Month: January 2022

TitanHQ Exhibiting at Zero Trust World ’22 – February 21-23, Orlando, FL

TitanHQ is excited to be heading to Threatlocker’s Zero Trust World 2022 in Orlando, Florida this February. The event draws cybersecurity professionals from across the United States and beyond who will gain valuable insights from some of the world’s leading cybersecurity experts that they can take away and apply to better protect their networks and data from the ever-increasing number of cyber threats.

The event runs from February 21-23, 2022 at The Rozen Plaza and attendees will benefit from keynotes explaining the current threat landscape and the importance of Zero Trust in protecting against those threats. There will be discussions about the latest hacking techniques – and how to stop them – and the theme for the final day is to get serious about tackling cyber threats, and attendees will learn about the latest cybersecurity solutions to allow them to level up their cybersecurity stack to better protect against the full range of cyber threats.

There will be live hacking demonstrations, attendees will discover the tools that hackers are successfully using to evade security and attack businesses, and there will be hands-on exercises in workshops, training sessions, and certification labs.

While cybersecurity solutions can certainly help, becoming secure takes planning, analysis, and strategy. Tips and techniques will be provided by some of the leading cybersecurity professionals from around the world, who will talk about the lessons learned from cyberattacks, and the solutions and techniques that have been successfully employed at businesses of all sizes to improve security.

This year, TitanHQ will be exhibiting at the event and will be on hand to explain how TitanHQ’s cybersecurity solutions can be used to improve cybersecurity defenses. TitanHQ has been providing cloud-based cybersecurity solutions to MSPs and SMBs for more than 20 years and today more than 12,000 businesses – including more than 2,500 MSPs – rely on TitanHQ’s cybersecurity solutions to protect against cyber threats: Spamitan Email Security, WebTitan Web Security, EncryptTitan Email Encryption, and ArcTitan Email Archiving.

If you have not yet booked your place at the event, you can register here. Be sure to come and visit the team to discover how TitanHQ solutions can help you grow your business and improve cybersecurity for you and your clients.

Why Your Business Should Be Encrypting Emails

Sensitive information is often exposed in email incidents. To avoid reputation damage and financial loss, your business should be encrypting emails.

The Case for Encrypting Emails

Email is extensively used in business and a great deal of sensitive information is sent via email. If that information is exposed it can be a source of embarrassment, but far worse, data exposures can result in significant financial losses and can seriously damage trust and reputation. Emails need to be protected to ensure information contained therein remains confidential and to ensure the integrity of the messages. To do that, businesses need to use encryption technology.

Email transmission is not secure. An email can have four stopovers on its way from the sender to the recipient, and the email can be intercepted at any one point in that journey. Since unencrypted emails are transmitted in plaintext, if they are intercepted, they can be viewed and potentially altered.

According to Radicati research, 320 million emails were sent each day in 2021 and the figure is predicted to rise to 347 million a day next year. Given the high number of transmitted emails, it is perhaps no surprise that the UK’s Information Commissioners Office has reported that email data is the biggest contributor to security incidents.

Those security incidents are a combination of the interception of emails, the hijacking of email accounts, and accidental email exposures, where employees sent emails to the incorrect person. A study by Tessian indicates 58% of employees have sent an email to the wrong person. Email cyberattacks involve phishing to gain access to credentials, the use of credentials obtained in previous data breaches, and the hijacking of the DNS MX record, which is used to direct emails to a web server.

Phishing attacks and email account compromises can be tackled with an advanced spam filter such as SpamTitan, strong password policies, and multifactor authentication. Email hacking and interception can prevent email hijacking, email interception, email tampering, and email exposure through misdirection.

How Does Encrypting Emails Work?

Encrypting emails will ensure that the content of the messages, which includes the message body and any attachments, will be rendered unintelligible from the moment they are sent to them being opened and read by the intended recipient. Email encryption typically works using two layers of encryption, as is the case with EncryptTitan – TitanHQ’s email encryption solution.

An encryption protocol called Transport Layer Security (TLS) is used to prevent interception in transit, such as a man-in-the-middle attack. TLS email encryption is easy to use and does not require any additional steps if TLS-Verify is used. While TLS will protect emails in transit, a second layer of security is needed to ensure end-to-end encryption of the messages. When the message arrives at its intended destination there is the highest risk of being accessed by an unauthorized individual. Therefore, it is important for the recipient to authenticate to decrypt the email, to ensure that only the intended recipient can open the message.

EncryptTitan from TitanHQ

Solutions for encrypting emails need to be robust to ensure message confidentiality, but also easy to use. Solutions such as EncryptTitan have multi-layered security to ensure emails are protected in transit and can only be decrypted by the intended recipient, without making the sending of messages cumbersome, which would have a negative effect on productivity.

EncryptTitan includes Outlook plugins to make encrypting encryption as easy as possible. The security settings will dictate the amount of additional verification that is required, with the highest setting requiring the use of a one-time unique verification code that is delivered through the encryption portal. Not all emails need to be encrypted. When you send an email, if the recipient is not within the company domain, the sender will receive a one-click prompt asking them if they want to encrypt the message.

When encrypting emails, EncryptTitan ensures attachments are also encrypted by default and the Data Loss Protection (DLP) feature scans for certain keywords and will automatically encrypt emails if they contain sensitive data.

EncyptTitan offers sender-defined email expiry dates, after which the email will be deleted from the TitanHQ Secure Portal, and the option of recalling messages if sent to the incorrect recipient. Setup is easy. There is no need to set up on-site hardware, as encryption takes place in the cloud, which makes the solution highly scalable. The solution is also agnostic of the email environment and will work across a wide range of email environments.

If you want to ensure that your company’s emails are protected against interception and tampering, contact TitanHQ for more information about EncryptTitan and to book a free product demonstration. The solution can also be offered as-a-service with ease by managed service providers who want to provide email encrypting services to their clients.

BHUNT Stealer Targets Cryptocurrency Wallets and Browser Passwords

Bitdefender has identified a new stealer malware called BHUNT that allows the attackers to access cryptocurrency wallets and irreversibly transfer funds to wallets under their control.

The continued rise in the value of cryptocurrencies has made cyberattacks on cryptocurrency wallets highly lucrative. Large organizations often use cryptocurrencies to improve business reach, reduce transaction costs, prevent chargeback fraud, and make cross-border transactions much easier. Businesses may hold large amounts of cryptocurrencies, so any attack that gives a hacker access to a business cryptocurrency wallet can result in a significant payday; however, attacks on individuals who hold far smaller amounts of cryptocurrencies are also being conducted. Anyone who holds cryptocurrencies is at risk of an attack.

Malware developers have created several malware variants that are primarily used to access to cryptocurrency wallets, including WeSteal malware, which was first identified in 2020 and is available on underground marketplaces. There are many other malware families that have cryptocurrency stealing capabilities, such as the Redline Stealer, which is now one of the most common malware threats. According to an analysis by the blockchain data platform Chainalysis, cybercriminals stole $14bn (£103bn) in cryptocurrency in 2021 – a 79% increase from the previous year.

BHUNT is a new stealer that targets Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, and Litecoin wallets, can steal passwords stored in Chrome and Firefox browsers, and captures passwords from the clipboard, although it is a specialized malware for stealing wallet files.

BHUNT is a stealthy cryptocurrency stealer that is heavily encrypted using two virtual machine packers – Themida and VMProtect – which hamper attempts by security researchers to reverse-engineer and analyze the malware. The malware is signed with a digital signature stolen from the CCleaner developer Piriform, although the certificate does not match the binaries, and the malware uses encrypted configuration scripts downloaded from public Pastebin pages. When installed, the malware is injected into explorer.exe.

Five modules have been identified, one is concerned with stealing wallet file contents, another module downloads payloads, one steals passwords from the clipboard and exfiltrates to its C2 server, another is a browser password stealer, and the last module cleans up traces of the infection.

The malware has been used in attacks worldwide, especially in South Asia, the Philippines, and Greece, and appears to be distributed in a similar way to other successful information stealers such as the Redline Stealer, through cracks and product activators such as KMSpico.

To protect against infection with the BHUNT stealer, individuals should not download applications and programs from unofficial repositories and should avoid pirated software, software cracks, and other illegal product activators. Businesses should consider implementing defenses against cryptocurrency stealers such as antivirus software on all endpoints and technical solutions to prevent downloads of executable files.

Cryptocurrency stealers, banking trojans, malware downloaders, spyware, adware, and ransomware are often distributed in fake software and software cracks. While policies can be set that prohibit employees from downloading unauthorized software, those policies are often ignored by employees who download unauthorized software to allow them to work more efficiently.

One of the most effective ways of blocking the downloads of unauthorized and pirated software is to use a web filter. WebTitan can be configured to block access to hacking websites, peer-2-peer file-sharing networks, and other sites where cracks, pirated software, and illegal product activators are available.

WebTitan can also be configured to prevent the downloading of files commonly associated with malware, such as executable files, and controls can be implemented for individual users, user groups, departments, or organization wide.

January 21, 2022: Free Livestream Event for MSPs Looking to Grow Their Business

January 21, 2022, will see the 2nd ever Channel Pitch Livestream Event – An opportunity for forward-thinking managed service providers, Internet service providers, value-added resellers, and IT service providers to discover new software solutions from some of the most existing and innovative technology vendors that can help them grow their business.

The event serves as an introduction to a carefully curated selection of companies that have developed solutions that can help service providers improve protection against cyber threats, manage Microsoft 365 and Azure workloads more effectively, and streamline back-office processes to improve efficiency.

At this year’s event, hosted by Serial Tech Entrepreneur Kevin Lancaster and Channel Evangelist Matt Solomon, attendees will have the opportunity to hear from 7 companies about their MSP solutions, with each presentation lasting only 7 minutes. During those presentations, attendees will learn about the features and benefits of those solutions, and how they can be deployed in MSP environments to grow revenue and improve profitability. After the presentations, attendees will be able to engage directly with any of the vendors to discover more about the solutions, and feedback can be provided to each of the vendors with 100% anonymity.

TitanHQ is proud to be presenting at this Exclusive Livestream MSP event. Conor Madden, TitanHQ Director of Sales, will explain how TitanHQ’s award-winning email security and web security solutions can be used by MSPs, MSSPs, and ISPs to improve protections against the most common threats faced by MSPs and their clients, how the solutions are quick and easy to deploy, effortless to manage, and can help to improve profitability and win new business.

TitanHQ’s solutions have been adopted by more than 3,000 MSPs and are trusted by over 14,500 businesses worldwide to improve email and web security, with the feature-rich solutions offering multiple integrations via the advanced API set, granular policy controls, with a comprehensive suite of reports. The solutions identify more than 100,000 new malware sites every day through threat intelligence delivered from more than 650 million users worldwide.

The Livestream event is free of charge to register and attend and is a great opportunity for MSPs, MSSPs, ISPs, VARs, IT service providers, and consultants.

LiveStream Event Details

Date: January 21, 2022
Time: 4.00 p.m. GMT ¦ 11 a.m. EST ¦ 8 a.m. PST
Hosts: Kevin Lancaster and Matt Solomon

  • TitanHQ – Email and Web Security
  • Hook Security – Security Awareness Training
  • Nerdio – Azure
  • Nuvolex – XaaS Management
  • Speartip – SOC
  • Threatlocker – Application Whitelisting
  • Zomentum – Sales Automation

Register Your FREE Place Here!