Month: June 2023
Jun 28, 2023 | Cybersecurity Advice
Cybercriminals use many different tactics to gain a foothold in business networks and while many threat actors specialize in exploiting unpatched vulnerabilities, cyberattacks that exploit human weaknesses are far more common. The best known of these tactics is phishing, where contact is made with employees via email, SMS messages, or instant messaging services. The messages typically include a lure to convince the employee to take a certain action – opening a malicious attachment, clicking an embedded hyperlink, or calling a phone number. These attacks are conducted to steal credentials, install malware, or otherwise provide the threat actor with access to the user’s device.
Phishing is extensively covered in security awareness training, and rightly so, as it is one of the most common methods of attack; however, it is important to ensure that employees are trained on other methods of attack, including an increasingly used tactic called SEO poisoning.
What is SEO Poisoning?
SEO poisoning is a type of web-based attack that uses search engine optimization techniques to increase the prominence of malicious web pages in the search engine listings. Tactics commonly used to get web pages to appear high up in the search engine listings include keyword stuffing – cramming in lots of keywords into the page to trick search engines into thinking the content is particularly relevant to the targeted search term; cloaking, where search engine algorithms are presented with different content to normal users; the generation of fake clicks using bots, and generating masses of backlinks to the website via private link networks. These black hat SEO tactics provide a fast return and get web pages to appear very high up in the search engine listings for specific search terms. The higher up in the listings a website ranks, the more visitors the site is likely to receive. An added advantage of a high place is Internet users tend to trust those sites more.
If a malicious actor can get a web page appearing in the top five spots for a high-traffic search term they are likely to be able to drive a considerable amount of traffic to that web page; however, it can be difficult to get web pages ranking for high-volume search terms as there is likely to be a lot of competition. An alternative is to target relatively low-volume search terms, such as terms that are likely to be used by employees such as terms related to business-related forms and contract templates. These terms not only ensure that the right people visit the malicious page, but those individuals will be looking to download a file, which makes it far easier to install malware. While free downloads are effective, webpages offering fake software and business apps may be created that require a small payment. This tactic can be used to steal credit card information.
The websites and web pages used for these scams can be easily identified in many cases if Internet users are vigilant, as the domains used are often unrelated to the content of the page. To improve the effectiveness of this tactic, domains are often used that match the malicious content. For example, if the campaign was targeting the communications platform Zoom, a domain may be registered such as zoom-download.com, or a subdomain may be used, such as zoomdownload.business-software-downloads.com.
Typosquatting is also commonly used, where misspellings of brand names are used for domain names, or letters are substituted with special characters or numbers. At first glance, the domains appear legitimate, and this tactic can catch out careless typists.
How to Protect Against SEO Poisoning
There are two main ways that businesses can improve their defenses against web-based attacks such as SEO poisoning – end user training and web filtering. Security awareness training should be provided regularly to the workforce, and modules should cover all types of attacks that target employees, including SEO poisoning. Making employees are of these tactics and teaching them about the red flags to look for will help them to identify and avoid these campaigns. If you have yet to start training your workforce, check out SafeTitan from TitanHQ.
Web filtering is a technical measure for filtering out malicious websites. Web filters ensure that even if a link is clicked, a connection to the malicious website will not be established. Web filters, such as WebTitan from TitanHQ, are constantly updated with the latest threat intelligence. As soon as a new malicious website or webpage is identified, the data is sent to the web filter and any attempted connection will be blocked. WebTitan protects against SEO poisoning, malvertising, and malicious software downloads from the Internet and can be used to block access to software download sites, torrents and warez sites, and other sites that are risky or serve no business purpose.
Combine security awareness training with a web filter and you will be well protected against SEO poisoning and other web-based attacks.
Jun 27, 2023 | Cybersecurity Advice, Internet Security
A K-12 Chromebook filter prevents students from accessing age-inappropriate web content, can be configured to prevent non-educational use of Chromebooks, protects student privacy, and blocks malware downloads. Unfiltered Chromebooks put children at considerable risk.
Chromebooks are a low-cost alternative to laptop computers. In contrast to laptops, Chromebooks do not use the Windows or macOS operating systems instead, they use ChromeOS, which works like the Chrome web browser and provides rapid Internet access. Chromebooks allow access to the Internet for reading web content, checking webmail, watching videos, and accessing web-hosted documents, spreadsheets, and photos. Since Chromebooks are low-cost and can be used to access educational resources they are ideal for students to support remote learning, and they have proven to be hugely popular with K-12 schools.
The problem with issuing students with Chromebooks is that while the devices support e-learning, they can also be used to access the entire web, which means students could use them to view age-inappropriate web content that can be very harmful to young minds. The devices can be used to share harmful images and videos and access chatrooms where children can be exposed to online predators. Since the devices have webcams, children could be tricked into sharing inappropriate images. Like standard laptops, Chromebooks can also be infected with malware, which can provide malicious actors with access to devices, including the webcam.
A K-12 Chromebook filter protects against these harmful uses by restricting access to Internet content and is an essential privacy and security feature for school-issued Chromebooks. In the United States, Chromebook filtering is a requirement of the Children’s Internet Protection Act (CIPA), compliance with which is required to receive E-Rate discounts. CIPA requires an Internet safety policy and technology to be used to prevent minors from accessing sexually explicit or otherwise harmful Internet content.
WebTitan: A Low-Cost, Effective, and Easy-to-Use K-12 Chromebook Filter
TitanHQ has developed a K-12 Chromebook filter that is easy for administrators to implement and maintain and allows precision control of the web content that students can access on their school-issued Chromebooks. WebTitan is a cloud-based web filtering solution that can be configured to block web content by category or whitelist certain websites and web content to severely limit what students can do using their school-issued Chromebooks. WebTitan has been developed to allow learning anywhere, whether that is in the classroom or when the Internet is accessed from any Wi-Fi hotspot or router.
WebTitan On-the-Go for Chromebooks is a roaming agent that is used in combination with the WebTitan Cloud platform that will apply a school’s Internet policies no matter where the Chromebook is used to access the Internet. Through the agent, administrators can enforce filtering controls at the user or device level using a Google Workspace account and ensures that Chromebooks are locked down to prevent the filtering controls from being bypassed. The filters support YouTube for Schools, SafeSearch, and content controls can be set for different age groups or even individual users. WebTitan is also constantly updated with threat intelligence and monitors in real-time for malicious content and blocks malware threats.In addition to locking down the devices, administrators have full access to reports detailing web access down to the user level, and since filtering controls are applied per device, there is no need for slow and expensive VPNs or proxies.
If you want to protect students from inappropriate web content, protect their privacy, and keep Chromebooks secure, contact the TitanHQ team today. Product demonstrations can be arranged on request and WebTitan is available on a free trial to allow you to assess the product before you make a decision about a purchase.
Jun 21, 2023 | Cybersecurity Advice, Cybersecurity News, Malware Alerts, Web Filtering
A malware distribution campaign has been detected that uses torrents to install cryptocurrency hijackers, using a method that allows the malware to evade antivirus tools. The campaign delivers clipper malware – a type of malware that can steal information from the clipboard and modify clipboard activity with the goal of stealing private keys and credentials for cryptocurrencies. Once installed, the malware will monitor the clipboard looking for cryptocurrency wallet addresses. If a cryptocurrency wallet address is found, it will be replaced with the address of a wallet under the control of the attacker. When a payment is made by the victim, it will be directed to the attacker’s account.
This campaign uses torrents for Windows 10 Pro, which will deliver a Windows 10 ISO image for the installation. An ISO file contains the image of data found on an optical disc, in this case, the Windows 10 installation disk. This campaign hides the clipper malware in the Extensible Firmware Interface (EFI) partition. The EFI partition contains the bootloader and other files that are executed before the operating system starts up. The benefit of hiding the malware in the EFI is it is not typically scanned by antivirus software, so the malware is likely to remain undetected.
When the ISO file is used to install the operating system, a scheduled task is created that launches the dropper, which mounts the EFI partition as the M:\ drive. When mounted, the dropper will copy two other files to the C:\ drive: An executable that serves as the injector, and a DLL file – the clipper malware – which is injected into the %WINDIR%\System32\Lsaiso.exe system process. To evade detection, the clipper checks for any analysis tools and will not switch cryptocurrency wallet addresses if they are discovered. According to Dr. Web, as of June 13, 2023, this campaign has allowed malicious actors to steal at least $19,000 in cryptocurrency.
Pirated software and operating systems are often used for distributing malware, either through the installation files themselves or the cracks and product activators that accompany them, and are used for generating valid software license codes. In many cases, the actual software or operating system offered via torrent sites is genuine, and the user will get a copy of the software they are expecting but the malware will also be installed silently as part of the installation process.
As the latest campaign demonstrates, the malware that is installed can be persistent and fail to be detected by many antivirus solutions. In this case, it is a clipper used for stealing cryptocurrencies; however, information stealers, remote access Trojans, and backdoors can just as easily be distributed via this method. One download and installation by an employee that is looking to improve their productivity by installing software unauthorized by the IT department can be all it takes for hackers to gain access to the network, steal sensitive data, and perform any number of malicious activities undetected.
The easiest solution to avoid this method of malware delivery is to never attempt to download pirated software, but employers should take steps to ensure that employees are not tempted and should implement a web filtering solution. WebTitan Cloud is a cloud-based DNS filtering solution that is quick and easy to install and configure and can be used to block access to torrents and warez sites where pirated software is available. In addition to blocking certain types of websites by category, the solution can also be configured to block downloads of specific file types, such as executable files, including ISOs.
In addition to reducing the risk of malware infections, IT departments can prevent employees from downloading and installing legitimate software without the knowledge of the IT department. These software installations also pose a security risk, since the IT department will have no control over software updates and patching. That means vulnerabilities are likely to remain unaddressed and those vulnerabilities could be targeted by malicious actors to gain access to the network.
If you want to improve your security posture, exercising control over the websites employees can visit is a good place to start. WebTitan Cloud is available on a free trial to allow you to test the solution in your own environment before deciding on a purchase. TitanHQ also offers WebTitan Cloud for Wi-Fi, which can be used by Wi-Fi hotspot providers to carefully control the content Wi-Fi users can access – for security reasons, as well as creating a family-friendly Wi-Fi network.
If you have any questions about WebTitan Cloud, WebTitan Cloud for Wi-Fi, or web filtering in general, give the TitanHQ team a call.
Jun 12, 2023 | Security Awareness
Managed Service Providers (MSPs) can easily boost their regular recurring revenue and help clients better protect against cyberattacks by providing security awareness training and phishing simulations. Security awareness training is now an essential part of any security strategy, as employees need to understand the threats they are likely to encounter and must learn how to recognize and avoid those threats. Cybercriminals are actively targeting employees as they know that they are a weak link in the security chain. Companies that fail to provide training to their workforce have a big security gap that cybercriminals can easily exploit.
Creating, running, and maintaining an effective employee security awareness training program can be a challenge for many businesses, which is why many turn to MSPs for help. Since security awareness training needs to be an ongoing process, MSPs that offer training can generate regular recurring revenue and, if they sign up with the right service provider, can make security awareness training a profitable service.
Security awareness training should be combined with phishing simulations – fake, but realistic phishing messages that are sent to the workforce to see how each employee responds. Any failure to identify a threat is turned into a training opportunity, and with SafeTitan, those failures instantly trigger training relevant to the threat that the employee failed to identify. That process is automated and ensures the employee is provided with relevant training at the point where it is likely to be most effective.
Creating phishing simulation programs need not be a time-consuming process. These campaigns could already be easily created through the MSP portal of the SafeTitan platform, but a new feature improves the efficiency of that process, allowing MSPs to set up and execute annual campaigns for their clients in just a few minutes. The new Auto Phishing Campaign feature allows MSPs to dramatically improve customer security awareness while reducing the time they have to spend spent planning and managing campaigns, significantly streamlining the process to improve the profitability of their phishing campaign service.
“By introducing automated campaign scheduling to SafeTitan, we are empowering our MSP partners to optimize their security training efforts, boost productivity, and deliver exceptional results to their clients,” said Ronan Kavanagh, CEO at TitanHQ. “This new feature aligns perfectly with our MSP First Strategy and provides innovative solutions that simplify the complexities of managing a client’s security awareness training.”
If you want to find out more about the SafeTitan security awareness training and phishing simulation platform, give the TitanHQ channel team a call or register for a free demonstration of the platform.
Jun 2, 2023 | Cybersecurity Advice, Security Awareness
Cybersecurity awareness training for staff is a vital component of any cybersecurity strategy. Businesses should not totally rely on technical defenses to protect against cyberattacks, as sooner or later a threat will successfully bypass those defenses and reach an employee. Employees need to be made aware of cyber threats, be taught how to recognize them, and know what to do if they encounter a threat.
It is now common knowledge that cybercriminals use techniques such as phishing to steal login credentials, but surveys on cybersecurity awareness show that across a population, that knowledge is patchy and there are major gaps in understanding of cybersecurity. People generally understand that there are dangers on the Internet, and care must be taken, yet are unaware of what taking care means. Cybersecurity awareness training for staff is concerned with ensuring that all members of the workforce have a baseline level of understanding of cyber threats, are aware that they – as an individual – have a role to play in the overall security of their organization – and know how to work safely and securely.
Cybercriminals are constantly changing their tactics, techniques, and procedures to bypass technical controls such as secure email gateways and malware is constantly being tweaked to evade detection by antivirus solutions. Businesses are putting layered defenses in place to ensure that if there is a failure to detect a threat by any single security component, others will be in place to continue to provide protection. One of those layers of protection must be the workforce, as cybercriminals are actively targeting them and are looking for the errors they make as they provide an easy way to gain access to business networks.
A study by IBM indicates 95% of cybersecurity breaches are due to human error, and the 2022 Verizon Data Breach Investigations Report found 82% of data breaches involved the human element. Cybersecurity awareness training for staff will not prevent all errors and data breaches, but it will significantly reduce the number of security incidents that the IT team has to deal with.
Advice on Cybersecurity Awareness Training for Staff
The ultimate goal of cybersecurity awareness training for staff is to create a security culture, where everyone has the same views, values, and social behaviors that ensure the security of the entire organization. In practice, this means everyone is aware that malicious actors – internal and external – are trying to gain access to systems for financial gain or to achieve their political or personal objectives to the detriment of the organization or its workforce, and everyone behaves in a manner that makes it as hard as possible for those malicious actors to succeed. That is not something that will be achieved overnight, and it is not something that will be achieved if every employee is given a one-hour cybersecurity training session when they join the company. It requires a plan and an effective security awareness training program, and there are key components that will help an organization achieve that goal.
Cybersecurity is a shared responsibility
Everyone in the organization must understand that cybersecurity is a shared responsibility with everyone playing a role in the security of their organization, from the CEO down to the lowest level employee. Everyone should be provided with training to make them more security aware and cbersecurity training should start with the C-suite, as they will need to set an example for others to follow.
Make everyone aware of cyber threats and know how to identify them
Cyber threats take many forms. It is important for everyone to be made aware of those threats, and be taught how they can be identified and avoided. You will not turn everyone into a security Titan overnight, so start with training on the most common threats and build up knowledge over time. Tailor your training course to different departments, roles, and individuals and concentrate on improving understanding of good cyber hygiene practices before building up to more advanced knowledge.
Reward people that practice good cybersecurity
It is important to work towards a culture of compliance with security best practices, and that will be very difficult to achieve if you punish employees for security mistakes. Instead, you should reward people for good security. If there are punishments for poor security, what you are likely to do is create a culture of fear around cybersecurity. The result will be employees keeping quiet if they make a mistake and not reporting it as they fear punishment.
Provide continuous training and make it enjoyable
Cybercriminals are constantly developing new ways to attack businesses and their employees, so training needs to be updated regularly to account for the changes in tactics and be provided regularly to keep security fresh in the mind. Provide training during the onboarding process, and then continuously thereafter, with the program running 12 months a year, provided in small chunks. There is a limit to how much information can be absorbed in a training session. A little and often is by far the best approach.
Automate staff cybersecurity awareness training
Use a training platform that automates training for all employees. This will ensure that no employee misses an important lesson and it will make it easier to track progress and provide feedback on how well each individual is doing. If individuals are not performing well, they can be automatically provided with more training content than individuals who have a very good grasp of security.
Measure and test
You need to regularly check your employees’ knowledge of cybersecurity and cyber hygiene practices. If you do not measure and evaluate, you will have no idea if your training program is effective and if there are any security gaps. Conduct regular assessments through quizzes to identify possible gaps in knowledge and conduct phishing simulations to determine if employees are applying that knowledge. Any gaps in knowledge can then be addressed through further training.
The SafeTitan Security Awareness Training Platform
TitanHQ offers businesses a comprehensive cybersecurity awareness training platform for staff that covers all aspects of security and allows training to be automated. The platform incorporates an extensive range of training content, designed to appeal to all styles of learning. The training content is interactive, fun, and engaging, and split into modules to allow training to be tailored to different departments, roles, and individuals. The modules last no longer than 10 minutes to help ensure knowledge retention.
The platform can be configured to automatically generate training content in response to security mistakes and will deliver training relevant to that mistake in real-time, thus ensuring it is provided at the time when it will have the greatest impact. SafeTitan also includes a phishing simulation platform to test employees’ awareness of phishing attempts – the most common cyber threat encountered by employees.
For more information on security awareness training with SpamTitan, give the TitanHQ team a call today and take an important step toward building a security culture in your organization.
