fi security for busses should be implemented to protect the privacy of passengers, but also to ensure they can use the Wi-Fi network safely. Bus companies should be taking steps to protect passengers from harmful content, such as sites hosting malware and phishing websites.

Content Control for Busses

A third-party Wi-Fi network offers anonymity and some users take advantage and access types of content that they would not access on their home networks. Bus fleet operators have a responsibility to block illegal activity on their Wi-Fi networks.

If a passenger accesses adult content on the Wi-Fi network of a bus, there is a risk that other passengers will catch a glimpse of the screen and children could be exposed to obscene content. It is the responsibility of bus fleet operators to implement content controls to prevent passengers from accessing inappropriate content.

Controlling Bandwidth Use on Busses

There is also the issue of bandwidth. Ensuring all users have decent bandwidth and can connect to the network and enjoy reasonable Internet speeds comes at a cost. If several passengers are using applications or visiting websites that require a considerable amount of bandwidth, that will naturally have an impact on other users of the Wi-Fi network. Limiting what users can do while connected to Wi-Fi networks can save bandwidth and costs. Preventing, or restricting, high bandwidth applications such as video streaming, online games such as Fortnite, and large file downloads can help to conserve bandwidth.

DNS-Level Content Filtering

All of the above issues can be easily solved with a single, cost effective solution – A web filter. A web filter allows network administrators to carefully control what users can do online. It offers both content control and Wi-Fi security for busses by blocking access to illegal content, preventing malware downloads, and offering protection from phishing. Categories of web content can be blocked to create a family-friendly Wi-Fi network and control bandwidth use.

Traditional web filters require an appliance through which Internet traffic is routed. This is a costly way of adding Wi-Fi security for busses. A DNS-level filter on the other hand is a low cost, flexible solution that serves the same purpose. When a user connects to the Wi-Fi network, the DNS process sends domain names to the name server and the name server returns the IP address associated with the application server. When content is filtered at the DNS level, no software needs to be downloaded and no appliances need to be purchased.

Not only do DNS-level filters offer excellent Wi-Fi security for busses, they also save on bandwidth as content is not downloaded before the decision is taken to block the content.

WebTitan Cloud for Wi-Fi – Content Filtering and Wi-Fi Security for Busses

WebTitan Cloud for Wi-Fi is an ideal web filtering solution for bus fleets. Since it is DNS-based it is easy to implement, highly scalable, and is cost-effective to set up and run. WebTitan Cloud for Wi-Fi can protect entire bus fleets, in multiple cities, and licenses can be easily scaled up and down to meet bus operators’ needs.

Some of the key features of WebTitan Cloud for Wi-Fi are detailed below:

  • No hardware purchases or software downloads required
  • No patching or software updates required
  • Protects multiple Wi-Fi routers from a single, web-based administration control panel
  • Protects against malware with dual anti-virus engines
  • Protects users from phishing and other malicious websites
  • Allows network administrators to protect the Wi-Fi network from unauthorized users
  • Highly granular controls allow precise content control without overblocking content
  • Block content by category with a single click
  • No latency – Internet speeds are unaffected
  • Supports static and dynamic IPs
  • Supports whitelists and blacklists
  • No restriction on bandwidth, number of devices, or the number of hotspots
  • Full suite of reports gives network administrators full visibility into their Wi-Fi networks and user activity

If you are looking to improve Wi-Fi security for busses and want to implement content controls to keep your Wi-Fi networks family-friendly, contact TitanHQ today for further information on WebTitan Cloud for Wi-Fi.

Guest Wi-Fi Best Practices

Many businesses now offer their customers free access to their Wi-Fi networks, but if guest Wi-Fi best practices are not followed, opening up Wi-Fi networks to guest users is not without risk. You may have provided security awareness training to your employees, but guest users are unlikely to be as careful while connected to your network. Customers and guests may accidentally download malware or visit malicious websites, or even engage in illegal activities due to the anonymity offered by someone else’s Wi-Fi network.

If guest Wi-Fi best practices are not followed, there will be people that take advantage of your lax security. They could launch an attack on your business network, explore your network assets, change router settings, or even gain access to confidential data.

If you run a hotel, restaurant, shop, or another business that provides Wi-Fi access to customers, it is important to create a safe browsing environment for all Wi-Fi users and take steps to secure your access points and control the activities that users can engage in while connected.

Guest Wi-Fi Best Practices for Hotspot Providers

Create A Separate Wi-Fi Network for Guests and Employees

You will no doubt have a Wi-Fi network that is used by your employees. It is important that this is totally separate from the one used by guests and customers. Guest users should access a totally separate network. Ideally, there should be a network firewall that separates guest users from employees. If you use enterprise switches, create a separate VLAN for access points that broadcast the guest wireless SSID. Also make sure you use a software firewall to block traffic from the guest network from your company’s servers and computers. Also make sure guest users can only access the Internet while connected.

Naming Your SSID

An SSID is the name you give to your Wi-Fi network that identifies it as belonging to your business. Care should be taken when choosing a name. Your choice should depend on the nature of your business and who the Wi-Fi network serves. If you run a coffee shop, for instance, you should make it clear which is your Wi-Fi network and prominently display that information. That will make it harder for rogue hotspots to be created to fool customers into connecting to an evil twin – A hotspot set up and controlled by a hacker to fool customers into connecting in the belief it is your hotspot.

Encrypt your Wireless Signals

Unsecured Wi-Fi networks may be easier to set up and use, but they also allow anyone within range to connect, even if they are not in your establishment.  To connect, it should be necessary for a password to be entered. You should also encrypt your wireless network to make it harder for hackers to intercept users’ data. Secure your wireless network with WPA2 encryption or, even better, WPA3 if it is supported by your access point.

Create a Safe Browsing Experience and Control the Internet Content That Can be Accessed

You should develop and implement a guest Wi-Fi access policy covering what is and is not permitted on your Wi-Fi network. You should also enforce that policy with technical controls. A cloud-based web filter is ideal for this.

It is easy to deploy and configure and will allow you to carefully control the content that can be accessed while connected. You should block access to known malicious sites and illegal web content through blacklists. Category based filters are useful for blocking access to inappropriate content such as pornography and restricting bandwidth-heavy activities that can slow down Internet speeds for all users. By filtering content, not only will you keep your Wi-Fi users protected, you will also reduce legal liability and ensure that your Wi-Fi network is family friendly.

Adopt these guest Wi-Fi best practices to improve safety and security, keep your customers protected, and make it harder for cybercriminals to attack your network or your guest users.