Cybersecurity Advice

Our news section dedicated to cybersecurity advice is regularly updated with news about the latest online threats and most recently-discovered security vulnerabilities – and advice on how to deal with them.

MSPs will particularly find our cybersecurity advice security of value, as it addresses many of the online security issues that clients may have heard about and developed concerns about their own cybersecurity defenses.

MSPs can reassure clients that the risk of systems and networks being infected by an online threat – or security vulnerabilities in their software being exploited by a hacker – can be nullified with a web filtering solution from TitanHQ.

La Porte County Latest Victim in String of Ransomware Attacks on Municipalities

There has been a spate of ransomware attacks on cities, municipalities, mayor’s offices, and local government facilities in recent weeks.

The latest attack was on La Porte County in Indiana. The attack started on July 6, 2019, but prompt action by the IT department allowed the ransomware to be contained. That rapid response meant only 7% of the laptops used by the county were affected. However, two domain controllers were also affected and that rendered the network unavailable.

Experts were brought in to try to restore files from backups and bring the network back online, but those attempts failed as the backup servers had also been infected with the ransomware. La Porte County was left with no alternative other than to pay the ransom demand. The Bitcoin ransom equated to around $130,000, $100,000 of which was covered by an insurance policy.

This attack involved Ryuk ransomware – The same ransomware variant that was used in the attack on Lake City in Florida on June 10, 2019.  For Lake City, Ryuk ransomware was delivered by the Trickbot Trojan, which was in turn deployed by the Emotet Trojan. Lake City paid approximately $500,000 to the attackers to obtain the keys to unlock the encryption. Riviera Beach in Florida was also attacked and paid a ransom of around $600,000.

These are just three cases out of several recent attacks. Those three attacks alone have resulted in more than $1,200,000 being paid to cybercriminals. That sends a very clear message to other cybercriminals that these attacks can be extremely profitable. That is the reason the FBI advice is never to pay.

2018 saw a decline in ransomware attacks as cybercriminals pursued other strategies for attacking businesses, but ransomware is now certainly back in favor and is being used in an increasing number of attacks.

Something that several of the targets in the recent ransomware campaigns have in common is they are relatively small cities that have limited resources to devote to cybersecurity. They have hardware and software that has reached end of life and, due to limited funds, security gaps have started to appear.

Riviera Beach, for instance, is a city of 35,000 people with limited resources. It had recently undergone a period of turmoil in management, had suffered scandals, and during the upheaval its cybersecurity contract had been allowed to lapse. That left the door wide open to attack.

These attacks have proven incredibly costly, yet they could have been prevented with a very small spend on a select number of security solutions. The attacks on Rivera Beach and Lake City could have been prevented with an advanced email security solution such as SpamTitan. The ransomware was installed in both of these attacks as a result of employees opening malware-infected email attachments.

SpamTitan incorporates dual anti-virus engines to detect malicious software and a Bitdefender-powered sandbox for deep analysis of suspicious email attachments. SpamTitan incorporates DMARC email authentication to counter email impersonation attacks and a host of other anti-spam and anti-phishing controls.

SpamTitan can be deployed as a gateway solution on existing hardware or as a cloud-based solution, and can be easily layered on top of Office 365 to improve protection against phishing and ransomware attacks.

Further, the cost of protection against ransomware and phishing attacks is likely to be much lower than you think. For more information, contact TitanHQ today.


 

Find out About Web and Email Security for MSPs at DattoCon2019

The excitement is building as DattoCon19 draws ever closer. Starting on June 17, 2019 in San Diego and running for three days, DattoCon19 is an unmissable event for managed service providers (MSPs).

At the conference, attendees benefit from practical advice and best practices to grow their businesses, increase sales, and boost monthly recurring revenue (MRR). A huge range of vendors will be on hand to offer information on exciting products and attendees will have the opportunity to learn strategies to increase business impact growth, boost profitability, and broaden their service stacks.

Sessions will be taken by industry experts and leading MSPs who will share tips and tricks to take back home and apply at the office. On average, attendees at DattoCon achieve 41% sales growth year-over-year as a result of attending the conference.

TitanHQ is sponsoring DattoCon19 and is excited about having the opportunity to meet new MSPs and help them grow their businesses. As a Datto Select Vendor, TitanHQ offers MSPs three cloud-based solutions that can be easily integrated into existing MSPs service stacks: Anti-phishing and anti-spam protection, DNS-based web filtering, and email archiving. All three solutions are available through the TitanShield program for MSPs.

MSPs can meet the TitanHQ team at booth 23 at DattoCon19 to find out more about the TitanShield program and the exciting opportunities for MSPs that work with TitanHQ. TitanHQ will be on hand to help MSPs that support Office 365 to improve protection against phishing attacks and malware. MSPs can also find out more about the TitanHQ threat intelligence that protects Datto DNA and D200 boxes, and how TitanHQ’s DNS filter is a direct swap out for Cisco Umbrella and the cost advantages of doing so.

TitanHQ Executive Vice President-Strategic Alliances, Rocco Donnino, is one of the panel members for the Datto Select Avendors event on Monday. The event brings together experts from different fields to help come up with solutions for some of the major problems faced by MSPs in today’s marketplace.

TitanHQ at DattoCon19

  • TitanHQ will be at booth 23
  • Special Show Pricing available
  • Daily TitanHQ vintage Irish whiskey raffle
  • TitanHQ and BVOIP are sponsoring a GasLamp District Takeover Party on Monday 6/17 and Wed, 6/19.

DattoCon19 will be taking place in San Diego, California on June 17-19, 2019. If you are not yet registered for the event you can do so here

Contact the TitanHQ team in advance:

  • Rocco Donnino, Executive Vice President-Strategic Alliances, LinkedIn
  • Eddie Monaghan, MSP Alliance Manager, LinkedIn
  • Marc Ludden, MSP Alliance Manager, LinkedIn


 

Web Filtering for MSPs (Part 2): Why WebTitan Cloud is the Best Web Filtering Service for MSPs

In our previous post we explained why managed service providers (MSPs) should be offering a web filtering service to their customers and the benefits that can be gained by customers and MSPs alike. In this post we explain what makes WebTitan Cloud the go-to web filtering solution for MSPs and why so many MSPs have chosen TitanHQ as their web filtering partner.

Why WebTitan Cloud is the Best Web Filter for MSPs

One problem MSPs face before they can start offering a web filtering service to their clients is how to incorporate the solution into their service stacks and their existing cloud offerings. While there are many providers of web filtering services, not all solutions have been developed with MSPs in mind. TitanHQ differs in that respect.

TitanHQ’s web filtering solution, WebTitan Cloud, has been developed specifically to meet the needs of MSPs and make it as easy as possible for the solution to be added to their existing cloud offerings. WebTitan Cloud seamlessly integrates within existing workflows regardless of whether MSPs self-host, use AWS, Azure, or other cloud platforms.

How Does WebTitan Cloud Integrate into MSPs Management Systems?

To make integration as easy as possible, TitanHQ uses RESTful API, which allows fast and risk-free integration into MSPs management systems. WebTitan Cloud uses the OAuth 1.0 protocol for authentication and has a full set of keys and secrets in the WebTitan Cloud user interface (UI). Once an MSP has signed up, no further registration or authentication is necessary. The API client provides the appropriate oauth_signature to authorize requests to protected resources.

Best Web Filtering Service for MSPs

 

Overly complex user interfaces are a problem with many cloud-based solutions. With WebTitan Cloud, the UI is made as clean and easy to use as possible. MSPs can remove all elements from the UI that are not required to keep the UI clean and simple. WebTitan Cloud can also be integrated into MSP cloud interfaces to create a better user experience and greater consistency for customers.

Having information at your fingertips is important when customers send in requests or when reports are required on web use and blocking. WebTitan Cloud allows MSPs to create and integrate a full suite of high-level system and customer reports into their own management consoles.

Onboarding new customers is also a quick and simple process, which can be integrated into current MSP on-boarding processes. New customer accounts can easily be created (or deleted) from within an MSP’s own UI, in addition to performing updates and listing all current customer accounts.

Onboarding customers with WebTitan Cloud

 

MSPs can connect to WebTitan Cloud to manage their customers settings, including locations, whitelists, and blacklists. Customers that would prefer to manage their own settings can perform a limited number of operations themselves using APIs. Since WebTitan Cloud is available in a full white label, customers who do access their own settings can be given a UI with MSP branding rather than TitanHQ’s to maintain consistency and help reinforce the MSPs brand.

TitanHQ also operates an extremely competitive pricing strategy with generous margins for MSPs and aligned monthly billing cycles through the TitanShield MSP Program.

Onboarding Customers with WebTitan Cloud APIs

WebTitan APIs for MSPs

The full set of APIs available to MSPs can be found on this link: https://apidoc.webtitancloud.com/

If you have yet to start offering web filtering to your clients as part of your service stack or if you are unhappy with your current provider’s product, contact TitanHQ today and as about becoming a member of the TitanShield MSP Program. Product demonstrations can also be scheduled on request.
 

Web Filtering for MSPs (Part 1): Why Web Filtering is so Important

A web filtering service allows Managed Service Providers (MSPs) to better protect their clients from accidental malware downloads and phishing attacks while improving their bottom lines. Further, by preventing phishing attacks and malware infections, they can reduce the amount of time they spend fighting fires. For busy MSPs, the latter will be especially beneficial.

Why is Web Filtering Important?

There are several reasons why MSP clients will benefit from a web filtering service. First and foremost, a web filter will help to prevent their customers’ employees from visiting phishing websites and malicious URLs. Most phishing attacks start with a phishing email, so a powerful spam filtering solution is essential. While commercial spam filters such as SpamTitan will block more than 99% of spam and phishing emails, additional protections are required to protect against the 1% that bypass spam defenses.

Naturally end user security awareness training will help in this regard, but as the 2018 Verizon Data Breach Investigations Report shows, 30% of delivered phishing messages are opened by end users and 12% of those users also click on malicious links in the messages.

A web filter is an additional layer of anti-phishing and anti-malware defenses that kicks in when malicious links are clicked and when end users attempt to visit other malicious sites while browsing the Internet. With a web filter in place, when an employee attempts to access a malicious web page, that attempt will be blocked before any content is downloaded. Instead of displaying the web page, a block page will be displayed.

Web filters also allow companies to carefully control the types of content their employees can access. This allows them to enforce acceptable internet usage policies with ease. Employers can prevent their employees from accessing NSFW content such as pornography, illegal content and, if tighter controls are required to improve productivity, other categories of web content such as dating sites, social media networks, gambling sites, and gaming sites.

With a web filter in place, security and productivity can both be quickly improved and the gains in both of those areas is likely to more than pay for the cost of the web filtering package provided by their MSP.

Cloud Based Web Filtering Solutions for MSPs

Convincing customers to implement a web filtering solution should be straightforward given the number of phishing attacks that are now being conducted and the cost of mitigating phishing attacks and malware infections. The cost of web filtering is tiny by comparison.

For MSPs, cloud-based filtering solutions are the natural choice. They can be implemented in minutes once a customer request has been received, no hardware is required, there is no software to install, and patching is handled by the service provider. All that is required from the MSP is a brief set up and configuration for each customer and ongoing management and reporting.

Web Filtering for MSPs

However, not all cloud-based web filtering solutions make set up, management and reporting simple. WebTitan Cloud differs in this respect. Not only does the solution offer excellent protection, the solution has been developed specifically with MSPs in mind. The ease of integration into MSP’s back-end systems and management has made WebTitan Cloud the go-to web filtering solution for MSPs.

In our next post we will explain how WebTitan Cloud differs from other web filtering solutions, why it is the easiest solution for MSPs to integrate into their existing cloud offerings, and how TitanHQ makes getting started, provisioning new customers, and managing customer accounts a quick and easy process requiring the minimal management overhead.

Click here for Web Filtering for MSPs (Part 2)
 

MSPs Targeted as Hackers Realize Potential for Profit in Supply Chain Attacks

Supply chain attacks allow cybercriminals to attack businesses through weak links in the supply network. Smaller companies are attacked, which gives hackers access to larger and better secured businesses: Businesses that would be harder to attack directly.

This attack method was used to spread NotPetya malware in Ukraine. A software supply company was breached which allowed the malware to be spread to the software supplier’s clients. The massive data breach at Target in 2014 was made possible by first attacking an HVAC system provider. The attack allowed hackers to install malware on the Target’s POS system and obtain the credit card numbers of millions of its customers. According to Symantec, supply chain attacks doubled in 2018.

There are many different types of supply chain attacks, but all serve a similar purpose. By attacking one company it is then possible to attack a bigger fish, or in the case of attacks on cloud service providers and managed service providers, a single attack will give a hacker access to the networks of all MSP clients.

Large businesses often have the budgets to hire their own IT and security staff and can implement robust defenses to prevent attacks. Smaller businesses often struggle to recruit security professionals as they are in high demand. With the shortage of skilled cybersecurity staff and an inability to pay the large salaries that skilled cybersecurity professionals demand, SMBs often turn to MSPs to provide those services.

In order to be able to provide those services, managed service providers are given remote access to their client’s networks. Many of the tasks that need to be performed by MSPs require administrative privileges. Managed service providers also hold login credentials to their clients’ routers and cloud accounts. All of those credentials are extremely valuable to hackers.

Given the typical number of clients each MSP has, a successful attack on an MSP could prove very profitable for a hacker. It is therefore no surprise that there has been an increase in cyberattacks on MSPs and CSPs.

While MSPs are usually good at securing their clients’ networks and ensuring they are well protected, they also need to ensure their own house is in order. Patches must be applied promptly, vulnerabilities must be addressed, and security solutions must be put in place to protect MSPs systems.

MSP staff should be security aware, but when they are busy resolving their clients’ problems, mistakes can easily be made such as responding to a well-crafted spear phishing email. All it takes is for one MSP employee to respond to such an email for a hacker to gain a foothold in the network.

Naturally, security awareness training should be provided to all MSP employees and security solutions need to be deployed to protect against email and web-based attacks.

This is an area where TitanHQ can help. TitanHQ’s anti-spam solution, SpamTitan, offers advanced protection against phishing and spear phishing attacks. A recent update has also seen DMARC email authentication and sandboxing features added to better protect users from phishing and malware attacks.

TitanHQ’s DNS-based content filtering solution further enhances protection against phishing attacks and prevents MSP employees from visiting malicious websites. Being DNS-based, malicious websites are blocked before any content can be downloaded.

In addition to helping MSPs protect their own networks, both solutions are ideal for MSPs to offer to their SMB clients and have been developed to perfectly meet the requirements of MSPs.

If you are an MSP and you have yet to implement a web filter or you are looking for an advanced spam filtering solution for you or your clients, give the MSP team at TitanHQ a call today to find out more about both solutions and how they can protect your business and better protect your clients.
 

Webinar: New SpamTitan DMARC and Sandboxing Features Explained

Traditional email security solutions are effective at keeping inboxes free from spam email, but many fall short when it comes to blocking phishing and spear phishing attacks. Cybercriminals are conducting ever more sophisticated campaigns that manage to bypass traditional email security defenses by impersonating legitimate companies and spoofing their domains.

In addition to phishing attacks that attempt to obtain sensitive information, email is often used to spread malware, ransomware and botnets. Traditional anti-virus solutions are effective at blocking known malware threats, but signature-based AV solutions are not effective at blocking never-before-seen malware variants.

Today, new malware variants are being released at record pace. To block these zero-day malware attacks, an advanced email security solution is required which does not rely on signatures to identify malicious file attachments.

SpamTitan was already a powerful email security solution for SMBs and MSPs serving the SMB market and was capable of blocking sophisticated phishing emails and new malware threats. However, new features have now been added that improve detection rates further still and provide superior protection against zero-day malware and phishing attacks that spoof legitimate domains.

TitanHQ has updated SpamTitan to include a DMARC email authentication feature which is capable of detecting and blocking spoofed emails to better protect users from sophisticated phishing attacks.

To better protect against malware, ransomware, botnets, and zero-day attacks, TitanHQ has incorporated a new Bitdefender-powered sandboxing feature into SpamTitan. Email attachments that pass standard checks are safely detonated in the sandbox and are analyzed for malicious activity. The sandboxing feature provides an additional layer of security and greatly enhances protection against malicious attachments. This feature also helps to ensure that more legitimate emails and attachments are delivered to end users.

To explain how these new features work and the benefits to users, TitanHQ is running a webinar. In the webinar, TitanHQ will cover the new features in detail and will explain how SpamTitan can protect against the full range of email-based threats.

Webinar Information:

 Date:     Thursday, April 4, 2019

Time:    12pm, EST

The webinar will last 30 minutes and advance registration is necessary.

You register for the webinar here

Easy Ways to Improve Cybersecurity in K-12 Schools

The poor state of cybersecurity in K-12 schools is making it too easy for criminals to conduct cyberattacks. As 2018 figures show, attacks are coming thick and fast. Action is needed to shore up security and keep cybercriminals at bay.

2018 Cyberattacks on K-12 Schools

Education has long been one of industries most commonly targeted by cybercriminals and 2018 was no exception. Last year there were several major cyberattacks on K12 schools that resulted in data theft and huge financial losses.

The 2018 State of K-12 Cybersecurity report from the K12 Cybersecurity Resource Center revealed 122 cyberattacks on K-12 schools were reported in 2018. 119 public K-12 education agencies in 38 states reported attacks. 60% of those cyberattacks resulted in the personal data of students being compromised.

North Dakota schools were hit particularly hard. In February 2018, one third of schools in the state experienced malware attacks. In many cases, the malware infections were the result of staff and students clicking on links in emails, visiting malicious websites, or opening malware-laced email attachments.

The 2019 State of Malware report from Malwarebytes reveals that in 2018, education was the number one industry targeted with Trojans and was second for ransomware attacks. Business email compromise scams are also common and many K12 school districts suffered W-2 phishing attacks and were fooled into sending scammers copies of employees’ tax information.

There have also been several successful email scams that have resulted in staff being fooled into making fraudulent transfers of school funds to criminals’ accounts. A school district in Texas was scammed out of $2 million in construction funds as a result of a phishing attack that fooled a staff member into making payments to fraudulent accounts. The high number of these types of scams prompted the FBI to issue a warning to schools in September 2018 about phishing scams that attempt to steal employees’ credentials.

K-12 schools are an attractive target for cybercriminals because attacks are relatively easy and the potential rewards are high. Student information sells for big bucks on the black market. Personal information along with Social Security numbers can be used for identity theft. It typically takes longer for identity theft to be detected with minors. If student data are stolen, thieves can rack up huge debts in students’ names over the course of several years before fraud is detected.

The State of Cybersecurity in K-12 Schools

Even though the risk of cyberattacks is high, many school leaders fail to appreciate the seriousness of the problem and how even simple changes to improve cybersecurity in K-12 schools can prevent most cyberattacks.

A Consortium for School Networking/Education Week Research Center survey in late 2017 showed that only 48% of school leaders considered the threat from phishing to be significant or very significant, with the numbers falling to under 30% for malware and ransomware attacks. Only 15% of K-12 schools have implemented a cybersecurity plan, just 29% have purchased cybersecurity products and services, and 31% had not provided end-user training.

The high value of student data, the opportunity to conduct multiple types of fraud, and poor cybersecurity defenses is a winning combination for cybercriminals. Unfortunately, there is no single solution that can be implemented to improve cybersecurity and prevent costly cyberattacks and data breaches. What is needed is an effective cybersecurity plan, policies and procedures, training, and technology.

How to Improve Cybersecurity in K-12 Schools

School budgets are usually stretched so it can be difficult to find the funds to improve cybersecurity in K-12 schools. It is therefore important to choose cybersecurity solutions wisely and select products that provide protection against the most common methods used by cybercriminals to attack schools.

Many of the attacks start with a single phishing email. It is therefore critical for K12 schools to improve email security, and for that, an advanced spam filtering solution is essential. SpamTitan blocks more than 99.9% of spam and phishing emails and is an ideal, low-cost, easy-to-implement spam filtering solution for K12 schools.

A web filtering solution is also an important cybersecurity measure. In addition to blocking students’ access to obscene content, as required for CIPA compliance, web filters can prevent users from visiting phishing websites and will block ransomware and malware downloads. The cost of a web filter can be partially offset by discounts obtained through the E-rate program.

End user training is also important. K12 schools need to include cybersecurity awareness training as part of their staff development program. Rather than providing a one-off or annual training session, training needs to be conducted regularly to keep staff up to speed on the latest threats.

Doing nothing to improve cybersecurity in K-12 schools is now simply not an option. If costly cyberattacks are to be avoided, is not improved, cybersecurity in K-12 schools must be improved.

If you want to find out more about email and web security and just how affordable these solutions can be for schools, contact the TitanHQ team today.
 

An Easy Solution for Web Filtering Multiple Locations

Web filtering at multiple locations can be a headache but it is a necessity. Human error can easily result in an email account breach, malware download, or ransomware attack. Every employee is a potential security risk, so it is important for controls to be implemented to reduce the risk of mistakes leading to a costly security incident.

One of the main ways that data breaches occur is through phishing. The web pages used in phishing attacks host phishing kits that collect login credentials and send them to the scammers. The web pages usually contain identical copies of the login boxes used by the likes of Microsoft Office 365, Google, and Facebook. The web pages are incredibly realistic and can be difficult for employees to identify as malicious.

Hyperlinks in emails also direct employees to websites containing exploit kits which probe for vulnerabilities and silently download malware. A user could visit a website for a couple of seconds, yet still trigger a malware download. Even general web surfing can see users redirected to malicious websites.

The solution is to implement a web filter. A web filter allows businesses to control the web content that users can visit, and it also blocks access to malicious web sites.

Web Filtering at Multiple Locations

While a web filter is easy to implement on premises, protecting mobile workers and multiple offices can be more of a challenge. Traditionally, web filters were physical appliances through which all Internet traffic flowed. Rules were applied to the appliance to control what sites can be visited by employees.

One of the main disadvantages when web filtering multiple locations, is a separate appliance needs to be used at each location. Not only is this costly, installing and maintaining the appliance requires technicians to be available on site. For many businesses running multiple offices, IT is managed remotely. IT staff are not available at each site. An appliance-based filter at each site is far from ideal.

An alternative is to backhaul Internet traffic to the corporate office, but this has a major impact on Internet speed. The latency issued can cause major problems for remote offices so this option is also not ideal.

The best solution is a cloud-based DNS web filter. A DNS web filter can be applied, configured and maintained remotely without the need for site visits or on-site support staff. No hardware is required and no software needs to be downloaded. All that is required is for a change be made to internal DNS servers or DNS settings.

Not only does this approach eliminate the need for any costly hardware purchases, with a cloud-based DNS filter there is no latency. The DNS-filter can be applied for all locations and managed through a single web-based interface. Controls can also be applied for different locations via an AD/LDAP client.

A cloud-based DNS filter is ideal for web filtering multiple locations, but what about protecting employees on the move? When employees travel for business, their mobile devices similarly need to be protected. A DNS filter can protect those employees online no matter where they access the Internet without the need to backhaul traffic.

Cloud-based DNS web filters are also the ideal solution for managed service providers (MSPs) who want to offer web filtering to their clients. The filters are highly scalable, and they offer multitenant management for MSPs and allow all clients settings to be configured and managed through a single pane of glass. Separate polices can be applied for each clients and reports can be easily generated. There is no need for any site visits, no need for patching, and web filtering can be offered no matter where the client is based.

WebTitan Cloud – Web Filtering Multiple Locations Made Simple

TitanHQ is a leading provider of DNS-based web filtering for businesses. WebTitan Cloud is an enterprise-class DNS-based web filtering solution that makes web filtering multiple locations effortless.  The solution takes minutes to implement and requires no training to use. All web filtering controls can be applied remotely via an intuitive user interface.

If you run a business in multiple geographical locations, want to protect remote workers, or if you are a managed service provider that wants to add web filtering to your service stack, contact TitanHQ for further information on WebTitan Cloud.
 

How Small Businesses Can Improve Wi-Fi Security

Hackers are taking advantage of poor Wi-Fi security to attack small businesses. This post covers simple steps to take to improve Wi-Fi security to block cyberattacks.

Small businesses can implement a robust firewall to protect against cyberattacks, but the Wi-Fi router is often a weak point. A Wi-Fi router providers wireless coverage for your business and it is a likely attack vector if security is lax. By attacking wireless routers, hackers can bypass your firewall.

Fortunately, there are simple steps you can take to improve Wi-Fi security and block attacks. Seven simple steps to take to improve Wi-Fi security have been listed below.

Simple Steps for Small Businesses to Take to Improve Wi-Fi Security

Some of the steps below are obvious security measures, but there have been many instances when small businesses have overlooked these simple protections, only for them to be exploited by hackers.

  1. Change Router Admin Credentials

Changing default credentials is one of the easiest but most important steps to take to improve Wi-Fi security. Because it is so simple, no business should be guilty of this security faux pas, but many are, even large businesses. In November, a school system discovered that its WAN provider had not changed the passwords on routers that had been in use for years. This is not the login for Wi-Fi, but the password for the router itself. These default administrator passwords can be found with a simple Internet search.

  1. Disable Remote Administration on Your Router

Many wireless routers allow users to access and change router settings from outside the network. For the majority of businesses, remote administration is not necessary so it should be disabled. While this setting can be convenient, there are other more secure ways to access router settings remotely such as using a VPN. Allowing remote administration makes it far too easy for hackers to access your router.

  1. Monitor Your DNS Settings

In January 2019, the U.S. Department of Homeland Security issued an emergency directive to all government agencies instructing them to perform an urgent audit of their DNS records after it was discovered that a threat group was targeting government agencies and changing their DNS records. By hijacking the DNS, all employees could be directed to malicious websites – clones of legitimate sites. Businesses that do not have an internal DNS server often use their wireless routers for this. Businesses should regularly monitor their DNS settings to ensure that no changes have been made.

  1. Limit the Range of Your Wi-Fi Signal

You will want to make sure that everyone on the premises can access your Wi-Fi network, but it is important that no one outside your offices can do so too. If your Wi-Fi signal is too strong, it could be accessed by someone outside your offices and out of sight – In a car parked in your lot for instance. An overly strong Wi-Fi signal makes it easy for an attacker to conduct brute force attacks without being seen.

  1. Keep Firmware Updated

New router firmware will be periodically released by the manufacturer and, as with all other software updates, they should be applied as soon as possible. Firmware updates are issued to improve security and functionality. They address known vulnerabilities for which exploits exist. Some routers will be set to update automatically, others may require a manual update through the web-based interface. Be sure to check the manufacturers web page, as your router may no longer be supported, which means it is time for an upgrade.

  1. Make Use of Your Guest Network

One of the most important security measures is to segment your network and this is especially important for Wi-Fi. You should not allow any untrusted device to connect to your network, such as those used by visitors. You should have a separate SSID for your employees and guests. This will keep guests away from your primary network.

  1. Ensure Your Wi-Fi Network is Encrypted

You should ensure that your Wi-Fi network is encrypted with WPA as an absolute minimum. Without encryption your network will be open and hackers will be able to intercept wireless traffic. Currently the encryption standard is WPA2, although this will change to WPA3 in 2019. If you are planning on replacing your Wi-Fi router, make sure the new model supports WPA3. If your router only supports WEP it is time to upgrade.
 

10 Cybersecurity Tips for Small Businesses

Hackers are increasingly targeting small businesses. These 10 cybersecurity tips for small businesses can be implemented to improve security, prevent successful cyberattacks, and avoid costly data breaches.

Many small business owners misguidedly think that their company is too small to be a target for hackers but cyberattacks on small businesses are common and they are increasing. A successful attack on a Fortune 500 company is likely to be far more profitable for the hacker, but also much harder. Small businesses are relatively easy targets and attacks can be highly profitable.

Small business owners cannot afford to take cybersecurity lightly. A successful cyberattack could prove catastrophic. With this in mind, we have compiled 10 cybersecurity tips for small businesses that can easily be implemented to improve security.

Top Cybersecurity Tips for Small Businesses

Implement a Robust Firewall

A firewall is a cybersecurity solution that sits between a small business network and the outside world and prevents unauthorized individuals from gaining access to the network and stored data. Not all firewalls are created equal. Extra investment in a next generation firewall is money well spent. Don’t forget to also protect remote workers. Ensure that they are also protected by a firewall.

Create and Enforce Password Policies

You should implement password policies that require all users to set strong, secure passwords. A strong, unique password should be used for all systems. Passwords should include capitals, lower-case letters, a number, and a special character, and should be at least 10 digits long. Teach employees how to create secure passwords and enforce your password policies. Consider using a password manager so passwords do not need to be remembered.  Consult NIST for the latest password guidance.

Security Awareness Training

Make sure you provide the workforce with regular security awareness training. This is the only way that you can create a culture of cybersecurity. Be sure to cover the security basics, safe Internet use, how to handle sensitive data, creation of passwords, and mobile device security. You should provide training to help employees avoid phishing attacks and consider phishing simulation exercises to test the effectiveness of your training program.

Multi-Factor Authentication

Multi-factor authentication involves the use of a password and at least one other method of authentication. If login credentials are compromised, an additional factor is required to gain access to an account or the network such as an SMS message to a user’s smartphone.

Backups

It is essential to have a good backup policy. In the event of disaster, such as a ransomware attack, you need to be able to recover critical data. Backups must also be tested to make sure files can be recovered. Don’t wait until disaster strikes to test whether data can be recovered. A good strategy is the 3-2-1 approach. Three backup copies, on two different types of media, with one copy stored securely offsite.

Software and Firmware Updates

Vulnerabilities are regularly found in computer software. Patches are released to correct those vulnerabilities, including those that are being actively exploited. Make sure patches are applied promptly, software is kept 100% up to date, and the most up to date firmware has been installed. Implement automatic updates where possible and create a schedule for updates if they need to be performed manually.

Network Segmentation

It is a standard best practice to segment networks and split them into subnetworks. Not only will this improve security it can also improve performance. By preventing access between segments, if one part of the network is compromised, an attacker will not have access to all systems and data. Also make sure you limit access to sensitive data and restrict the use of admin credentials. Apply the rule of least privilege. Do not give employees access to data, networks, and software that they do not need for day to day work duties.

Implement a Spam Filter

Arguably the biggest cyber threat that small businesses face is phishing. A single phishing email could allow an attacker to bypass your perimeter defenses and obtain login credentials or install malware. An advanced spam filter will allow you to improve productivity by blocking non-malicious spam emails and prevent phishing emails from being delivered to inboxes.

Secure Wi-Fi Networks

If you have a wireless network in your workplace it needs to be protected. Ensure that it is secured, data are encrypted, and that it is hidden and does not broadcast its SSID. Use WPA2 for encryption (or WPA3 if possible). Change default passwords and ensure your wireless router cannot be accessed from outside the network.

Consider Implementing a Web Filter

A web filter provides protection against web-based attacks by preventing employees from visiting phishing websites and sites that host malware. A DNS-based web filter can protect wired and wireless networks and even remote workers. It will block malware downloads and prevent users from accessing dangerous websites and those that serve no work purpose thus improving productivity.
 

Types of Insider Threats that SMBs Need to Manage

The news headlines frequently warn businesses of the need to improve cybersecurity protections to thwart hackers, but not all threats come from outside the company. There are various types of insider threats that need to be managed and mitigated, yet these are all too often overlooked or insufficient controls are put in place to reduce the risk of a deliberate or accidental breach.

What are Insider Threats?

An insider threat is one that comes from within the company, typically an employee who accidentally or deliberately takes an action that causes harm or loss to the company.

Hackers attack companies to gain access to their networks to spy on companies, obtain secrets, steal data or sabotage systems. Breaking through perimeter defenses can be time consuming and difficult but if an insider wants to steal data or sabotage a system, it is far easier as they already have network access.

Not all insider threats involve intentional malicious actions by employees. An employee can also act in a way that negatively affects their company without intending to cause any harm.

This could be intentionally violating company policies in a non-malicious manner. An example would be the installation of software to save the employee time or to allow them to work more efficiently. Installing unauthorized software carries a risk of a malware or spyware infection. An employee could violate company policies which could lead to an accidental data breach. Then there is human error, such as sending an email containing sensitive information to the wrong person. Such actions could prove costly.

Businesses need to protect against all insider threats if they are to avoid costly data breaches. A great many data breaches result from too little focus on cybersecurity defenses to block the threat from within.

Malicious Acts by Employees

Anyone that has access to sensitive company data could potentially abuse their access rights to view or steal data. There is no particular profile of a malicious insider. Everyone could decide one day to steal information or sabotage systems, but you can protect against malicious insiders and manage the risk.

  • Cover insider threats in security awareness training and encourage employees to be vigilant and report suspicious activity. Provide them with an easy way to report their concerns.
  • Implement tools that monitor for anomalous behavior
  • Implement controls to prevent the use of portable storage devices such as thumb drives
  • Implement tools that prevent employees from downloading and running certain files types – Executable files for instance.
  • Apply the rule of least privilege – Don’t let employees access data/systems that they do not need to access to complete their day to day work duties

Accidents Will Happen…

The insider threats that can be the hardest to defend against are mistakes by employees. These types of insider threats include responding to a phishing email and disclosing login credentials, sending sensitive data to the wrong email recipient, accidentally visiting malicious websites, and inadvertently downloading malware. These threats need to be managed and mitigated through policies and procedures, training, and software solutions.

…But You Can Minimize Risk!

Phishing is arguably the biggest threat. Hackers know all too well that people make mistakes and can easily be fooled. Priority number one should be blocking phishing emails and making sure they are not delivered. For that you need an advanced spam filter. The more phishing emails that are blocked, the lower the risk of a click.

Security awareness training is also essential. When a phishing email lands in an inbox, employees need to have the skills to recognize it as such.  Provide training and make the training interesting to engage employees. Interactive training courses can help in that respect. Make sure you test your employees’ knowledge afterwards with phishing email simulations. They will let you know who has taken the training on board and who needs further training.

Training needs to cover all security threats, not just phishing. Teach employees security best practices, including checking badges before allowing someone into the building, password security, keeping credentials private, and safe use of WiFi.

Another important technical control to implement is a web filter. A web filter allows businesses to control what employees can do online. They block access to phishing websites, block drive-by malware downloads, and prevent employees from visiting questionable websites that carry a high risk of malware infections or malvertising redirects: Adult sites and torrents/P2P file sharing sites for instance.  Some web filters will also keep employees safe and secure when working remotely.

The important thing for businesses is not to leave things to chance or to assume they are too small to worry about insider threats and data breaches. Every business is at risk, regardless of size.

For further information on software solutions that can protect against data security threats give the TitanHQ team a call.
 

Malvertising Campaign Delivers New Vidar Information Stealer and GandCrab Ransomware

A malvertising campaign has been detected that delivers two forms of malware: The new, previously unknown Vidar information stealer and subsequently, the latest version of GandCrab ransomware.

The packaging of multiple malware variants is nothing new of course, but it has become increasingly common for ransomware to be paired with information stealers. RAA ransomware has been paired with the Pony stealer, njRAT and Lime ransomware were used together, and Reveton ransomware is used in conjunction with password stealers.

These double-whammy attacks help threat actors increase profits. Not everyone pays a ransom, so infecting them with an information stealer can make all infections profitable. In many cases, information can be obtained and sold on or misused and a ransom payment can also be obtained.

The latest campaign uses the Vidar information stealer to steal sensitive information from a victim’s device. The Vidar information stealer is used to obtain system information, documents, browser histories, cookies, and coins from cryptocurrency wallets. Vidar can also obtain data from 2FA software, intercept text messages, take screenshots, and steal passwords and credit/debit card information stored in browsers. The information is then packaged into a zip file and sent back to the attackers’ C2 server.

The Vidar information stealer is customizable and allows threat actors to specify the types of data they are interested in. It can be purchased on darknet sites for around $700 and is supplied with an easy to use interface that allows the attacker to keep track of victims, identify those of most interest, find out the types of data extracted, and send further commands.

Vidar also acts as a malware dropper and has been used to deliver GandCrab ransomware v5.04 – The latest version of the ransomware for which no free decryptor exists.

While many ransomware variants are delivered via spam email or are installed after access to systems is gained using brute force tactics on RDP, this campaign delivers the malicious payload through malvertising that directs traffic to a websites hosting the Fallout or GrandSoft exploit kits. Those EKs exploits unpatched vulnerabilities in Internet Explorer and Flash Player. The campaign targets users of P2P file sharing sites and streaming sites that attract large amounts of traffic.

Infection with the Vidar information stealer may go undetected. New malware variants such as this may be installed before AV software malware signatures are updated, by which time highly sensitive information may have been stolen, sold on, and misused. If GandCrab ransomware executes, files will be permanently encrypted unless a ransom is paid or files can be recovered from backups.

Businesses can protect against attacks such as these by ensuring that all operating systems and software are promptly patched. Drive-by downloads will not occur if the exploits for vulnerabilities used by the exploit kit are not present.

An additional, important protection is a web filter. Web filters prevent users from visiting websites known to host exploit kits and also sites that commonly host malicious adverts – torrents sites for instance. By carefully controlling the sites that employees can access, businesses can add an extra layer of protection while avoiding legal liability from illegal file downloads and improving productivity by blocking access to non-work-related websites.

For further information on web filters for businesses and MSPs, contact the TitanHQ team today.
 

Department of Homeland Security Issues Warning Over Targeted MSP Cyberattacks

The U.S. government has issued a warning following a spate of MSP cyberattacks by nation-state sponsored hackers.

Homeland Security Warns of Targeted MSP Cyberattacks

Managed service providers (MSPs), cloud service providers (CSPs), and managed security service providers (MSSPs) have been warned about an increase in malicious cyber activity and targeted attacks on IT service providers. Nation-state sponsored hackers are targeting IT service providers in an attempt to gain access to their networks, and ultimately, those of their clients.

It is not difficult to see why MSPs, CSPs, and MSSPs are such an attractive target. These IT service providers usually have administrator access to their clients’ networks or certainly elevated privileges that could allow an attacker to gain access to servers, security appliances, and databases of multiple clients.

The threat of attack is theoretical. There has been an increase in MSP cyberattacks in recent months, so much so that the U.S. Department of Homeland Security (DHS) has issued a warning to all IT service providers specifically due to an increase in attacks on IT service providers by Chinese government-backed hackers.

The DHS Cybersecurity and Infrastructure Security Agency (CISA) has issued cybersecurity guidance for IT service providers on steps that need to be taken to improve security, detect attacks quickly, and prevent threat actors from gaining access to their clients’ networks. Since companies that use IT service providers have also been warned of the risk of attack through their IT companies, MSPs, MSSPs and CSPs are likely to be contacted by clients wanting reassurances.

IT service providers should therefore be proactive and n ensure that CISA guidance is being followed to better protect themselves and their clients.

Feds Launch Campaign to Raise Awareness of Cyber Risks

CISA is not the only government agency to issue a warning in the past few days. The Trump administration has launched a new campaign to raise awareness of cyber risks in all industry sectors. The “Know the Risk, Raise your Shield campaign is being spearheaded by the National Counterintelligence and Security Center (NCSC) at the Office of the Director of National Intelligence. The campaign has been launched in response to increased cyberattacks from state sponsored hackers in Russia, China, Iran, and North Korea and independent hackers.

The aim of the campaign is to ensure that cybersecurity best practices are being followed to make it much harder for the attackers to succeed. The NCSC is aware that improved cybersecurity comes at a cost, but explains that investment in cybersecurity defenses is money very well spent and reminds businesses that an ounce of security equates to a pound of protection.

How Can Businesses and MSPs Improve Their Defenses?

With MSP cyberattacks on the increase it is essential that defenses are improved. While there are many ways that MSPs and businesses can be attacked, one of easiest ways is phishing. Phishing targets a weak link in security defenses: Employees. If a phishing email is delivered to an inbox and an employee responds, credentials will be obtained by the attacker that gives them a foothold to launch further attacks on other employees and MSP clients.

It is therefore important to improve awareness of the risks and train employees how to recognize email threats and how to react. It is also important to ensure that technical spam defenses are implemented to make sure phishing threats are blocked on the server and are not delivered to end users’ inboxes or local spam folders. SpamTitan is an ideal solution for MSPs to implement to block these phishing attacks on their employees and their clients.

A DNS based web filter should also be implemented to ensure that should a malicious email make it past the spam defenses, employees are prevented from visiting malicious websites. A DNS-based web filter blocks attempts to access malicious sites during the DNS lookup process and adds an extra layer of security against phishing.

For further information on spam filtering and web filtering for businesses and MSPs, speak to the TitanHQ team today.

Other important steps to take to improve security include:

  • Use of strong password policies
  • Applying the principle of least privilege
  • Ensuring network and host-based monitoring systems are implemented and logs are regularly checked for signs of malicious activity
  • Performing regular vulnerability scans to identify security weaknesses before they are exploited.

 

2018 Has Seen a 4,000% Increase in Cryptocurrency Mining Malware

New figures released by anti-virus firms McAfee and Symantec have shown the extent to which hackers are using cryptocurrency mining malware in attacks on consumers and businesses.

Cryptocurrency mining malware hijacks system resources and uses the processing power of infected computers to mine cryptocurrencies – Validating transactions so they can be added to the blockchain public ledger. This is achieved by solving difficult computational problems. The first person to solve the problem is rewarded with a small payment.

For cryptocurrency mining to be profitable, a lot of processing power is required. Using one computer for mining cryptocurrency will generate a few cents to a few dollars a day; however, hackers who infect thousands of computers and use them for cryptocurrency mining can generate significant profits for little work.

The use of cryptocurrency mining malware has increased considerably since Q4, 2017 when the value of Bitcoin and other cryptocurrencies started to soar. The popularity of cryptocurrency mining malware has continued to grow steadily in 2018. Figures from McAfee suggest cryptocurrency mining malware has grown by 4,000% in 2018.

McAfee identified 500,000 new coin mining malware in the final quarter of 2017. In the final quarter of 2018, the figure had increased to 4 million. Figures from Symantec similarly show the scale of the problem. In July 2018, Symantec blocked 5 million cryptojacking events. In December, the firm blocked 8 million.

There are many different ways of infecting end users. Hackers are exploiting unpatched vulnerabilities to silently download the malware. They package coin mining malware with legitimate software, such as the open-source media player Kodi, and upload the software to unofficial repositories.

One of the easiest and most common ways of installing the malware is through email. Spam emails are sent containing a hyperlink which directs users to a website where the malware is silently downloaded. Links are similarly distributed through messaging platforms such as Slack, Discord, and Telegram. One campaign using these messaging platforms included links to a site that offered software that claimed to fix coin mining malware infections. Running the fake software installer executed code on the computer which silently downloaded the malware payload.

Unlike ransomware, which causes immediate disruption, the presence of cryptocurrency mining malware may not be noticed for some time. Computers infected with coin mining malware will slow down considerably. There will be increased energy usage, batteries on portable devices will be quickly drained, and some devices may overheat. Permanent damage to computers is a possibility.

The slowdown of computers can have a major impact for businesses and can result in a significant drop in productivity if large numbers of devices are infected. Businesses that have transitioned to cloud computing that are charged for CPU usage can see their cloud bills soar.

Anti-virus software can detect known coin mining malware, but new malware variants will be unlikely to be detected. With so many new malware variants now being released, AV software alone will not be effective. It is therefore important to block the malware at source. Spam filters, such as SpamTitan, will help to prevent malicious emails from reaching end users’ inboxes. Web filters, such as WebTitan, prevent users from accessing infected websites, unofficial software repositories, and websites with coin-mining code installed that uses CPU power through browser sessions.

 

Capitalinstall: A New Malware Threat Targeting the Healthcare Industry

A new variant of capitalinstall malware is being used in targeted attacks on a variety of organizations, in particular those in the healthcare and retail industries.

The main purpose of capitalinstall malware is to install an adware package named Linkury that is used to hijack browser sessions on Windows devices. When Linkury adware has been installed, web search results can be altered to display results which would otherwise not be displayed. An infected machine will display unwanted adverts but could also download unwanted programs, some of which may pose a security risk.

Capitalinstall malware has been linked to various malicious websites, although the adware package is actually being hosted on Azure blog storage which is often trusted by organizations and is often whitelisted.

The malware is installed via an executable file that has been packaged inside an ISO file, with the ISO file hosted on websites that offer keys to unlock popular software such as Adobe Creative Cloud.

Upon running the file, a crack for the software claims to be installing and the user is directed to a website where they are urged to install other programs and browser add-ons, such as cryptocurrency miners, with various enticing reasons provided for installing those programs.

This method of distributing unwanted and potentially harmful software is likely to grow in popularity as it offers a way of bypassing security solutions by taking advantage of inherent trust in cloud storage providers.

A web filtering solution can offer protection against downloads of unwanted programs by preventing end users from visiting potentially malicious websites. WebTitan scans and assesses web pages in real time and prevents users from accessing malicious websites and other sites that violate corporate Internet usage policies. With WebTitan in place, users can be prevented from visiting websites that are used for distributing potentially unwanted programs (PUPs) and malware.

In addition to technical controls, it is important to cover the risks of installing unauthorized software in security awareness training, especially the use of software license cracks. These executable files commonly have spyware, adware, and other forms of malware packaged into the installers.
 

Why Managed Service Providers Should Add DNS Filtering to Their Security Stack

Managed Service Providers can spend a significant amount of time dealing with phishing attacks and other security breaches. While MSPs provide an invaluable service and help their clients deal with cyberattacks, by providing security services, MSPs can not only protect their clients and prevent attacks, but also save themselves a considerable amount of time and improve their bottom lines.

The Devastating Consequences of an SMB Cyberattack

Successful cyberattacks on businesses can be catastrophic. The average cost of a data breach has now risen to $3.86 million, according to the Ponemon Institute. Such a high cost means many SMBs struggle to stay in business following a major breach.

A data breach can cause a significant drop in share price. While many businesses see share prices return to near pre-breach levels around 6 months after a major breach, many SMBs do not survive that long. Figures from the National Cyber Security Alliance show that up to 60% of SMBs permanently close their doors within 6 months of suffering a data breach.

Not only do businesses have to cover the cost of remediating a breach, they can lose market share which can be difficult to recover. Customers can also be very unforgiving. If customers’ personal information is exposed as a result of a data breach, the loss of business can be considerable. The damage caused to the reputation of a business by a cyberattack can take a very long time to repair.

Many SMBs believe they are too small to be worth hacking, yet the National Cyber Security Alliance’s figures show that is far from the case. 70% of cyberattacks target small businesses, and while not all of those attempts are successful, nearly 50% of SMBs around the globe report that they have experienced at least one successful cyberattack.

Cybersecurity Solutions for MSPs

MSPs that start offering cybersecurity to their clients can prevent the majority of these cyberattacks, providing the right solutions are chosen. Businesses will naturally need a robust firewall to prevent direct attacks, but many attackers are able to bypass this perimeter control by targeting the weakest link in security: Employees.

Cybercriminals are able to bypass perimeter controls by sending phishing emails to employees. Two recent examples have clearly demonstrated this. The San Diego School District discovered a hacker had gained access to its network and a database of 500,000 staff and student records with phishing emails. 50 email accounts were compromised in that attack. Cape Cod Community College also experienced a phishing attack targeting the finance department, the end result of which was fraudulent transfers being made to criminal-controlled bank accounts totaling more than $800,000. End user training could have made all the difference, as could an advanced spam filtering solution – both of which could easily be provided by MSPs.

Why Web Filtering Should be Part of Your Security Stack

Email security is an area often lacking at SMBs, even though email is the most common attack vector. Web-based attacks are also common, and this is an area where many SMBs are particularly vulnerable. This is another area where MSPs can help improve security.

Web filtering is often overlooked as traditionally this has been a security control that is difficult for MSPs to implement. Appliance-based filters require hardware purchases and site visits. Standard web filters require content to be downloaded before access is blocked and that they can cause major latency problems. DNS filtering solves these problems. Since filtering takes place at the DNS level, controls are applied before any content is downloaded and latency issued are avoided and web-based threats are blocked at source. Since there is no need for hardware to be purchased, it is cost effective for most businesses to implement. There are also no software downloads and deploying the solution is a quick and easy Process. Everything can be set up remotely in a matter of minutes and clients can be protected from malware attacks, phishing, and ransomware downloads while also controlling content and blocking illegal and unacceptable web activity.

WebTitan: MSP-Friendly Web Filtering to Protect Wired and Wireless Networks

In contrast to many DNS-based web filtering solutions, WebTitan has been developed to meet the needs of MSPs. One of the main problems with most DNS-based web filters for MSPs is the inability to add MSP branding. It is abundantly clear it is a third-party solution.

WebTitan can be totally rebranded, allowing MSPs to add their own logos and reinforce their brand image. WebTitan can be hosted on TitanHQ’s servers or within an MSPs own environment. WebTitan also has a well-established channel program and offers special pricing packages specifically for MSPs with generous margins and monthly billing. No other web filtering solution is as MSP friendly.

Other key features of WebTitan include:

  • Highly granular filtering controls: Filter by category, content, and keyword
  • Supports whitelists and blacklists
  • Intuitive control panel requiring no user training
  • Highly scalable solution with virtually no upper limit on number of clients or users
  • Embedded malware filter supported by dual AV engines
  • Extensive reporting suite and ability to brand and schedule client reports
  • Real time view of web activity
  • No latency
  • Remote management and monitoring via APIs and easy integration into billing and auto-provisioning systems
  • Flexible polices for different environments and users
  • Protection for wired and WiFi networks
  • Ability to provision new clients in minutes
  • Full product available on a free trial
  • Industry leading customer support

For further information on TitanHQ’s cybersecurity solutions for MSPs including WebTitan Cloud, WebTitan Cloud for WiFi, and the TitanHQ spam filter, SpamTitan Cloud, contact the MSP Program Team today.

Content Filtering and Wi-Fi Security for Busses

Local authorities and private sector bus companies are now adding Wi-Fi services to their bus fleets, but without appropriate Wi-Fi security for busses, bus fleet operators can run into problems.

There is no doubt that Wi-Fi is a big hit with passengers, especially for long distance travel. Business commuters can connect to email and their work network without having to use their own data and all passengers can enjoy a variety of digital entertainment, such as Internet-based games, online crosswords, YouTube videos, or all manner of Internet based applications, all without eating into their monthly data allowance.

In locations where people have a choice of different transport, the provision of a reliable Wi-Fi network can be a big attraction that can win more business.

Wi-Fi Security for Busses

There are some considerations when providing Wi-Fi on busses. Wi-Fi security for busses is important to ensure that the Wi-Fi network cannot be used for malicious purposes. Over the summer, it was clearly demonstrated how this can easily happen. A hacker was able to hack into the Wi-Fi network on planes and view the Internet activity of passengers, as well as gain access to other important devices on airplanes – All from the ground.

Appropriate Wi-Fi security for busses should be implemented to protect the privacy of passengers, but also to ensure they can use the Wi-Fi network safely. Bus companies should be taking steps to protect passengers from harmful content, such as sites hosting malware and phishing websites.

Content Control for Busses

A third-party Wi-Fi network offers anonymity and some users take advantage and access types of content that they would not access on their home networks. Bus fleet operators have a responsibility to block illegal activity on their Wi-Fi networks.

If a passenger accesses adult content on the Wi-Fi network of a bus, there is a risk that other passengers will catch a glimpse of the screen and children could be exposed to obscene content. It is the responsibility of bus fleet operators to implement content controls to prevent passengers from accessing inappropriate content.

Controlling Bandwidth Use on Busses

There is also the issue of bandwidth. Ensuring all users have decent bandwidth and can connect to the network and enjoy reasonable Internet speeds comes at a cost. If several passengers are using applications or visiting websites that require a considerable amount of bandwidth, that will naturally have an impact on other users of the Wi-Fi network. Limiting what users can do while connected to Wi-Fi networks can save bandwidth and costs. Preventing, or restricting, high bandwidth applications such as video streaming, online games such as Fortnite, and large file downloads can help to conserve bandwidth.

DNS-Level Content Filtering

All of the above issues can be easily solved with a single, cost effective solution – A web filter. A web filter allows network administrators to carefully control what users can do online. It offers both content control and Wi-Fi security for busses by blocking access to illegal content, preventing malware downloads, and offering protection from phishing. Categories of web content can be blocked to create a family-friendly Wi-Fi network and control bandwidth use.

Traditional web filters require an appliance through which Internet traffic is routed. This is a costly way of adding Wi-Fi security for busses. A DNS-level filter on the other hand is a low cost, flexible solution that serves the same purpose. When a user connects to the Wi-Fi network, the DNS process sends domain names to the name server and the name server returns the IP address associated with the application server. When content is filtered at the DNS level, no software needs to be downloaded and no appliances need to be purchased.

Not only do DNS-level filters offer excellent Wi-Fi security for busses, they also save on bandwidth as content is not downloaded before the decision is taken to block the content.

WebTitan Cloud for Wi-Fi – Content Filtering and Wi-Fi Security for Busses

WebTitan Cloud for Wi-Fi is an ideal web filtering solution for bus fleets. Since it is DNS-based it is easy to implement, highly scalable, and is cost-effective to set up and run. WebTitan Cloud for Wi-Fi can protect entire bus fleets, in multiple cities, and licenses can be easily scaled up and down to meet bus operators’ needs.

Some of the key features of WebTitan Cloud for Wi-Fi are detailed below:

  • No hardware purchases or software downloads required
  • No patching or software updates required
  • Protects multiple Wi-Fi routers from a single, web-based administration control panel
  • Protects against malware with dual anti-virus engines
  • Protects users from phishing and other malicious websites
  • Allows network administrators to protect the Wi-Fi network from unauthorized users
  • Highly granular controls allow precise content control without overblocking content
  • Block content by category with a single click
  • No latency – Internet speeds are unaffected
  • Supports static and dynamic IPs
  • Supports whitelists and blacklists
  • No restriction on bandwidth, number of devices, or the number of hotspots
  • Full suite of reports gives network administrators full visibility into their Wi-Fi networks and user activity

If you are looking to improve Wi-Fi security for busses and want to implement content controls to keep your Wi-Fi networks family-friendly, contact TitanHQ today for further information on WebTitan Cloud for Wi-Fi.

Guest Wi-Fi Best Practices

Many businesses now offer their customers free access to their Wi-Fi networks, but if guest Wi-Fi best practices are not followed, opening up Wi-Fi networks to guest users is not without risk. You may have provided security awareness training to your employees, but guest users are unlikely to be as careful while connected to your network. Customers and guests may accidentally download malware or visit malicious websites, or even engage in illegal activities due to the anonymity offered by someone else’s Wi-Fi network.

If guest Wi-Fi best practices are not followed, there will be people that take advantage of your lax security. They could launch an attack on your business network, explore your network assets, change router settings, or even gain access to confidential data.

If you run a hotel, restaurant, shop, or another business that provides Wi-Fi access to customers, it is important to create a safe browsing environment for all Wi-Fi users and take steps to secure your access points and control the activities that users can engage in while connected.

Guest Wi-Fi Best Practices for Hotspot Providers

Create A Separate Wi-Fi Network for Guests and Employees

You will no doubt have a Wi-Fi network that is used by your employees. It is important that this is totally separate from the one used by guests and customers. Guest users should access a totally separate network. Ideally, there should be a network firewall that separates guest users from employees. If you use enterprise switches, create a separate VLAN for access points that broadcast the guest wireless SSID. Also make sure you use a software firewall to block traffic from the guest network from your company’s servers and computers. Also make sure guest users can only access the Internet while connected.

Naming Your SSID

An SSID is the name you give to your Wi-Fi network that identifies it as belonging to your business. Care should be taken when choosing a name. Your choice should depend on the nature of your business and who the Wi-Fi network serves. If you run a coffee shop, for instance, you should make it clear which is your Wi-Fi network and prominently display that information. That will make it harder for rogue hotspots to be created to fool customers into connecting to an evil twin – A hotspot set up and controlled by a hacker to fool customers into connecting in the belief it is your hotspot.

Encrypt your Wireless Signals

Unsecured Wi-Fi networks may be easier to set up and use, but they also allow anyone within range to connect, even if they are not in your establishment.  To connect, it should be necessary for a password to be entered. You should also encrypt your wireless network to make it harder for hackers to intercept users’ data. Secure your wireless network with WPA2 encryption or, even better, WPA3 if it is supported by your access point.

Create a Safe Browsing Experience and Control the Internet Content That Can be Accessed

You should develop and implement a guest Wi-Fi access policy covering what is and is not permitted on your Wi-Fi network. You should also enforce that policy with technical controls. A cloud-based web filter is ideal for this.

It is easy to deploy and configure and will allow you to carefully control the content that can be accessed while connected. You should block access to known malicious sites and illegal web content through blacklists. Category based filters are useful for blocking access to inappropriate content such as pornography and restricting bandwidth-heavy activities that can slow down Internet speeds for all users. By filtering content, not only will you keep your Wi-Fi users protected, you will also reduce legal liability and ensure that your Wi-Fi network is family friendly.

Adopt these guest Wi-Fi best practices to improve safety and security, keep your customers protected, and make it harder for cybercriminals to attack your network or your guest users.

Worst Passwords of 2018 and Password Best Practices Revealed

It’s the time of year when the poor password practices of users are highlighted. This month has seen the list of the worst passwords of 2018 published and a list of 2018’s worst password offenders.

The Worst Passwords of 2018

So, what were the worst passwords of 2018? SplashData has recently published a list of the worst passwords of 2018 which shows little has changed since last year. End users are still making very poor password choices.

To compile the list, SplashData analyzed passwords that had been revealed through data dumps of passwords obtained in data breaches. More than 5 million exposed passwords were sorted to find out not only the weakest passwords used, but just how common they were. The list of the top 100 worst passwords of 2018 was published, although we have only listed the top 25 worst passwords of 2018:

Top 25 Worst Passwords of 2018

1) 123456
2) password
3) 123456789
4) 12345678
5) 12345
6) 111111
7) 1234567
8) sunshine
9) qwerty
10) iloveyou
11) princess
12) admin
13) welcome
14) 666666
15) abc123
16) football
17) 123123
18) monkey
19) 654321
20) !@#$%^&*
21) charlie
22) aa123456
23) donald
24) password1
25) qwerty123

Unsurprisingly, there has been no change in the top two passwords this year. 123456 and password have held number 1 and 2 spots for the past five years. Donald is a new addition but would not keep a user’s account secure for long, even if their name isn’t Donald. 654321 is also new this year but offers little more protection than 123456.

Other new entries include qwerty123 and password1 – Clear attempts to get around the requirement of including numbers and letters in a password.

How common are the worst passwords of 2018? According to SplashData, 3% of users have used 123456 and 10% of people have used at least one password in the list of the top 25 worst passwords of 2018!

Poor Password Practices and the Worst Password Offenders of 2018

DashLane has published its list of the worst password offenders of the year. In addition to the list containing users who have made very poor password choices by selecting some of the worst passwords of 2018, the report highlights some of the terrible password practices that many individuals are guilty of. Poor password practices that render their passwords absolutely useless.

This year has seen many major password failures, several of which came from the White House, where security is critical. Topping the list was a password faux pas by a visitor to the oval office – Kanye West. Not only was ‘Ye’ guilty of using one of the worst possible passwords on his phone ‘000000’, he also unlocked his phone in full view of an office full of reporters who were filming his meeting with President Trump. Ye’s poor password was broadcast to the nation (and around the world). This incident highlights the issue of ‘shoulder surfing.’ Looking over someone’s shoulder at their screen to see passwords being entered. Something that can easily happen in public places.

Another White House password failure concerned a staffer who committed the cardinal password sin of writing down a username and password to make it easier to remember. It is something that many employees do, but most do not write it on White House stationary and then leave the document at a bus stop.

Password security should be exemplary at the White House, but even more so at the Pentagon. Even staff at the Pentagon are guilty of poor password hygiene, as was discovered by Government Accountability Office (GAO) auditors. GAO auditors discovered default passwords were used for software associated with weapons systems. Default passwords are publicly available online which renders them totally useless. GAO auditors were also able to guess admin passwords with full privileges in only 9 seconds.

These are just three examples of terrible password practices. While they are shocking given the individuals concerned, they are sadly all too common.

Password Best Practices to Keep Accounts Secure

A password prevents other individuals from gaining access to an account and the sensitive information contained therein. Choose a strong password or passphrase and it will help to make sure that personal (or business) information remains confidential. Choose a weak password and an account can easily get hacked. Choose an exceptionally weak password and you may as well have no password at all.

To ensure passwords are effective, make sure you adopt the password best practices detailed below:

  • Make sure you set a password – Never leave any account open
  • Always change default passwords – They are just placeholders and are next to useless
  • Never reuse old passwords
  • Use a unique password for all accounts – Never use the same password for multiple accounts
  • Do not use names, dictionary words, or strings of consecutive numbers or letters
  • Ensure passwords are longer than 8 characters and contain at least one number, lowercase letter, uppercase letter, and a symbol – Long passphrases that are known only to you are ideal
  • Use a random mix of characters for passwords and use a password manager so you don’t have to remember them. Just make sure you set a very strong password for your password manager master password.
  • Set up multi-factor authentication on all of your accounts
  • Never write down a password
  • Never share passwords with others, no matter how much you trust them

Password Best Practices for Businesses

Verizon’s 2018 Data Breach Investigations Report revealed 81% of hacking-related data breaches were due to weak passwords or stolen credentials. It is therefore critical that businesses adopt password best practices and ensure users practice good password hygiene. Businesses need to:

  • Train end users on good password hygiene and password best practices
  • Enforce the use of strong passwords: Blacklist dictionary words, previously exposed passwords, previously used passwords, and commonly used weak passwords
  • Set the minimum password length to 8 characters (or more) and avoid setting a maximum length to encourage the use of passphrases.
  • Follow the password advice published by the National Institute of Standards and Technology (NIST)
  • Don’t enforce password changes too often. End users will just reuse old passwords or make very minor changes to past passwords.
  • Implement multi-factor authentication
  • Encrypt all stored passwords
  • Consider the use of other authentication methods – Fingerprint scanners, facial recognition software, voice prints, or iris scans

University Research Theft: A Major Cause for Concern

Educational institutions are being targeted by cybercriminals for all manner of nefarious purposes: To obtain the personal information of staff and students for identity theft and tax fraud, to steal university funds, and to steal university research.

University research theft is an easy income stream for hackers. Research papers can command high prices on the black market and are highly sought after by nation state governments and businesses.

This fall, the UK’s Daily Telegraph revealed Iranian hackers were selling research papers that had been stolen from top British Universities including Oxford and Cambridge. Several Farsi websites were identified advertising free access to university research papers, including an offer of university research theft to order. Provide the details and, for a price, the research be found and sent through an encrypted channel.

There were papers for sale on highly sensitive subjects such as nuclear research and cybersecurity defenses. Even less sensitive subjects are valuable to foreign businesses. The research could help them gain a competitive advantage at the expense of universities. In the case of Iran, universities are being used to gain access to Western research that would otherwise be off limits due to current sanctions.

It is not just British universities that are being targeted. The hackers are infiltrating university research databases the world over, and it is not just Iranian hackers that have tapped into this income stream. University research theft is a growing problem.

How Are University Databases Breached?

One of the main ways access to research databases is gained is through phishing – A simple method of attack that requires no programming know-how and no malicious software. All that is required is a little time and the ability to create a website.

Phishing emails are sent to staff and students that request a visit a webpage where they are required to enter their credentials to academic databases. If the credentials are disclosed, the phishers have the same access rights as the user. The phishers then download papers or advertise and wait for requests to roll in. They then just search the database, download the papers, and provide them to their customers.

Various social engineering techniques are used to entice users to click the links. Requests are sent instructing the user that they need to reset their password, for instance. The web pages they are directed to are exact copies of the sites used by the universities. Apart from the URL, the websites appear perfectly genuine.

Unfortunately, once credentials have been obtained it can be difficult for universities to discover there has been a breach since genuine login credentials are used to access the research databases.

How to Prevent University Research Theft

No single cybersecurity solution will protect universities from all phishing attacks. The key to mounting an effective defense against phishing is layered phishing defenses.

  • The primary cybersecurity solution to implement is an advanced spam filter to ensure as many phishing emails as possible are blocked and messages containing malicious attachments do not reach inboxes. SpamTitan for instance, blocks more than 99.9% of spam and phishing messages and 100% of known malware. Even advanced spam filtering solutions will not block all phishing emails, so additional controls are required to deal with the <0.1% of phishing emails that are delivered.
  • While a web filter can be used to block access to categories of web content such as pornography, it will also block access to known malicious websites: Websites used for phishing and those that host malware.
  • End user security awareness training is also essential. End users are the last line of defense and will remain a weak link unless training is provided to teach them how to identify malicious emails. Staff and students should be conditioned to report threats to their security teams to ensure action can be taken and to alert first responders when the university is under attack.
  • Multi-factor authentication should also be implemented. If credentials are stolen and used to access a database, email account, computer, or server, from an unfamiliar device or location, a further form of authentication is required before access is granted.
  • Universities should have security monitoring capabilities. Logs of access attempts and should generated and network and user activity should be monitored for potential compromises.

For further information on anti-phishing defenses and cybersecurity solutions that can help prevent university research theft, contact the TitanHQ team today.

Need for Web Filters for Libraries Pondered in New Hampshire

There has been much debate over the use of web filters for libraries. On one side are those that believe that as places of learning, there should be no restrictions placed on the types of information that can be accessed through libraries. Libraries house books that are sexually explicit, racist, or contain material some may find distasteful or offensive, but banning those books would be inappropriate.

That same thinking has been applied to the Internet, access to which is often provided in libraries. The application of a web filter to block certain types of content is viewed as unacceptable by some people, even if as a result of a lack of technical controls library computers are used to access hardcore pornography. The American Library Association does not advocate the use of web filters for libraries, instead suggesting acceptable usage policies and educational programs are more appropriate.

The other camp considers the use of web filters in libraries to be a necessity to ensure libraries can be used by children and adults without others subjecting them to obscene and potentially harmful web content. Acceptable usage policies only discourage users from accessing pornography. Policies do not prevent such activities.

New Hampshire Library Considers Using Web Filtering Technology to Block Porn

The use of public library computers for viewing offensive sexual content is common. There have been many cases of library patrons discovering other users accessing adult content on computers in full sight of other users, as was recently the case at the Lebanon Public Library in New Hampshire.

A complaint was made to Lebanon Public Library about two children (of middle school age) who are alleged to have used the library computers to access pornography. Jim Vanier, youth center coordinator for the Carter Community Building Association, overheard the children discussing pornography at the computers, although they denied accessing adult content.

Vanier’s complaint prompted the Library Board of Trustees to form a task force to investigate current internet usage policies and the task force will consider whether a web filter is appropriate for the library.

While web filters for libraries are available to prevent obscene videos and images from being accessed, relatively few libraries have started implementing even the most basic content controls. The Children’s Internet Protection Act requires the use of web filters in libraries and schools, but only as a condition to obtain e-rate discounts and federal grants. In order to qualify for funds, obscene images, child pornography, and other information deemed harmful to minors must be blocked.

The municipal libraries in Lebanon have taken steps to curb Internet misuse and have introduced policies that prohibit computers from being used for any disruptive or inappropriate behavior, including the viewing of images of a pornographic nature. However, policies alone are insufficient to prevent all cases of inappropriate Internet use.

The reason why many libraries choose not to apply filters is often because web filters for libraries are not perfect, and as a result, they could filter out unintended content.

Accuracy of Content Blocking by Web Filters for Libraries

While there have been issues with web filters for libraries overblocking content in the past, there have been major advances in web filtering technology over the past 10 years. Web filters can now more accurately assess and categorize content.

WebTitan Cloud, for instance, has highly granular controls and allows libraries to carefully control the content that can be accessed without overblocking.

While there is potential for user error when setting policies, WebTitan Cloud solves this issue by having an easy to use user interface that requires no technical skill to use. This helps to eliminate user error that often leads to overblocking of web content.

With WebTitan Cloud, libraries can easily filter out pornography, child pornography, and other obscene and harmful content to comply with CIPA and meet parents’ expectations without restricting access to valuable, educational websites.

WebTitan Cloud also blocks access to websites that host malware to prevent malicious software from being downloaded onto library computers, as well as blocking a wide range of Internet threats such as phishing.

WebTitan Cloud – An Accurate and Easy to Use Web Filter for Libraries

WebTitan Cloud is an ideal web filter for libraries. It is 100% cloud-based so not costly hardware purchases are required. It is easy to implement, simple to use, and allows Internet content to be carefully controlled without blocking access to valuable educational material.

Some of the key features in TitanHQ’s web filters for libraries have been detailed below:

WebTitan Cloud Features

  • Highly granular controls to allow precise filtering of Internet content
  • Unmatched combination of coverage, accuracy, and flexibility
  • Real-time classification of more than 500 million websites and 6 billion web pages in 200 languages
  • 100% coverage of the Alexa 1 million most visited websites
  • Easy to use interface requiring no technical skill
  • 100% cloud-based filtering – No hardware purchases or software downloads required
  • Supports Safe Search and YouTube for Schools
  • Supports whitelists and blacklists for creating exceptions to allow/block content outside general policy controls
  • Category-based filtering allows blocking through 53 pre-defined website categories and 10 customizable categories
  • HTTP/HTTPS filtering
  • Customizable block pages
  • Supports time-controlled cloud keys to allow certain users to bypass filtering controls – for research purposes for instance
  • Provides full visibility into network usage
  • Full reporting suite including real-time Internet activity

For further information on TitanHQ’s web filter for libraries, to arrange a product demonstration, and to register for a free trial to evaluate WebTitan Cloud in your own environment, contact the TitanHQ team today.

Dec 5, 2018 Webinar: A Perfect Cisco OpenDNS Alternative at a Fraction of the Price

Are you looking for a Cisco OpenDNS alternative that is both easier to use and much more cost effective? On Wednesday December 5, 2018, you can discover how you can save money on web filtering without cutting any corners on protection.

A web filter is now an essential cybersecurity solution to protect against web-based threats such as phishing, viruses, malware, ransomware, and botnets. A web filter also allows businesses to carefully control the online activities of employees by restricting access to NSFW web content such as pornography and curb productivity-draining Internet use.

In addition to offering threat protection and content control on wired networks, a DNS-based web filter offers protection for BYOD and company owned devices regardless where they connect to the Internet. Multiple locations can be protected through a central web-based console.

A DNS-based web filter is cost effective to implement as no hardware purchases are required and no software needs to be installed. A DNS-based filter is also easy to maintenance and requires no software updates or patches.

With DNS-based filters, content control and online threat protection is simple; but what about cost? Many businesses have looked at Cisco OpenDNS to meet their web filtering requirements but are put off due to the high cost. Fortunately, there is a more cost-effective way of filtering the Internet.

TitanHQ and Celestix are hosting a webinar on a WebTitan-powered Cisco OpenDNS alternative, Celestix WebFilter Cloud.

Celestix will be joined by by TitanHQ EVP of Strategic Alliances, Rocco Donnino, and Senior Sales Engineer, Derek Higgins, who will explain how Celestix WebFilter Cloud works, why it is an ideal Cisco OpenDNS alternative, and how you can have total protection against web-based threats at a fraction of the cost of running OpenDNS.

The webinar will be taking place on Wednesday December 5, 2018 at 10:00 AM US Pacific Time

Advance registration is required. You can register for the webinar on this link.

Business Email Account Compromises Soaring

Business email compromise (BEC) attacks cost businesses billions of dollars each year, and business email account compromises are soaring.

What is a Business Email Compromise Attack?

As the name suggests, these attacks involve the hijacking of business email accounts. The primary aim is to compromise the account of the CEO or CFO, which is usually achieved through a spear phishing attack. Once the email account has been compromised, it is used to send phishing emails to other employees in the company, most commonly, employees in the accounts, finance, and payroll departments.

The emails commonly request wire transfers be made to accounts under the control of the attackers. Requests are also made for sensitive information such as the W-2 Forms of employees.

Since the emails are sent from the CEO or CFO’s own account, there is a much higher chance of an employee responding to the request than to a standard phishing attempt from an external email address. Since the emails come from within an organization, they are also much harder to detect as malicious – a fact not lost on the scammers.

With access to the email account, it is much easier to craft convincing messages. The signature of the CEO can be copied along with their style of writing from sent messages. Email conversations can be started with employees and messages can be exchanged without the knowledge of the account holder.

Fraudulent transfers of tens or hundreds of thousands of dollars may be made and the W-2 Forms of the entire workforce can be obtained. The latter can be used to submit fake tax returns in victims’ names to obtain tax refunds. The profits for the attackers can be considerable, and with the potential for a massive payout, it is no surprise that these attacks are on the rise.

Business Email Account Compromises Have Increased by 284% in a Year

FBI figures in December 2016 suggest $5.3 billion had been lost to BEC scams since October 2013. That figure had now increased to $12.5 billion. More than 30,000 complaints of losses due to BEC attacks were reported to the FBI’s Internet Crime Complaints Center (IC3) between June 2016 and May 2018.

The specialist insurance service provider Beazley has been tracking business email account compromises. The firm’s figures show business email account compromises have increased each quarter since Q1, 2017. In the first quarter of 2017, 45 business email account compromises were detected. In Q2, 2018, 184 business email account compromises were detected. Between 2017 to 2018, there was a 284% increase in compromised business email accounts.

While the CEO’s email credentials are often sought, the credentials of lowlier employees are also valuable. Any email account credentials that can be obtained can be used for malicious purposes. Email accounts can be used to send phishing messages to other individuals in an organization, and to business contacts, vendors, and customers.

Beazley notes that once one account has been compromised, others will soon follow. When investigating business email account compromises, businesses often discover that multiple accounts have been compromised. Typically, a company is only aware of half the number of its compromised accounts.

The High Cost of Resolving Business Email Account Compromises

Business email account compromises can be extremely costly to resolve. Forensic investigators often need to be brought in to determine the full extent of the breach. Each breached email account must then be checked to determine what information has been compromised. While automated searches can be performed, manual checks are inevitable. For one client, the automated search revealed 350,000 document attachments had potentially been accessed, and each of those documents had to be checked manually to determine the information IT contained. The manual search alone cost the company $800,000.

How to Protect Your Organization from Business Email Compromise Attacks

A range of measures are required to protect against business email compromise attacks. An advanced spam and anti-phishing solution is required to prevent phishing and spear phishing emails from being delivered to inboxes.

SpamTitan is an easy-to-implement spam filtering solution that blocks advanced phishing and spear phishing attacks at source. In contrast to basic email filters, such as those incorporated into Office 365, SpamTitan uses heuristics, Bayesian analysis, and machine learning to identify highly sophisticated phishing attacks and new phishing tactics. These advanced techniques ensure more than 99.9% of spam and malicious messages are blocked.

The importance of security awareness training should not be underestimated. End users should be trained how to recognize phishing attempts. Training should be ongoing to ensure employees are made aware of current campaigns and new phishing tactics. Phishing simulation exercises should also be conducted to reinforce training and identify weak links.

Multi-factor authentication is important to prevent third parties from using stolen credentials to access accounts. If a login attempt is made from an unfamiliar location or unknown device, an additional form of identification is required to access the account.

Password policies should be enforced to ensure that employees set strong passwords or passphrases. This will reduce the potential for brute force and dictionary attacks. If Office 365 is used, connection to third party applications should be limited to make it harder for PowerShell to be used to access email accounts. A web filtering solution should also be implemented to block access to phishing accounts where email credentials are typically obtained.

Defense in depth is the key to protecting against BEC attacks. For more information about email and web security controls to block BEC attacks, give the TitanHQ team a call. Our experienced advisers will recommend the best spam and web filtering options to meet the needs of your business and can book a product demonstration and set you up for a free trial.

WPA3 WiFi Security Enhancements Will Not Block All WiFi Threats

WiFi networks are a potential security weak point for businesses, although the introduction of WPA3 will improve Wi-Fi security. WPA3 Wi-Fi security enhancements address many WP2 vulnerabilities, but WPA3 alone is not enough to block all WiFi threats.

WiFi Security Protocols

The WPA WiFi security protocol was introduced in 1999, and while it improved security, cracking WPA security is far from difficult. Security enhancements were introduced with WPA2 in 2004, but while more secure, WPA2 does not fix all vulnerabilities. Little has changed in the past 14 years, but at long last, WPA3 is here. Use WPA3 and Wi-Fi security will be significantly enhanced, as several important WP2 vulnerabilities have been fixed.

WPA3 WiFi Security Enhancements

One of the biggest WiFi security threats is open networks. These are WiFi networks that require no passwords or keys. Users can connect without entering a pre-shared key. All a user needs to know is the SSID of the access point to connect. These open networks are used in establishments such as coffee shops, hotels, and restaurants as it is easy for customers to connect. The problem is users send plain text to the access point, which can easily be intercepted.

WPA3 spells an end to open networks. WPA3 uses Opportunistic Wireless Encryption (OWE). Any network that does not require a password, will encrypt data without any user interaction or configuration. This is achieved through Individualized Data Protection or IDP. Any device that attempts to connect to the access point receives its own key from the access point, even if no connection to the AP has been made before. This control means the key cannot be sniffed and even if a password is required, having access to that password does not allow the data of other users to be accessed.

Another security enhancement that has been made in WP3 reduces potential for password cracking attacks such as the WPA2 KRACK Attack. WPA2 is vulnerable to brute force and dictionary-based attacks. That is because security relies on the AP provider setting a secure password and many establishments don’t. With WPA3, the Pre-Shared Key (PSK) exchange protocol is replaced with Simultaneous Authentication of Equals (SAE) or the Dragonfly Key Exchange, which improves security of the initial key exchange and offers better protection against offline dictionary-based attacks.

WPA3 also addresses security vulnerabilities in the WiFi Protected Setup (WPS) that made it easy to link new devices such as a WiFi extender. In WPA3, this has been replaced with Wi-Fi Device Provisioning Protocol (DPP).

Configuring IoT devices that lack displays has been made easier, the 192-bit Commercial National Security Algorithm is used for enhanced protection for government, defense and industrial networks, and better controls have been implemented against brute force attacks. These and other enhancements mean WPA3 is far more secure.

Unfortunately, at present, very few manufacturers support WPA3, although that is likely to change in 2019.

WPA3 WiFi Security Issues

Even with WPA3 WiFi security enhancements, WiFi networks will still be vulnerable. WPA3 includes encryption for non-password-protected networks, but it does not require authentication. That is up to hotspot providers to set. WPA3 it is just as susceptible to man-in-the-middle attacks and offers no protection against evil twin attacks. The user must ensure they access the genuine access point SSID.

The connection to the AP may be more secure, but WPA3 does not offer protection against malware downloads. Users will still be at risk from malicious websites unless a DNS filtering solution is used – A web filter to protect WiFi networks.

Improve WiFi Security with a DNS-Based WiFi Filtering Solution

A DNS-based WiFi filtering solution such as WebTitan Cloud for WiFi protects users of a WiFi network from malware attacks, ransomware downloads, and phishing threats. The cloud-based filter also allows businesses that provide WiFi access points to carefully control the content that can be accessed by employees, customers, and other guest users.

By upgrading to WPA3 WiFi security will be improved. With WebTitan Cloud for WiFi, users will also be protected once they are connected to the network.

Further information on WebTitan Cloud for WiFi is detailed in the video below. For further information on WiFi security, including WebTitan pricing and to book a product demonstration, contact the TitanHQ team today.

Wi-Fi Security Threats You Should be Aware of

Many employees access their work emails and work networks via public Wi-Fi hotspots, even though there is a risk that sensitive information such as login credentials could be intercepted by hackers. Many employees are unaware of the Wi-Fi security threats that lurk in their favorite coffee shop and fail to take precautions. Even employees who are aware of the Wi-Fi security threats often ignore the risks.

This was highlighted by a 2017 survey by Symantec. 55% of survey participants said they would not hesitate to connect to a free Wi-Fi hotspot if the signal was good and 46% said they would rather connect to a free, open wireless network than to wait to get a password to a secure access point.

60% of survey participants believed public Wi-Fi networks are safe and secure but even though 40% are aware of the Wi-Fi security threats, 87% said that they would access financial information such as their online banking portal or view their emails on public Wi-Fi networks.

The majority of users of public Wi-Fi networks who were aware of the Wi-Fi security threats said they ignored the risks. Millennials were the most likely age group to ignore Wi-Fi security threats: 95% of this age group said they had shared sensitive information over open Wi-Fi connections.

Consumers may be willing to take risks on public Wi-Fi networks, but what about employees? According to a 2018 Spiceworks survey, conducted on 500 IT professionals in the United States, employees are also taking risks.

61% of respondents to the survey said their employees connect to public Wi-Fi hotspots in coffee shops, hotels, and airports to work remotely. Only 64% of respondents said their employees were aware of the Wi-Fi security threats. A similar percentage said their employees were aware of the risks and connect to their work networks using a VPN, which means that 4 out of 10 workers were unaware of the importance of establishing a secure connection.

Even though 64% of respondents were confident that employees were aware of the risks, only half were confident that data stored on mobile devices was adequately protected against threats from public Wi-Fi hotspots. 12% of respondents said they have had to deal with a public Wi-Fi related security incident, although a further 34% were not sure if there had been a security breach as many incidents are never reported.

WiFi Security Threats Everyone Should be Aware of

All employers should now be providing security awareness training to their employees to make the workforce more security aware. Employees should be trained how to identify phishing attempts, warned of the risk from malware and ransomware, and taught about the risks associated with public Wi-Fi networks.

Five threats associated with open public Wi-Fi hotspots are detailed below:

Evil Twins – Rogue Wi-Fi Hotspots

One of the most common ways of obtaining sensitive information is for a cybercriminal to set up an evil twin hotspot. This is a fake Wi-Fi access point that masquerades as the legitimate access point, such as one offered by a coffee shop or hotel. An SSID could be set up such as “Starbuck Guest Wi-Fi” or even just state the name of the establishment. Any information disclosed while connected to that hotspot can be intercepted.

Packet Sniffers

Using a packet sniffer, a hacker can identify, intercept, and monitor web traffic over unsecured Wi-Fi networks and capture personal information such as login credentials to bank accounts and corporate email accounts. If credentials are obtained, a hacker can gain full control of an account.

File-Sharing

Many people have file-sharing enabled on their devices. This feature is useful at home and in the workplace, but it can easily be abused by hackers. It gives them an easy way to connect to a device that is connected to a Wi-Fi hotspot. A hacker can abuse this feature to drop malware on a device when it connects to a hotspot.

Shoulder Surfing

Not all threats are hi-tec. One of the simplest methods of obtaining sensitive information is to observe someone’s online activities by looking over their shoulder. Information such as passwords may be masked so the information is not visible on a screen, but cybercriminals can look at keyboards and work out the passwords when they are typed.

Malware and Ransomware

When connecting to a home or work network, some form of anti-malware control is likely to have been installed, but those protections are often lacking on public Wi-Fi hotspots. Without the protection of AV software and a web filter, malware can be silently downloaded.

Employers can reduce risk by providing comprehensive training to employees to make sure they are aware of the risks from public Wi-Fi hotspots and make sure that employees are aware they should only connect to public Wi-Fi networks if they use a VPN. Employers can further protect workers with WebTitan Cloud – An enterprise-class web filter that protects workers from online threats, regardless of where they connect.

Hotspot providers can protect their customers by securing their Wi-Fi hotspots with WebTitan Cloud for Wi-Fi. WebTitan Cloud for Wi-Fi is a powerful web filter that protects all users of a hotspot from malware and phishing attacks, and can also be used to control the types of sites that can be accessed. If you offer Wi-Fi access, yet are not securing your hotspot, your customers could be at risk. Contact TitanHQ today to find out how you can protect your customers from online threats, control the content that can be accessed, and create a family-friendly Wi-Fi environment.

WiFi Filtering and Brand Protection

In this post we explain the importance of WiFi filtering and brand protection. It can take years of hard work for businesses to develop trust in their brand. That trust can easily be lost if customers are not protected while connected to business WiFi networks and come to harm or suffer losses.

If Trust is Lost in a Brand it Can Take Years to Recover

Trust is a cornerstone of all successful brands, but it is not something that can be developed overnight. Developing trust in a brand takes an extraordinary amount of time and money, but once established, companies will be rewarded by customer loyalty.

While trust can be difficult to earn, it is certainly not difficult to lose. One of the easiest ways for consumers to lose trust in a brand is through privacy breaches and cyberattacks. If the personal data of customers is exposed or stolen, customers will lose faith in the brand and are likely to take their business elsewhere.

A 2017 study by Gemalto revealed 70% of customers would stop doing business with a company that failed to protect their personal data and suffered a data breach. Regaining customers trust after a data breach can take years. Protecting customer data is therefore essential if a business is to succeed and continue to enjoy success.

Wi-Fi Security and Brand Protection

One aspect of security that is often overlooked is protecting customers who connect to Wi-Fi networks. Many businesses offer free Wi-Fi access to their customers yet fail to implement controls over what customers can do while connected. Consequently, customers may be exposed to malware, phishing, and other harmful content.

Even businesses that claim to be family friendly often do not always filter the Internet and block access to adult and other age-inappropriate web content. It was only relatively recently that McDonald’s started filtering its WiFi networks to protect customers. Starbucks has also agreed to implement WiFi filters to block porn next year.

How are Wi-Fi filtering and brand protection related? Imagine someone uses your WiFi network to access pornography and a child views their screen? Or a parent finds out their child has been viewing adult content on the establishment’s Wi-Fi network? It only takes one person to complain via a social media network for the story to go viral and for the company’s reputation to be tarnished. The same goes for a malware infection as a result of an establishment failing to implement anti-malware controls on its WiFi network.

Implementing a WiFi filter shows customers that you are doing all you can to protect them from online threats and harmful content. WiFi security is therefore important for brand protection.

There have also been cases of businesses temporarily losing Internet access over illegal Internet activity – Employees who have used a corporate WiFi network to engage in illegal activities such as downloading pirated content. ISPs can terminate internet access if complaints are received and loss of Internet access can cripple a business. Legal action can also be taken by the copyright holder against the business.

WebTitan Cloud for WiFi: The Easy Way to Secure Wi-Fi Networks

TitanHQ has been protecting SMBs from cyber threats for more than 20 years and has expanded its portfolio of solutions to cover WiFi security and brand protection solutions.

TitanHQ has developed WebTitan Cloud for WiFi to make it easy for businesses to secure their WiFi networks and for MSPs to offer WiFi filtering to their clients.

WebTitan Cloud for WiFi is a 100% cloud based WiFi filtering solution that is quick and easy to implement and requires no hardware purchases or software downloads. The solution blocks malware downloads, access to malicious websites, lets businesses carefully control the content that can be accessed via their Wi-Fi networks and control bandwidth use by employees and customers. In short, WebTitan Cloud for WiFi lets businesses create a safe environment to access the Internet.

To find out more about WebTitan Cloud for WiFi, including details on pricing, contact TitanHQ today. All businesses can book a product demonstration and sign up for a free WebTitan Cloud for WiFi trial to evaluate the solution in their own environment.

New Phishing Campaign Bypasses Office 365 Anti-Phishing Defenses

A new phishing campaign is bypassing Office 365 anti-phishing defenses and arriving in employees’ inboxes; one of several recent campaigns to slip through the net and test end users’ security awareness knowledge.

The aim of this campaign is not to obtain login credentials or install malware. It is a sextortion scam that aims to get email recipients to make a payment to the scammers.

Sophisticated Sextortion Scam Bypasses Office 365 Anti-Phishing Controls

The scam itself is straightforward. The sender of the email claims to be a hacker who has gained access to the victim’s computer and has installed malware. That malware allowed full access to the user’s device, including control of the webcam. The email claims that the webcam was used to record the victim while he/she was accessing adult web content. The attacker claims to have spliced the webcam recording with the images/videos that were being viewed at the time. The attacker claims the video will be sent to the user’s contacts on social media and via email.

Several similar sextortion scams have been conducted in the past few months, but what makes this campaign different is the extent of the deception. In this campaign, the attacker includes the user’s password in the email body.

“Hello!
I’m a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
This is your password from [user’s email] on moment of hack: [user’s password]

The password may not be the one currently used, but it is likely to be recognized as it has been taken from a previous data breach. However, its inclusion will be especially worrying for any user who does not regularly change their password and for users that share passwords across multiple sites or reuse old passwords. Changing the password will not block access, according to the email

“Of course, you can and will change it, or already have changed it.
But it doesn’t matter, my malware updated it every time.”

For anyone who has viewed adult content on a laptop or other device with a webcam, this message will no doubt be extremely concerning. Especially, as the email contains ‘evidence’ of email compromise. The From field of the email displays the user’s own email address, indicating that the attacker has sent it from the user’s email account.

The attacker notes in the email, “Do not try to contact me or find me, it is impossible, since I sent you an email from your account.”

While scary, the attacker does not have access to the user’s email account. The From field has been spoofed. This is actually straightforward with a Unix computer set up with mail services. Mass emails can be sent out using the same email address in the From field as the Address field, giving the impression that the messages have been sent from the users’ accounts.

The hacker notes that this is not his/her usual modus operandi. “You are not my only victim, I usually lock computers and ask for a ransom. But I was struck by the sites of intimate content that you often visit.” That will be a particular worry for some users.

To prevent distribution of the video, the user must pay $892 in Bitcoin to the specified address and many email recipients have chosen to pay to avoid exposure. The Bitcoin wallet used for the scam has received 450 payments totaling 6.31131431 BTC – around $27,980. Multiple Bitcoin wallets are often used by scammers, so the actual total is likely to be far higher.

Bypassing of Office 365 Anti-Phishing Defenses a Cause for Concern

This scam may not have any direct impact on a business, as no credentials are compromised, and malware is not installed; however, what is of concern is how the messages have bypassed Office 365 phishing defenses and are arriving in inboxes. The scam was first identified in late September and the messages continued to be delivered to Office 365 inboxes, even those with Advanced Threat Protection that companies pay extra for to provide greater protection against spam and phishing emails.

This is of course just one scam. Others have similarly breached Office 365 anti-phishing defenses, many of which are much more malicious in nature and pose a very real and direct threat to businesses. Office 365 anti-phishing protections do block a lot of threats, and protection is improved with Advanced Threat Protection, but the controls are not particularly effective at blocking sophisticated phishing attempts and zero-day attacks.

The volume of phishing attacks on businesses that are now being conducted, the sophisticated nature of those attacks, and the high cost of mitigating a phishing attack and data breach mean businesses need to improve Office 365 anti-phishing defenses further. That requires a third-party spam solution.

For more than 20 years, TitanHQ has been developing security solutions to protect inboxes and block web-based attacks. During that time, our spam filtering solution, SpamTitan, has been gathering threat intelligence, analyzing spamming and phishing tactics, and protecting end users. Over the years, SpamTitan has receive many updates to improve protection against new threats and phishing tactics. Independent tests have shown SpamTitan now has a catch rate in excess of 99.9%.

The incorporation of a range of predictive techniques ensure SpamTitan is not reliant on signatures and can detect never-before seen phishing attempts and zero-day attacks, and provide superior protection against spam, phishing, malware, viruses, ransomware, and botnets for Office 365 users.

To better protect your email channel and keep your Office 365 inboxes threat free, contact TitanHQ today to schedule a full personalized demo of SpamTitan and to find out just how cost effective the solution is for SMBs and enterprises.

Change from Umbrella to WebTitan and Save Time, Money, and Improve Security

If you are using Umbrella and are finding the web filtering solution to be a drain of your time or your budget, consider making the switch from Umbrella to WebTitan.

Web Filtering Doesn’t Have to be Complicated

There are many factors that need to be considered when choosing a web filtering solution. Aside from allowing you to identify and block threats and control the content that can be accessed by network users, a web filter should be easy to configure and maintain.

To get the most benefit from your chosen solution, you will need to have all the information you need at your fingertips. You should be able to tweak settings, block/unblock sites, and get the reports you need on users that are attempting to, or succeeding in, accessing dangerous web content.

All too often, it is only when the solution is set up that the discovery is made that it is a pig to use. The information you need is not easily accessible and maintaining and managing the solution is headache inducing. However, it needn’t be that way.

Usability is one area where WebTitan excels. WebTitan is powerful, feature rich, yet simple to use. WebTitan can be used by anyone, regardless of their level of IT knowhow. The user interface is crisp, clean, and provides all the important information in one place.

Complex interfaces mean more time is spent making minor changes and accessing reports, which takes time away from more important tasks. Further, if Your IT team hates using a solution, they will spend as little time as possible using it, and that could jeopardize security.

That is exactly what was happening with Saint Joseph Seminary College, which, after experiencing problems, made the switch from Cisco Umbrella to WebTitan.

Benefits of Switching from Umbrella to WebTitan: A Case Study

Web filter usability was a key issue for Saint Joseph Seminary College, which had been using Cisco Umbrella to control the web content staff and students could access. While Umbrella did allow content controls to be applied, using the solution was time consuming and difficult. Finding information, generating reports, and changing settings was just taking too much time. So much time that IT department avoided using the solution as far as possible. Hardly an ideal situation for such an important college cybersecurity control.

“I prefer an interface to be simple while giving me as much information as possible in one place. I don’t need rounded corners and elegant fonts when I am trying to see who has been visiting dangerous websites.  I need to clearly see domain names and internal IPs,” explained Saint Joseph’s IT Director, Todd Russell. Russell went on to explain that it wasn’t always that way. “In my opinion, after Cisco bought OpenDNS, they made some major changes to the UI which made it virtually useless for quickly looking through blocked traffic for signs of particular types of usage.”

This is sadly a common problem. In an attempt to cram in as many features as possible into a user interface, too little consideration is given to the people that have to use and manage the solution. For busy IT departments, it is important to make things as simple as possible. Sysadmins have more than their fair share of complexity as it is.

It was the complexity of Umbrella – and the cost – that led Saint Joseph’s to see an Umbrella alternative.

An Easy to Use, More Cost-Effective Alternative to Umbrella

When looking for an Umbrella alternative, several solutions were considered; however, TitanHQ’s feature-rich web filter, WebTitan, stood out from the crowd and warranted closer inspection.

“It didn’t take long to realize that WebTitan was the best alternative for an efficient, cost-effective, and easy to use filtering solution to replace Cisco Umbrella,” explained Russell.

WebTitan has been developed with usability at the heart of the design process. Before UI changes are made, they are extensively tested to make sure they do not negatively impact the user experience.

After switching from Umbrella to WebTitan, the benefit was immediately gained. The IT department had easy access to actionable insights into threat traffic and web activity. Reports could be generated and viewed with two clicks of the mouse, The IT department liked using the solution, and further, an enormous amount of time was saved, and costs were slashed.

“WebTitan immediately gave us visibility into our users’ traffic. Within days, the UI allowed us to see clear signals of dangerous activity. Thanks to the easily accessible and understandable data available on the WebTitan UI, we have been able to launch investigations more quickly and work on remediation.” Said Russell. “The whole experience with WebTitan has been terrific.”

Benefits Gained from the Switch from Umbrella to WebTitan

By changing from Umbrella to WebTitan, Saint Joseph’s was able to:

  • Have easy access to actionable insights on threats and web activity
  • Remediate issues far more quickly
  • Quickly generate basic and advanced reports
  • Secure data and users more effectively
  • Slash administration and remediation time
  • Reduce the cost of web security by 50%
  • Block thousands more threats per hour

Time to Change from Umbrella to WebTitan?

If you want to gain the above benefits, it could not be simpler. Contact the TitanHQ team to schedule a product demonstration to see just how easier WebTitan is to use. You can also trial WebTitan before you make a decision to confirm the benefits for yourself.  You will get access to the full product in the trial, assistance will be provided to get you up and running, and full support is available through out the trial period.

DNS Filtering for MSPs: Better Protect Your SMB Clients and Improve Your Bottom Line

Why is DNS filtering for MSPs so important? Find out how you can better protect your clients against web-based attacks and the MSP benefits of offering this easy to implement cybersecurity solution.

A recent survey conducted by Spiceworks has revealed that DNS filtering is now considered an essential element of cybersecurity defenses at the majority of large firms. A survey was conducted on companies with more than 1,000 employees which revealed 90% of those firms are using a solution such as a DNS filter to restrict access to the internet to protect against malware and ransomware attacks.

89% of firms use DNS filters or other web filtering technology to improve productivity by blocking access to sites such as social media platforms, 84% of firms block access to inappropriate websites, and 66% use the technology to avoid legal issues.

Given the risk of a malware or ransomware download over the Internet and the high cost of mitigating such an attack, it is no surprise that so many large firms are using web filtering technology to reduce risk.

Why DNS Filtering is so Important for SMBs

Phishing attacks and ransomware/malware downloads are major risks for large businesses, but SMBs face the same threats. SMBs are also less likely to have the resources to cover the cost of such an attack. For example, the average cost of a ransomware attack on an SMB is $46,800, according to Datto, and many SMBs fold within 6 months of experiencing a data breach.

DNS filtering is an important control to prevent malware and ransomware attacks over the Internet, both by blocking downloads and preventing employees from visiting malicious websites where malware is downloaded. Web filters are also essential as part of phishing defenses.

According to the Spiceworks survey, 38% of organizations have experienced at least one security incident as a result of employee Internet activity. By restricting access to certain categories of website and blocking known malicious websites, SMBs will be much better protected against costly attacks.

Add to that the amount of time that is lost to casual internet surfing and web filtering is a no-brainer. 28% of employees waste more than 4 hours a week on websites unrelated to their work, but the percentages rise to 45% in mid-sized businesses and 51% of employees in small businesses.

There is no latency with DNS filtering, plus controls can be implemented to restrict certain bandwidth heavy activities to improve network performance.

DNS Filtering for MSPs – The Ideal Web Filtering Solution

DNS web filtering is a low-cost cybersecurity solution that actually pays for itself in terms of the productivity gains and the blocking of cyber threats that would otherwise lead to data breaches. Further, in contrast to appliance-based web filters, DNS filtering requires no hardware purchases or software installations which means no site visits are required. DNS filtering can be set up for clients remotely in a matter of minutes.

DNS filtering is ideal for MSPs as it is hardware and software independent. It doesn’t matter what devices and operating systems your clients have because DNS filtering simply forwards web traffic to a cloud-based filter without the need to install any clients or agents on servers or end points.

TitanHQ’s DNS filtering for MSPs has a low management overhead, so there is little in the way of ongoing maintenance required. A full suite of customizable reports can be automatically generated and sent to clients to show them what threats have been blocked, and who in the organization has been trying to access restricted content, and the employees who are the biggest drain on network performance.

MSPs can easily add in web filtering to existing security packages to provide greater value or offer web filtering as an add-on service to generate extra, recurring monthly revenue and attract more business.

If you are yet to offer web filtering to your clients, call TitanHQ today for more information on our DNS filtering for MSPs and for further information on the MSP Program program.

New HookAds Malvertising Campaign Redirects to Sites that Deliver Banking Trojans, Info Stealers and Ransomware

One of the ways that threat actors install malware is through malvertising – The placing of malicious adverts on legitimate websites that direct visitors to websites where malware is downloaded. The HookAds malvertising campaign is one such example and the threat actors behind the campaign have been particularly active of late.

The HookAds malvertising campaign has one purpose. To direct people to a website hosting the Fallout exploit kit. An exploit kit is malicious code that runs when a visitor lands on a web page. The visitor’s computer is probed to determine whether there are any vulnerabilities – unpatched software – that can be exploited to silently install files.

In the case of the Fallout exploit kit, users’ devices are checked for several known Windows vulnerabilities. If one is identified, it is exploited and a malicious payload is downloaded. Several malware variants are currently being delivered via Fallout, including information stealers, banking Trojans, and ransomware.

According to threat analyst nao_sec, two separate HookAds malvertising campaigns have been detected: One is being used to deliver the DanaBot banking Trojan and the other is delivering two malware payloads – The Nocturnal information stealer and GlobeImposter ransomware via the Fallout exploit kit.

Exploit kits can only be used to deliver malware to unpatched devices, so businesses will only be at risk of this web-based attack vector if they are not 100% up to date with their patching. Unfortunately, many businesses are slow to apply patches and exploits for new vulnerabilities are frequently uploaded to EKs such as Fallout. Consequently, a security solution is needed to block this attack vector.

HookAds Malvertising Campaign Highlights Importance of a Web Filter

The threat actors behind the HookAds malvertising campaign are taking advantage of the low prices offered for advertising blocks on websites by low quality ad networks – Those often used by owners of online gaming websites, adult sites, and other types of websites that should not be accessed by employees. While the site owners themselves are not actively engaging with the threat actors behind the campaign, the malicious adverts are still served on their websites along with legitimate ads. Fortunately, there is an easy solution that blocks EK activity: A web filter.

TitanHQ has developed WebTitan to allow businesses to carefully control employee Internet access. Once WebTitan has been installed – a quick and easy process that takes just a few minutes – the solution can be configured to quickly enforce acceptable Internet usage policies. Content can be blocked by category with a click of the mouse.

Access to websites containing adult and other NSFW content can be quickly and easily blocked. If an employee attempts to visit a category of website that is blocked by the filter, they will be redirected to a customizable block screen and will be informed why access has been prohibited.

WebTitan ensures that employees cannot access ‘risky’ websites where malware can be downloaded and blocks access to productivity draining websites, illegal web content, and other sites that have no work purpose.

Key Benefits of WebTitan

Listed below are some of the key benefits of WebTitan

  • No hardware purchases required to run the web filter
  • No software downloads are necessary
  • Internet filtering settings can be configured in minutes
  • Category-based filters allow acceptable Internet usage policies to be quickly applied
  • An intuitive, easy-to-use web-based interface requires no technical skill to use
  • No patching required
  • WebTitan Cloud can be applied with impact on Internet speed
  • No restriction on devices or bandwidth
  • WebTitan is highly scalable
  • WebTitan protects office staff and remote workers
  • WebTitan Cloud includes a full suite of pre-configured and customizable reports
  • Reports can be scheduled and instant email alerts generated
  • Suitable for use with static and dynamic IP addresses
  • White label versions can be supplied for use by MSPs
  • Multiple hosting options are available
  • WebTitan Cloud can be used to protect wired and wireless networks

For further information on WebTitan, for details of pricing, to book a product demonstration, or register for a free trial, contact the TitanHQ team today.

Further information on WebTitan is provided in the video below:

How to Improve Restaurant Cybersecurity and Prevent Data Breaches

Hackers are targeting healthcare organizations, educational institutions, hotels, and organizations in the financial sector, but restaurants are also in hackers’ cross-hairs. If restaurant cybersecurity solutions are not deployed and security vulnerabilities are not addressed, it will only be a matter of time before hackers take advantage.

Cyberattacks on restaurants can be extremely profitable for hackers. Busy restaurant chains process hundreds of credit card transactions a day. If a hacker can gain access to POS systems and install malware, customer’s credit card details can be silently stolen.

Cheddar’s Scratch Kitchen, Applebee’s, PDQ, Chili’s, B&BHG, Zaxby’s, Zippy’s, Chipotle, and Darden restaurants have all discovered hackers have bypassed restaurant cybersecurity protections and have gained access to the credit card numbers of large numbers of customers.

One of the biggest threats from a data breach is damage to a restaurant’s reputation. The cyberattack and data breach at Chipotle saw the brand devalued by around $400 million.

A restaurant data breach can result in considerable loss of customers and a major fall in revenue. According to a study by Gemalto, 70% of the 10,000 consumers surveyed said that they would stop doing business with a brand if the company suffered a data breach. Most restaurants would not be able to recover from such a loss.

Restaurant Cybersecurity Threats

Listed below are some of the common restaurant cybersecurity threats – Ways that hackers gain access to sensitive information such as customers’ credit card numbers.

Malware

The primary goal of most restaurant cyberattacks is to gain access to customers’ credit card information. One of the most common ways that is achieved is through malware. Malicious software is installed on POS devices to silently record credit card details when customers pay. The card numbers are then sent to the attacker’s server over the Internet.

Phishing Attacks

Phishing is a type of social engineering attack in which employees are fooled into disclosing their login credentials and other sensitive information. Phishing emails are sent to employees which direct them to a website where credentials are harvested. Phishing emails are also used to install malware through downloaders hidden in file attachments.

Web-Based Threats

Whenever an employee or a customer accesses the Internet they will be exposed to a wide range of web-based threats. Websites can harbor malware which is silently downloaded onto devices.

Unsecured Wi-Fi

Restaurants often have Wi-Fi access points that are used by employees and guests. If these access points are not secured, it gives hackers an opportunity to conduct attacks and gain access to the restaurant network, install malware, intercept web traffic, and steal sensitive information.

Restaurant Cybersecurity Tips

Listed below are some of the steps you should take to protect your customers and make it harder for hackers to gain access to your systems and data.

  • Conduct a risk analysis to identify all vulnerabilities that could potentially be exploited to gain access to networks and customer data
  • Develop a risk management plan to address all vulnerabilities identified during the risk assessment
  • Ensure all software and operating systems are kept up to date and are promptly patched
  • Become PCI compliant – All tools used to accept payments must comply with PCI standards
  • Implement security controls on your website to ensure customers can use it securely. Sensitive data such as loyalty program information must be protected.
  • Ensure you implement multi-factor authentication on all accounts to protect systems in case credentials are compromised
  • Ensure all default passwords are changed and strong, unique passwords are set
  • Ensure all sensitive data are encrypted at rest and in transit
  • Secure Wi-Fi networks with a web filter to block malware downloads and web-based threats
  • Implement a spam filter to block phishing attempts and malware
  • Provide cybersecurity training to staff to ensure they can recognize the common restaurant cybersecurity threats

Restaurant Cybersecurity Solutions from TitanHQ

TitanHQ has developed two cybersecurity solutions that can be implemented by restaurants to block the main attack vectors used by hackers. SpamTitan is a powerful email security solution that prevents spam and malicious emails from reaching end users’ inboxes.

WebTitan is a cloud-based web filtering solution that prevents staff and customers from downloading malware and visiting phishing websites. In addition to blocking web-based attacks, WebTitan allows restaurants to prevent customers from accessing illegal and unsuitable web content to create a family-friendly Wi-Fi zone.

Both solutions can be set up in a matter of minutes on existing hardware and require no software downloads.

To find out more about TitanHQ’s restaurant cybersecurity solutions, call the TitanHQ sales team today.

Secure Hotel Wi-Fi Access Points and Gain a Competitive Advantage

Business and leisure travelers looking for secure hotel Wi-Fi access in addition to fast and reliable Internet access. If you take steps to secure hotel WiFi access points, you can gain a significant competitive advantage.

The Importance of Hotel Wi-Fi to Guests

The number one hotel amenity that most travelers can simply not do without is fast, free, reliable, Internet access. In 2013, a joint study conducted by Forrester Research and Hotels.com revealed that 9 out of ten gusts rated Wi-Fi as the top hotel amenity. 34% of respondents to the survey said free Wi-Fi was a ‘deal breaker.’ Now four years on, those percentages will certainly have increased.

Wi-Fi access is essential for business travelers as they need to be able to stay in touch with the office and be able to communicate with their customers. Leisure travelers need free Internet access to keep in touch with friends, look up local attractions, and enjoy cheap entertainment in the comfort of their rooms. Younger travelers need constant access to social media accounts and online games such as Fortnite as they get at home.

It doesn’t matter whether you run a small family bed and breakfast or a large chain of hotels, Wi-Fi access for guests is essential. Any hotel that doesn’t have reliable and fast Wi-Fi will lose business to establishments that do.

It is now easy for potential guests to check if an establishment has Wi-Fi and even find out about the speed and reliability of the connection. The hotelwifitest.com website lets travelers check the speed of Internet access in hotels before booking.

Guests don’t post rave reviews based on the speed of Internet connections, but they will certainly make it known if Internet access is poor or nonexistent. Many of the negative comments on hotel booking websites and TripAdvisor are related to Wi-Fi. Put simply, you will not get anywhere near the same level of occupancy if your Wi-Fi network isn’t up to scratch.

Secure Hotel Wi-Fi is Now as Important as Offering Wi-Fi to Guests

Businesses are now directing a considerable percentage of their IT budgets to cybersecurity to prevent hackers from gaining access to their networks and sensitive data. Securing internal systems is relatively straightforward, but when employees have to travel for work and access networks remotely, hackers can take advantage.

When employees must travel for business, their hotel is often the only place where they can connect to the office network and their email. They need to know that they can login securely from the hotel and that doing so will not result in the theft of their credentials or a malware infection. A hotel will be failing its business customers if it does not offer safe and secure Wi-Fi access.

All it takes is for one malware infection or cyberattack to occur while connected to a hotel Wi-Fi network for the reputation of the hotel to be tarnished. Hotels really cannot afford to take any risks.

Multiple Levels of Wi-Fi Access Should be Offered

Parents staying in hotels will want to make sure that their children can access the Internet safely and securely and will not accidentally or deliberately be able to gain access to age-inappropriate websites. If a hotel claims to be family-friendly, that must also extend to the Wi-Fi network. Any hotel that fails to prevent minors from accessing obscene images while connected to hotel Wi-Fi cannot claim it is family-friendly.

Hotels can offer Wi-Fi access for families that blocks adult websites and anonymizers, which are commonly used to bypass filtering controls. Safe Search can also be enforced, but not all users will want that level of control.

To cater to the needs of all guests, different levels of Wi-Fi access are likely to be required. Some guests will want to be able to access the types of websites they do at home without restrictions and business travelers will certainly not want anonymizers to be blocked. Some customers insist on the use of VPNs when employees connect to their business network or email.

Hotels that implement a web filtering solution can easily create different tiers of Internet access. One for families and a less restrictive level for other users. Free internet access could be limited to a basic level that includes general web and email access but blocks access to video streaming services such as YouTube and Netflix. Those services could be offered as part of a low-cost Wi-Fi package to generate some extra revenue. These tiers can easily be created with a web filtering solution.

How to Easily Secure Hotel Wi-Fi

Offering secure hotel Wi-Fi to guests does not require expensive hardware to be purchased. While appliance-based web filters are used by many businesses, there is a much lower cost option that is better suited for hotel use.

A cloud-based web filter for Wi-Fi – such as WebTitan for Wi-Fi -is the easiest to implement secure hotel Wi-Fi solution. With WebTitan Cloud for Wi-Fi, your Wi-Fi network can be secured with just a simple change to your DNS records. No hardware is required and there is no need to install any software. One solution will protect all Wi-Fi access points and can be up and running in a matter of minutes. There is no limit on the number of access points that can be protected by WebTitan Cloud for Wi-Fi.

Once your DNS is pointed to WebTitan, you can apply your content controls – which is as simple as clicking on a few checkboxes to block categories of web content that your guests shouldn’t be allowed to access.

You can create multiple accounts with different controls – one for business users, one for families, and one for employees for example. No training is required to administer the solution as it has been developed to require no technical skill whatsoever. All of the complex elements of web filtering are handled by TitanHQ.

If you run a hotel and you are not currently filtering the internet, talk to TitanHQ about how you can your secure your hotel Wi-Fi access points, protect your guests, and ensure all users can access the Internet safely and securely.

Why WiFi Filters for Coffee Shops are Now Essential

Find out why WiFi filters for coffee shops are so important and how the failure to filter the Internet could prove to be extremely harmful to your brand.

Serving the best coffee in town will certainly bring in the crowds, but there is more to a successful coffee shop than providing patrons with a morning jolt of caffeine and comfy chairs. Coffee is big business and there is stiff competition when it comes to providing jitter juice to the masses.

In addition to free newspapers, high quality flapjacks and a fine blend of beans, patrons look for the other necessity of modern life: Free Internet access.  Establishments that offer free, reliable WiFi access with decent bandwidth stand a much better chance of attracting and retaining customers.

However, simply setting up a WiFi router is no longer enough. Coffee shops also need to make sure that the WiFi network that their customers connect to is safe and secure. Just as the provision of free WiFi can translate into positive TripAdvisor and Yelp reviews, coffee shops that fail to secure their connections and exercise control over the content that can be accessed can easily get the reverse. WiFi filters for coffee shops ensure that customers’ activities online can be carefully controlled.

Why Unfiltered WiFi Networks Can Result in Bad Reviews

It is important for all shops to ensure that their WiFi networks cannot be used for any illegal or unsavory activities. If a webpage is not suitable for work, it is not suitable for a coffee shop. While there all manner of sites that should be blocked with WiFi filters for coffee shops, one of the most important categories of content is Internet porn.

While enjoying a nice coffee, patrons should not be subjected to obscene videos, images or audio. All it takes is for one patron to catch a glimpse of porn on another customer’s screen to trigger a bad review. The situation would be even worse if a minor caught a glimpse or even deliberately accessed adult content while connected to the WiFi network. A bad TripAdvisor review could easily send potential customers straight to the competition and a social media post could all too easily go viral.

What are the chances of that happening? Well, it’s not just a hypothetical scenario, as Starbucks discovered. In 2011, Starbucks received a warning that minors had been subjected to obscene content in its coffee shops and the chain did little about the complaints. The following year, as the bad feedback continued, the story was picked up by the media.

The bad feedback mounted and there were many calls for the public to boycott Starbucks. In the UK, Baroness Massey announced to the House of Lords that she had boycotted the brand and heavily criticized the chain for failing to set an example. Naturally, competitors – Costa Coffee for example – were more than happy to point out that they had been proactive and already provided filtered Internet to prevent minors from accessing adult content on their WiFi networks.

It was not until 2016 when Starbucks took action and implemented WiFi filters for coffee shops in the UK and started providing family-friendly WiFi access. A chain the size of Starbucks could weather the bad press. Smaller coffee shops would no doubt fare far worse.

WiFi Filters for Coffee Shops are Not Only About Blocking Adult Content

WiFi filters for coffee shops are important for blocking obscene content, but that is far from the only threat to a brand. The Internet is home to all manner of malicious websites that are used to phish for sensitive information and spread malicious software such as malware and ransomware. WiFi filters for coffee shops can be used to carefully control the content that can be accessed by consumers, but they can also keep them protected from these malicious sites.

Just as users have safe search functionality on their home networks, they expect the same controls on public WiFi access points. Phishing attacks and malware infections while connected to coffee shop WiFi networks can also be damaging to a brand. With WiFi filters for coffee shops, instead of being phished, a user will be presented with a block screen that explains that the business has blocked access to a malicious site to keep them protected and that will send a positive message that you care about your customers.

Once WiFi filters for coffee shops have been implemented, it is possible to apply to be assessed under the government’s Friendly Wi-Fi scheme. That will allow a coffee shop to display the friendly WiFi symbol and alert potential customers that safe, secure, family-friendly filtered Internet access is provided.

WebTitan – TitanHQ’s Easy to Implement WiFi Filters for Coffee Shops

Fortunately, WiFi filters for coffee shops are not expensive or difficult to implement. If you use a cloud-based solution such as WebTitan Cloud for WiFi, you will not need to purchase any hardware or install any software. Your WiFi network can be secured in a matter of minutes. A simple change to point your DNS to WebTitan is all that is required (you can be talked through that process to get you up and running even faster).

Since the controls are highly granular, you can easily block any type of web content you wish with a click of a mouse, selecting the categories of content you don’t want your users to access through the web-based control panel. Malicious sites will automatically be blocked via constantly updated blacklists of known malicious and illegal web pages.

With WebTitan you are assured that customers cannot view adult and illegal content, you can block illegal file sharing, control streaming services to save bandwidth, and enforce safe search on Google and apply YouTube controls.

To find out more about the features and benefits of WebTitan, details of pricing, and to sign up for a demo and free trial, contact the TitanHQ team today.

High Severity Vulnerabilities in VPNs Allow Code Execution with System Level Privileges

Vulnerabilities in the VPNs NordVPN and ProtonVPN have been identified that allow execution of arbitrary code with system level privileges, highlighting the risk that can be introduced if VPN software is not kept fully patched and up to date.

VPNs May Not be As Secure as You Think

One common method used to securely access the Internet on public WiFi networks is to connect through a VPN. A VPN helps to prevent man-in-the-middle attacks and the interception of data by creating a secure tunnel through which data flows. Using VPN software means a user’s data is encrypted preventing information from being accessed by malicious actors.

While the connection is secured using a VPN, that does not always mean that a user is well protected. VPNs may not be quite as secure as users believe. Like any software, there can be vulnerabilities in VPNs that can be exploited. If the latest version of VPN software is not used, data may be vulnerable.

High Severity Vulnerabilities Identified in Popular VPNs

Recently, two of the most popular VPN clients have been found to contain a privilege escalation bug that could be exploited to allow an attacker to execute arbitrary code with elevated privileges.

The bug is present in NordVPN and ProtonVPN clients, both of which use the open-source OpenVPN software to create a tunnel through which information passes. In April, a flaw was identified which allowed an attacker with low level privileges to run arbitrary code and elevate their privileges to system level. Further, the flaw was not difficult to exploit.

A change could easily be made to the OpenVPN configuration file, adding parameters such as “plugin”, “script-security”, “up”, and “down”. Files specified within those parameters would be executed with elevated privileges. The flaw was identified by security researcher Fabius Watson of VerSprite Security, and prompt action was taken to patch the flaw.

However, while patches were issued by NordVPN and ProtonVPN that prevented the “plugin”, “script-security”, “up”, and “down” parameters from being added to the configuration file by standard users, the flaw had only been partially corrected.

Researchers at Cisco Talos discovered the same parameters could still be added to the configuration file if they were added in quotation marks. Doing that would bypass the mitigations of the patches. These vulnerabilities have been tracked under separate CVE codes – CVE-2018-3952 for ProtonVPN and CVE-2018-4010 for NordVPN. Both flaws are considered high-severity and have been assigned a CVSS v3 base score of 8.8 out of 10.

NordVPN and ProtonVPN have now released an updated patch which prevents the addition of these parameters using quotation marks, thus preventing threat actors from exploiting the vulnerability. Both vendors have tackled the problem in different ways, with ProtonVPN opting to put the configuration file in the installation directory to prevent standard users from making any changes, while NordVPN used an XML model to generate the configuration file. Standard users are not able to modify the template.

Securing Connections on Public WiFi Access Points

VPNs are an excellent way of improving security when connecting to public WiFi networks, but policies and procedures should be implemented to ensure that patches are applied promptly. It is not always possible to configure VPN clients to automatically update to the latest version. If vulnerabilities in VPNs are not addressed, they can be a major security weak point.

An additional protection that can be implemented to protect remote workers when connecting to WiFi networks is a web filtering solution such a WebTitan. WebTitan allows businesses to carefully control the web content that can be accessed by employees no matter where they connect – through wired networks, business WiFi networks, and when connecting to the Internet through public WiFi networks.

By controlling the types of sites that can be accessed, and using blacklists of known malicious sites, the potential for malware downloads can be greatly reduced.

If you want to improve WiFi security or implement web filtering controls for remote workers, contact the TitanHQ team today to find out more about WebTitan and the difference it can make to your security posture.

New Fallout Exploit Kit Delivering GandCrab Ransomware

A new exploit kit has been detected that is being used to deliver Trojans and GandCrab ransomware. The Fallout exploit kit was unknown until August 2018, when it was identified by security researcher Nao_sec. Nao_sec observed the Fallout exploit kit being used to deliver SmokeLoader – a malware variant whose purpose is to download other types of malware.

Nao_sec determined that once SmokeLoader was installed, it downloaded two further malware variants – a previously unknown malware variant and CoalaBot – A HTTP DDoS Bot that is based on August Stealer code. Since the discovery of the Fallout exploit kit in August, it has since been observed downloading GandCrab ransomware on vulnerable Windows devices by researchers at FireEye.

While Windows users are being targeted by the threat group behind Fallout, MacOS users are not ignored. If a MacOS user encounters Fallout, they are redirected to webpages that attempt to fool visitors into downloading a fake Adobe Flash Player update or fake antivirus software. In the case of the former, the user is advised that their version of Adobe Flash Player is out of date and needs updating. In the case of the latter, the user is advised that their Mac may contain viruses, and they are urged to install a fake antivirus program that the website claims will remove all viruses from their device.

The Fallout exploit kit is installed on webpages that have been compromised by the attacker – sites with weak passwords that have been brute-forced and those that have out of date CMS installations or other vulnerabilities which have been exploited to gain access.

The two vulnerabilities exploited by the Fallout exploit kit are the Windows VBScript Engine vulnerability – CVE-2018-8174 – and the Adobe Flash Player vulnerability – CVE-2018-4878, both of which were identified and patched in 2018.

The Fallout exploit kit will attempt to exploit the VBScript vulnerability first, and should that fail, an attempt will be made to exploit the Flash vulnerability. Successful exploitation of either vulnerability will see GandCrab ransomware silently downloaded.

The first stage of the infection process, should either of the two exploits prove successful, is the downloading of a Trojan which checks to see if certain processes are running, namely: filemon.exe, netmon.exe, procmon.exe, regmon.exe, sandboxiedcomlaunch.exe, vboxservice.exe, vboxtray.exe, vmtoolsd.exe, vmwareservice.exe, vmwareuser.exe, and wireshark.exe. If any those processes are running, no further action will be taken.

If those processes are not running, a DLL will be downloaded which will install GandCrab ransomware. Once files are encrypted, a ransom note is dropped on the desktop. A payment of $499 is demanded per device to unlock the encrypted files.

Exploit kits will only work if software is out of date. Patching practices tend to be better in the United States and Europe, so attackers tend to rely on other methods to install their malicious software in these regions. Exploit kit activity is primarily concentrated in the Asia Pacific region where software is more likely to be out of date.

The best protection against the Fallout exploit kit and other EKs is to ensure that operating systems, browsers, browser extensions, and plugins are kept fully patched and all computers are running the latest versions of software. Companies that use web filters, such as WebTitan, will be better protected as end users will be prevented from visiting, or being redirected to, webpages known to host exploit kits.

To ensure that files can be recovered without paying a ransom, it is essential that regular backups are made. A good strategy is to create at least three backup copies, stored on two different media, with one copy stored securely offsite on a device that is not connected to the network or accessible over the Internet.

Version française de cet article.

Security Awareness Training Best Practices

Security awareness training best practices to help your organization tackle the weakest link in the security chain: Your employees.

The Importance of Security Awareness Training

It doesn’t matter how comprehensive your security defenses are and how much you invested on cybersecurity products, those defenses can all be bypassed with a single phishing email. If one such email is delivered to an end user who does not have a basic understanding of security and they respond to that message, malware can be installed, or the attacker can otherwise gain a foothold in your network.

It is the risk of such an attack that has spurred many organizations to develop a security awareness training program. By teaching all employees cybersecurity best practices – from the CEO to the lowest level workers – security posture can be greatly enhanced and susceptibility to phishing attacks and other cyberattacks will be greatly reduced.

However, simply providing employees with a training session when they join the company is not sufficient. Neither is it enough to give an induction in cybersecurity followed by an annual refresher training session. Employees cannot be expected to retain knowledge for 12 months unless frequent refresher training sessions are provided. Further, cybercriminals are constantly developing new tactics to fool end users. Training programs must keep up with those changing tactics.

To help organizations develop an effective security awareness training program we have compiled a list of security awareness training best practices to follow. Adopt these security awareness training best practices and you will be one step closer to developing a security culture in your organization.

Security Awareness Training Best Practices

Listed below are some security awareness training best practices that will help you develop an effective training program that will ultimately help you to prevent data breaches.

C-Suite Involvement is a Must

It is often said that the weakest link in the security chain are an organization’s employees. While that is undoubtedly true, the C-Suite is also a weak link. If the C-Suite does not take an active interest in cybersecurity and does not realize the importance of the human element in security, it is unlikely that sufficient support will be provided and unlikely that appropriate resources are made available. C-suite involvement can also help with organization-wide collaboration. It will be very difficult to create a security culture in an organization if there is no C-Suite involvement in cybersecurity.

An Organization-Wide Effort is Required

A single department will likely be given the responsibility for developing and implementing a security awareness program, but it will not be easy in isolation. Assistance will be required from other departments. The heads of different departments can help to ensure that the security awareness training program is given the priority it deserves.

To ease the burden on the IT department, members of other departments can be trained and can assist with the provision of support or may even be able to assist with the training efforts. Other departments, such as marketing, can help developing content for newsletters and other training material. The HR department can help by setting policies and procedures.

Creation of Security Awareness Training Content

There is no need to develop training content for employees from scratch as there are many free resources available that can give you a head start. Many firms offer high quality training material for a price, which is likely to be lower than the cost of developing training material in-house. Take advantage of these resources but make sure that you develop a training program that is specific to the threats faced by your organization and the sector in which you operate. Your training program must be comprehensive. If any gaps exist, they are likely to be exploited sooner or later.

Diversity of Training

A one-size-fits-all approach to training will ultimately fail. People respond differently to different training methods. Some may retain more knowledge through classroom-based training, others may need one-to-one training, and many will benefit more from CBT training sessions. Your training program should include a wide range of different methods to help with different learning styles. The more engaging your program is, the more likely knowledge will be retained. Use posters, newsletters, email security alerts, games, and quizzes and you will likely see major improvements in your employees’ security awareness.

Simulation Exercises

You can develop a seriously impressive training program for your employees that looks perfect on paper, but if your employees only manage to retain 20% of the content, your training program will not be very effective. The only way you can determine how effective your training program is through attack simulations. Phishing simulation exercises and simulations of other attack scenarios should be conducted before, during, and after training. You will be able to assess how effective all elements of the training program have been, and it will give you the feedback you need to identify weak links and take action to improve your training program.

Security Awareness Training Needs to be a Constant Process

Security awareness training is not a checkbox item that can be completed and forgotten about for another year. Your program should be running constantly and should consist of an annual training session for all employees, semi-annual training sessions, and other training efforts spread throughout the year. The goal should be to make sure security issues are always fresh in the mind.

Cybersecurity Best Practices for Restaurants

Cybersecurity best practices for restaurants that you can adopt to make your network more secure and prevent hackers from gaining access to your POS system and customers’ credit card information.

Cybercriminals are Targeting Restaurants’ POS Systems

If you run a busy restaurant you will most likely be processing thousands of credit and debit card transactions every month. Every time someone pays with a card you have a legal responsibility to ensure that the card details that are read through your point of sale (POS) system remain private and cannot be stolen by your employees or obtained by cybercriminals.

So far this year there have been several major cyberattacks on restaurants that have resulted in the credit and debit card numbers of customers being stolen.  In August, Darden Restaurants discovered that hackers gained access to the POS system used in its Cheddar’s Scratch Kitchen restaurants and potentially stole over half a million payment card numbers.

Applebee’s, PDQ, Zippy’s, and Chili’s have all experienced cyberattacks in 2018 which have resulted in hackers gaining access to customers’ payment cards. Last year also saw several cyberattacks on restaurants, including attacks on Shoney’s, Arby’s, Chipotle, and the Sonic Drive-In chain. These restaurant cyberattacks are notable due to the amount of card numbers that were stolen. The cyberattack on Cheddar’s is thought to have resulted in the theft of more than half a million payment card numbers, expiry dates and CVV codes, while the Sonic data breach has been estimated to have impacted millions of customers.

Not all cyberattacks on restaurants are conducted on large restaurant chains. Smaller restaurants are also being attacked. These smaller establishments may not process anywhere near as many payment card transactions as a chain the size of Applebee’s, but the attacks can still prove profitable for criminals. Card details sell for upwards of $7, so the theft of 1,000 card numbers from a small restaurant will still generate a decent profit and the effort required to conduct cyberattacks on small restaurants is often far less than an attack on a large chain.

All restaurants are at risk of hacking. Steps must therefore be taken by all restaurants to make it as hard as possible for hackers to gain access to the network, POS systems, and customer data. With this in mind we have listed cybersecurity best practices for restaurants to adopt to avoid a data breach.

Cybersecurity Best Practices for Restaurants

Listed below are some cybersecurity best practices for restaurants to adopt to make it harder for hackers to gain access to your network and data. There is no silver bullet that will stop all cyberattacks, but these cybersecurity best practices for restaurants will help to improve your security posture.

Network Segmentation is a Must

You will most likely have multiple computers in use in your restaurant as well as many other devices that connect to your network via an ethernet connection or WiFi. Every device that connects to your network is a possible entry point that could be exploited by a hacker. It is therefore important to stake steps to ensure that if one device is compromised, access cannot be gained to your entire network. Your POS system needs to be segregated from other parts of the network and users should only be permitted to access parts of the network that are required to complete their assigned duties.

Patch Management and Vulnerability Scanning

All it takes is for one vulnerability to remain unaddressed for you to be vulnerable to attack. It is therefore essential to maintain an inventory of all devices that connect to your network and ensure that patches and software updates are applied on all those devices as soon as they are released. You should also conduct regular vulnerability scans to identify possible weak points and take prompt action to ensure those weak points are addressed.

Secure the Perimeter with a Firewall

One of the most important cybersecurity solutions to implement to prevent hackers from gaining access to your network is a firewall. A firewall monitors and controls incoming and outgoing network traffic and serves as a barrier between a trusted internal network and an untrusted external network. A firewall is also an important element of PCI compliance.

Implement a Spam Filter to Block Malicious Emails

Email is the most common vector used to install malware. Phishing attacks are commonplace and are an easy way for hackers to gain login credentials and get a foothold in the network. Use a spam filter such as SpamTitan to prevent malicious messages from being delivered to end users’ inboxes and block all malware-laced emails.

Protect Your WiFi Network with a Web Filtering Solution

Your WiFi network is a potential weak spot and must be secured. If you provide WiFi access to your customers, ensure they are only provided with access to a guest network and not the network used by your staff. Implement a web filter to control what users can do when connected to your network. A web filter will help to prevent malware from being downloaded and can be configured to block access to risky websites. WebTitan is an ideal web filter for restaurants to improve WiFi security.

Purchase Antivirus Software

Antivirus software is one of the most basic software solutions to protect against malware. Malware is commonly installed on POS systems to record and exfiltrate payment card information. Not only should you ensure that a powerful antivirus solution is installed, you should also ensure regular scans of the network are performed.

Provide Security Awareness Training to Staff

Your employees are a potential weak point in your security defenses. Don’t assume that your employees are security aware. Teach your staff cybersecurity best practices for restaurants, provide anti-phishing training, and explain about risky behaviors that could easily lead to a data breach.

Backup and Backup Again

You should perform regular backups of all your essential data to protect against saboteurs and provide protection against ransomware attacks. If disaster strikes, you will need to record all your data. Adopt the 3-2-1 approach to creating backups. Create three copies, on two separate media, and store one copy securely off site on an air-gapped device that is not connected to the Internet.

Vet your Vendors

Access to your network may be gained through your vendors. The cyberattack on PDQ restaurants occurred via a remote access tool used by one of its technology vendors. If a vendor is able to connect to your network, it is essential that they have appropriate security controls in place. Be sure to check how secure your vendor is and what controls they have in place to prevent hacking before giving them network access.

Adopt these cybersecurity best practices for restaurants and you will make it harder for hackers to gain access to your network and you should be able to avoid a costly data breach.

The Importance of Web Filtering for Businesses

The importance of web filtering for businesses cannot be understated. Businesses can install a range of perimeter defenses, but if controls are not implemented to restrict the activities of employees, malware can easily be downloaded onto work devices. The cost of mitigating malware infections can be considerable. The NotPetya malware attacks last year cost Maersk around $300 million. The Ponemon Institute annual cost of a data breach study suggests the average cost of a data breach is now $3.6 million for large businesses.

There is no single software solution that can provide total protection for businesses. A range of security solutions are required to reduce risk to an acceptable level, and web filters are one such control that should now be used by all businesses.

A new campaign has been detected this week that demonstrates the importance of web filtering for businesses, highlighting one of the methods used to install malicious software on corporate devices. In this case, the aim of the campaign is to install adware, unwanted browser extensions, and PuPs, although this tactic is often used to install much more malicious software.

The individuals behind this campaign are using autogenerated content to create large quantities of websites that incorporate commonly used keywords related to popular celebrities and adult industry actors. The aim of the campaign is to get these webpages indexed by the search engines and appearing in the organic search engine listings.  Individuals who search for these keywords are likely to be presented with these webpages.

Upon opening these webpages, a popup is launched that advises the user that their computer lacks the codecs and software necessary to play the video. To get the videos to play, they need to install a media player. If the end user chooses to install the media player, rather than the media player being installed, a bundle of other programs is downloaded and installed on their device. The campaign also directs users to webpages where they are encouraged to install browser extensions.

If an employee is actively searching for inappropriate website content, it is easy to see how that individual would proceed with a download, and in doing so, install any number of potentially malicious programs.

This is not a hypothetical situation – many employees do just that. A recent survey conducted by Spiceworks delved into the reasons why companies are increasingly using web filters. The primary reason was to prevent the installation of malware. Further, when asked about whether employees had caused problems by accessing inappropriate website content, 38% of respondents said they had experienced a data breach in the past 12 months as a result of employees visiting websites that were not necessary for work.

The survey also revealed the extent that employees are using the Internet for personal reasons. Out of the companies that had not implemented a web filter, it was estimated that 58% of employees were wasting more than 4 hours a week on personal internet use, while 26% of employees were wasting 7 or more hours on non-work-related websites. That adds up to 26 days a year lost by each of those employees.

A web filter can allow a company to improve the productivity of the workforce. Employees will always slack off from time to time, but web filters can help to reduce the number of lost hours. The survey showed that the percentages fell to 43% spending more than 4 hours a week on non-work-related sites and 18% spending more than 7 hours a week slacking off online when a web filter was deployed – a significant reduction in lost hours.  Further, blocking social media websites saw the figure fall to 30% of employees wasting more than 4 hours a week on personal internet use.

Another important benefit of web filtering is to prevent the accessing of illegal website content. Companies can be legally liable for illegal activities by their employees, such as the downloading of copyright protected material through peer-to-peer file sharing networks. The survey revealed two thirds of companies were using their web filter to avoid legal liability and 84% were using a web filter to stop illegal activity online. Data leakage is also a serious concern. 57% of companies use web filters to prevent data leakage and hacking.

If you want to improve your security posture, reduce the potential for productivity losses, and reduce legal liability, a web filter and at least some form of content control is essential.

If you have yet to implement a web filter, are unhappy with your current provider, or would like further information on the importance of web filtering for businesses, call the TitanHQ team today for further information. A free trial is also available for WebTitan, the leading web filtering solution for businesses, to allow you to find out first hand the benefits that content control offers.

How Can You Prevent a Computer from Becoming Part of a Botnet?

What is a Botnet? How are they used? What harm can be caused, and how can you prevent a computer from becoming part of a botnet? These and other questions answered.

What is a Botnet?

A botnet is simply a collection of computers and other Internet-connected devices that are controlled by a threat actor. Usually that control is achieved via a malware installation, with the malware communicating with the threat actor’s command and control server.

Once malware has been installed on one device, potentially it can propagate to other devices on the same network, creating a mini-army of slave devices under the threat actor’s control. Any computer with the malware installed is part of the botnet and can be used on its own or collectively with other compromised devices for malicious purposes.

What are Botnets Used For?

Botnets are often used to conduct Distributed Denial of Service (DDoS) attacks, with the devices in the botnet used to access a particular service simultaneously and flooding it with traffic making that service temporarily unavailable. The Mirai botnet, which mostly consists of vulnerable IoT devices, was used to take down large sections of the Internet, including some of the most popular websites such as Twitter and Netflix. DDoS attacks are now being conducted that exceed 1 terabits per second, largely due to sheer number of devices that are part of the botnet.

One of the biggest botnets ever assembled was made possible with Zeus malware, a banking Trojan that was particularly difficult to detect. In the United States, an estimated 3.6 million computers had been infected with the malware, making Zeus one of the biggest botnets ever created.

In addition to DDoS attacks, botnets are also used to send huge quantities of spam and phishing emails. The Necurs botnet is the world’s largest spamming botnet, delivering 60% of all spam emails. The Gamut spam botnet delivers around 37% of spam botnet traffic. These two spamming botnets are primarily used to send malicious messages containing email attachments with malicious macros that download malware such as the Dridex banking Trojan, and the ransomware variants Locky, Globelmposter, and Scarab.

Recently, the rise in the value of cryptocurrencies has made it highly profitable to use the processing power of botnets to mine cryptocurrency. When processing power is used for cryptocurrency mining, the performance of the computers will reduce significantly.

How Are Botnets Created?

Botnets can be created through several different methods. In the case of IoT devices, attackers often take advantage of weak passwords and default credentials that have not been changed. Since IoT devices are less likely to be updated automatically with the latest software and firmware, it is easier to exploit flaws to gain access to the devices. IoT Devices also rarely have antivirus controls, making infection easier and detection of malware much harder.

Computers are most commonly recruited into botnets through malware sent via spam email campaigns – such as those sent out by the spamming botnets. Malware is delivered via infected email attachments or links to malicious websites where malicious code is hosted. Messages can be sent via social media networks and chat apps, which also direct users to malicious websites where malware is downloaded.

Drive-by downloads are also common – Malware is downloaded by exploiting vulnerabilities in browsers, add-ons or browser plug-ins, often through exploit kits loaded on compromised websites.

Prevent a Computer from Becoming Part of a Botnet

It is much easier to prevent a computer from becoming part of a botnet than identifying a malware infection and eradicating it once it has been installed. To prevent a computer from becoming part of a botnet, it is necessary to use technological controls and adopt security best practices.

Businesses need to ensure all staff are trained to be more security aware and are told about the risks of opening email attachments or clicking links in emails from unknown senders. They should also be told not to automatically trust messages from contacts as their email accounts could have been compromised. Employees should be taught security best practices and risky behavior, such as connecting to public WiFi networks without using a VPN, should be eradicated.

All software must be kept up to date with patches applied promptly. This will reduce the risk of vulnerabilities being exploited to deliver malware. Antivirus software should be installed and configured to update automatically, and regular AV scans should be performed.

Firewalls should be used to implemented to prevent unauthorized network access and allow security teams to monitor internet traffic.

Spam filtering solutions should be implemented to block the majority of malicious messages from being delivered to end users’ inboxes. The more messages that are blocked, the less chance there is of an employee responding to a phishing email and inadvertently installing malware.

One way to prevent a computer from becoming part of a botnet that is often forgotten, is the use of a web filtering solution. A web filter, such as WebTitan, will prevent malware and ransomware downloads and block access to malicious websites sent via email or through web browsing.

Implement these controls and it will make it much harder for your organization’s computers to be infected with malware and added to a botnet.

Your Router May Have Been Compromised: Urgent Action Required

A hacking group has succeeded in infecting hundreds of thousands of routers with VPNFilter malware. The scale of the malware campaign is astonishing. So far more than half a million routers are believed to have been infected with the malware, prompting the FBI to issue a warning to all consumers and businesses to power cycle their routers.

Power cycling the router may not totally eradicate the malware, although it will temporarily disrupt communications and will help to identify infected devices, according to a May 25 public service announcement issued by the FBI.

All users have been advised to change the password on their router, install firmware updates if they are available, and disable the router’s remote management feature.

According to the U.S. Department of Justice, the malware campaign is being conducted by the Sofacy Group, also known as Fancy Bear and APT28. The hacking group has ties to the Russian government with some believing the hacking group is directed by Russia’s military intelligence agency.

While most of the infected routers and NAS devices are located in Ukraine, devices in more than 50 countries are known to have been infected with the malware. VPNFilter malware is a modular malware with a range of different functions that include the ability to capture all information that passes through the router, block network traffic and prevent Internet access, and potentially, the malware can totally disable the router. The infected routers could also be used to bring down specific web servers in a DDoS attack.

Many common router models are vulnerable including Linksys routers (E1200, E2500, WRVS4400N), Netgear routers (DGN2200, R6400, R7000, R8000, WNR1000, WNR2000), Mikrotik RouterOS for Cloud Core Routers (V1016, 1036, 1072), TP-Link (R600VPN), QNAP (TS251, TS439 Pro and QNAP NAS devices running QTS software).

The motive behind the malware infections is not known and neither the method being used to install the malware. The exploitation of vulnerabilities on older devices, brute force attacks, and even supply chain attacks have not been ruled out.

The FBI has taken steps to disrupt the malware campaign, having obtained a court order to seize control of a domain that was being used to communicate with the malware. While communications have now been disrupted, if a router has been compromised the malware will remain until it is removed by the router owners.

How to Update Your Router

While each router will be slightly different, they can be accessed by typing in 192.168.1.1 into the browser and entering the account name and password. For many users this will be the default login credentials unless they have been changed during set up.

In the advanced settings on the router it will be possible to change the password and disable remote management, if it is not already disabled. There should also be an option to check the firmware version of the router. If an update is available it should be applied.

You should then either manually power cycle the router – turn it off and unplug it for 20 seconds – or ideally use the reboot settings via the administration panel.

DrayTek Discovers Actively Exploited Zero Day Vulnerability

The Taiwanese broadband equipment manufacturer DrayTek has discovered some of its devices are at risk due to a zero-day vulnerability that is being actively exploited in the wild. More than 800,000 households and businesses are believed to be vulnerable although it is unknown how many of those devices have been attacked to date.

The affected devices are Vigor models 2120; 2133; 2760D; 2762; 2832; 2860; 2862; 2862B; 2912; 2925; 2926; 2952; 3200; 3220 and BX2000, 2830nv2; 2830; 2850; and 2920.

The vulnerability allows the routers to be compromised via a Cross-Site Request Forgery attack, one where a user is forced to execute actions on a web application in which they are currently authenticated. While data theft is possible with this type of attack, the attackers are using this attack to change configuration settings – namely DNS settings. By making that change, the attackers can perform man in the middle attacks, and redirect users from legitimate sites to fake sites where credentials can be stolen.

A firmware update has now been released to correct the vulnerability and all users of vulnerable DrayTek devices are being encouraged to check their DNS settings to make sure they have not been altered, ensure no additional users have been added to the device configuration, and apply the update as soon as possible.

When accessing the router, ensure no other browser windows are open. The only tab that should be open is the one used to access the router. Login, update the firmware and then logout of the router. Do not just close the window. Also ensure that you set a strong password and disable remote access if it is not already disabled.

Many small businesses purchase a router and forget about it unless something goes wrong and Internet access stops. Firmware updates are never installed, and little thought is given to upgrading to a new model. However, older models of router can be vulnerable to attack. These attacks highlight the need to keep abreast of firmware updates issued by your router manufacturer and apply them promptly.