Month: February 2021

TitanHQ Wins Big at Expert Insights’ 2021 Best-Of Awards

TitanHQ is proud to announce three of its innovative products have been named winners at the Experts Insights’ 2021 Best-Of Awards in the Web Security, Email Security Gateway, and Email Archiving categories.

Expert Insights helps businesses identify the most powerful, innovative, and ease to use cybersecurity solutions through its website, and helps clear up the confusion about cybersecurity solutions through objective reviews, industry analysis, and interviews with industry leaders. The top cybersecurity products are listed on the website along with reviews and ratings from genuine users of the solutions. Expert Insights now helps more than 40,000 businesses each month select the most appropriate cybersecurity solutions to meet their needs.

The leading cybersecurity companies and their products are recognized each year in the Expert insights’ “Best-Of” Awards. Products are assessed by technology experts and the Expert Insights’ Editorial Team based on many factors, including market presence, technical features of the products, ease-of-use, and ratings by verified users of the products. Winners are selected in a range of different categories such as email security, web security, endpoint security, multi-factor authentication, backup, and many more.

“2020 was an unprecedented year of cybersecurity challenges, with a rapid rise in remote working causing a massive acceleration in cybercrime,” said Craig MacAlpine, CEO and Founder, Expert Insights. “Expert Insights’ Best-Of awards are designed to recognize innovative cybersecurity providers like TitanHQ that have developed powerful solutions to keep businesses safe against increasingly sophisticated cybercrime.”

TitanHQ was recognized for the WebTitan DNS filtering solution, which was named a winner in the Web Security category, SpamTitan was named a winner in the Email Security category, and ArcTitan was named a winner in the Email Archiving category. In addition to the level of protection provided, each solution is consistently rated highly on price and ease of use by enterprises, SMBs, and Managed Service Providers. The solutions are used by more than 8,500 businesses and over 2,500 MSPs in more than 150 countries. In addition to the high ratings on Experts’ Insights, the solutions have received top marks on G2 Crowd, Capterra, GetApp, Software Advice, and Google Reviews.

“The recent pandemic and the growth of remote working initiatives have further highlighted the need for multiple layers of cybersecurity and our award-winning solutions form key pillars in this security strategy,” said Ronan Kavanagh, CEO, TitanHQ. “We will continue to innovate and provide solutions that MSPs can use to deliver a consistent, secure and reliable experience to their customers.”

Steps Businesses Should Take to Block CLOP Ransomware Attacks

CLOP Ransomware is a fairly new ransomware variant that first emerged in early 2019, when it started to be used in attacks on large enterprises in the United States, Germany, Mexico, India, and Turkey. The number of attacks has been steadily increasing, with a major increase in attacks identified in October 2020. Since then, the ransomware has been used in many attacks on large enterprises and the ransom demands are often huge. An attack on the software company Software AG saw a ransom demand issued for $20 million.

As is the case with well over a dozen of the most prolific ransomware operations, the CLOP ransomware gang exfiltrates data prior to encrypting files. If victims have a valid backup and try to recover their encrypted files without paying the ransom, the group will leak stolen data on the darkweb making it available to other cybercriminal operations. The media are tipped off to the data dumps, and the subsequent coverage can result in companies suffering serious reputational damage. In recent months there have been many class action lawsuits filed following ransomware attacks where stolen data has been leaked online.

CLOP ransomware is believed to be operated by a threat group known as FIN11, which is an arm of a prolific Russian cybercriminal organization known as TA505. FIN11 has targeted many different industries, although recently manufacturing, healthcare and retail have been a major focus. When attacks are conducted on organizations and companies in these sectors, the losses from downtime can be considerable, which increases the likelihood of victims paying the ransom. One attack on the South Korean retailer E-Land saw 23 of its stores close when they were unable to access their IT systems. An attack on the German manufacturer Symrise AG rendered more than 1,000 computers inoperable, causing huge losses as manufacturing was halted. Attacks on the healthcare industry mean patient records cannot be accessed, which places patient safety at risk.

Many ransomware gangs have exploited weaknesses in Remote Desktop Protocol, VPN solutions, and vulnerabilities in software and operating systems to gain they access they need to internal networks to deploy ransomware. However, the initial attack vector in CLOP ransomware attacks (and also many other ransomware variants) is spam email. Large scale spam campaigns are conducted, often targeting certain industry sectors or geographical locations. These are referred to as “spray and pray” campaigns. The aim is to gain access to as many networks as possible. The ransomware gang can then pick and choose which companies are worthwhile attacking with ransomware.

Once CLOP ransomware is installed, detection can be difficult as the threat group has programmed the ransomware to disable antivirus software such as Microsoft Security Essentials and Windows Defender. The key to blocking attacks is to stop the initial infection, which means preventing the spam emails from reaching inboxes where they can be opened by employees.

Blocking the attacks requires an advanced spam filtering solution with robust antivirus protections. SpamTitan, for instance, uses dual antivirus engines to catch known malware variants and sandboxing to identify malicious attachments containing previously unknown malware, ransomware, or malicious scripts. Machine learning techniques are also employed to identify emerging threats in real time.

The spam emails used in these campaigns try to obtain credentials such Office 365 logins and passwords or get users to download malware downloaders. Additional protection against this phase of the attack can be provided by a web filter such as WebTitan. WebTitan blocks the phishing component of these attacks by preventing these malicious URLs from being accessed by employees, as well as blocking downloads of malware from the Internet.

Staff training is also important to help employees recognize phishing emails and multi-factor authentication should be implemented to prevent stolen credentials from being used to access email accounts and cloud apps.

If you want to improve your security defenses against ransomware, malware and phishing attacks, give the TitanHQ team a call and ask about SpamTitan and WebTitan. Both solutions are available on a free trial to allow you to see for yourself how effective they are at blocking threats and how easy the are to implement and use.

Phishing Attacks on Businesses Doubled in 2020 and SSL Encryption is Now the Norm

The COVID-19 pandemic created many new opportunities for cybercriminals who were all too happy to take advantage. In 2020, businesses had to rapidly change their working practices to deal with national lockdowns and changed to a more distributed, remote workforce. In response, cybercriminals stepped up phishing attacks to obtain credentials to email accounts, VPNs, and remote access solutions.

The increase in email threats and phishing activity was recently highlighted by the Anti-Phishing Working Group which has been gathering data on phishing attacks from its member organizations throughout the year. Its latest report shows phishing attacks doubled in 2020, peaking in October 2020 when previous records were shattered. In October, 225,304 new phishing sites were detected, compared with under 100,000 in January 2020. From August to December 2020, more than 200,000 new phishing sites were detected each month.

Links to these phishing websites are sent in large scale phishing campaigns and many of the messages land in inboxes where they attract a click. The pandemic made that much easier for cybercriminals who expertly exploited the thirst for knowledge about COVID-19 to conduct their scams. As the year progressed other COVID-19 themed lures were used including COVID-19 relief payments for businesses, offers of early vaccines, small business loans, tax deadline extensions, and many more.

Cybercriminals often use compromised websites for hosting their phishing forms, but it is now much more common for the attackers to purchase their own domains that are tailored for each phishing campaign. These lookalike domains can easily fool individuals into believing they are on a legitimate website.

Cybercriminals have also been using encryption to hide their phishing URLs and fool employees. Hosting phishing URLs on HTTPS sites can fool employees into believing the web content is genuine, and many security solutions do not examine encrypted content which makes the URLs hard to identify and block. In Q4, 2020, 84% of phishing URLs used SSL encryption.

The increase in use of SSL encryption is a concern, as many people mistakenly believe that a site starting with HTTPS is secure when that is not the case. SSL inspection means the connection between the browser and the website is secure, which means users are protected against the interception of sensitive information, but a cybercriminal may own or control that website. The secure connection just means other cybercriminals will not be able to intercept login credentials as they are entered on a phishing site.

The problem for businesses has been how to block these threats as they grow in number and sophistication. Many businesses have previously relied on Office 365 anti-spam protections for blocking spam and phishing threats, but large volumes of these malicious emails are delivered to Office 365 inboxes. When that happens and a malicious link is clicked, they have no way of stopping employees from disclosing sensitive information.

One way that businesses can better protect against these phishing attacks is by implementing a web filtering solution with SSL inspection. WebTitan for instance can decrypt websites, inspect the content, and then re-encrypt which means malicious websites are not hidden and can be identified and blocked.

WebTitan also incorporates multiple threat intelligent feeds to ensure that as soon as a phishing URL is detected, all WebTitan users will be immediately protected. WebTitan ensures that protection is provided against emerging phishing URLs and zero-minute threats. When combined with an advanced spam filtering solution such as SpamTitan to block phishing emails at source and ensure they do not reach inboxes, businesses will be well protected against phishing attacks.