Month: October 2020

Phishing Campaign Uses CAPTCHA to Fool Users and Email Security Solutions

Phishers are constantly coming up with new scams that abuse trust. People tend to trust their favorite brands and when email communications are sent by those companies there is a tendency for the emails to be trusted. The same is true when emails are sent from email contacts such as work colleagues and friends. Cybercriminals take advantage of trust to get users to take a specific action, such as clicking on an embedded hyperlink in an email or opening an email attachment.

Many businesses now provide security awareness training to employees and try to teach them to always be vigilant and never to trust emails implicitly, even if they have been sent by known contacts. Just because an email has been sent from a known and trusted email account does not mean the message is genuine. Email accounts are often compromised and used to send phishing emails. The Emotet Trojan hijacks email accounts and uses them to send copies of itself to the victim’s contacts, and several other malware variants do the same. Email addresses are also spoofed. The display name may be correct or believable, but the actual email account used to send the message is anything but.

Another tactic is now being used by at least one cybercriminal group than similarly abuses trust, albeit in a new way. A phishing campaign, which was first detected on September 21, 2020, uses the challenge-response test CAPTCHA to simultaneously make the campaign believable and also to reduce the probability of the scam being detected by email security solutions.

Internet users will be familiar with CAPTCHA, although maybe not by name. The CAPTCHA system is used by many websites as a way to determine if a website visitor is a human or a bot, most commonly on forms.

Google uses CAPTCHA and requires users to pass a pictorial challenge where it is necessary to select all the images in a group that featuring a car, bicycle, bus, or traffic lights. If you pass the challenge you will be allowed to proceed, if you fail you will not. Other versions involve entering in a number or code word that has been heavily disguised in an image.

While these CAPTCHA challenges can be annoying, they are associated with security so if a website has one of these challenges, subconsciously people tend to feel more secure. However, as with a website starting with HTTPS, it does not mean the website is genuine.

In this new phishing campaign, users are likely to feel more secure when credentials are requested since they had to pass a CAPTCHA test, especially considering the page on which the challenge was set up looks just like the genuine login prompt for Office 365.  The background is the same, as is the login prompt. The only difference between the genuine login page and the fake version is the URL.

Security teams face a challenge detecting and blocking these phishing pages as email security solutions, despite having AI-based detection mechanisms, are essentially bots and, as such, cannot pass a CAPTCHA challenge.

A second tactic is also used to evade detection. The scammers have set up their campaign so that only a specific set of IP addresses will be presented with the CAPTCHA test on the fraudulent domain. If any IP address outside a specific range attempts to visit the link– the IP range used by the targeted company – a redirection will occur to the genuine Microsoft login page.

While these scams help to ensure that malicious emails are delivered to inboxes, organizations do not need to be totally reliant on their employees recognizing the scams and taking appropriate action (reporting the email to the IT security team).

With a web filtering solution in place, attempts to visit known malicious websites will be blocked. When malicious domains are detected they are automatically added to a web filter’s blacklist, and any attempts to visit malicious domains will be blocked.

WebTitan is a low maintenance security solution that can be set up in about 5 minutes and will protect against the web-based component of phishing attacks and will block malware downloads from malicious websites. WebTitan works in tandem email security solutions to provide greater protection against malware and phishing attacks. The solution can also be used to control the content that employees and guest network users can access over the internet, whether they are on the network or working remotely.

If you have not implemented a web filter or are unhappy with your current solution, give the WebTitan team a call to find out more. A product demonstration can be arranged, you can have a free trial of the solution, and assistance can be provided to help you get the most out of WebTitan during your trial.

Why is Web Filtering in the Workplace Important?

The Internet opened up a world of new opportunities for businesses, allowing them to get in touch with customers around the world, explore new markets, find new suppliers, and access a wealth of knowledge. Web filtering solutions allow businesses to control internet access and monitor its use by employees and guest users, but why is web filtering in the workplace necessary, what are the benefits, and what are the risks of not filtering the internet? In this post we will explore the benefits of web filtering in the workplace.

What Exactly is a Web Filter?

You will no doubt be aware of spam filters, which are used to carefully control what emails are delivered to inboxes, blocking threats such as phishing emails and malware. Spam filters may also scan outbound email and apply controls to prevent data loss and malicious emails from being sent externally. A web filter performs a similar function for Internet access.

A web filter sits between your end users and the Internet and applies controls over the websites that can be accessed and the files that can be downloaded. The main function of a web filter is content control to restrict access to NSFW websites and block phishing websites and malware downloads.

Reasons for Web Filtering in the Workplace

There are many different reasons for web content filtering in the workplace. These include:

Blocking access to inappropriate web content

Web filters are often used to prevent employees from accessing NSFW content such as pornography, images of violence, and hate speech, which can lead to the development of a hostile work environment. Businesses such as coffee shops, along with libraries and schools, use web filtering to create a family-friendly online environment and prevent minors from accessing age-inappropriate content.

Blocking online threats

Phishing attacks are now commonplace and there is a significant risk of malware being downloaded from the Internet. A web filter blocks these threats, by first preventing users from accessing known malicious websites and secondly by preventing downloads of malicious files.

Controlling bandwidth use

There will be a limited amount of bandwidth available and sometimes that bandwidth may be squeezed, resulting in considerable latency that affects all Internet users on the network. A web filter can be used to restrict bandwidth use by blocking certain online activities – video streaming for instance – ensuring sufficient bandwidth is available for all.

Improving productivity

The Internet makes slacking off very easy for employees. Business can suffer major productivity losses from employees accessing certain types of websites which serve no purpose in the workplace. A web filter can be used to block access to social media networks, dating websites, gambling and gaming sites, and video streaming services such as YouTube.

Preventing legal issues

Legal issues can arise from uncontrolled Internet use. If an employee or user of a Wi-Fi network engages in illegal activity, the business owner may be liable for their actions. For instance, illegal software, music, and video downloads from P2P file sharing networks. Web filters can also prevent data theft by blocking access to file sharing sites.

Monitoring Internet use

You may want to adopt a permissive approach and only restrict access to illegal content and malicious websites, but a web filter gives you insights into what users are doing online. This can help you to prevent and resolve HR issues and identify insider threats.

How Web Filtering in the Workplace is Achieved?

There are several ways that web filtering in the workplace can be implemented. A physical appliance can be purchased through which all Internet traffic is routed, with controls applied by a system administrator. Cloud-based web filters are now much more popular. With filtering taking place in the cloud, no equipment purchases are required.

DNS-based web filtering sees filtering take place at the DNS lookup stage of a web request, with filtering occurring without content being downloaded. Cloud-based filters that operate at the DNS level also avoid any latency issues, which can be a problem with physical appliances.

Methods of Web Filtering

There are various methods of web filtering in the workplace, with most solutions using a combination of all.

Whitelists and Blacklists

Blacklists are used to block access to specific domains and URLs, either through third-party or user-generated blacklists. Whitelists are used to always allow access to a specific URL or domain, regardless of the content filtering controls put in place.

Category Filtering

Category filtering is the easiest way of exercising content control. A web filtering solution will assign websites into categories based on the content of the website. Using a checkbox in the UI, the system administrator can select which categories of content should be blocked. Commonly blocked categories include pornography, gambling, gaming, dating, social media, news, and webmail.

Content Analysis

Web filters can perform analyses of web content to detect certain keywords and can assign a score to each URL. Thresholds can be set for individual users, departments, or the entire organization and if that threshold is exceeded, the content will not be displayed.

WebTitan Cloud: Workplace Web Filtering Made Simple

WebTitan cloud is a powerful web filtering solution that provides visibility into the online activities of users and allows controls to easily be set to control Internet access and block online threats that could threaten your business. WebTitan Cloud has been developed to be easy to set up and use, with no technical prowess required to use the solution.

Highly granular filtering controls allow precision control over the content that can be accessed, without overblocking and preventing important web content from being accessed.  The solution is DNS-based, so no equipment purchases or software downloads are necessary, and there is zero latency.

WebTitan Cloud protects on-site workers on the network, Wi-Fi users, and remote workers no matter where they access the Internet.

There is a transparent pricing policy, no optional extras, the product is extremely competitively priced, and customers benefit from industry-leading customer support.

Managed Service Providers (MSPs) that want to add web filtering to their service stacks benefit from many MSP-friendly features such as multiple hosting options, a brandable white-label version of the product, monthly billing, and pricing that accommodates rapidly changing numbers of seats.

To find out more about the full benefits of WebTitan Cloud, to arrange a product demonstration, give the WebTitan team a call today.

 

A Cloud-Based Email Archive is Perfect for a Remote Workforce

Many companies have adopted a hybrid workforce model, where employees spend some time in the office and some time working from home. This working model works well for the business and gives employees the flexibility they want.

Some businesses have transitioned to a fully remote workforce, but then 2020 arrived and virtually everyone had to do the same. Research from Gartner suggests that during the coronavirus pandemic, 88% of companies made remote working mandatory.

The rapid change to an office-based to remote workforce caused major headaches for IT teams, but it has allowed business to continue to function during incredibly challenging times. There have been productivity issues and technical problems, but business have weathered the storm and have continued to operate. Employees can still stay in touch and collaborate using online using chat platforms, videoconferencing, and the telephone and some businesses have reported an increase in productivity since switching to remote working.

While there are now many different methods of collaborating and maintaining contact, remote working has meant businesses and their employees have been forced to rely on email to a much greater extent. The increased reliance on email means it is now more important than ever to ensure emails can be accessed come what may, even if email servers are down. Should anything happen to the email system, work can grind to a halt.

Many businesses use emails as a store of essential information and much of the data in emails is not stored elsewhere. Figures from IDC indicate around 60% of business-critical data resides in emails and email attachments and that was before the pandemic.

There are many regulations covering business data, including at the federal, state, and industry level. There are set retention times for certain types of data, regardless of where the information is stored. If the information is stored in emails, then that information must be protected and secured against accidental or deliberate deletion until the retention period is over.

Backups of emails can be performed to meet certain regulations, but problems exist when it comes to recovering emails. Finding emails in backups can be an incredibly time-consuming process that can take days or weeks. Even finding the correct backup media can be a major challenge in itself, and then finding emails in a backup – which is not easily searchable – can seem a near impossible task.

The way to ensure privacy, security, and meet compliance requirements and ensure that emails and attachments are never lost is to use an email archiving service. Email archives are created for long term data storage. Email archives can be easily searched, so when emails need to be found and recovered, the process takes seconds or minutes. A tamper-proof record of all emails is retained for compliance purposes and to protect against data loss and ensure business continuity in the event of disaster.

Many businesses have implemented an on-premises email archive, but this is far from ideal in a world where virtually everyone is working remotely. After the pandemic is over, many employees will return to the office, but remote working looks set to stay. The best option is therefore to use an email archiving solution that perfectly suits the remote working or hybrid working model.

Cloud-based email archives centralize disparate email servers and store all emails securely in the cloud where they can be quickly and easily accessed by any authorized individual, from any location. Since many businesses now use cloud-based email, sending emails to a cloud-based archive makes more sense than using on-premises archives. Sending emails to the archive and recovering emails will be far quicker from a cloud service to a cloud service.

If you have an on-premises email archive, transitioning to a cloud-based service can save time and money. There is no need to maintain hardware, perform software updates, and the archive is automatically backed up to guarantee emails can always be recovered and storage space will never be an issue due to the scalability of the cloud.

TitanHQ’s Cloud-Based Email Archiving Solution

TitanHQ offers a cloud-based email archiving solution – ArcTitan Cloud – that is scalable to more than 60,000 users that delivers high performance and reliability. Every email sent and received by a company is automatically sent to the archive. Messages are deduplicated to save on storage space and are compressed in the archive. All emails are indexed and tagged to make searching a quick and easy process. Whenever an email needs to be recovered, a search of 30 million emails takes less than a second.

All emails are encrypted in transit to the archive and at rest and the email archive is automatically backed up. If emails need to be accessed during a mail server outage, they can easily be found in the archive. ArcTitan really is a set and forget solution.

ArcTitan Cloud supports point and click easy search or expert search with sophisticated query language. Searches can be saved, multiple searches can be performed at the same time, and you can search the entire archive, departments, user groups, or individual mailboxes. Permissions can be granted to employees to allow them to access their own archives to ensure they never lose and email and do not need to trouble the IT department when they misplace an email. You can search emails, but also inside all common file formats including Microsoft Word, Excel and PowerPoint, PDF, RTF, ZIP, tar, gz and Open Office documents.

Migrating from an existing cloud archiving service or an on-premises archive to ArcTitan Cloud is a quick and easy process and support will be provided if required. There are no proprietary data formats used, so if you ever want to export your data, that is a quick and easy process too.

Many email archiving services require you to pay for all mailboxes, even when employees leave the company. With ArcTitan, you only pay for the number of active mailboxes and there are no limits on storage space. The solution is easy to implement, use, and maintain, all of which have made the solution incredibly popular with SMBs and MSPs serving the SMB market. On top of that, ArcTitan is one of the most cost-effective arching solutions for businesses.

Figures correct as of July 2020.

For more information on cloud-based email archiving and the ArcTitan solution, give the TitanHQ team a call today.