Month: October 2021

Magnitude Exploit Kit Updated to Target Vulnerabilities in Chromium-Based Web Browsers

Exploit kits first emerged in 2006 and have since been used as an automated method of malware delivery. Exploit kits are programs that are loaded onto websites that contain exploits for known vulnerabilities. When a visitor lands on a web page that hosts an exploit kit, it performs a scan to determine if certain software vulnerabilities have not been patched. If an unpatched vulnerability is identified, the exploit kit will choose an exploit and will deliver a malware payload with no user interaction required.

Exploit kits became hugely popular with threat actors between 2010 and 2017, and while their use has declined to a fraction of the level seen in 2016 and 2017, they do still pose a threat. There are several exploit kits still being used that are regularly updated with new exploits for known vulnerabilities, and over the past couple of years they have mostly been used to deliver malware loaders that deliver ransomware.

The Fallout exploit kit for example has been used to deliver Maze Locker ransomware, and the Magnitude EK, which was first identified in 2013, is also being used to deliver ransomware, mostly in the Asia Pacific region.

Exploit kits are loaded on legitimate websites that have been compromised, as well as attacker-owned websites, with traffic to the latter often delivered through malicious adverts (malvertising). It is therefore easy to land on a site hosting an exploit kit through general web browsing.

The Magnitude EK is now one of the most extensively used exploit kits which, until recently, was only being used to target Internet Explorer; however, the exploit kit has now been updated and is being used to target Chromium-based web browsers on Windows PCs.

Avast reports that two new exploits have recently been added to the Magnitude EK, one of which targets a vulnerability in Google Chrome – CVE-2021-21224 – and the other targets the Windows kernel memory corruption vulnerability tracked as CVE-2021-31956. The Google Chrome bug is a remote code execution vulnerability, and the Windows bug can be exploited to bypass the Chrome sandbox, allowing an attacker to gain system privileges.

Patches have been released by Google and Microsoft to address both of these flaws; however, the reason why exploit kits are still an effective method of malware distribution is many people delay or ignore software updates. While the Magnitude EK is not believed to be currently exploiting the vulnerabilities to deliver a malware payload, it is unlikely that will remain the case for long.

The best defense against exploit kits is to ensure that software updates and patches are applied promptly, although that is not always possible for businesses and sometimes some devices are missed and remain vulnerable. An additional measure that can protect against exploit kits and other types of web-based malware distribution is a web filter.

Web filters are the Internet equivalent of spam filters. Just as a spam filter prevents the delivery of emails containing malware to inboxes, web filters prevent malware delivery via malicious websites and are a key component of anti-phishing defenses, preventing end-users from visiting websites hosting phishing kits.

TitanHQ has developed WebTitan to protect businesses from web-based threats and carefully control the content that can be accessed by office-based and remote workers. WebTitan is a DNS-based web filter that is quick and easy to implement, which has no impact on page load speeds. WebTitan is used by more than 12,000 businesses and managed service providers for content filtering, blocking malware delivery via the internet, and as an additional security measure to block phishing attacks.

If you want to improve protection against malware, malicious sites, phishing sites, C2 callbacks, ransomware, botnets, spyware, and viruses, give the TitanHQ team a call or put the solution to the test in your own environment by taking advantage of a 100% free 30-day trial of the full solution.

How to Identify a Malicious Website

If you want to keep your computers and networks protected from malware, it is important to train your staff on how to identify a malicious website. You should also install a powerful web filtering solution to ensure your employees’ malicious website identification skills are never put to the test.

Cybercriminals are developing ingenious ways of compromising networks

Scammers and cybercriminals used to mainly send out emails with infected attachments. Double-clicking on the attachment would result in the computer, and possibly the network, being infected with malware. Oftentimes, this action would go undetected by anti-virus software programs. A full system scan would need to be conducted before the malicious software was identified.

Computer users are now much wiser and know never to open file attachments that have been sent to them by unknown individuals, and certainly never to double click on an executable file. Hackers and other cybercriminals have therefore needed to get smarter, and are now developing ever more sophisticated ways of obtaining user credentials and getting people to install malware manually. One of the ways they are doing this is by developing malicious websites.

End users are contacted via email and are sent links to websites along with a valid reason for visiting the site. Links to malicious websites are also frequently sent out in social media posts or are placed in third-party website adverts. Some sites are hijacked and visitors are redirected to fake sites automatically.

What is a malicious website?

Malicious websites host malware or are used to phish for sensitive information. In the case of the latter, users are tricked into revealing sensitive data such as login credentials for online banking websites.

Malware may require some user interaction before it is installed. Visitors may be tricked into downloading a security program, for instance, by being informed their computer is already infected with malware. They may be offered a free screensaver or asked to download a fake PDF invoice.

Increasingly, malicious websites are used to host exploit kits. Exploit kits probe visitors’ browsers to identify security vulnerabilities that can be exploited without any user interaction required. If a vulnerability is detected, malware can be installed automatically on the computer or network. This method of cyberattack is called a drive-by download. Drive-by downloads can involve malware being installed onto the computer’s hard drive, a network drive, or even loaded into the computer’s memory.

Learning how to identify a malicious website is important if you want to prevent your computer from being infected, and it is essential for system administrators and other IT professionals to conduct staff training to help end users avoid these dangerous sites.

How to identify a malicious website

There are some easy ways to tell if a website is attempting to install malware:

  • The website asks you to download software, save a file, or run a program
  • Visiting the website automatically launches a download window
  • You are asked to download an invoice or receipt, such as a PDF file, .zip or .rar, or an executable file or .scr screensaver file

A malicious website may also tell you:

  • Your computer is already infected with malware
  • Your plug-ins or browser are out of date
  • You have won a competition or free prize draw. You may also be offered free money or vouchers that require you to enter your credit card or banking information

If you are asked to download any files or update your software, conduct a check of the site via Google and try to determine whether the site is genuine. If in doubt, do not download any files.

If you are told your browser is out of date, visit the official browser website and check your version number. Only ever download updates from official websites.

If you have accidentally visited a drive-by download site, by the time that you have connected it may be too late to prevent malware from being downloaded. To protect against drive-by downloads you must ensure that your browser, add-ons, and plugins are 100% up to date. You should also use a software solution to block access to drive-by download sites.

How to block end users from visiting a malicious website

Even legitimate websites can be hacked and used to host malicious code. They may use advertising networks that are used by cybercriminals to direct visitors to malware-hosting websites. The best defense is to block these adverts and malicious websites.

Blocking access to malicious websites is a simple process. All it requires is a powerful web filtering solution to be installed. WebTitan web filtering solutions for the enterprise will help you keep your network secure by preventing users from visiting sites known to host malware.

WebTitan incorporates a range of measures to detect malicious web content to prevent employees from visiting dangerous websites. WebTitan can also be configured to block access to questionable or illegal content to enforce an organization’s acceptable Internet usage policy.

If employees are trained on malicious website identification and web filtering software is installed, your network will be much better protected from malware infections and other web-based threats.

FAQs on Guest Wi-Fi Network Security and Blocking Malicious Websites

Should I enable guest Wi-Fi?

By enabling guest Wi-Fi, you are creating a separate network for guest users to access the Internet. This is much more secure than allowing a guest user to connect to your main business network. Be aware that your guest Wi-Fi network is still connected to your business so you should control the activities that can be performed while connected.

Are guest Wi-Fi networks secure?

A guest Wi-Fi network keeps guest users away from your servers and company data. While connected to the guest network, individuals will be prevented from accessing your internal resources even if they are able to locate them. If you do not have a separate guest network, you will be at risk of hacking and data theft.

How can I make my guest Wi-Fi network secure?

You can make your guest Wi-Fi network more secure by changing the name of the network (SSID) to something less obviously tied to your business, setting a strong password, and configuring the network to prevent access to local network resources. You should also implement a web filter to prevent users from accessing malicious web content.

Is web filtering complicated?

Setting up content filtering on a wired or wireless network is easy with a cloud-based web filter. Simply change your DNS settings to point to the service provider and you can be blocking threats and restricting access to web content in minutes. You will get a web-based interface to log in and can simply click on the categories of content you want to block.

How much does a web filtering solution cost?

There are many different providers of Wi-Fi filtering solutions and the cost can vary considerably. You could end up paying upwards of $2.50 per user per month; however, solutions such as WebTitan Cloud for Wi-Fi will give you the protection you need at a very reasonable cost, which can be as little as $1 per user, per month. To find out the cost, use our cost calculator.

New Phishing Tactic Identified in Campaign Spoofing Well Known Brands

Phishers are constantly changing their tactics, techniques, and procedures to evade security solutions and fool end users into disclosing sensitive information or installing malware. One of the most commonly used tactics is to impersonate trusted companies, with emails often including corporate logos, footers, and even correct contact information to make the messages look like genuine communications from the spoofed companies.

Email security solutions are now much better at detecting these scam emails. Email security solutions use the email security protocols SPF, DKIM, and DMARC to detect and block email impersonation attacks. SPF – Sender Policy Framework – restricts who can send emails from a corporate domain and prevents domain spoofing.  DKIM – DomainKeys Identified Mail –protects against emails being tampered with, while DMARC – Domain-based Message Authentication – works in conjunction with SPF and DKIM to protect against email spoofing attacks, by linking a domain name with the name in the From: email header. This allows messages to be identified as malicious when they are sent by an unauthorized user of a domain.

Machine-learning technology and AI are used to distinguish genuine communications from spoofed messages. Some email security solutions can perform checks of corporate logos in email messages and compare these to the sender’s address to make sure the emails have come from an official source.

One phishing campaign has been detected that attempts to circumvent these AI protections by using corporate logos that have had mathematical symbols inserted to replace existing letters. Checks of these images will not alert AI-based email security solutions to a fake message, since the spoofed email messages do not contain the official corporate logo. The logos are, however, sufficiently similar to the genuine logo to fool end users.

One example of this was found in an email spoofing Verizon. The official Verizon logo has a red V, which has been substituted for a red square root symbol. These emails attempt to trick the recipients into clicking a link in the email which directs them to a website that also spoofs the brand. They are then asked to provide credentials to verify their identity. Those credentials are then captured by the scammers.

The Verizon phishing email uses a fake voicemail message as a lure, then asks the user to enter their Office 365 credentials to access the voicemail message. While that is an obvious red flag as Verizon does not require Office 365 credentials, individuals who failed to identify the email for the scam it is maybe fooled, after all, the phishing page accurately spoofs the official Verizon website.

While many spoofed emails will be blocked by SPF, DKIM, and DMARC, machine learning technology, and other checks employed by email security solutions, email security gateways are not 100% effective. For example, independent tests have shown SpamTitan has a very high detection rate – in excess of 99.97% – but a small number of emails will bypass defenses on occasion and that is true of all email security solutions.

This is why it is also recommended to implement a web filtering solution. Web filters tackle phishing from a different angle. Instead of blocking the message, they block attempts by end users to visit malicious links in emails.

TitanHQ’s web filtering solution – WebTitan – is a DNS-based web filter. When a request is made to visit a website, WebTitan performs a check at the DNS lookup stage of the request, before any content is downloaded. If the request is for a known malicious website or URL that violates an organization’s policies, the request is denied, and the user is protected. WebTitan is constantly updated to include malicious web content through multiple threat intelligence feeds to provide zero-minute protection.

Phishing attacks are becoming much more sophisticated, and while email security solutions will block the majority of attacks, phishing defenses now need to consist of multiple overlapping layers of security. By implementing a spam filter, web filter, antivirus software, and providing regular security awareness training, businesses can mount a formidable defense against phishing attacks.

For more information about web filters, contact TitanHQ today. All TitanHQ solutions are available on a free trial to allow potential customers to try before they buy with no obligation to proceed. Product demonstrations can also be provided on request.

Wi-Fi Security Threats You Should be Aware of

Many employees access their work emails and work networks via public Wi-Fi hotspots, even though there is a risk that sensitive information such as login credentials could be intercepted by hackers. Many employees are unaware of the Wi-Fi security threats that lurk in their favorite coffee shop and fail to take precautions. Even employees who are aware of Wi-Fi security threats often ignore the risks.

This was highlighted by a 2017 survey by Symantec. 55% of survey participants said they would not hesitate to connect to a free Wi-Fi hotspot if the signal was good and 46% said they would rather connect to a free, open wireless network than wait to get a password for a secure access point.

60% of survey participants believed public Wi-Fi networks are safe and secure but even though 40% are aware of the Wi-Fi security threats, 87% said that they would access financial information such as their online banking portal or view their emails on public Wi-Fi networks.

The majority of users of public Wi-Fi networks who were aware of the Wi-Fi security threats said they ignored the risks. Millennials were the most likely age group to ignore Wi-Fi security threats: 95% of this age group said they had shared sensitive information over open Wi-Fi connections.

Consumers may be willing to take risks on public Wi-Fi networks, but what about employees? According to a 2018 Spiceworks survey, conducted on 500 IT professionals in the United States, employees are also taking risks.

61% of respondents to the survey said their employees connect to public Wi-Fi hotspots in coffee shops, hotels, and airports to work remotely. Only 64% of respondents said their employees were aware of the security threats on Wi-Fi. A similar percentage said their employees were aware of the risks and connect to their work networks using a VPN, which means that 4 out of 10 workers were unaware of the importance of establishing a secure connection.

Even though 64% of respondents were confident that employees were aware of the risks, only half were confident that data stored on mobile devices was adequately protected against threats from public Wi-Fi hotspots. 12% of respondents said they have had to deal with a public Wi-Fi-related security incident, although a further 34% were not sure if there had been a security breach as many incidents are never reported.

WiFi Security Threats Everyone Should be Aware of

All employers should now be providing security awareness training to their employees to make the workforce more security-aware. Employees should be trained how to identify phishing attempts, warned of the risk from malware and ransomware, and taught about the risks associated with public Wi-Fi networks.

Five threats associated with open public Wi-Fi hotspots are detailed below:

Evil Twins – Rogue Wi-Fi Hotspots

One of the most common ways of obtaining sensitive information is for a cybercriminal to set up an evil twin hotspot. This is a fake Wi-Fi access point that masquerades as the legitimate access point, such as one offered by a coffee shop or hotel. An SSID could be set up such as “Starbuck Guest Wi-Fi” or even just state the name of the establishment. Any information disclosed while connected to that hotspot can be intercepted.

Packet Sniffers

Using a packet sniffer, a hacker can identify, intercept, and monitor web traffic over unsecured Wi-Fi networks and capture personal information such as login credentials to bank accounts and corporate email accounts. If credentials are obtained, a hacker can gain full control of an account.

File-Sharing

Many people have file-sharing enabled on their devices. This feature is useful at home and in the workplace, but it can easily be abused by hackers. It gives them an easy way to connect to a device that is connected to a Wi-Fi hotspot. A hacker can abuse this feature to drop malware on a device when it connects to a hotspot.

Shoulder Surfing

Not all threats are hi-tec. One of the simplest methods of obtaining sensitive information is to observe someone’s online activities by looking over their shoulder. Information such as passwords may be masked so the information is not visible on a screen, but cybercriminals can look at keyboards and work out the passwords when they are typed.

Malware and Ransomware

When connecting to a home or work network, some form of anti-malware control is likely to have been installed, but those protections are often lacking on public Wi-Fi hotspots. Without the protection of AV software and a web filter, malware can be silently downloaded.

Employers can reduce risk by providing comprehensive training to employees to make sure they are aware of the risks from public Wi-Fi hotspots and make sure that employees are aware they should only connect to public Wi-Fi networks if they use a VPN. Employers can further protect workers with WebTitan Cloud – An enterprise-class web filter that protects workers from online threats, regardless of where they connect.

Hotspot providers can protect their customers by securing their Wi-Fi hotspots with WebTitan Cloud for Wi-Fi. WebTitan Cloud for Wi-Fi is a powerful web filter that protects all users of a hotspot from malware and phishing attacks, and can also be used to control the types of sites that can be accessed. If you offer Wi-Fi access, yet are not securing your hotspot, your customers could be at risk.

Contact TitanHQ today to find out how you can protect your customers from online threats, control the content that can be accessed via your Wi-Fi network, and discover how quick and easy it is to create a family-friendly Wi-Fi environment.

Why is Internet and WiFi Filtering in Hospitals Important?

Hospitals often invest heavily in solutions to secure the network perimeter, although the importance of Internet and WiFi filtering in hospitals is often misunderstood. Network and software firewalls are essential, but alone they will not provide protection against all attacks. As healthcare IT security staff know all too well, the actions of employees can see cybersecurity defenses bypassed.

A look at the Department of Health and Human Services’ Office for Rights breach portal shows just how many cyberattacks on hospitals are now occurring. Cybercriminals are targeting healthcare organizations due to the value of protected health information (PHI) on the black market. PHI is worth ten times as much as credit card information, so it is no surprise that hospitals are in cybercriminals’ crosshairs. Even a small hospital can hold the PHI of more than 100,000 individuals. If access is gained to a hospital network, the potential rewards for a hacker are considerable.

There has also been a massive increase in ransomware attacks. Since hospitals need access to patients’ PHI, they are more likely to pay a ransom to regain access to their data than in other industry sectors. Hollywood Presbyterian Medical Center paid $17,000 for the keys to unlock its files following a ransomware attack in February 2016. It was one of several hospitals to give in to attackers’ demands following ransomware attacks.

A Web Filter is an Important Extra Security Layer to Protect Against Phishing Attacks

Phishing is one of the main threats for healthcare organizations, so it is vital for the email system to be secured with an advanced spam filtering solution and for security awareness training to be provided to employees. However, layered defenses are required to reduce the threat of phishing to a reasonable and acceptable level.

A web filtering solution is an important additional control in the fight against phishing. If an employee clicks on a hyperlink in a phishing email that has made it past email security defenses, the phishing website can be blocked. Instead, the user will be directed to a block screen and a potential account compromise can be avoided. A web filter will also help to protect users from malicious redirects when browsing the internet.

The Hospital WiFi Environment is a Potential Gold Mine for Cybercriminals

Another common weak point is the WiFi network. IT security teams may have endpoint protection systems installed, but often not on mobile devices that connect to WiFi networks. The increasing number of wireless devices that are now in use in hospitals increases the incentive for cybercriminals to attempt to gain access to WiFi networks. Not only do physicians use mobile phones to connect to the networks and communicate PHI, but there are also laptops, tablets, and an increasing number of medical devices connected to WiFi networks. As the use of mobile and IoT devices in healthcare continues to grow, the risk of attacks on the WiFi environment will increase.

Patients also connect to hospital WiFi networks, as do visitors to hospitals. They too need to be protected from malware and ransomware when connected to hospital guest WiFi networks. One of the easiest ways to protect the devices that connect to WiFi networks is a web filtering solution. A web filter allows IT teams to carefully control the types of content that can be accessed on hospital WiFi networks, block malware downloads, and prevent all users from visiting malicious websites. Internet and WiFi filtering in hospitals should be included in cybersecurity defenses to reduce the risk of malware downloads from the internet and is an important additional control against insider breaches.

Internet and WiFi filtering in Hospitals is Not Just About Blocking Cyberthreats

Malware, ransomware, hacking, and phishing prevention aside, there are other important reasons for implementing Internet and WiFi filtering in hospitals.

Guest WiFi access in hospitals is provided to allow patients and visitors to access the Internet; however, there is only a certain amount of bandwidth available. If Internet access is to be provided, all patients and visitors should be able to gain access. Internet and WiFi filtering in hospitals can be used to restrict access to Internet services that consume large amounts of bandwidth, especially at times when network usage is heavy. Time-based controls can be applied at busy times to block access to video streaming sites, for example, to ensure all users can enjoy reasonable Internet speeds.

It is also important to prevent patients, visitors, and healthcare professionals from accessing inappropriate website content.  Internet and WiFi filtering in hospitals should include a block on adult content and other inappropriate or illegal material. Blocks can easily be placed on illegal file-sharing websites, gambling or gaming sites, or any other undesirable category of web content.

Internet and WiFi filtering in hospitals ensures WiFi networks can be used safely and securely by all users, including minors. Blocking illegal, undesirable, and age-inappropriate content is not just about protecting patients and visitors. It also reduces legal liability.

Internet and WiFi Filtering in Hospitals Made Simple

WebTitan Cloud for WiFi is an ideal solution for Internet and WiFi filtering in hospitals. WebTitan Cloud for WiFi is cost-effective to implement, the solution requires no additional hardware or software installations, and there is no latency. Being DNS-based, setup is quick and simple. A change to the DNS settings is all that is required to start filtering the Internet.

WebTitan Cloud for WiFi is ideal for hospital systems. The solution is highly scalable and can be used to protect any number of users in any number of locations. Multiple sites can be protected from one easy-to-use web-based user interface. Separate filtering controls can be applied for different locations, user groups, or even individuals. Since the solution links in with Active Directory setting up controls for different users and departments is quick and simple. Separate content controls can easily be set for guests, visitors, and staff, including filtering controls by role.

WebTitan Cloud for WiFi supports blacklists, whitelists, and allows precision content control via category or keyword, and blocks phishing websites and sites known to host exploit kits and malware. In short, WebTitan Cloud for WiFi gives you control over what users can do when connected to your WiFI network.

To find out more about WebTitan Cloud for WiFi, details of pricing, contact the TitanHQ team today.