Cybersecurity Advice

Our news section dedicated to cybersecurity advice is regularly updated with news about the latest online threats and most recently-discovered security vulnerabilities – and advice on how to deal with them.

MSPs will particularly find our cybersecurity advice security of value, as it addresses many of the online security issues that clients may have heard about and developed concerns about their own cybersecurity defenses.

MSPs can reassure clients that the risk of systems and networks being infected by an online threat – or security vulnerabilities in their software being exploited by a hacker – can be nullified with a web filtering solution from TitanHQ.

Advice on Cybersecurity Awareness Training for Staff

Cybersecurity awareness training for staff is a vital component of any cybersecurity strategy. Businesses should not totally rely on technical defenses to protect against cyberattacks, as sooner or later a threat will successfully bypass those defenses and reach an employee. Employees need to be made aware of cyber threats, be taught how to recognize them, and know what to do if they encounter a threat.

It is now common knowledge that cybercriminals use techniques such as phishing to steal login credentials, but surveys on cybersecurity awareness show that across a population, that knowledge is patchy and there are major gaps in understanding of cybersecurity. People generally understand that there are dangers on the Internet, and care must be taken, yet are unaware of what taking care means. Cybersecurity awareness training for staff is concerned with ensuring that all members of the workforce have a baseline level of understanding of cyber threats, are aware that they – as an individual – have a role to play in the overall security of their organization – and know how to work safely and securely.

Cybercriminals are constantly changing their tactics, techniques, and procedures to bypass technical controls such as secure email gateways and malware is constantly being tweaked to evade detection by antivirus solutions. Businesses are putting layered defenses in place to ensure that if there is a failure to detect a threat by any single security component, others will be in place to continue to provide protection. One of those layers of protection must be the workforce, as cybercriminals are actively targeting them and are looking for the errors they make as they provide an easy way to gain access to business networks.

A study by IBM indicates 95% of cybersecurity breaches are due to human error, and the 2022 Verizon Data Breach Investigations Report found 82% of data breaches involved the human element. Cybersecurity awareness training for staff will not prevent all errors and data breaches, but it will significantly reduce the number of security incidents that the IT team has to deal with.

Advice on Cybersecurity Awareness Training for Staff

The ultimate goal of cybersecurity awareness training for staff is to create a security culture, where everyone has the same views, values, and social behaviors that ensure the security of the entire organization. In practice, this means everyone is aware that malicious actors – internal and external – are trying to gain access to systems for financial gain or to achieve their political or personal objectives to the detriment of the organization or its workforce, and everyone behaves in a manner that makes it as hard as possible for those malicious actors to succeed. That is not something that will be achieved overnight, and it is not something that will be achieved if every employee is given a one-hour cybersecurity training session when they join the company. It requires a plan and an effective security awareness training program, and there are key components that will help an organization achieve that goal.

Cybersecurity is a shared responsibility

Everyone in the organization must understand that cybersecurity is a shared responsibility with everyone playing a role in the security of their organization, from the CEO down to the lowest level employee. Everyone should be provided with training to make them more security aware and cbersecurity training should start with the C-suite, as they will need to set an example for others to follow.

Make everyone aware of cyber threats and know how to identify them

Cyber threats take many forms. It is important for everyone to be made aware of those threats, and be taught how they can be identified and avoided. You will not turn everyone into a security Titan overnight, so start with training on the most common threats and build up knowledge over time. Tailor your training course to different departments, roles, and individuals and concentrate on improving understanding of good cyber hygiene practices before building up to more advanced knowledge.

Reward people that practice good cybersecurity

It is important to work towards a culture of compliance with security best practices, and that will be very difficult to achieve if you punish employees for security mistakes. Instead, you should reward people for good security. If there are punishments for poor security, what you are likely to do is create a culture of fear around cybersecurity. The result will be employees keeping quiet if they make a mistake and not reporting it as they fear punishment.

Provide continuous training and make it enjoyable

Cybercriminals are constantly developing new ways to attack businesses and their employees, so training needs to be updated regularly to account for the changes in tactics and be provided regularly to keep security fresh in the mind. Provide training during the onboarding process, and then continuously thereafter, with the program running 12 months a year, provided in small chunks. There is a limit to how much information can be absorbed in a training session. A little and often is by far the best approach.

Automate staff cybersecurity awareness training

Use a training platform that automates training for all employees. This will ensure that no employee misses an important lesson and it will make it easier to track progress and provide feedback on how well each individual is doing. If individuals are not performing well, they can be automatically provided with more training content than individuals who have a very good grasp of security.

Measure and test

You need to regularly check your employees’ knowledge of cybersecurity and cyber hygiene practices. If you do not measure and evaluate, you will have no idea if your training program is effective and if there are any security gaps. Conduct regular assessments through quizzes to identify possible gaps in knowledge and conduct phishing simulations to determine if employees are applying that knowledge. Any gaps in knowledge can then be addressed through further training.

The SafeTitan Security Awareness Training Platform

TitanHQ offers businesses a comprehensive cybersecurity awareness training platform for staff that covers all aspects of security and allows training to be automated. The platform incorporates an extensive range of training content, designed to appeal to all styles of learning. The training content is interactive, fun, and engaging, and split into modules to allow training to be tailored to different departments, roles, and individuals. The modules last no longer than 10 minutes to help ensure knowledge retention.

The platform can be configured to automatically generate training content in response to security mistakes and will deliver training relevant to that mistake in real-time, thus ensuring it is provided at the time when it will have the greatest impact. SafeTitan also includes a phishing simulation platform to test employees’ awareness of phishing attempts – the most common cyber threat encountered by employees.

For more information on security awareness training with SpamTitan, give the TitanHQ team a call today and take an important step toward building a security culture in your organization.

New .ZIP TLD Abused in File Archiver in the Browser Phishing Technique

A new file-archiver-in-the-browser phishing kit has been created that tricks victims into opening malicious zip files and downloading and installing malware on their devices.

The phishing kit takes advantage of the new .zip TLD domain that was released by Google this month along with 7 other new TLDs (.dad, .phd, .prof, .esq, .foo, .mov, and .nexus). According to Google, “.Zip is a secure domain for tying things together or moving really fast. Hosting content on a .zip domain means speed.” However, the new TLD is ripe for abuse and a phishing kit has already been created that takes advantage of this new TLD.

The problem with .zip domains is an attacker could easily create a new domain such as setup.zip or invoice.zip, for use in phishing and malware distribution. For instance, a domain could be registered that mimics a legitimate file archiver, such as WinZip or WinRAR, and emails sent with clickable .zip links. Setup.zip would seem like a normal setup archive for installing a program, and the domain could be used to download a setup.zip file containing malicious files.

This was recently demonstrated by a security researcher called Mr.d0x. He showed that a webpage on a registered .zip domain can be made to appear to be a regular WinRAR file using HTML/CSS. He also provided another example mimicking the Windows 11 File Explorer window. To make the scam more believable, the domain generates a fake antivirus popup that tells the user that the content of the .zip file has been scanned and found to contain no malware. Popups can also be generated on the site to make the scam even more realistic, as the popups do not show the address bar.

In this example, the webpage emulated a standard WinRAR file, which included two files – Invoice.pdf and installer.exe. The installer.exe file is naturally an executable file that will install the malware payload; however, the Invoice.pdf file is seemingly benign. This could be used to download an executable file, such as a file with a double extension – Invoice.pdf.exe. If the user has their device configured to hide known extensions, all they would see is invoice.pdf, and the file could easily be opened in the belief it is a harmless PDF file.

These new domains will certainly be used in phishing attacks, although there is an easy way to protect your business and that is to use a web filter such as WebTitan and simply block access to .zip domains. If a user attempts to visit such a domain, no connection will be made to the domain and instead, they will be directed to a local block page – No connection = no threat. If employees need access to specific .zip domains for business purposes, then those domains can be whitelisted through WebTitan to allow access.

You can install WebTitan on a free trial to see how easy it is to block access to specific TLDs, categories of websites that serve no business purpose, access to known malicious URLs, and risky file downloads, such as executable files that are commonly used to deliver malware (.exe, .js, .bat, .msi). Blocking these files can also help to control shadow IT – unauthorized software installations by employees that are unknown to the IT department.

For more information on WebTitan, contact the TitanHQ team today.

6 Tips to Help You Set Up an Effective Employee Security Awareness Training Program

Security awareness training will help to make employees aware of the importance of security and cybersecurity, teach security best practices, and train employees how to identify, avoid, and report threats that they encounter; however, to get the best return on investment and make significant improvements to your organization’s security posture, there are important things to consider. In this article, we provide some security awareness training tips to help you create and maintain a training program that will deliver the results you seek.

  1. There is no one-size-fits-all approach

Many businesses make the mistake of developing a security awareness training plan for the entire organization and provide all employees in the organization with the same training course. While this approach can help to ensure everyone has an understanding of basic security concepts, in practice it doesn’t work. The best approach is to have a modular training course that allows training courses to be tailored to different individuals, departments, and roles. The training required by the IT department will be different from the HR department, C-suite, sales staff, and front-line staff, as the threats they are likely to encounter will be different. Tailoring training to make it relevant will help to engage employees.

  1. Training needs to be an ongoing process

You can – and should – provide training as part of the onboarding process, and then provide periodic training thereafter to keep security fresh in the mind and keep employees up to date on the latest threats. While it was once acceptable to provide an annual training session, the speed at which the threat landscape is changing means that such an approach no longer works. Training needs to be provided continuously if you are to stand any chance of changing employee behavior and creating a security culture in your organization. Providing training each month – such as a couple of short 5-10 minute training modules – will help to keep employees up to date on the latest threats and keep security fresh in the mind until their next annual training session.

  1. Intervention training is the most effective

The best time to provide training is immediately after an error has been made, as that is the time when the training is likely to have the greatest effect. If an employee is tricked by a phishing email, training immediately will help them to learn where they went wrong so they do not make a similar mistake again. If you use the SafeTitan training platform, training is automatically provided in response to mistakes by employees specific to the mistake they made or the threat they failed to identify.

  1. Use a variety of training materials

People learn in different ways, and while some employees will learn best in a classroom setting, others will learn better through videos, online training, quizzes, posters, email alerts, and other methods. You should ensure that you include a variety of media in your training. This will help to improve engagement and get the message across to all employees.

  1. Conduct phishing simulation exercises

Training sessions – whether online or in group sessions – are great, and if quizzes are conducted at the end of the sessions, you can tell who has taken the training on board, but you will not know if the training is being applied. You should strongly consider conducting phishing simulations on the workforce to test whether training is having any effect and to identify any types of threats that employees are failing to correctly identify. Phishing simulations reinforce training, help organizations deliver targeted training where it is needed, and allow them to monitor the effectiveness of training over time. If you are not measuring how effective your training is, you will not know whether you are actually making a difference or just wasting time and money.

  1. Use a quality training platform

There is no need to develop training programs from scratch. Use a vendor that provides quality, engaging training content and regularly updates the training in response to emerging threats. The SafeTitan platform includes a wealth of engaging, gamified training content that is enjoyable and relevant and allows organizations to create and automate tailored training for each individual. SafeTitan will deliver targeted training in response to errors by employees and the platform includes a huge number of phishing templates for running phishing simulations. Organizations that adopt SafeTitan can reduce susceptibility to phishing threats by up to 80%.

Cyren Alternative for Email and Web Security

Are you looking for a Cyren alternative for email and web security? TitanHQ can offer solutions for both to ensure your business is fully protected from email and web-based threats. TitanHQ can also provide a comprehensive security awareness training platform to help you eradicate risky practices and teach employees how to identify the full range of cyber threats they are likely to encounter.

If you are a Cyren customer, you will no doubt be aware that the company is experiencing extreme financial difficulties, to the point where the company recently had to let 121 members of staff go. That represents a significant reduction in its workforce, but the problems do not end there. In a February 1, 2023 press release, Cyren announced that current market pressures and the challenges the company has faced with raising additional capital mean the company is facing collapse.

“In the absence of additional sources of liquidity, management anticipates that the Company’s existing cash and projected cash flows from operations will not be sufficient to meet the Company’s working capital needs in the near term,” explained Cyren in its press release. “In the event that the Company determines that its liquidity will not allow it to meet its obligations as they become due or that additional sources of liquidity will not be available, the Company may need to pursue options available under applicable insolvency laws, including winding up its operations.”

Cyren offers a range of cybersecurity services and solutions, including email security and web security. In response to the announcement, TitanHQ contacted Cyren to ask how its services are being affected, and received a response from the CISO, stating “The SDK will work for as long as the systems in the cloud will continue running. Unfortunately, we have no personnel left to watch after the systems, so it is hard to predict how long they will run for.”

The news has left many customers looking for a Cyren alternative for email and web security, as without the staff to man the controls, protection will suffer. Many Cyren customers have contacted TitanHQ seeking a Cyren alternative and have received assistance migrating their email and web security from Cyren to SpamTitan and WebTitan. Those customers have been offered both solutions free of charge for 30 days to give them time to TitanHQ’s Cyren alternatives.

The management at TitanHQ have decided to extend that offer to all customers looking for a Cyren alternative, which will allow them to ensure that for at least the next 30 days they will be able to stay fully protected against email and web-based threats while they make a decision. Further, the TitanHQ migration team will be on hand to provide support to allow Cyren customers to rapidly transition to SpamTitan and WebTitan.

At the end of the 30 days, TitanHQ would love to retain former Cyren customers and continue to provide email and web security, although this is a no obligation 30 day offer with no strings attached. TitanHQ’s infrastructure can be rapidly scaled up to provide the extra capacity with no impact on the service for current users, so there should be no issues. All TitanHQ asks is for Cyren customers to contact the migration team and explain their requirements and to agree to fair use of the products.

2022 Phishing Trends and the Outlook for 2023

Several new phishing trends were evident in 2022 as cybercriminals changed their tactics for stealing credentials and distributing malware. The same tried and tested techniques were used in many phishing campaigns, including delivery failure notifications, fictitious charges to accounts, security alerts about suspicious account activity, and requests for collaboration on documents, but there have been several phishing trends in 2022 that have been gaining momentum and are likely to continue in 2023.

Phishing Attacks Soared in 2022

Data from the Anti-Phishing Working Group (APWG) shows a massive rise in phishing attacks in 2022. Q2, 2022 saw more than 1 million phishing attacks reported, more than in any other quarter to date and more than four times as many attacks that were experienced in Q1, 2020. That record was then broken again in Q3 when 1,270,883 phishing attacks were reported. One survey of 1,400 organizations found 79% had experienced an increase in phishing attacks in the past 12 months, with 92% saying at least one business account had been compromised in a phishing attack. Phishing has also become much more diverse with a wide range of lures, tactics, and techniques used in attacks.

Increase in Social Media Phishing

There has been a notable increase in the use of social media networks in phishing attacks, with LinkedIn one of the most spooked platforms. LinkedIn phishing attacks increased by more than 200% in 2022. LinkedIn phishing attacks seek credentials to the platform, which can be used for a variety of nefarious purposes. Emails are sent that use HTML templates virtually identical to the emails that LinkedIn sends, including spoofed versions of connection requests, notifications about the number of searches an individual has appeared in, and headhunting notifications.

These emails use display name spoofing to make the recipient believe the emails have been sent from LinkedIn when they have actually been sent from webmail addresses. These emails direct users to a spoofed LinkedIn site and prompt users to disclose their credentials. The increase in attacks is not surprising due to the Great Resignation, with so many individuals relying on LinkedIn for finding new employment opportunities. According to Bulletproof, LinkedIn-related phishing emails were the most commonly clicked in 2022.

Recently, a campaign was detected that used Facebook posts with phishing links, with the link to the post included in phishing emails. This method was used to bypass email security solutions, which consider Facebook.com URLs to be benign. The links in the Facebook posts direct users through a series of redirects to a phishing page where credentials are stolen. Social media posts are also used to phish for personal information that can then be used to craft convincing spear phishing emails.

Callback and Hybrid Phishing Attacks Increase

One phishing trend observed in 2022 was an increase in hybrid phishing, where more than one vector is used in the attack. This is typified by callback phishing, where a benign email is sent that contains a phone number to call to resolve an urgent issue. This method of phishing allows cyber actors to bypass email security solutions. In these attacks the phishing takes place over the telephone, with the initial contact made via email. Agari reports a 625% increase in hybrid phishing attacks, with one in four phishing attempts in the summer of 2022 involving hybrid phishing. One of the most common hybrid phishing scams notifies users about a pending charge to an account that requires a call to cancel.

Phishing Used for Delivering Ransomware

Phishing is used to gain initial access to business networks, often installing a malware dropper that is used to deliver the ransomware payload. Botnets such as Emotet are extensively used by ransomware gangs, who pay for the access that the botnets provide, with the QakBot operators similarly working with ransomware gangs. Both of these malware droppers are delivered via phishing emails. It is difficult to obtain accurate statistics on the extent to which ransomware attacks are enabled by phishing, with estimates suggesting at least half of ransomware attacks start with a phishing email, and some suggesting as many as 90% of attacks have their roots in phishing.

Phishing Attacks That Bypass Multifactor Authentication

One worrying phishing trend in 2022 was the increase in phishing attacks that bypass multifactor authentication. Phishing often has the aim of stealing credentials, but if multifactor authentication is enabled, those credentials will not grant access to accounts. With more businesses adopting MFA it has become harder for phishing attacks to succeed.

Several phishing kits are now being used that allow multi-factor authentication to be bypassed by intercepting MFA codes or stealing session cookies, in what is referred to as an attacker-in-the-middle attack.  The solution is to implement phishing-resistant MFA and this is likely to be increasingly important in 2023 as more phishing campaigns are conducted that bypass weaker forms of MFA.

Work From Home Employees Increasingly Targeted

The pandemic forced many employees to work from home but as restrictions eased, many businesses continued to allow employees to work from home for at least some of the working week. During the pandemic, phishing attacks on at-home workers increased and they continue to be conducted in high numbers. One of the reasons why these attacks are conducted is because they have a higher success rate, as many businesses still lack the security infrastructure to effectively block these threats compared to when employees were office based. Further, there can be more distractions in the home, which means employees are more likely to make mistakes.

Speak with TitanHQ about Improving your Phishing Defenses

TitanHQ understands that in order to combat increasingly sophisticated phishing attacks, businesses need to implement layered defenses. TitanHQ has developed several cybersecurity solutions that tackle the threat of phishing from different angles and combined allow businesses to mount a highly effective defense against attacks. To find out more about how these solutions can work for your business, give the TitanHQ team a call today.

Beware of Malicious Adverts in Search Engine Listings

Phishing is one of the main ways that malicious actors distribute and install malware. Phishing emails are sent to users with attachments containing malicious code or hyperlinks are included in the emails that direct users to a website where malware is downloaded. Businesses should ensure they implement layered defenses to combat phishing, which should include an advanced spam filter such as SpamTitan, multifactor authentication for email accounts, security awareness training for employees to teach them how to recognize and avoid phishing emails, and a web filter for blocking access to the malicious websites where the malware is hosted.

A web filter also provides protection against another common attack vector – The use of search engine advertisements for driving traffic to malicious websites. This attack vector is commonly referred to as malvertising, and it is currently being used by threat actors to distribute ransomware and for stealing login credentials for cryptocurrency exchanges and financial accounts. The Federal Bureau of Investigation (FBI) has recently issued a warning about the use of malicious search engine advertisements due to the increase in the use of this attack vector this year.

One of the main problems for threat actors looking to drive traffic to their websites through search engines is getting their websites to rank sufficiently high in the search engine listings to attract enough visitors. Using search engine advertisements gets around this problem. Threat actors pay for search engine advertisements that appear at the top of the search results for specific search terms. The adverts they use mimic legitimate businesses and offer services related to a specific search term, with the adverts containing a link to the threat actor’s website. These adverts are difficult to distinguish from the actual search results.

The web pages linked in the adverts impersonate businesses and often host phishing kits for harvesting credentials. Financial institutions are impersonated to obtain credentials to access online accounts; however, most commonly, these phishing scams impersonate cryptocurrency exchange platforms. Malicious adverts are also used to direct traffic to websites hosting malware. The adverts used to deliver malware usually offer downloads of business software. The advertised software looks legitimate, and in some cases, a legitimate program will be installed, but malware is also bundled with the installer that gives the attacker access to the user’s device. Since the user gets the software they are looking for, they are unaware that their device has been compromised. One recently identified campaign impersonated the GIMP image editor and was used to deliver the Vidar information stealer. Other campaigns have been used to distribute ransomware, often via another malware variant with dropper capabilities.

A web filter – such as WebTitan – helps businesses to protect against these malicious adverts by providing time-of-click protection. When a user clicks a link in a search engine advert, the URL is checked against a constantly updated blacklist of malicious URLs. If the URL is known to be malicious, the attempt to connect to the URL will be blocked and the user will instead be directed to a local block page. If the URL is not in the blacklist and has not previously been assessed, it will be assessed in real-time. Businesses can also use a web filter to block access to certain categories of websites, such as those offering software, and the web filter can be configured to block downloads of certain file types such as executable files. This also helps businesses to block shadow IT – Software downloaded by employees that has not been authorized by the IT department.

Malicious adverts should be covered in security awareness training. Users should be told about the dangers of clicking adverts and instructed to carefully check URLs for any typos or transposed letters before clicking. It is important to stress that the URL listed in the advert may appear to be a legitimate URL, with the threat actor using redirects to send a user to their malicious URL. Employees should therefore be encouraged never to click adverts in search engines, and to instead either type the website of the company they are looking for in the address bar of their browser or find the legitimate website of that company in the organic search engine listings. Businesses should also consider using an ad-blocker to prevent advertisements from being displayed.

5 Reasons Why Security Awareness Training is Important

In this article, we provide 5 reasons why security awareness training is important. If you run a business and do not provide security awareness training to your workforce, you are taking a big risk.

Data breaches are being reported with increasing frequency and with people leading more and more digital lives, there is a lot more data to steal. The Have I Been Pwned service includes a database of usernames and passwords that have been exposed in data breaches. The database now includes 12 million credentials showing just how common data breaches have become. Data breaches are also becoming costlier to resolve. The IBM Security 2022 Cost of a Data Breach report indicates the average cost of a data breach is now $4.35 million, a 2.6% increase from the previous year.

So how can security awareness training help a business and why is it so important?

1.   Helps to Prevent Data Breaches

Businesses store sensitive data, whether that is customer data, financial information, contact lists, or proprietary company information. That information is valuable to cybercriminals as business and customer data can be easily monetized and sold on the dark web. Cybercriminals actively target businesses for the data they hold and misuse or sell that information, or encrypt it to prevent the business from operating, requiring a ransom payment to get the information back.  You can implement technical defenses to repel these attacks, but technical defenses are not 100% effective, and attacks often target humans – malicious emails, websites, phone calls, and text messages. Security awareness training is a vital component of any security strategy. All members of the workforce need to be trained on how to recognize and avoid threats. Security awareness training reduces susceptibility to cyber threats and helps to prevent data breaches.

2.   Avoid Regulatory Fines and Litigation

Companies of all sizes are required to comply with regulations at the local, state/regional, and Federal level that have data retention and privacy and security requirements. For instance, there is the General Data Protection Regulation in the EU that requires data protection by design and default, and industry regulations such as FISMA (financial services) and HIPAA (healthcare) that have security awareness training requirements. The failure to provide security awareness training can result in significant financial penalties, and if tax records are lost in a ransomware attack, companies can still be fined for not producing those records. By preventing cyberattacks and data breaches through end user training, companies will also reduce the risk of litigation. Lawsuits are now commonly filed after data breaches.

3.   Improve Productivity and Save Money

Security awareness training comes at a cost. You will need to devise your own training course, pay for a third-party trainer, or most commonly, invest in a third-party security awareness training platform. For every hour of training provided to an employee, that is an hour of lost productivity. These costs should be seen as an investment that will give you a return. The money spent on training and the time devoted to it will be recouped in terms of productivity gains by preventing ransomware attacks and data breaches. The cost of remediating cyberattacks and data breaches is far higher than the cost of security awareness training to prevent them.

4.   Improve Employee Well-being and Job Satisfaction

Security awareness training is concerned with improving cybersecurity defenses, but it is an investment in people. Businesses that provide security awareness training are teaching their employees to be more security aware at work, but this is a transferrable skill and one that is not just valuable for employees for future work positions but also in their personal lives.  Train employees to be more security aware and they can apply those lessons at home and avoid personal data breaches and financial losses, which helps to reduce stress and improve mental, emotional, and physical health.

5.   Helps to Protect Your Company’s Reputation

One of the most damaging effects of a cyberattack or data breach is the impact on your company’s reputation. Surveys suggest that following a cyberattack that exposes sensitive customer information, two-thirds of customers would take their business elsewhere and would never return. The amount of time, money, and effort that goes into building a business can be lost overnight. Many businesses will be able to weather a cyberattack and take the financial hit, but the reputational damage can take many years to recover. The reputational damage is one of the main reasons why 60% of small businesses cease trading within 6 months of a data breach.

SafeTitan from TitanHQ

TitanHQ offers businesses a comprehensive security awareness training solution for businesses called SafeTitan. The platform includes an extensive library of training content, divided into short (max 10-minute) computer-based training modules that are easy to fit into busy workflows. The training content is fun, gamified, and engaging, and helps to build a security culture and eradicate risky practices. The platform also includes a phishing simulator for testing whether employees can recognize phishing attempts – the most common way that cybercriminals attack businesses. Phishing simulation data shows susceptibility to phishing attacks can be reduced by up to 80% with SafeTitan.

If you have yet to provide security awareness training to your workforce, you will be missing out on all the above benefits. So why not make a start today, starting with a free trial of SafeTitan?

7 Tips for Improving the Effectiveness of Security Awareness Training

Businesses can significantly improve their security posture by investing in people and providing security awareness training. Many cyberattacks target employees, as they can be tricked into disclosing sensitive information or installing malware. Through training, you can eliminate risky security practices that open the door to hackers and can show employees how to recognize cyber threats and how they should respond when such a threat is identified.

Providing a once-a-year training session covering all aspects of security will help to improve security awareness, but this is not the most effective approach, and it is unlikely to allow an organization to achieve the ultimate goal of security awareness training – to develop a security culture throughout the organization. To help you get the best possible return on your investment in security awareness training, consider these 7 approaches.

1.   Ensure Your Communicate That Everyone Has a Responsibility When it Comes to Cybersecurity

It is a commonly held view that cybersecurity is the sole responsibility of the IT department. The IT department should implement safeguards and technology to block and identify threats, but everyone has a role to play in the cybersecurity of the organization, including the CEO, CISO, managers, and workers. Cybersecurity is a collective responsibility, and this should be clearly communicated.

2.   Security Awareness Training is an Ongoing Process

If you provide a once-a-year training session that covers all aspects of security, this is likely to improve awareness of the basic lessons of security – Don’t click on links or open attachments in unsolicited emails, log off when you leave your computer, don’t plug in a USB drive you find in the street, make sure you set a strong, unique password for all accounts, and so forth. However, you cannot expect employees to be aware of the latest threats and tactics that are being used by malicious actors with this approach. Security awareness training needs to be an ongoing process. A once-a-year training session is great as a refresher on security best practices, but you should be continuously providing training on the latest threats in short training sessions each month. A couple of 10-minute training modules every month will help to keep security fresh in the mind and keep employees abreast of the latest tactics that are likely to be used by malicious actors against them and the organization.

3.   Conduct Phishing Simulations

Phishing simulations are a great way to reinforce training and give employees practice at identifying phishing threats in a safe environment. Conduct phishing simulations of varying difficulty on the entire workforce, and if individuals fail, this can be turned into a training opportunity. They can be told where they went wrong, and how they could have identified the threat so that the next time such a threat is encountered, they will be more likely to recognize it as such and avoid it. Phishing simulations allow businesses to take proactive, targeted action to improve security awareness where it is needed and strengthen the weak links before they are found and exploited by malicious actors.

4.   Reward Don’t Punish

You are likely to achieve much greater success if your security awareness training program recognizes and rewards individuals who do well, rather than punishes those that get things wrong. If you punish employees for getting things wrong, that is likely to result in a culture of fear, which can lead to a bad working environment where mistakes are actually more likely to be made. Focus on rewarding or recognizing the individuals that get things right and always look for opportunities to celebrate success. If employees fail phishing simulations or make mistakes, make sure you communicate that this simply means there is a need for further training.

5.   Make Security Awareness Training Fun and Engaging

Many people will find cybersecurity training dull and boring. Rather than provide lengthy training sessions and give out long boring printouts, use a computer-based training course that has fun, engaging, and gamified content. Use a variety of training tools including videos, demonstrations, quizzes, and other interactive methods to engage employees. Make training fun and enjoyable, and the message is more likely to be taken on board.

6.   Tailor the Training Course for Individuals

Everyone learns in their own way and at different speeds, so a one-size-fits-all approach is unlikely to give you the best return on your investment. The training course should be tailored for individuals. If the course is too basic for people with a high degree of knowledge, they will get bored. If it is too technical for individuals who have a poor understanding of cybersecurity, they will get confused. Tailor the training course to get the best ROI. For that, you will need a modular training course that supports this flexibility.

7.   Constantly Update Your Training Course

The threat landscape is constantly changing, and tactics, techniques, and procedures of cybercriminals evolve, so your training course should too. Keep abreast of the changing threat landscape and ensure your training course is updated accordingly, and that you include the latest phishing tactics in your phishing simulations. Choose a vendor that constantly updates its training content and this will be simple.

SafeTitan from TitanHQ

TitanHQ provides a comprehensive security awareness training platform for SMBs, enterprises, and managed service providers called SafeTitan. The platform includes an extensive library of training content on all aspects of security, with the courses divided into short computer-based training modules of no more than 10 minutes, which makes them easy to fit into busy workflows.

The training content is fun, gamified, and engaging, and is proven to help eradicate risky security practices and reduce susceptibility to phishing attempts. The platform is flexible, allowing customized training content to be provided that is tailored to individuals’ roles and the threats they are likely to encounter, and the platform and training courses can be easily customized to meet the needs of businesses of all sizes.

The platform includes a phishing simulator for testing whether employees can recognize phishing attempts – the most common way that cybercriminals attack businesses. Phishing simulation data shows susceptibility to phishing attacks can be reduced by up to 80% with SafeTitan.

If you have yet to provide security awareness training to your workforce and are not conducting phishing simulations, the ideal time to start is now. Contact TitanHQ today for more information or sign up for a free trial of the solution and put it to the test before deciding on a purchase.

MSP Security Awareness Training Platform

Businesses look to their managed service providers to protect them from cyber threats such as phishing, and while many are able to deliver advanced spam filters and web filters, MSPs should also provide another layer of protection: one that addresses the human element of these attacks.

Phishing attacks target employees, and while it is important to implement technical measures to block those messages, it is not possible to prevent every phishing message from reaching inboxes. Given the volume of phishing messages now being sent, and the constantly changing tactics, techniques, and procedures of cyber threat actors, it is inevitable that some messages will land in inboxes. The bottom line is employees need to be trained how to recognize phishing attempts – they are the last line of defense.

One of the greatest benefits to come from security awareness training is getting employees to stop and think, and not blindly believe that every email or SMS message is genuine because it appears to be from an official source and provides a reasonable reason for taking a certain action. Training employees to be curious and to question is a vital part of developing a security culture.

Data from customers of TitanHQ who have started using the SafeTitan security awareness training and phishing simulation platform show clear benefits of the training. Over time, susceptibility to phishing attempts reduces as evidenced by the number of individuals who fall for simulated phishing emails. This has also been confirmed by MSPs that have started providing security awareness training and phishing simulations to their clients.

It is important, however, for MSPs to carefully consider the training platform they use. Providing training is one thing. Getting end users to engage with it and take it seriously is another. The training content needs to be informative, but it must also be enjoyable. Gamification is a key element to keep users engaged and quizzes are great for confirming the lessons have been understood. The training content also needs to be delivered in easily assimilated chunks. Training modules of no more than 10 minutes are best, as this is ideal for ensuring maximum knowledge retention and fitting the training into workflows.

Phishing simulations are an important part of the training process, not just for identifying individuals who require further training, but also for identifying the specific types of phishing emails that are working and are fooling employees. Training can then be tailored to address those security gaps. Phishing simulations need to be realistic, and since these emails will be sent over a long period of time, there needs to be considerable variation. Many different templates are needed to test different phishing tactics and the training platform needs to have constantly updated phishing templates, as real-world attacks are rapidly evolving too.

Phishing simulation failures need to trigger on-the-spot training. The training needs to be automated, so it will be delivered instantly when it is likely to have the most effect. The platform should also notify end users when they successfully reported a simulated phishing email or correctly identified a phishing attempt, to encourage them and praise them for being attentive.

Ultimately, security awareness training is vital for all businesses and a critical component of any cybersecurity strategy. MSPs that can offer this service to their customers can gain a significant competitive advantage, help their customers better defend against attacks, reduce the support time by preventing successful attacks, and ultimately save their clients money. However, there are important features of training products that MSPs need to look out for.

They need a solution that has the maximum impact for the minimum effort, as MSPs have a great deal of work to perform for many customers. The solution must be able to be used efficiently and allow much of the setup and training to be automated, and for reports to be automated and scheduled to send to clients to show them how effective the training is.

TitanHQ has developed the SafeTitan platform to meet the needs of MSPs, with recent updates making it even easier for MSPs to provide this service. These include direct injection of emails to inboxes to make sure they are not filtered out by email security solutions, easy segmentation of customers into groups to allow bulk configuration and changes to campaigns, and – as is the case with all TitanHQ solutions – making sure there is an excellent user experience, which means easy administration and low maintenance.

Security awareness training is a big opportunity for MSPs and can greatly improve the security posture of their clients. Talk to TitanHQ today about getting started and to find out how easy it is to add this important layer of protection to your service stack.

Vishing and Smishing Attacks are Increasing: Are Your Employees Able to Identify These Scams?

Email may be the most common vector used in phishing attacks, but there has been a marked rise in other forms of phishing in 2022, such as voice phishing (vishing) and SMS phishing (smishing).

Vishing

Voice phishing or vishing attacks are conducted over the telephone and use similar social engineering techniques to email phishing. The scammer impersonates a trusted individual or company and uses either a threat or a potential reward to trick the victim into disclosing sensitive information, downloading a malicious file, or opening a remote desktop session with the scammer. These scams often involve caller ID spoofing to make it appear that the call is being made from a legitimate number, such as a hospital, business, or government department.

Oftentimes, the scammer has information about the victim to make it seem like an official call or that there has been previous contact. This information is obtained from past data breaches or can be collected from public sources such as social media profiles. Vishing is commonly used in tech support scams, where an unsolicited call is made by the threat actor who claims to work at a cybersecurity company or a broadband provider and requires the victim to pay to have a fictitious malware infection resolved or must download fake software to resolve the issue.

Vishing attacks are conducted impersonating the IRS advising the victim that they have a rebate, or outstanding tax, or threatening legal action, with the scams conducted to obtain sensitive information. Banks are often impersonated with the victim convinced to confirm their identity by disclosing their bank details or credit card number. The caller is usually coercive and the issue at hand requires urgent action to correct.

Several campaigns have been conducted on healthcare targets in the US. In one campaign, senior executives at a hospital were targeted, with the caller claiming to be a representative of Medicare. The caller requested a Social Security number for verification of identity. Patients of Spectrum Health and Priority Health were targeted, with the scammers spoofing the caller ID to make the calls appear to have been made using the genuine hospital phone number, with victims pressured into providing sensitive personal and health information to the scammers.

Smishing

A smishing attack is a phishing attack conducted via SMS messages. These attacks are becoming increasingly common and are used to obtain sensitive information such as credit card numbers or login credentials. These attacks often trick the recipient into downloading malicious code to their mobile devices. These attacks take advantage of the relative unfamiliarity of this form of phishing and the small screen size of mobile phones, which do not display the full URL of a website, which makes it easier for scammers to hide their malicious URLs. Mobile phones are also much less likely to have antivirus software installed than desktop computers and laptops, which makes it easier for malicious code to be downloaded undetected.

Smishing attacks often involve messages purporting to be from a bank that requests financial information, or for banking Trojans to be distributed that spoof the login page of a financial institution to steal banking credentials.  The IRS has recently issued a warning about an exponential rise in smishing attacks impersonating the IRS in 2022. These scams use a variety of lures such as warnings about unpaid tax bills, law enforcement action, and tax rebates. The IRS warned that smishing attacks are being conducted on an industrial scale, with hundreds of thousands of smishing messages delivered in hours or a few days.

How to Defend Against Vishing and Smishing Attacks

The problem for businesses is few cybersecurity solutions can identify and block vishing and smishing attacks. The key to defending against these attacks is education. Businesses should be providing security awareness training to the workforce to teach cybersecurity best practices and to raise awareness of cyber threats. Email phishing is usually extensively covered in training courses, but it is also important to ensure vishing and smishing attacks are covered.

This is an area where TitanHQ can help. TitanHQ offers businesses the SafeTitan security awareness training platform – a comprehensive security awareness training platform with gamified, interactive, and enjoyable security awareness training content covering all aspects of security, including phishing, vishing, smishing, and other social engineering methods. The training modules are short, allowing them to be easily fitted into busy workflows, and the training content has been proven to reduce susceptibility to all forms of phishing attacks.  SafeTitan also includes a phishing simulation platform to allow businesses to test the effectiveness of their training.

For more information on how you can improve your human defenses against phishing and other cyberattacks, contact the TitanHQ team today.

TitanHQ Recognized with 5 Fall 2022 Expert Insights ‘Best-Of’ Awards

TitanHQ is proud to announce that the company has been recognized in the Fall 2022 Expert Insights ‘Best-Of’ awards, and collected five awards for email security, email archiving, web security, phishing simulation, and security awareness training.

The Expert Insights ‘Best-Of’ awards recognize the leading cybersecurity solutions that businesses are using to keep their networks and sensitive data secure. Selecting the best software solutions to use can be a challenge for businesses. Expert Insights makes that process easier by providing objective and honest reviews and advice, producing buyers’ guides, and other valuable information to help businesses choose the best software solutions to meet their needs. Each month, more than 85,000 businesses use the Expert Insights website, with the site having more than 1 million visitors a year.

The Fall 2022 Best-Of awards were split into 41 categories. The Expert Insights editorial team researched to identify the best cybersecurity solutions on the market for inclusion in each category, which contain up to 11 software solutions. Those solutions are selected based on several criteria, such as the feature set of the products, their ease of use, market presence of the company, and how genuine business users of the solutions rate the products. There naturally needs to be a winner in each category, but simply being included in the list confirms the quality of a product.

TitanHQ collected 5 Best-Of awards in the following categories:

  • Best-Of Email Security – SpamTitan
  • Best-Of Security Awareness Training – SafeTitan
  • Best-Of Phishing Simulation – SafeTitan
  • Best-Of Web Security – WebTitan
  • Best-Of Email Archiving – ArcTitan

In addition, SpamTitan was rated as the top email security solution in the category and ArcTitan was rated top in the email archiving category. Vendors ESET and CrowdStrike also performed exceptionally well and picked up multiple awards.

“We are honored that TitanHQ was named as a Fall 2022 winner of Expert Insights Best-Of award for phishing simulation, email security, security awareness training, web security and email archiving” said TitanHQ CEO, Ronan Kavanagh.  “Our cloud-based platform allows partners and MSPs to take advantage of TitanHQ’s proven technology so they can sell, implement and deliver our advanced network security solutions directly to their client base”.

Increase in Vishing Attacks on Businesses Highlights Need for Human Defenses

Email is the most common way that cybercriminals reach employees, but there has been a major increase in vishing attacks on businesses in 2022, with Agari reporting a 625% increase from Q1 to Q2, 2022. Ransomware gangs are mostly gaining access to business networks through email phishing, but groups that have broken away from the Conti ransomware operation have readopted the hybrid phishing techniques attacks that were used by the group’s predecessor, Ryuk. Contact is made with targeted individuals via email and vishing used to get those individuals to provide the attackers with account and network access.

You may already be familiar with vishing, or voice phishing as it is otherwise known. It is the use of social engineering techniques over the telephone to manipulate people into revealing sensitive information such as login credentials or tricking them into opening a remote-control session on their computer or installing malware that gives the attacker remote access to a device.

Many vishing attacks are speculative – An attacker obtains phone numbers and impersonates a broadband provider or other trusted entity, in a tech support scam where the target is tricked into thinking they have a malware infection or other issue that needs to be urgently dealt with. The ransomware gangs are conducting callback phishing attacks, where initial contact is made via email and the user is told to call the provided number to avoid a charge to their account – a subscription that is about to renew or a free trial that will end.

As with email phishing, many reasons are given by scammers as to why action needs to be taken. Steps are also taken to make these scams more realistic, such as spoofing caller IDs to make it appear that a local area number is being used or even that the call is made from a trusted number. The latter occurred in a vishing campaign on the Michigan healthcare provider, Spectrum Health, where the calls appeared to have been made using a Spectrum Health phone number.

These types of scams can be highly effective against businesses. Most businesses have implemented email security solutions that can detect and block phishing emails, but email security solutions will not block vishing attacks. The voice network is largely unprotected.

Voice traffic filters can be used to filter out calls from numbers that are known to be used for scams. In the United Kingdom, the phone carrier EE says it uses AI-based technology to block scam phone calls and has blocked 11 million such calls since implementing the technology, but scammers can simply change the numbers they use. The main defense against these scams is security awareness training.

Employees may be aware that phishing threats will land in their inboxes, but they may not be aware that phishing can take place over the phone. Awareness of these scams should be improved through security awareness training and employees should be taught about the signs of a vishing attack to allow them to identify and avoid these scams.

TitanHQ can help in this regard. TitanHQ offers a comprehensive security awareness training platform – SafeTitan – for educating the workforce on the full range of cyber threats, including email phishing, vishing, and smishing attacks. The training content is gamified and engaging and has been proven to reduce the susceptibility of employees to shams such as phishing and vishing.

For more information on improving your human cybersecurity defenses, give the TitanHQ team a call.

Why You Should Protect Browsers Against Malvertising

It is important for businesses to take steps to improve web security and block the web-based component of phishing attacks and drive-by malware downloads, and one of most important steps to take is to protect browsers against malvertising.

What is Malvertising

Malvertising is the term given to the use of malicious online adverts for downloading malware or directing website traffic to attacker-controlled websites for phishing or other scams. Malicious adverts may be placed on compromised websites, but commonly they are added to legitimate ad networks, which website operators use for improving engagement and generating additional revenue. Third-party advertising blocks are used on many high-traffic websites, and if malicious adverts are added, they can be displayed on large numbers of high-traffic websites to huge volumes of website visitors. Since the adverts may be displayed on trusted websites, that trust is then transferred to the adverts. Website visitors may click the adverts and be directed to a malicious website. Worse, it is possible to embed malicious code into the adverts themselves, so it is not always necessary to click the advert to have malware downloaded.

Malvertising is a significant attack vector and is often used for malware distribution. The attacks can bypass in-built browser security features that protect against website redirects and pop-up adverts. It is also possible for attackers to create malvertising campaigns that are targeted at specific users, and only serve adverts to those users.

How to Defend Against Malvertising

Since people interact with the Internet using a web browser, web browsers should be secured to protect against malvertising. The malicious code in adverts can probe for and exploit vulnerabilities in web browsers. Those vulnerabilities may exist due to the use of an outdated web browser such as Internet Explorer, or a web browser that has not been updated to the latest version. Web browsers may have unsecure configurations that can be exploited, or users could be redirected to a malicious website or web application. Attackers also use malvertising to exploit human weaknesses, such as unsecure browsing habits or untrained or poorly trained users.

The threat from malvertising cannot be totally eliminated, but steps can be taken to reduce risk. Many of the protective measures are low-cost and can be implemented easily. The four main methods for protecting against malvertising, as recommended by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) are:

  1. Standardize and secure web browsers
  2. Deploy ad blocking software
  3. Implement protective domain name system technologies
  4. Isolate web browsers from operating systems

Standardize and secure web browsers

Limit the browsers, versions, and configurations that are used by your organization – The greater the variety, the higher the probability that vulnerabilities will exist that can be exploited. By restricting browsers, versions, and configurations, you will have a more consistent and easily managed network portfolio. You must then ensure that the browsers are kept up to date and new versions are installed as soon as possible after a version has been released.

Deploy ad blocking software

Ad-blocking software can prevent malicious adverts from being displayed. Ad blockers will remove adverts or prevent them from being displayed, often via a web browser extension. In theory, ad blockers are a great choice for defending against malvertising, but this option should be treated with caution as ad blockers have their own security concerns. Ad blockers may operate with high levels of privileges and may therefore access all data traffic between the user workstation and the network, which means they may be able to perform malicious actions with high levels of privileges. Malicious ad blockers have been detected, and some browser extensions accept payments from advertisers to ensure that paid for ads are allowlisted and are not blocked.

Isolate web browsers from operating systems

Browser isolation is an architectural decision that is used by many large organizations to defend against web-based threats, although the design, implementation, and maintenance of Internet browser isolation can be complex and may be beyond the capabilities of some small- and medium-sized businesses. Browser isolation involves creating a logical barrier between the web browser and other systems and operates on a zero-trust principle, assuming that all web traffic is untrustworthy and potentially malicious. Browser isolation is often achieved locally using a sandbox or virtual machine on the user’s computer.

Implement protective domain name system technologies

One of the best steps to take is to use protective domain name system (DNS) technologies such as WebTitan. WebTitan is a DNS-based web filtering solution for blocking access to malicious websites. When a malvertising attempts to redirect a user to a malicious domain, that redirect is blocked, and the user is directed to a locally hosted block page and is advised that the web resource cannot be accessed as a threat was detected. WebTitan can also be configured to block access to risky categories of websites and will block drive-by malware downloads.

WebTitan incorporates threat intelligence feeds and collects data from over 500 million endpoints worldwide to ensure that threats are rapidly blocked for all users when new threats are detected. According to CISA, 91% of malware uses DNS for cyberattacks. WebTitan can block malware command-and-control server communications.

Advice from the U.S. Cybersecurity and Infrastructure Security Agency

In 2021, CISA issued a Capacity Enhancement Guide for all federal agencies calling for them to take steps to secure browsers and defend against malvertising. This year, CISA has recommended all businesses and non-profit organizations follow the guidance and take steps to protect their browsers against malvertising.

Should You Punish Employees for Failing Phishing Simulations?

Many organizations punish employees who make cybersecurity mistakes and fail phishing simulations but punishing employees for failing phishing simulations is often not effective and can have unintended negative consequences.

Actions taken by companies when employees fail phishing simulations

Studies suggest that around 40% of companies punish employees for failing phishing simulations and for making other security mistakes. The actions taken can range in severity from naming and shaming employees, removing access privileges, losing other privileges and benefits, locking computers or blocking email until training has been completed, and disciplinary action, such as verbal and written warnings, and termination.

There naturally needs to be consequences if employees fail phishing simulations or make security mistakes, as if there are none, there will be no incentive for change. However, there are risks with using the stick rather than the carrot. Punishing employees for non-malicious security failures and failed phishing simulations often does not work.

Do you really want to create a culture of fear?

If you want to create a security culture in your organization you need to motivate your employees to become security titans, and that is unlikely to happen if the motivation comes from the threat of being fired if a mistake is made. Employees can become stressed and anxious if they are scared of severe punishments for security failures, especially if they have already failed a phishing simulation. That is unlikely to be beneficial for the company and could lead to the creation of a hostile work environment and loss of productivity. It could also serve to demonize the security team which is never a good thing.

If employees are scared about making mistakes, they may not report them when they happen

When employees make a mistake, such as clicking a link in a real phishing email or installing malware, and recognize the mistake, it is essential that they report it. Prompt action by the security team can be the difference between neutralizing the threat before any harm is caused and suffering an incredibly costly ransomware attack or data breach. If employees are worried about losing their jobs for making a mistake or suffering other serious consequences, they may avoid reporting the error.

Businesses need to be careful with punishing employees for non-malicious actions or security failures and should ensure that they make it clear to employees that the failure to report a known security mistake is a serious issue that could result in termination and will have far more serious consequences than the actual error.

Security awareness training should not be viewed as a punishment

If employees make security mistakes or fail phishing simulations it can be due to many reasons. The training provided has clearly not been effective has not been effective with certain employees and this could be due to the training material or the different needs of employees – It may not be a case of employees not paying attention or sloppy working practices.

When security mistakes are made or phishing simulations are failed, there is clearly a need for further training, but it is important that security awareness training is not seen as a punishment. It should be a positive experience and be explained that it is part of an ongoing educational process.

Consider real-time security awareness training

You should be providing security awareness training during the onboarding process, and annual training sessions are important, but if you want to create a security culture you need to go further. Cybersecurity newsletters, reminders, and additional training can be useful if they are not provided too regularly. Daily emails will be ignored, whereas monthly, bimonthly, or quarterly updates are more likely to be read and assimilated.

One of the best approaches to training is to provide basic training to everyone and then to provide behavior-driven, real-time security awareness training. When an employee makes a mistake, falls for a phishing simulation, or is discovered to have engaged in a risky behavior, an alert can be triggered and immediate training can be provided. This is bite-sized training that is relevant and specific to an action that was taken, that explains how the mistake was made, why it is a problem, and how it could have been avoided. Mistakes serve as educational triggers and can be turned into teachable moments and training provided in this way is likely to be much more effective than making an employee go through the same standard training program again.

The SafeTitan security awareness and phishing simulation platform

SafeTitan is the only behavior-driven security awareness platform that delivers training in real-time, allowing businesses to mitigate the growing problem of social engineering and advanced phishing attacks. The platform includes an extensive library of training courses, videos, and quizzes that businesses can use for greater general and custom training campaigns, and provides gamified, interactive, and enjoyable security awareness training sessions with short and efficient testing.

Training can be automatically generated in response to specific employee behaviors to ensure errors and risky behaviors are immediately tackled. The platform also includes fully automated simulated phishing attacks, using regularly updated phishing templates to match current attack trends. The training and simulations have been shown to reduce susceptibility to phishing by up to 92%. Users also benefit from enterprise-level reporting in an easily digestible format that demonstrates the ROI.

Contact TitanHQ today for more information and to sign up for a free trial of SafeTitan.

Fake Windows Installers Used to Distribute Information Stealing Malware

In October 2021, Microsoft launched its latest operating system – Windows 11 – and cybercriminals were quick to take advantage, offering free Windows 11 upgrades as a lure to trick people into installing malware.

Windows 11 has not been a roaring success so far. According to data from the IT asset management solution provider Lansweeper, on April 4, 2022, only 1.44% of corporate and personal devices had Windows 11 installed, which is less than the number that have Windows XP installed, for which support stopped being provided in 2014.

One of the main issues with Windows 11 is the stringent hardware compatibility requirements. One of the requirements for a Windows 11 upgrade is for devices to support Trusted Platform Module (TPM) version 2.0, which means any devices over 4 years old will not be able to have Windows 11 installed unless the hardware is upgraded.

Microsoft offers a tool on its website that will check whether a device has the hardware to support an upgrade to Windows 11, but any user who has not visited the official Microsoft website is unlikely to be unaware of the hardware restrictions, and it is those individuals who are being targeted and tricked into installing malware.

Malware is often distributed via peer-2-peer file-sharing networks and warez sites that offer pirated software, either packaged with the software installers or with the product activators and cracks that are used to generate valid licenses; however, the fake Windows installers are being pushed through search engine poisoning.

Search engine poisoning, also known as SEO poisoning, is the creation of malicious websites and the use of search engine optimization techniques to get the websites to appear high in the organic search engine listings for certain search terms. In this case, search terms related to Windows 11 downloads.

When a user enters a search string into Google, the malicious website appears in the listings. A variety of domains are used in the campaigns that at first glance appear to be legitimate, windows11-ugrade11.com being one example. The landing page on these websites include the Microsoft logo and menus and an attractive Get Windows 11 screen with a Download Now button.

One campaign has been identified that delivers a novel malware variant dubbed Inno Stealer, which is installed by an executable file in the downloaded ISO file. Inno Stealer can steal web browser cookies, passwords stored in browsers, data from the filesystem, and data in cryptocurrency wallets. Other malware variants are also being distributed using similar tactics. Fake windows installers have also been distributed via phishing emails. One campaign delivers Qbot malware via a password-protected ZIP file that contains a malicious MSI installer.

Spam filtering solutions can be used to block malware delivery via phishing emails; however, to block malware downloads from web browsing, a web filter is required. WebTitan is a DNS-based web filter that incorporates advanced DNS filtering controls to block access to malicious websites and prevent malware downloads.

WebTitan is fed threat intelligence from a network of 650 million worldwide users. Newly identified threats are immediately propagated to database deployments worldwide to provide coverage and protection against emerging, zero-hour threats. The solution can also be configured to block attempts by users to download file types often associated with malware, such as ISO and MSI files. WebTitan can handle any volume of usage with no latency, so users will be unaware that content is being filtered until they encounter a threat and are informed by WebTitan that the threat has been blocked.

If you want to improve your defenses against malware and phishing attacks via the Internet, contact TitanHQ today to find out more about WebTitan. Product demonstrations can be arranged on request and the full product is available on a free trial (with full support) to allow you to see for yourself how effective it is at blocking threats and how easy it is to install, set up, and use.

Businesses Urged to Take Steps to Reduce Legal Risk as Crackdown on Illegal Downloads Continues

Employees not wishing to get into legal trouble may choose to access questionable or illegal Internet content at work. Employers can protect against liability from such actions by their employees by implementing a solution to block this activity, and it is becoming increasingly important to do so as intellectual property owners are taking action against these activities.

Film Studios Crackdown on Illegal Downloads

When networks are used for illegal activities, action can be taken against the owners of those networks and the film and music industries have been particularly active in recent years as they attempt to stamp out piracy and copyright infringement. Several lawsuits have been filed against VPN providers over the use of their services for downloading pirated content. This month TorGuard settled a lawsuit filed by more than two dozen film studios over the use of its network for downloading pirated content and similar lawsuits have been filed against LiquidVPN and VPN.ht.

Lawsuits against individuals who download illegal content often do not make it to the courts due to the difficulty of proving that an individual downloaded copyright-infringing content on a particular IP address, but action is increasingly being taken for pirated movie downloads. Illegal downloads of the film Ava saw action taken by the movie studio Voltage Holdings LLC, which obtained a court order from broadband provider Virgin Media to release the details of customers who had downloaded the film.

In Canada, at least 17 lawsuits have recently been filed over copyright-infringing movie downloads, with more than 1,000 individuals named in the lawsuits. Some of those individuals have been ordered to pay $5,000 in damages for downloading films such as A Family Man and London Has Fallen. When multiple downloads of such material are occurring at a business, legal action could be taken against that business for failing to prevent the illegal activity.

Software Companies Take Action Over Unlicensed Software Use

It is not only pirated software downloads that can attract legal action. Siemens has taken action over copyright infringement related to the use of its software such as NX, Solid Edge, Femap, Star CCM, and FloTHERM. 142 users were identified as using unlicensed software and are the subject of the lawsuit. Software illegally downloaded and used by businesses can see damages imposed at many times the value of the software. While most businesses would not download unlicensed software, that may not be the case with all of their employees. Employees often choose to download software from file-sharing websites to help them be more efficient at work. Termed shadow IT, this practice not only exposes employers to legal risk, but there is also a very real cybersecurity risk.

Prevent Copyright-Infringing Downloads and Improve Cybersecurity with a Web Filter

Pirated software, and the associated product activators and cracks, are often bundled with malware, which is silently installed along with the pirated software. The malware can provide threat actors with remote access to corporate devices, and those devices can then be used for more extensive cyberattacks on the business. IT departments often discover unauthorized software has been installed on users’ devices when performing upgrades, software installations, repairs, and audits.

Businesses can protect against these illegal activities by employees by using a web filtering solution to block access to websites where pirated material is downloaded. There are also many other benefits of filtering the Internet and preventing access to certain types of web content.

Businesses can prevent the development of a hostile working environment by blocking access to content such as pornography, and they can ensure sufficient bandwidth is always available by restricting access to certain sites during busy times or working hours – YouTube for example.

The biggest benefit of implementing a web filter is blocking malicious websites, such as those known to be used for phishing and malware delivery. WebTitan Cloud, for instance, is fed threat intelligence from more than 650 million users worldwide. When a threat is identified, the solution is automatically updated to protect all users from accessing the malicious content.

Since WebTitan Cloud is a DNS-based web filter, there is no impact on Internet speed. Checks are performed at the DNS lookup stage of a web request, with content checked against databases and filtered in 5 microseconds.  The solution can be configured to protect all users, including remote workers. The protection is applied no matter where the Internet is accessed.

If you want to protect your business from the legal risk associated with Illegal web activity, improve your defenses against phishing and malware, and make productivity gains by blocking access to non-essential Internet content, WebTitan Cloud is the ideal solution.

Since WebTitan Cloud is a multi-tenant solution, it is also ideal for MSPs looking to add web filtering to their service stacks. MSPs are offered generous margins, the product can be provided in white-label form ready to take their own branding, and a choice of hosting options are available, including hosting within an MSP’s data center.

For more information, contact TitanHQ for more information on DNS-based web filtering with WebTitan Cloud.

2021 Ransomware Trends and Steps to Take to Improve Your Defenses Against Attacks

Information about the 2021 ransomware trends identified by U.S. and European cybersecurity agencies and simple steps you can take to improve your security posture and prevent ransomware attacks.

2021 Ransomware Trends

Cybersecurity agencies identified several 2021 ransomware trends that look set to continue throughout 2022. There was an increase in ransomware attacks in 2021 with education and government the most commonly targeted sectors. The pandemic and lockdowns meant businesses needed to switch to remote working and security teams struggled to defend their networks. Ransomware gangs were quick to exploit vulnerabilities to gain access to networks, steal sensitive data, and encrypt files to extort money from businesses.

2021 also saw an increase in sophisticated ransomware attacks on critical infrastructure. Cybersecurity authorities in the United States said cyber threat actors had conducted attacks on 14 of the 16 critical infrastructure sectors, with the UK’s National Cyber Security Centre reporting an increase in attacks on businesses, charities, legal firms, healthcare, and local government.

While initially, several ransomware threat actors were focused on big game hunting – attacking large, high-value organizations that provide critical services such as Colonial Pipeline, Kaseya, and JBS Foods – the attacks prompted the raising of the status of ransomware attacks to the level of terrorism, and the increased scrutiny on ransomware gangs saw ransomware attack trends change, with the focus shifting to mid-sized organizations.

Double extortion tactics have been the norm for the past two years, where attackers exfiltrate data prior to file encryption and then demand payment for the decryption keys and to prevent the publication of stolen data. A new trend of triple extortion in 2021 saw ransomware gangs also threaten to inform the victim’s partners, shareholders and suppliers about the attack. It is also now common for ransomware gangs to work with their rivals and share sensitive data. There have been multiple cases where ransomware gangs have shared information with other gangs to allow them to conduct follow-on attacks.

2021 saw an increase in attacks on the supply chain. By compromising the supply chain, ransomware gangs are able to conduct attacks on multiple targets. There was also an increase in attacks targeting managed service providers, where MSP access to customer networks is exploited to deploy ransomware on multiple targets. Russian ransomware gangs have been increasingly targeting cloud infrastructure, accounts, application programming interfaces, and data backup systems, which has allowed them to steal large quantities of cloud-stored data and prevent access to essential cloud resources.

Diverse tactics were used in 2021 to gain access to victim networks, including quickly developing exploits for known vulnerabilities, conducting brute force attacks on Remote Desktop Protocol, and using stolen credentials. These tactics have proven effective, helped by the increase in remote working and remote schooling due to the pandemic.

Improve Your Defenses Against Ransomware Attacks

To defend against ransomware attacks, it is important to prevent attackers from using these tactics. The number of reported vulnerabilities increased in 2021 and security teams struggled to keep up with routine patching. Security teams need to prioritize patching and concentrate on patching the vulnerabilities that are known to have been exploited, such as those published in the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities Catalog, and critical vulnerabilities where there is a high change of exploitation.

To combat brute force attacks, it is important to ensure all default passwords are changed and strong passwords are set for all accounts. Consider using a password management solution to make this easier. Multifactor authentication should be set up for as many services as possible, especially for access to critical systems, VPNs, and privileged accounts. RDP, other remote access solutions, and risky services should be closely monitored and ports and protocols that are not being used should be disabled.

It is also vital to take steps to prevent phishing attacks. Phishing is commonly used to gain access to credentials to gain a foothold in networks, or for phishing emails to be used to deliver malware. An advanced email security solution should be implemented to detect and block as many phishing threats as possible to prevent then from being delivered to employee inboxes. A web filtering solution can improve defenses by blocking access to the websites linked in phishing emails and to prevent the downloading of malware from the Internet. Security awareness training for the workforce is also important. Training should raise awareness of the risks of visiting suspicious websites, clicking on suspicious links, and opening suspicious attachments.

TitanHQ can help with all of these anti-phishing defenses through SpamTitan Email Security, the WebTitan DNS-based Web Filter, and SafeTitan Security Awareness Training. To find out more about these solutions for SMBs, enterprises, Internet Service Providers, and Managed Service Providers, give the TitanHQ team a call.

Fake Windows 11 Installers Used to Deliver Malware

A campaign has been identified that uses the offer of a free Windows 11 upgrade as a lure to trick people into installing Redline Stealer malware. The Redline Stealer is offered for sale on hacking forums for between $150 and $200 under the malware-as-a-service model. The malware is a popular choice with cybercriminals due to the relatively low cost, ease of use, and the range of sensitive data that the malware can steal.

Redline malware can steal autocomplete data, cryptocurrency, credit card information, FTP and instant messenger credentials, and credentials stored in Chromium-based web browsers. While passwords stored in browsers are encrypted, Redline malware can programmatically decrypt passwords provided the malware runs as the user who was infected. If the user does not store passwords in the browser, the malware can still steal valuable information from browsers, including the sites the user visited and chose not to store a password. Phishing emails can then be crafted targeting those credentials or credential-stuffing attacks could be performed on the accounts for those sites. There have been many cases of Redline malware being installed on endpoints that have antivirus software installed, where the antivirus software has failed to detect and block the malware.

Redline malware is commonly distributed via phishing emails containing an embedded hyperlink to a malicious website, with social engineering tricks used to convince the user to download and run the installer. This approach is often used to target businesses.

Recently, researchers at HP uncovered a campaign that uses a spoofed Microsoft domain offering visitors a free Windows 11 upgrade. The upgrade is offered on the domain windows-upgrade.com, which is a professional-looking domain designed to look like an official Microsoft website. If users click the ‘Download Now’ button, it will trigger the download of a compressed file called Windows11InstallationAssistant.zip, which is downloaded from a Discord CDN.

The zip file contains an executable file called Windows11InstallationAssistant.exe, which will trigger the infection process that will ultimately deliver the Redline stealer payload with no further user interaction required. Now that the domain has been identified as malicious it has been taken down, but the campaign is likely to be relaunched on different domains.

Software installers have long been used for delivering malware, sometimes the installers are fake and only deliver a malicious payload, while others install a genuine application or software but also bundle in malware, spyware, or adware. In the case of the latter, users will likely be unaware that anything untoward has happened, as they will have installed the software they intended to download.

Malicious software installers are often found on peer-2-peer file-sharing networks, legitimate websites that have been compromised, and attacker-owned domains. Search engine poisoning is frequently used to get links to the malicious websites appearing high in the organic search engine listings for key search terms, often those used by businesses. Malicious adverts – malvertising – are often used to send traffic to malicious websites via the third-party ad blocks displayed on legitimate websites. Links to malicious websites may also be added to phishing emails.

While an advanced spam filter can protect against phishing emails containing malicious links, it will do nothing to prevent users from visiting websites hosting malware through web browsing. To protect against web-based attacks, businesses should use a web filter.

A web filter can be used to restrict access to certain categories of website, such as those serving no business purpose. Web filters are fed threat intelligence and use blacklists of known malicious web pages and will prevent access to those web pages or websites. It is also possible to configure a web filter to prevent the downloading of certain file types from the Internet, such as those commonly associated with malware.

Web filters are an important cybersecurity control to add to your arsenal to improve your defenses against malware and ransomware, and they are also effective at blocking the web component of phishing attacks by preventing employees from visiting the websites where credentials are harvested.

TitanHQ has developed an easy-to-use and powerful DNS-based web filter for SMBs, enterprises, and managed service providers. WebTitan Cloud is quick and easy to set up and configure and will allow you to enforce acceptable Internet usage policies and filter out malicious websites in minutes. WebTitan Cloud can protect users of wired and wireless networks, and even remote workers by installing a lightweight client on corporate-owned devices.

If you want to improve your defenses and block more threats, contact TitanHQ for further information on filtering the Internet with WebTitan.

Why Your Business Should Be Encrypting Emails

Sensitive information is often exposed in email incidents. To avoid reputation damage and financial loss, your business should be encrypting emails.

The Case for Encrypting Emails

Email is extensively used in business and a great deal of sensitive information is sent via email. If that information is exposed it can be a source of embarrassment, but far worse, data exposures can result in significant financial losses and can seriously damage trust and reputation. Emails need to be protected to ensure information contained therein remains confidential and to ensure the integrity of the messages. To do that, businesses need to use encryption technology.

Email transmission is not secure. An email can have four stopovers on its way from the sender to the recipient, and the email can be intercepted at any one point in that journey. Since unencrypted emails are transmitted in plaintext, if they are intercepted, they can be viewed and potentially altered.

According to Radicati research, 320 million emails were sent each day in 2021 and the figure is predicted to rise to 347 million a day next year. Given the high number of transmitted emails, it is perhaps no surprise that the UK’s Information Commissioners Office has reported that email data is the biggest contributor to security incidents.

Those security incidents are a combination of the interception of emails, the hijacking of email accounts, and accidental email exposures, where employees sent emails to the incorrect person. A study by Tessian indicates 58% of employees have sent an email to the wrong person. Email cyberattacks involve phishing to gain access to credentials, the use of credentials obtained in previous data breaches, and the hijacking of the DNS MX record, which is used to direct emails to a web server.

Phishing attacks and email account compromises can be tackled with an advanced spam filter such as SpamTitan, strong password policies, and multifactor authentication. Email hacking and interception can prevent email hijacking, email interception, email tampering, and email exposure through misdirection.

How Does Encrypting Emails Work?

Encrypting emails will ensure that the content of the messages, which includes the message body and any attachments, will be rendered unintelligible from the moment they are sent to them being opened and read by the intended recipient. Email encryption typically works using two layers of encryption, as is the case with EncryptTitan – TitanHQ’s email encryption solution.

An encryption protocol called Transport Layer Security (TLS) is used to prevent interception in transit, such as a man-in-the-middle attack. TLS email encryption is easy to use and does not require any additional steps if TLS-Verify is used. While TLS will protect emails in transit, a second layer of security is needed to ensure end-to-end encryption of the messages. When the message arrives at its intended destination there is the highest risk of being accessed by an unauthorized individual. Therefore, it is important for the recipient to authenticate to decrypt the email, to ensure that only the intended recipient can open the message.

EncryptTitan from TitanHQ

Solutions for encrypting emails need to be robust to ensure message confidentiality, but also easy to use. Solutions such as EncryptTitan have multi-layered security to ensure emails are protected in transit and can only be decrypted by the intended recipient, without making the sending of messages cumbersome, which would have a negative effect on productivity.

EncryptTitan includes Outlook plugins to make encrypting encryption as easy as possible. The security settings will dictate the amount of additional verification that is required, with the highest setting requiring the use of a one-time unique verification code that is delivered through the encryption portal. Not all emails need to be encrypted. When you send an email, if the recipient is not within the company domain, the sender will receive a one-click prompt asking them if they want to encrypt the message.

When encrypting emails, EncryptTitan ensures attachments are also encrypted by default and the Data Loss Protection (DLP) feature scans for certain keywords and will automatically encrypt emails if they contain sensitive data.

EncyptTitan offers sender-defined email expiry dates, after which the email will be deleted from the TitanHQ Secure Portal, and the option of recalling messages if sent to the incorrect recipient. Setup is easy. There is no need to set up on-site hardware, as encryption takes place in the cloud, which makes the solution highly scalable. The solution is also agnostic of the email environment and will work across a wide range of email environments.

If you want to ensure that your company’s emails are protected against interception and tampering, contact TitanHQ for more information about EncryptTitan and to book a free product demonstration. The solution can also be offered as-a-service with ease by managed service providers who want to provide email encrypting services to their clients.

January 21, 2022: Free Livestream Event for MSPs Looking to Grow Their Business

January 21, 2022, will see the 2nd ever Channel Pitch Livestream Event – An opportunity for forward-thinking managed service providers, Internet service providers, value-added resellers, and IT service providers to discover new software solutions from some of the most existing and innovative technology vendors that can help them grow their business.

The event serves as an introduction to a carefully curated selection of companies that have developed solutions that can help service providers improve protection against cyber threats, manage Microsoft 365 and Azure workloads more effectively, and streamline back-office processes to improve efficiency.

At this year’s event, hosted by Serial Tech Entrepreneur Kevin Lancaster and Channel Evangelist Matt Solomon, attendees will have the opportunity to hear from 7 companies about their MSP solutions, with each presentation lasting only 7 minutes. During those presentations, attendees will learn about the features and benefits of those solutions, and how they can be deployed in MSP environments to grow revenue and improve profitability. After the presentations, attendees will be able to engage directly with any of the vendors to discover more about the solutions, and feedback can be provided to each of the vendors with 100% anonymity.

TitanHQ is proud to be presenting at this Exclusive Livestream MSP event. Conor Madden, TitanHQ Director of Sales, will explain how TitanHQ’s award-winning email security and web security solutions can be used by MSPs, MSSPs, and ISPs to improve protections against the most common threats faced by MSPs and their clients, how the solutions are quick and easy to deploy, effortless to manage, and can help to improve profitability and win new business.

TitanHQ’s solutions have been adopted by more than 3,000 MSPs and are trusted by over 14,500 businesses worldwide to improve email and web security, with the feature-rich solutions offering multiple integrations via the advanced API set, granular policy controls, with a comprehensive suite of reports. The solutions identify more than 100,000 new malware sites every day through threat intelligence delivered from more than 650 million users worldwide.

The Livestream event is free of charge to register and attend and is a great opportunity for MSPs, MSSPs, ISPs, VARs, IT service providers, and consultants.

LiveStream Event Details

Date: January 21, 2022
Time: 4.00 p.m. GMT ¦ 11 a.m. EST ¦ 8 a.m. PST
Hosts: Kevin Lancaster and Matt Solomon
Presentations:

  • TitanHQ – Email and Web Security
  • Hook Security – Security Awareness Training
  • Nerdio – Azure
  • Nuvolex – XaaS Management
  • Speartip – SOC
  • Threatlocker – Application Whitelisting
  • Zomentum – Sales Automation

Register Your FREE Place Here!

Tardigrade Malware Used in Targeted Attacks on Vaccine Manufacturers and Biomedical Firms

Biomedical firms and their partners are being targeted by an Advanced Persistent Threat (APT) actor in a campaign that delivers Tardigrade malware. Initial analyses of Tardigrade malware suggest it is a sophisticated threat from the SmokeLoader malware family. SmokeLoader is a generic backdoor that provides threat actors with persistent access to victims’ networks and gives them the ability to download additional modules or other stealthier malware variants onto systems.

Tardigrade malware is a much stealthier and more dangerous malware variant than SmokeLoader. It is far more sophisticated and has greater autonomy. The malware can make decisions about the files to modify and can move laterally within victims’ networks without requiring communication with a command-and-control server. The malware is also capable of immediate privilege escalation to the highest level.

Tardigrade malware is thought to be used for espionage purposes but has far greater capabilities. In addition to exfiltrating sensitive data from pharmaceutical and biomedical firms and vaccine chain companies, the malware is capable of causing major damage to IT systems to disrupt critical processes, including preparing systems for ransomware attacks after sensitive data have been exfiltrated. The analysis of the malware is ongoing, and no specific threat actor has been identified as conducting the attacks, but the attacks are believed to be conducted by a nation-state threat actor.

BIO-ISAC warns of Targeted Attacks on the Biomanufacturing Sector

The Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) has recently issued a warning about Tardigrade malware due to the threat it poses to vaccine manufacturing infrastructure, even though relatively little is currently known about the malware. The early disclosure is believed to be in the public interest.

All firms in the biomanufacturing sector and their partners have been warned that they are likely targets and should assume that attacks will occur. Steps should therefore be taken to ensure that appropriate cybersecurity measures have been implemented to block attacks and limit the damage that can be caused should n attack be successful.

It is too early to tell how many methods are being used to distribute Tardigrade malware, but from the infections detected so far, the APT group behind the attacks is known to be using phishing emails to deliver Tardigrade, with infected file attachments the most likely method of delivery. Hyperlinks in emails that direct individuals to malicious websites where infected files or malware installers are downloaded could also be used.

An analysis of the attacks also indicates the malware could infect USB drives and transfer the malware automatically when those storage devices are used on uninfected computers. That means that if USB drives are used on devices isolated from the network, they too could be infected.

Defending Against Tardigrade Malware

Defending against attacks requires an advanced antispam solution that is not reliant on antivirus engines to detect malicious files. Antivirus engines are effective at blocking known malware variants, but not against previously undetected variants. Since Tardigrade malware is metamorphic, machine learning technology and sandboxing are required to block samples that are not detected as malicious by AV engines. Antivirus software should be installed on all devices which is capable of behavioral analysis, as the malware itself may not be detected as malicious.

A web filter should be installed and should be configured to block downloads of executable files from the Internet, such as .js, .com, .exe, and .bat files. It is also important to raise awareness of the threat of malicious messages with the workforce and teach all employees how to identify phishing emails. Training should cover cybersecurity best practices and inform employees about the procedures to follow if a suspicious email is received. Spear phishing attacks will likely be conducted on key targets. It is therefore recommended to review LinkedIn and other social media posts to identify individuals who may be targeted.

Network segmentation is vital for preventing the spread of Tardigrade malware. In the event of a device being compromised, network segmentation will limit the harm that can be caused. Tests should be run to ensure that corporate, guest, and operational networks are properly segmented. All firms in the biomanufacturing sector should identify their most sensitive data and ensure that it is appropriately protected, and all key infrastructure should be regularly backed up, with backups stored offline. BIO-ISAC also recommends inquiring about lead times for key bio-infrastructure components that need to be replaced

How to Identify a Malicious Website

If you want to keep your computers and networks protected from malware, it is important to train your staff on how to identify a malicious website. You should also install a powerful web filtering solution to ensure your employees’ malicious website identification skills are never put to the test.

Cybercriminals are developing ingenious ways of compromising networks

Scammers and cybercriminals used to mainly send out emails with infected attachments. Double-clicking on the attachment would result in the computer, and possibly the network, being infected with malware. Oftentimes, this action would go undetected by anti-virus software programs. A full system scan would need to be conducted before the malicious software was identified.

Computer users are now much wiser and know never to open file attachments that have been sent to them by unknown individuals, and certainly never to double click on an executable file. Hackers and other cybercriminals have therefore needed to get smarter, and are now developing ever more sophisticated ways of obtaining user credentials and getting people to install malware manually. One of the ways they are doing this is by developing malicious websites.

End users are contacted via email and are sent links to websites along with a valid reason for visiting the site. Links to malicious websites are also frequently sent out in social media posts or are placed in third-party website adverts. Some sites are hijacked and visitors are redirected to fake sites automatically.

Protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. Book a FREE WebTitan demo.
Book Free Demo

What is a malicious website?

Malicious websites host malware or are used to phish for sensitive information. In the case of the latter, users are tricked into revealing sensitive data such as login credentials for online banking websites.

Malware may require some user interaction before it is installed. Visitors may be tricked into downloading a security program, for instance, by being informed their computer is already infected with malware. They may be offered a free screensaver or asked to download a fake PDF invoice.

Increasingly, malicious websites are used to host exploit kits. Exploit kits probe visitors’ browsers to identify security vulnerabilities that can be exploited without any user interaction required. If a vulnerability is detected, malware can be installed automatically on the computer or network. This method of cyberattack is called a drive-by download. Drive-by downloads can involve malware being installed onto the computer’s hard drive, a network drive, or even loaded into the computer’s memory.

Learning how to identify a malicious website is important if you want to prevent your computer from being infected, and it is essential for system administrators and other IT professionals to conduct staff training to help end users avoid these dangerous sites.

How to identify a malicious website

There are some easy ways to tell if a website is attempting to install malware:

  • The website asks you to download software, save a file, or run a program
  • Visiting the website automatically launches a download window
  • You are asked to download an invoice or receipt, such as a PDF file, .zip or .rar, or an executable file or .scr screensaver file

A malicious website may also tell you:

  • Your computer is already infected with malware
  • Your plug-ins or browser are out of date
  • You have won a competition or free prize draw. You may also be offered free money or vouchers that require you to enter your credit card or banking information

If you are asked to download any files or update your software, conduct a check of the site via Google and try to determine whether the site is genuine. If in doubt, do not download any files.

If you are told your browser is out of date, visit the official browser website and check your version number. Only ever download updates from official websites.

If you have accidentally visited a drive-by download site, by the time that you have connected it may be too late to prevent malware from being downloaded. To protect against drive-by downloads you must ensure that your browser, add-ons, and plugins are 100% up to date. You should also use a software solution to block access to drive-by download sites.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

How to block end users from visiting a malicious website

Even legitimate websites can be hacked and used to host malicious code. They may use advertising networks that are used by cybercriminals to direct visitors to malware-hosting websites. The best defense is to block these adverts and malicious websites.

Blocking access to malicious websites is a simple process. All it requires is a powerful web filtering solution to be installed. WebTitan web filtering solutions for the enterprise will help you keep your network secure by preventing users from visiting sites known to host malware.

WebTitan incorporates a range of measures to detect malicious web content to prevent employees from visiting dangerous websites. WebTitan can also be configured to block access to questionable or illegal content to enforce an organization’s acceptable Internet usage policy.

If employees are trained on malicious website identification and web filtering software is installed, your network will be much better protected from malware infections and other web-based threats.

FAQs on Guest Wi-Fi Network Security and Blocking Malicious Websites

Should I enable guest Wi-Fi?

By enabling guest Wi-Fi, you are creating a separate network for guest users to access the Internet. This is much more secure than allowing a guest user to connect to your main business network. Be aware that your guest Wi-Fi network is still connected to your business so you should control the activities that can be performed while connected.

Are guest Wi-Fi networks secure?

A guest Wi-Fi network keeps guest users away from your servers and company data. While connected to the guest network, individuals will be prevented from accessing your internal resources even if they are able to locate them. If you do not have a separate guest network, you will be at risk of hacking and data theft.

How can I make my guest Wi-Fi network secure?

You can make your guest Wi-Fi network more secure by changing the name of the network (SSID) to something less obviously tied to your business, setting a strong password, and configuring the network to prevent access to local network resources. You should also implement a web filter to prevent users from accessing malicious web content.

Is web filtering complicated?

Setting up content filtering on a wired or wireless network is easy with a cloud-based web filter. Simply change your DNS settings to point to the service provider and you can be blocking threats and restricting access to web content in minutes. You will get a web-based interface to log in and can simply click on the categories of content you want to block.

How much does a web filtering solution cost?

There are many different providers of Wi-Fi filtering solutions and the cost can vary considerably. You could end up paying upwards of $2.50 per user per month; however, solutions such as WebTitan Cloud for Wi-Fi will give you the protection you need at a very reasonable cost, which can be as little as $1 per user, per month. To find out the cost, use our cost calculator.

Wi-Fi Security Threats You Should be Aware of

Many employees access their work emails and work networks via public Wi-Fi hotspots, even though there is a risk that sensitive information such as login credentials could be intercepted by hackers. Many employees are unaware of the Wi-Fi security threats that lurk in their favorite coffee shop and fail to take precautions. Even employees who are aware of Wi-Fi security threats often ignore the risks.

This was highlighted by a 2017 survey by Symantec. 55% of survey participants said they would not hesitate to connect to a free Wi-Fi hotspot if the signal was good and 46% said they would rather connect to a free, open wireless network than wait to get a password for a secure access point.

60% of survey participants believed public Wi-Fi networks are safe and secure but even though 40% are aware of the Wi-Fi security threats, 87% said that they would access financial information such as their online banking portal or view their emails on public Wi-Fi networks.

The majority of users of public Wi-Fi networks who were aware of the Wi-Fi security threats said they ignored the risks. Millennials were the most likely age group to ignore Wi-Fi security threats: 95% of this age group said they had shared sensitive information over open Wi-Fi connections.

Consumers may be willing to take risks on public Wi-Fi networks, but what about employees? According to a 2018 Spiceworks survey, conducted on 500 IT professionals in the United States, employees are also taking risks.

61% of respondents to the survey said their employees connect to public Wi-Fi hotspots in coffee shops, hotels, and airports to work remotely. Only 64% of respondents said their employees were aware of the security threats on Wi-Fi. A similar percentage said their employees were aware of the risks and connect to their work networks using a VPN, which means that 4 out of 10 workers were unaware of the importance of establishing a secure connection.

Even though 64% of respondents were confident that employees were aware of the risks, only half were confident that data stored on mobile devices was adequately protected against threats from public Wi-Fi hotspots. 12% of respondents said they have had to deal with a public Wi-Fi-related security incident, although a further 34% were not sure if there had been a security breach as many incidents are never reported.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

WiFi Security Threats Everyone Should be Aware of

All employers should now be providing security awareness training to their employees to make the workforce more security-aware. Employees should be trained how to identify phishing attempts, warned of the risk from malware and ransomware, and taught about the risks associated with public Wi-Fi networks.

Five threats associated with open public Wi-Fi hotspots are detailed below:

Evil Twins – Rogue Wi-Fi Hotspots

One of the most common ways of obtaining sensitive information is for a cybercriminal to set up an evil twin hotspot. This is a fake Wi-Fi access point that masquerades as the legitimate access point, such as one offered by a coffee shop or hotel. An SSID could be set up such as “Starbuck Guest Wi-Fi” or even just state the name of the establishment. Any information disclosed while connected to that hotspot can be intercepted.

Packet Sniffers

Using a packet sniffer, a hacker can identify, intercept, and monitor web traffic over unsecured Wi-Fi networks and capture personal information such as login credentials to bank accounts and corporate email accounts. If credentials are obtained, a hacker can gain full control of an account.

File-Sharing

Many people have file-sharing enabled on their devices. This feature is useful at home and in the workplace, but it can easily be abused by hackers. It gives them an easy way to connect to a device that is connected to a Wi-Fi hotspot. A hacker can abuse this feature to drop malware on a device when it connects to a hotspot.

Protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. Book a FREE WebTitan demo.
Book Free Demo

Shoulder Surfing

Not all threats are hi-tec. One of the simplest methods of obtaining sensitive information is to observe someone’s online activities by looking over their shoulder. Information such as passwords may be masked so the information is not visible on a screen, but cybercriminals can look at keyboards and work out the passwords when they are typed.

Malware and Ransomware

When connecting to a home or work network, some form of anti-malware control is likely to have been installed, but those protections are often lacking on public Wi-Fi hotspots. Without the protection of AV software and a web filter, malware can be silently downloaded.

Employers can reduce risk by providing comprehensive training to employees to make sure they are aware of the risks from public Wi-Fi hotspots and make sure that employees are aware they should only connect to public Wi-Fi networks if they use a VPN. Employers can further protect workers with WebTitan Cloud – An enterprise-class web filter that protects workers from online threats, regardless of where they connect.

Hotspot providers can protect their customers by securing their Wi-Fi hotspots with WebTitan Cloud for Wi-Fi. WebTitan Cloud for Wi-Fi is a powerful web filter that protects all users of a hotspot from malware and phishing attacks, and can also be used to control the types of sites that can be accessed. If you offer Wi-Fi access, yet are not securing your hotspot, your customers could be at risk.

Contact TitanHQ today to find out how you can protect your customers from online threats, control the content that can be accessed via your Wi-Fi network, and discover how quick and easy it is to create a family-friendly Wi-Fi environment.

Why is Internet and WiFi Filtering in Hospitals Important?

Hospitals often invest heavily in solutions to secure the network perimeter, although the importance of Internet and WiFi filtering in hospitals is often misunderstood. Network and software firewalls are essential, but alone they will not provide protection against all attacks. As healthcare IT security staff know all too well, the actions of employees can see cybersecurity defenses bypassed.

A look at the Department of Health and Human Services’ Office for Rights breach portal shows just how many cyberattacks on hospitals are now occurring. Cybercriminals are targeting healthcare organizations due to the value of protected health information (PHI) on the black market. PHI is worth ten times as much as credit card information, so it is no surprise that hospitals are in cybercriminals’ crosshairs. Even a small hospital can hold the PHI of more than 100,000 individuals. If access is gained to a hospital network, the potential rewards for a hacker are considerable.

There has also been a massive increase in ransomware attacks. Since hospitals need access to patients’ PHI, they are more likely to pay a ransom to regain access to their data than in other industry sectors. Hollywood Presbyterian Medical Center paid $17,000 for the keys to unlock its files following a ransomware attack in February 2016. It was one of several hospitals to give in to attackers’ demands following ransomware attacks.

A Web Filter is an Important Extra Security Layer to Protect Against Phishing Attacks

Phishing is one of the main threats for healthcare organizations, so it is vital for the email system to be secured with an advanced spam filtering solution and for security awareness training to be provided to employees. However, layered defenses are required to reduce the threat of phishing to a reasonable and acceptable level.

A web filtering solution is an important additional control in the fight against phishing. If an employee clicks on a hyperlink in a phishing email that has made it past email security defenses, the phishing website can be blocked. Instead, the user will be directed to a block screen and a potential account compromise can be avoided. A web filter will also help to protect users from malicious redirects when browsing the internet.

Protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. Book a FREE WebTitan demo.
Book Free Demo

The Hospital WiFi Environment is a Potential Gold Mine for Cybercriminals

Another common weak point is the WiFi network. IT security teams may have endpoint protection systems installed, but often not on mobile devices that connect to WiFi networks. The increasing number of wireless devices that are now in use in hospitals increases the incentive for cybercriminals to attempt to gain access to WiFi networks. Not only do physicians use mobile phones to connect to the networks and communicate PHI, but there are also laptops, tablets, and an increasing number of medical devices connected to WiFi networks. As the use of mobile and IoT devices in healthcare continues to grow, the risk of attacks on the WiFi environment will increase.

Patients also connect to hospital WiFi networks, as do visitors to hospitals. They too need to be protected from malware and ransomware when connected to hospital guest WiFi networks. One of the easiest ways to protect the devices that connect to WiFi networks is a web filtering solution. A web filter allows IT teams to carefully control the types of content that can be accessed on hospital WiFi networks, block malware downloads, and prevent all users from visiting malicious websites. Internet and WiFi filtering in hospitals should be included in cybersecurity defenses to reduce the risk of malware downloads from the internet and is an important additional control against insider breaches.

Internet and WiFi filtering in Hospitals is Not Just About Blocking Cyberthreats

Malware, ransomware, hacking, and phishing prevention aside, there are other important reasons for implementing Internet and WiFi filtering in hospitals.

Guest WiFi access in hospitals is provided to allow patients and visitors to access the Internet; however, there is only a certain amount of bandwidth available. If Internet access is to be provided, all patients and visitors should be able to gain access. Internet and WiFi filtering in hospitals can be used to restrict access to Internet services that consume large amounts of bandwidth, especially at times when network usage is heavy. Time-based controls can be applied at busy times to block access to video streaming sites, for example, to ensure all users can enjoy reasonable Internet speeds.

It is also important to prevent patients, visitors, and healthcare professionals from accessing inappropriate website content.  Internet and WiFi filtering in hospitals should include a block on adult content and other inappropriate or illegal material. Blocks can easily be placed on illegal file-sharing websites, gambling or gaming sites, or any other undesirable category of web content.

Internet and WiFi filtering in hospitals ensures WiFi networks can be used safely and securely by all users, including minors. Blocking illegal, undesirable, and age-inappropriate content is not just about protecting patients and visitors. It also reduces legal liability.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

Internet and WiFi Filtering in Hospitals Made Simple

WebTitan Cloud for WiFi is an ideal solution for Internet and WiFi filtering in hospitals. WebTitan Cloud for WiFi is cost-effective to implement, the solution requires no additional hardware or software installations, and there is no latency. Being DNS-based, setup is quick and simple. A change to the DNS settings is all that is required to start filtering the Internet.

WebTitan Cloud for WiFi is ideal for hospital systems. The solution is highly scalable and can be used to protect any number of users in any number of locations. Multiple sites can be protected from one easy-to-use web-based user interface. Separate filtering controls can be applied for different locations, user groups, or even individuals. Since the solution links in with Active Directory setting up controls for different users and departments is quick and simple. Separate content controls can easily be set for guests, visitors, and staff, including filtering controls by role.

WebTitan Cloud for WiFi supports blacklists, whitelists, and allows precision content control via category or keyword, and blocks phishing websites and sites known to host exploit kits and malware. In short, WebTitan Cloud for WiFi gives you control over what users can do when connected to your WiFI network.

To find out more about WebTitan Cloud for WiFi, details of pricing, contact the TitanHQ team today.

Why Secure Guest WiFi for Business is So Important

Regardless of whether you run a hotel, coffee shop, or retail outlet, Internet access is expected by customers, but make sure you secure guest WiFi for business visitors. Providing business visitors and customers with access to the Internet brings many benefits, but if you do not secure guest WiFi for business visitors you will be exposing yourself – and them – to considerable risk. If you offer secure guest WiFI access, all users will be protected from malware, ransomware, and phishing when connected to the network. That can be a good selling point for businesses. It also shows you care about your customers.

Protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. Book a FREE WebTitan demo.
Book Free Demo

Why Is Providing Internet Access so Important?

In 2013, one study revealed that 80% of customers in retail outlets felt the provision of free WiFi access would influence their purchasing decisions. If retailers provide guest WiFi access, they are likely to encourage more potential customers into their stores and get more sales opportunities.

With more people purchasing online, businesses need to adapt. Customers want to be able to check online before making a purchase or signing up for a service, such as reading online reviews. Fail to offer Internet access and customers are more likely to leave and make a purchase at another time. Chances are that sales will be made elsewhere. Keep them in your store and allow them to access the internet and your chances of achieving a sale will be increased. Of course, if you are unable to compete with online retailers – Amazon for example – you could provide free WiFi but block access to that website.

Why is Secure Guest WiFi for Business So Important?

There are considerable benefits to be gained from offering customers free Internet access. It is what customers want, it provides businesses with an opportunity to communicate with customers, it allows businesses to collect contact details for future marketing programs, and by monitoring the use of the Internet in-store, businesses can gain valuable customer insights and find out more about the interests of their customers. Businesses should note however that the General Data Protection Regulation (GDPR) requires consent to be obtained before any personal information is collected and used.

Giving customers and guests access to the Internet opens a business up to considerable risks. If those risks are not mitigated, guest WiFi access can prove incredibly costly. You may have trained your employees to be security-aware and have introduced policies covering allowable Internet usage, but guests, customers, and other visitors are likely to have different views about the content that can be accessed on your WiFi network.

Guests and customers could take advantage of a lack of restrictions to access inappropriate material such as pornography. Individuals could engage in morally or ethically questionable activities on a business network or even illegal activity such as copyright-infringing downloads. They may also accidentally install malware or ransomware or visit phishing websites.

Secure guest WiFi for business means protecting yourself and your customers and guest users. Secure guest WiFi for business visitors and it will ensure they are protected when connected to your network. You will be able to block man-in-the-middle attacks, malware downloads and protect against phishing attacks. By providing secure guest internet access, you will also be able to reduce legal liability.

5 Things to Consider About Secure Guest WiFi for Business Customers

If you are going to open up your network to guests, security cannot be an afterthought. Secure guest WiFi for business is a must. Before providing WiFi access, be sure to consider the points below:

Network Segmentation

Segmenting your network is important for two reasons. Secure guest WiFi for business means visitors should not be able to gain access to parts of the network used by your employees. Your business guest wireless network should be kept totally separate from the internal network used by your employees. Guest users should not be able to log on and see your network assets and confidential files and resources. Use a network firewall or create a separate VLAN for guest use and use a software firewall to protect servers and workstations from traffic from the guest network. Secondly, in the event of a malware or ransomware infection, if you segregate your network, it will greatly limit the harm caused.

Always Change Default Passwords and SSIDs

This is one of the most basic security practices, yet because of that, it is easy to forget. The Internet is littered with reports of data breaches that have occurred as a result of the failure to change default passwords. All network peripherals should have strong, unique passwords set.

It is also important to change your SSID for your WiFi network. The SSID should reflect the name of your business and it should be quite clear to your customers which is your network. Fail to do this and you make it too easy for malicious individuals to set up "evil twin" access points and lure guests onto those rogue access points and conduct man-in-the-middle attacks. You can post the SSID and password internally to make it easy for legitimate users to gain access to your network. Be sure to change your password regularly.

Keep Your Firmware Updated!

Firmware updates are issued for a reason. They correct vulnerabilities that could easily be exploited by cybercriminals to gain access to your devices and network. If those vulnerabilities are exploited, configurations can be changed for a variety of nefarious purposes. You should have policies in place that require firmware updates to be installed promptly, with checks performed monthly to ensure that all devices have been updated and no firmware updates have been missed.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

Encrypt Your Wireless Signals

You want to make it as easy as possible for your guest WiFi network to be accessed by your customers and visitors, but don’t make it too easy for hackers to spy on individuals connected to the network. Make sure you encrypt your wireless network with WPA2/WPA3 encryption.

If your router does not support WPA2 as a minimum it is time to upgrade your router’s firmware or, if that is not possible, you should buy a modern router that supports WPA3 encryption. If you fail to encrypt your WiFi, it is too easy for your bandwidth to be stolen and for data to be intercepted.

Secure Guest WiFi for Business Means Content Filtering

Secure guest WiFi for business means adding controls to limit the content that can be accessed on your WiFi network.

You should block access to adult content – which includes pornography, gambling sites, and dating sites, and also web content that is ethically or morally questionable or illegal.

A web filtering solution will also protect your customers from accidental malware and ransomware downloads and is an important anti-phishing control.

Consider using a cloud-based web filter as these require no additional hardware to be purchased. They can also be configured and maintained remotely and will not require software or firmware upgrades. In contrast to appliance-based web filters, cloud-based filters are more scalable and are more adaptable to the changing needs of your business.

Wireless Guest Network Best Practices

There are many benefits to be gained from setting up a wireless guest network but doing so introduces risks. If those risks are not managed, guest users could gain access to network resources and view or steal sensitive information. Malware may be accidentally or deliberately installed, and vulnerabilities could be introduced that could expose the network to hackers. Fortunately, following some simple wireless guest network best practices will help you with securing the WiFi network, mitigating risks, and making your wireless network as - or more - secure than your wired network.

  • Separate your wireless guest network from the business network – Set up a second SSID specifically for guests to use. It should not be possible for guest users to access your internal WiFi network.
  • Choose the SSID wisely – Choose a name that does not advertise the fact that the network belongs to your business if you want to make it harder for hackers to attack your WiFi network.
  • Set a secure password for guests to use – Make sure the default password is changed to ensure only authorized guests can access the network.
  • If possible, ensure each guest user can be identified on the network. Use a management solution that collects guest credentials as this will allow you to monitor guest behavior and gain valuable insights into how your customers are using the network. Be aware there are restrictions under GDPR and CCPA that require you to obtain consent to collect personal data and explain why the data is being collected.
  • Communicate your Internet usage policies to guests so they know what is allowed and prohibited while connected to your WiFi network
  • Use the most advanced encryption available – All modern routers and access points support WPA2 encryption. Make sure this is enabled – or WPA3 if it is supported. Avoid using WPS as it is vulnerable to brute force attempts to guess the password.
  • Disable admin access on wireless networks – if a hacker succeeds in gaining access to your WiFi network, this will limit the harm that can be caused.
  • Implement a web filtering solution – A web filter should be configured to prevent users from accessing inappropriate and malicious websites while connected to the WiFi network
Protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. Book a FREE WebTitan demo.
Book Free Demo

WebTitan Cloud for WiFi – Secure Guest WiFi for Business Users

TitanHQ has made it easy to secure guest WiFi for business users. WebTitan Cloud for WiFi is a 100% cloud-based web filter that allows businesses to carefully control the categories of web content that can be accessed by guest users.

WebTitan Cloud for WiFi allows businesses to block access to 53 different predefined categories of web content, including pornography, gambling, dating, news, and social media websites. Within those 53 categories are more than 500 million websites in 200 languages that have been assessed for content and categorized. A cloud-based lookup also ensures accurate and flexible filtering based on-page content.

Secure guest WiFi for business means effective malware, ransomware, and phishing protection. With WebTitan Cloud for WiFi deployed, access to compromised websites, phishing sites, and other malicious websites will be blocked.

Flexible policy creation means control over the filter can be delegated to different departments, and controls can be applied for different types of users. Cloud Keys can also be created to allow specific users to bypass policy rules.

A full suite of reports ensures detailed information is always available, with email notifications alerting administrators to attempted policy violations and a real-time browsing view is available.

If you want to take control of your WiFi network or are an MSP looking for an easy-to-use multi-tenant solution to allow you to provide a web filtering service to your clients, WebTitan Cloud for WiFi is a quick, easy to use, and low-cost way of providing secure guest WiFi for business users.

Contact TitanHQ today for further information on WiFI guest network security and to find out how WebTItan can protect your business. Our knowledgeable sales staff will be able to advise you on the best way to improve guest WiFi security and will help you choose the best deployment option. If you want to see WebTitan in action before you make a purchase decision, our sales staff will be happy to schedule a product demonstration and help set up a free trial of the solution.

Guest Wi-Fi Security FAQs

How can I improve guest Wi-Fi security?

You must ensure your guest Wi-Fi network is properly configured. You should set a password for access, ensure traffic is encrypted to prevent interception by selecting WPA2 or WPA3 on the router, ensure guest users cannot access and change the router settings, and you should use a content filtering solution to prevent malware downloads and restrict access to inappropriate website content.

What content can I block on guest Wi-Fi networks?

You have full control over the content that guests can access via your Wi-Fi network. With WebTitan Cloud for Wi-Fi, you can block content using 53 pre-defined categories and can create up to 10 categories of your own using your own keywords. Access to specific websites can be allowed or blocked using whitelists and blacklists. All known malicious websites will be automatically blocked.

Can I see what websites guest users are accessing?

A web filtering solution gives you full visibility into the web content that your employees and guest users are viewing, including providing real-time views of Internet access. This information can give you valuable insights into customer behavior which can guide your marketing efforts. You can also run reports to find out the URLs that users have attempted to visit but were blocked by the web filter.

Will a cloud-based web filter for guest Wi-Fi work on all devices?

There is no software to download onto devices and no restrictions on the devices that can connect to your secure Wi-Fi network. WebTitan Cloud for Wi-Fi works with all operating systems and all devices and allows businesses to offer clean, filtered Internet access for customers on Wi-Fi access points. If required, different filtering controls can be set up for different user groups.

Is SSL inspection necessary?

If you have a web filter that does not have SSL inspection, traffic to and from HTTPS websites will be invisible to the filtering solution. That means files downloaded from HTTPS websites cannot be scanned by the AV engines of the web filter. Since many malicious websites have SSL certificates, a web filter with SSL inspection is essential.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

How Can I Restrict Internet Access at Work?

There are many reasons why businesses want to restrict internet access at work. Allowing employees to have unrestricted access to the internet can result in a major drain on productivity. Unfettered internet access can also increase the risk of malware and ransomware downloads, while inappropriate internet access at work can lead to a range of legal issues. Due to the risks involved, it is unsurprising that many firms choose to use a technological solution to enforce acceptable Internet usage policies and block access to malicious websites. This post explores some of the key benefits that come from using a web filter to limit internet access in the workplace and some of the potential problems that can be caused by using content-control software.

The Problem of Personal Internet Use at Work

It is inevitable that employees will slack off from time to time, regardless of whether they have access to the internet but internet access makes slacking off much easier. Simply placing restrictions on the websites that can be accessed will not eradicate time-wasting, but it can allow businesses to make significant gains in productivity. Some employees spend a considerable percentage of the working day on personal internet use, playing online games, or accessing their social media accounts. If every employee in an organization was to spend an hour a day on personal internet use, the productivity losses would be considerable. A company with 100 employees would lose 100 hours a day – That’s a loss of 26,100 working hours a year – and many employees spend much longer each day on personal internet use.

There are other issues that can result from excessive personal internet use at work. When employees use streaming services, download files via P2P networks, or engage in other bandwidth-heavy activities, it will naturally have an impact on internet speeds across the entire organization. Using a web filter to restrict internet access at work and limiting access to certain bandwidth draining activities allows businesses to ensure sufficient bandwidth is available for all employees.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

The Danger of Malware and Ransomware Downloads

If employees are accessing social media websites, downloading files, or are visiting questionable websites, the risk of malware or ransomware downloads increases significantly.

Exploit kits probe for vulnerabilities in browsers and plugins, which are then exploited to silently download malware.  Traffic is usually directed to these websites through malicious adverts – termed malvertising – although high-traffic websites are constantly being compromised by hackers who add malicious content such as phishing webpages and malware.

Certain types of websites carry a high risk of resulting in malware infections. Allowing employees to access these sites, many of which are not suitable for work, could easily result in a malware or ransomware download.

The operators of legitimate pornographic websites usually take great care to ensure their sites are not compromised or infected with malware. They are, after all, legitimate businesses. However, pornographic content is often used as a lure to spread malware and there are many disreputable adult sites whose purpose is solely to infect visitors with malware or harvest credit card information. Blocking these NSFW sites not only helps to improve productivity and avoid legal issues, but it also reduces the risk of malware infections.

One of the riskiest online activities is the use of torrents sites and P2P file-sharing networks. There are few – if any – controls over the content that is shared via torrents sites and pirated music and video files are often seeded with malware, spyware, and adware. Illegal software downloads are incredibly risky as malware is often bundled in the executable files used to install the software, or in the accompanying Keygen tools that generate product keys to allow the software to be used.

A malware or ransomware attack can prove incredibly costly. Many companies have experienced ransomware attacks that have resulted in systems being taken out of action for several days or even weeks, causing massive losses as the business grinds to a halt. A ransomware attack can result in an entire network being taken out of action, as was the case with the WannaCry attacks in 2017. The NHS in the UK suffered major disruption as a result of the installation of the malware and mitigating the attacks cost £92 million. The NotPetya wiper malware campaign conducted soon after caused widespread damage. The shipping firm Maersk had its systems infected and the clean-up bill has been estimated to be $300 million.

A web filter will not prevent all malware and ransomware attacks, but it is possible to prevent certain categories of ‘risky’ websites from being visited by employees, the filtering solution can be configured to block the downloading of certain file types, and websites known to contain malware or exploit kits can be blocked. Any attempt to visit one of those websites will direct a user to a block screen. Many businesses decide to restrict internet access at work primarily to protect against malware and ransomware downloads.

Protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. Book a FREE WebTitan demo.
Book Free Demo

Additional Protection Against Phishing Attacks

Phishing is the number one cyber threat faced by businesses. It has been estimated that more than 90% of cyberattacks start with a phishing email. One of the best protections against phishing is a spam filtering solution, which will prevent the majority of malicious messages from being delivered to end users. However, no spam filter is 100% effective and some malicious messages will end up in employees’ inboxes. Employees can be trained how to identify phishing emails and be taught cybersecurity best practices that will reduce susceptibility to phishing attacks, but sooner or later an employee will likely be fooled into clicking a link in an email and will arrive at a phishing website.

When a user is directed to a website and discloses their login credentials, an attacker can gain access to their email account and all the sensitive data contained in that account. The compromised account can also be used to send further phishing emails to other employees in the organization or to customers and business contacts. It is common for a single response to a phishing email to result in several email accounts being compromised.

Phishing attacks are some of the costliest cyberattacks to resolve. Each email in a compromised account must be checked for personally identifiable information and other sensitive data. Manually checking thousands of emails can take weeks and can cost hundreds of thousands of dollars.

A web filter is an additional layer of security that helps organizations improve their defenses against phishing by providing time-of-click protection and blocking attempts to visit malicious websites. When an employee clicks a link to a website that has been added to a blacklist due to past use in phishing campaigns, the user will be directed to a block screen. TitanHQ’s web filtering solution, WebTitan, blocks attempts to access around 60 million malicious websites a week.

Preventing Inappropriate Web Content from Being Accessed

While most employees do not use the internet to access illegal and not-suitable-for-work content, there are always a few bad apples. The problem of accessing pornography at work is a real issue, and could be much worse than you think.

In 2014, a survey conducted by the Barna Group showed 63% of men and 36% of women have viewed pornography at work. A survey in Forbes in 2013 revealed 25% of adults have viewed porn at work, while in another survey, 28% of employees admitted to downloading porn at work. Not only is the accessing of pornography at work a major drain of productivity, but it can also lead to the development of a hostile working environment. Pornography can be used to harass and degrade employees, especially women. There have been cases of employees taking legal action against their employers over the failure to implement content controls in the workplace and prevent pornography from being accessed by coworkers.

Many businesses feel the best way to tackle the problem of pornography access in the workplace is through acceptable usage policies and greater oversight of employees by line managers. When individuals are discovered to be abusing the internet, action can be taken against individuals without having to restrict internet access at work for everyone. This does not always prove effective. Further, when pornography use at work is discovered, employees usually face instant dismissal. That carries a cost to the HR department and productivity losses while new employees are hired and trained.

The easiest solution is to use a web filter to restrict internet access at work. A web filter can be used to block access to specific websites or categories of website content such as pornographic sites and enforce acceptable usage policies. This is one of the most common reasons why businesses restrict internet access at work.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

Problems with Using a Web Filter to Restrict Internet Access at Work

A web filter may seem like a quick and easy solution to solve the above issues, but it should be explained that companies that restrict internet access at work with web filters can encounter problems. If you restrict internet access at work using an appliance-based web filtering solution it can result in latency. Each website must be inspected before it is accessed which delays the loading of websites. In the case of secure (HTTPS) sites, each webpage must be decrypted, inspected, and re-encrypted. This places a considerable strain on resources. As more sites switch to HTTPS the problem of latency becomes a real issue.

The solution is to use a DNS-based filtering solution. With DNS-filtering, all filtering occurs in the cloud and there is no latency. There are other benefits too. Cloud-based web filters are more flexible, scalable, and do not require the purchase of any hardware which results in considerable cost savings.

When web filters are used to restrict internet access at work and they lack highly granular controls, there can be issues with the overblocking of website content. Websites that need to be accessed for work purposes may be blocked, which requires the IT support team to spend time whitelisting websites. The solution is to choose a web filter with highly granular controls, which allows content to be easily blocked without also blocking websites that need to be accessed for work purposes.

Should Companies Restrict Internet Access?

While content control software may seem like an ideal way of preventing employees from cyberslacking to make productivity gains, care must be taken when applying those controls otherwise the productivity gains may not be realized. If you restrict internet access at work, employees who were only accessing the occasional personal site may be unhappy with the new restrictions. This can have a negative effect on productivity and create a hostile working environment. Why should all employees be made to suffer because of the actions of a few? Care must therefore be taken when deciding what types of websites to block. With careful and intelligent control, you can make productivity gains and can avoid any staff issues.

How to Control Internet Usage in Office and Avoid Staff Problems

One of the easiest ways to improve productivity while applying controls over internet access is to use a web filtering solution that allows time-based filtering controls to be applied. Employers can use this feature to restrict internet access at work during busy times and relax controls at others. It is easy to block access to certain sites 100% of the time and others only some of the time. With WebTitan, administrators can set standard controls during busy times such as mornings, and relax controls during breaks or outside of office hours.

Protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. Book a FREE WebTitan demo.
Book Free Demo

How Can I Block Internet Access on an Employee’s Computer?

There are several ways to block internet access on an employee’s computer. If you want to block internet access totally for a specific employee, be that a temporary or permanent block, you can use your existing network hardware or a firewall rule to block a specific IP address.

A web filter allows much more granular controls to be applied, such as blocking specific websites or categories of websites for a specific employee or group of employees. This option is much easier and less time-consuming if you need to block internet access – or implement partial blocks – for more than one employee. With a cloud-based web filter, these controls can be applied quickly and easily through a web portal that can be accessed by the administrator from any computer.

How to Limit Employee Internet Access Selectively

Many businesses want to know how to restrict internet access for employees without totally blocking access to the internet. With WebTitan it is easy to limit employee internet access selectively. Different controls can be set for different employees or groups of employees. If you have sales staff, you may want to do as much as possible to make sure they are always on the phone, and internet controls may need to be more restrictive. The marketing department may require much more lax controls since they will be required to access a broader range of websites for work. Since the filter integrates with LDAP and Active Directory, setting controls for different users and user groups is simple. You can implement organization-wide controls (e.g. adult content), department controls (social media), and individuals controls through LDAP/AD.

Speak to TitanHQ About Controlling Internet Access In the Workplace

Internet content control is quick, easy, and cost-effective with WebTitan. The solution allows you to easily restrict internet access at work and avoid problems associated with web filtering. If you are interested in curbing personal internet use at work and improving your organization’s security posture, contact TitanHQ today for advice. You can also sign up for a free trial and evaluate WebTitan in your own environment before you commit to a purchase and can schedule a product demonstration to see WebTitan in action.

FAQs about Restricting Internet Access at Work

Should I set up a guest Wi-Fi network?

Guest Wi-Fi networks allow visitors to access the Internet through the same equipment as your employees but will ensure that both networks are separated. If a guest user’s device is infected with malware, it will not spread to your primary business network. Guest users will also not be able to access any internal resources or data.

What are the most important guest Wi-Fi security best practices?

Ensure a password is set for the guest network. Make sure that traffic is encrypted using Wi-Fi Protected Access (WPA or WPA2) to prevent data interception. Control the content that can be accessed using a web filter for your Wi-Fi network, and monitor what your guest network is being used for.

What is the cost of a content filter for a Wi-Fi network?

Content filtering for Wi-Fi networks is not expensive considering the protection it provides. Some solutions will cost around $2.50 per user, per month. These tend to be aimed at large enterprises with complex needs. For most businesses, you can get the protection you need for around $1 per user, per month.

Does a web filter work for HTTPS websites?

A web filter will block access to all websites in blacklists, which includes HTTPS websites known to be malicious. A web filter with SSL inspection will decrypt, inspect, then re-encrypt HTTPS sites in real-time and will block access to those sites if they violate user-defined policies.

Is Internet content filtering difficult?

Internet content filtering need not be complicated. With a cloud-based web filter you just make a simple change to point your DNS to your service provider. Log in to your web-based user interface and use the checkboxes to select the content you want to permit or block. All malicious websites will automatically be blocked through the blacklists used by the solution.

Benefits of Honeypots – There’s More to Honeypots Than Wasting Hackers’ Time

There are many benefits of honeypots, most notably, they can significantly improve your security posture. As such, all organizations should consider implementing a honeypot, but be sure to assess the disadvantages as well as the advantages as you may decide they are not worth the time and effort.

This post covers the pros and cons of honeypots to help you decide whether a honeypot is appropriate for your organization.

What is a honeypot and why are they used?

A honeypot is an additional security protection that can be used alongside a firewall and other security solutions to help protect a network from hackers.

Honeypots, as the name suggests, are designed to catch a hacker’s eye so that their efforts will be drawn to attacking the honeypot rather than a system where they could cause serious harm.

They appear to be an easy entry point into a network to distract attackers from looking at other parts of the system. They are a deliberate hole in the security of the system that can be attacked without causing harm. They allow IT teams to gather valuable intelligence on hackers who are attempting to gain access to their networks.

In contrast to a firewall, which is designed only to keep external attackers out, a honeypot can also identify internal threats and attacks. Many companies are almost blind to attacks from within. A honeypot provides increased visibility and allows IT security teams to defend against attacks that the firewall fails to prevent. There are considerable benefits of honeypots, and many organizations have implemented them as an additional protection against internal and external attacks.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

There are many benefits of honeypots!

A honeypot is a system that is set up with the singular purpose of being attacked. It is a system designed to be exploited, hacked, infected with malware, and generally abused by a malicious third party. Why should I do that you may ask? Well, there are many benefits of honeypots.

You may wonder why you should spend your time, effort, and money setting up a system that will attract hackers? Why you should deliberately create a system with weakened defenses that will be exploited? Why even attract interest from malicious third parties?

There are three very good reasons why you should. First. You will be wasting a hacker’s time, and time spent attacking a system that is safe is time not spent hacking a system that will damage your organization if the hacker succeeds.

Secondly, by setting up a honeypot you will be able to see who is attacking you and the methods that are being used. This will give you a very good idea of the types of attacks being used and the defenses you will need to install to protect your real systems and data from attack.

Thirdly, an attack on a honeypot is likely to frustrate a hacker and stop them from hacking your real computer systems.

Security researchers are well aware of the benefits of honeypots. They have been vital in the study of hackers’ behavior. They can be used to determine how systems are attacked and are also a very useful part of system defenses. It is not a question of whether you should set up a honeypot, but rather why you have not already done so.

There are many different types of honeypot that can be implemented. You can set up a dummy system with an entire network topology if you wish. You can have many different hosts, you can include a wide range of services and even different operating systems. In short, an entire system can be set up to appear genuine and allow an attack to take place.

There are many different types of honeypot that can be deployed, although for the purpose of this article we have provided further information on two popular honeypots below: Honeyd and Kippo.

Protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. Book a FREE WebTitan demo.
Book Free Demo

The Honeyd honeypot

This is a small daemon that can be used to create a network containing many virtual hosts. Each of those hosts can be set up and configured differently. You can run a range of arbitrary services on each, and configure them to appear as if they are running different operating systems. For network simulation purposes, you can create tens of thousands of different hosts on your LAN using Honeyd if you so wish. You can use Honeyd to hide your real system, identify threats, assess risk, and improve your security posture.

Honeyd benefits

  • Simulate multiple virtual hosts simultaneously
  • Identify cyberattacks and assign hackers a passive-fingerprint
  • Simulate numerous TCP/IP stacks
  • Simulate network topologies
  • Set up real FTP and HTTP servers, and even UNIX applications under virtual IP addresses

The lowdown on Honeyd

We invited a guest sys admin (Arona Ndiaye) to provide input on the Honeyd honeypot to get the perspective of a Linux administrator. She mainly uses Linux and *nix systems and has tried out Honeyd to get an idea of how it works, what it can do, and its functionality. She installed it on Kali Linux, which was a simple process requiring a single line to be added to the sources .list file, running apt-get update & apt-get install honeyd.

A few tweaks were needed to ensure the firewall had the correct permissions set, along with some simple text editing in a configuration file. That was all that was needed. If any problems are encountered, or more detailed information is required, it is all available on the honeyd website. Most people find the easiest way to get started is to play with the system and to try to attack it, which is what she did.

She was particularly impressed with the information that can be gathered on attacks and scans. The methods of attack were recorded in intricate detail, including how it was possible for hackers to fool NMAP. The overall verdict was “seriously impressive.”

The Kippo honeypot

We also put Kippo to the test; another popular honeypot. Kippo is used to create a dummy SSH server, which allows attackers to conduct brute force attacks. The honeypot can be set with a root password that is particularly easy to guess, such as a simple string of numbers: 123456 for example.

Set up the honeypot with an entire file system, or even better, clone a real system for added realism. The aim is to convince the hacker that he or she is attacking a real system. Once the attacker has successfully managed to log in to the system, everything they subsequently do will be recorded. All actions will be logged, so it is possible to see exactly what happens when a system is attacked.

What is particularly good about Kippo is how detailed the fake system can be. You can really waste a considerable amount of a hacker’s time and get an accurate picture of exactly what they are trying to achieve, the files they upload and download, what malware and exploits they install, and where they put them. You can then use a virtual machine to analyze the attack in detail when you have the time.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

Set up combo-honeypots to create a highly elaborate network

Both Kippo and Honeyd are open source, so it is possible to tweak both honeypots to suit your own needs and requirements. You can even combine the two to build up extremely elaborate networks – specifying specific file contents and creating fake systems that appear perfectly real. How much time you spend doing this, and the level of detail you want to add is up to you. If you really want to find out exactly how the systems are attacked to better prepare your real system, these are exceptionally good tools to use.

Adding a honeypot can help to improve your security, but simply setting one up will not. Unfortunately, to gain the benefits of honeypots you will need to invest some time in setting up a realistic network and it will need to be updated and maintained. It must be treated like any other machine or system you use in order for it to be effective. You must also make sure that it is isolated or insulated. Creating a fake system that is easy to attack shouldn’t give a hacker an easy entry point into your real system!

Summary: Main Benefits of Honeypots

Listed below are the main benefits of honeypots:

  1. Observe hackers in action and learn about their behavior
  2. Gather intelligence on attack vectors, malware, and exploits. Use that intel to train your IT staff
  3. Create profiles of hackers who are trying to gain access to your systems
  4. Improve your security posture
  5. Waste hackers’ time and resources
  6. They show you that you are being attacked and that data is valuable when attempting to get budget increases for security.

Disadvantages of Honeypots

We have covered the benefits of honeypots, but are there any disadvantages of honeypots apart from the time taken to set them up?

No system is perfect and there are notable disadvantages of honeypots. One of the main problems is the system is designed to be attacked, so attacks will likely take place. Once the honeypot is accessed it could be used as a launchpad for further attacks. Those attacks could be conducted on an internal system or on another company. Honeypots therefore introduce risk. There is therefore an issue of legal liability. If your honeypot is used in an attack on another business, you could be sued. The level of risk that it introduced will depend on the honeypot. Typically, the more complex the honeypot, the greater the risk is likely to be.

Then there is the question of the resources you will need to set up the system. If you want to create a realistic system that will fool hackers, it needs to look and behave like the real system it is designed to mimic. There are free options available that will make it more cost-effective to set up a honeypot, although they still require resources. The hardware comes at a cost and they require maintenance and monitoring. The cost may be prohibitively expensive for some businesses.

That said, maintenance need not be a major drain of time. In many cases, honeypots can be set up and left. Since there is no expected production activity, monitoring the honeypot and assessing activity will require minimal effort. Automatic alerts are generated when an attack is in progress and any data generated will likely be a real attack. Honeypots may be set up on existing old hardware that would otherwise not be used. In such cases, costs can be kept to a minimum.

Honeypots add complexity to a network, and the more complex a network is, the harder it is to secure. The honeypot could introduce vulnerabilities that could be exploited to gain access to real systems and data.

Finally, the honeypot can only tell you about an attack in progress if the honeypot is directly attacked. If an attack involves other systems and the honeypot is untouched – for instance, if the honeypot was identified as such by the attacker and avoided – it would be necessary to rely on other mechanisms to identify the attack.

Whether the benefits of honeypots outweigh the disadvantages will depend on the nature of your business, how probable it is that attempts will be made to attack your network, and the resources you have available for IT security. Your money could be better spent on other security solutions and your IT team’s time may be better directed to monitoring other systems and addressing vulnerabilities and patching software.

How to Block Drive-By Malware Downloads

In addition to installing a spam filter to block malware delivery via email, it is important to implement a solution to block drive-by malware downloads. A drive-by malware download is a web-based attack where malware is installed onto a victim’s device

Drive-by malware download attacks are those where malicious programs are downloaded and installed on a device without user consent. The malware may be relatively harmless adware that shows ads to generate income for the developer, spyware that gathers information about a user, or more dangerous malware variants such as keyloggers and banking Trojans that harvest credentials, or even ransomware that encrypts files to extort money from the victim.

Drive-by malware downloads can occur silently, without the user being aware anything untoward has happened by tricking them into visiting a malicious website. That could involve a phishing email with a hyperlink that bypasses an email security solution, occur via a redirect from a compromised website, or by clicking a malicious advert online.

Malicious websites can be encountered simply through normal web browsing and drive-by malware downloads can even occur via legitimate websites. Many websites have third-party ad blocks that generate additional revenue for the website owner. Malicious adverts – termed malvertising – may sneak past the checks performed by third-party ad networks and be displayed to site visitors. If a link is clicked, the user is directed to a malicious website. Threat actors also engage in search engine poisoning, where search engine optimization techniques are used to get malicious websites appearing high up in the search engine listings.

These downloads may occur silently, or individuals may be tricked into downloading malicious software or apps that they believe to be genuine. They install the software and are unaware than malware has also been installed. This week, an alert was issued about a campaign involving a fake .msi installer which is being used to deliver an information stealing malware variant called Jupyter that has been extensively used in attacks on the healthcare and education sectors.

It is important for businesses to protect against drive-by malware downloads, and one of the best ways to do this is by using a web filtering solution. A web filter, as the name suggests, is used to filter out undesirable website content. The consumer versions include parental control solutions on home WiFi networks. Just as you would want to prevent your children from accessing potentially harmful age-inappropriate web content, a web filter is used by businesses to prevent harmful content from being accessed by employees.

WebTitan from TitanHQ is used by businesses, managed services providers, and Internet service providers to block access to malicious, illegal, and other undesirable web content such as pornography and protects against drive-by malware downloads in several ways.

First, it is possible to prevent downloads of certain file types from the Internet – The file types commonly associated with malware (.exe, .js, and .msi for example). Another control to prevent malware downloads is the use of blacklists of IP addresses and domains that have previously been identified as being used for malware distribution. The solution can also be configured to block access to risky website categories that are often used for malware distribution, such as peer-2-peer file sharing networks.

WebTitan is quick and easy to implement and configure, has no impact on page low speeds, can protect any number of users including on-site and remote workers, and the solution is automatically updated with the latest threat intelligence to block malicious content as soon as it is detected.

If you want to block drive-by malware downloads, improve protection against phishing attacks, and carefully control the web content that can be accessed via your wired and wireless networks, contact TitanHQ today for more information about WebTitan. Product demonstrations can be arranged on request, and you can take advantage of a free 14-day trial of the solution.

Beware of this PayPal Text Phishing Scam

Phishing is commonly associated with spam emails, but it is not the only method of phishing as the PayPal text phishing scam below shows. Phishers use various methods to obtain sensitive information and phishing threats could arrive by email, text message, instant messenger services, and scams can be conducted over the phone.

Phishing is arguably the biggest cyber threat faced by businesses and consumers and can result in a malware infection, the encryption of files via ransomware, theft of sensitive data such as credit/debit card numbers or bank account information, or the email account could be used for sending spam and phishing emails and for malware distribution. A successful phishing attack could prove incredibly costly as bank accounts could easily be emptied. For businesses, malware infections can be catastrophic and billions are lost to business email compromise phishing scams each year.

There are approximately 200 million PayPal users, which makes the online payment service particularly attractive for phishers. PayPal is one of the world’s most commonly spoofed brands. If the brand is spoofed, there is a relatively high probability that the phishing email or text message will be received by a person who has a PayPal account. Further, PayPal accounts usually contain money and they are linked to a bank account and/or credit card. Gaining access to PayPal credentials can see the account and linked bank account emptied.

Phishers use a variety of social engineering techniques to fool end users into installing malware or disclosing their login credentials and other sensitive information. Spam email may be the main method of attack, although the use of text (SMS) messages – often referred to as SMiShing – is growing. This method of phishing can prove more successful for attackers. The PayPal text message phishing scam below is much harder to identify as malicious than many of the PayPal email phishing scams that have been detected in recent weeks.

Beware of this Credible PayPal Text Phishing Scam

This PayPal text phishing scam, and several variants along the same theme, have been detected in recent weeks. The text message appears to have been sent from PayPal from a short code number.

The message reads:

Dear Customer,

Your account is currently under review. Please complete the following security form to avoid suspension: http://bit[dot]ly/PayPal_-no-sms.eu

Another message reads:

Dear Customer,

Your account is under review. Please fill in the following security form to avoid lockout: http://bit[dot]ly/_payPal__

These PayPal text phishing scams work because many people do not carefully check messages before clicking links. Click the link on either of those two messages and you will be directed to a website that appears to be the official PayPal website, complete with branding and the normal web layout. However, the websites that the messages direct recipients to are scam sites.

Those sites naturally require the user to enter their login credentials. Doing so passes those credentials to the scammer. The scammer will then use those credentials to access the account, empty it of funds, and plunder the bank account(s) linked to the PayPal account. The password for the account may also be changed to give the attacker more time to make transfers and lock the genuine account holder out of the account.

These scams are particularly effective on smartphones as the full URL of the site being visited is not displayed in the address bar due to the small screen size. It may not be immediately apparent that an individual is not on the genuine PayPal website.

This PayPal text phishing scam shows that you need to always be on your guard, whether accessing your emails or viewing text messages.

Protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. Book a FREE WebTitan demo.
Book Free Demo

Don’t Become a Victim of an SMS Phishing Scam

The PayPal text phishing scam detailed above is just one example of how cybercriminals obtain sensitive information via text message. Any brand could be impersonated. Shortlinks are often used to hide the fact that the website is not genuine, as is altering the link text to mask the true URL.

To avoid becoming a victim of a SMiShing scam, assume any text message correspondence from a retailer or company could be a scam. If you receive a message – typically a warning about security – take the following steps.

  1. Access your account by typing in the correct URL into your web browser. Do not use the link in the message.
  2. Check the status of your account. If there is a freeze on your account, your account is under review, or it has been suspended, this will be clear when you try to log in.
  3. If in doubt, contact the vendor by telephone or send an email, again using verified contact information and not any contact details supplied in the text message (or email).
  4. Before logging in or disclosing any sensitive information online, check the entire URL to make sure the domain and web page are genuine.

PayPal Email Phishing Scams

This PayPal text phishing scam is one of thousands of phishing campaigns targeting PayPal users. While SMS phishing scams are increasing, most phishing attacks are conducted via email.

PayPal email phishing scams can be highly convincing. The emails contain the familiar PayPal logo, the text in the message body is often well written with no grammatical errors or spelling mistakes, the footers contain all the information you would expect, and the font is the same as that used in genuine PayPal messages.

The purpose of PayPal phishing emails will vary depending on the campaign, although typically the aim is:

  • To fool someone into disclosing their PayPal username/email address and password combination
  • To obtain a credit/debit card number, expiry date, and CVV code
  • To obtain bank account information and other personal information that allows the account to be accessed
  • To obtain a Social Security number and date of birth for use in identity theft and tax fraud
  • To install malware – Malware can capture all the above information and more
  • To install ransomware – Ransomware encrypts files and prevents them from being accessed unless a ransom payment is made

PayPal phishing emails can be very convincing and virtually indistinguishable from genuine communications; however, there are often signs that suggest all may not be what it seems.

Some of the common identifiers of PayPal phishing emails have been detailed below:

  • The messages contain questionable grammar or spelling mistakes.
  • The hyperlink text suggests one domain, when hovering the mouse arrow over the link shows it directs the user to a different domain.
  • The message does not address the account holder personally and starts with Dear PayPal user, user, or PayPal member instead of using the first and last name or the business name.
  • A link in the email directs the recipient of the message to a website other than the genuine paypal.com domain or local site – paypal.ca, paypal.co.uk for example.
  • The website the user is asked to visit does not start with HTTPS and does not have the green padlock symbol in the address bar.
  • The email requests personal information be disclosed such as bank account details, credit card numbers, or security questions and answers.
  • A user is requested to download or install software on their device.
Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

HTTPS Does Not Mean a Website is Genuine

There has been a general push to get businesses to make the switch from HTTP to HTTPS by installing an SSL certificate. The SSL certificate binds a cryptographic key to an organization’s details and activates both the padlock sign and changes a website to start with HTTPS. This ensures that the connection between the browser and the webserver is encrypted and secured.

If the website has a valid SSL certificate installed, it reduces the potential for snooping on information as it’s entered in the browser – credit card information for example. However, what an SSL certificate will not offer is a guarantee that information is safe and secure.

A website owned by or controlled by a cybercriminal could have a valid SSL certificate and start with HTTPS and have a green padlock. Disclosing information on that site could see sensitive information handed to a scammer.

As more and more businesses have made the transition to HTTPS, so have cybercriminals. According to the Anti-Phishing Working Group’s (APWG) Q1, 2018 phishing activity trends report, 33% of all phishing websites now use HTTPS and have valid SSL certificates. HTTPS and a green padlock do not mean that a website is genuine. It only means information entered on the site via the browser is secured.

HubSpot’s SSL encryption features automate your website security without plugins, so your site stays secure without any of the manual upkeep.

Anti-Phishing Best Practices to Adopt

  1. Exercise caution when someone sends you a hyperlink in a text message or email. The sender may not be who you think it is. A contact or family member’s email account may have been compromised or their phone stolen or the email address may have been spoofed.
  2. Never open email attachments in unsolicited emails from unrecognized senders.
  3. Beware of any email that suggests urgent action must be taken, especially when there is a threat or negative consequences for inaction – your account will be suspended or deleted for example.
  4. If in doubt about the genuineness of an email, do not click any links or open any attachments. Simply delete the message.
  5. Businesses should implement an advanced spam filter to prevent the majority of phishing emails from reaching inboxes.
  6. Businesses should also implement DMARC to prevent spoofing of their brands.
  7. Businesses should provide ongoing security awareness training to employees to teach them the skills required to identify phishing emails and smishing attempts such as this PayPal text phishing scam.

If you run a business and are concerned about phishing, TitanHQ can help. TitanHQ has developed an award-winning anti-spam and anti-phishing solution that blocks more than 99.9% of spam and malicious messages, incorporates dual anti-virus engines to detect malicious attachments, includes DMARC authentication, and sandboxing to perform in-depth analyses of malicious attachments. The solution works seamlessly with Office 365 to improve phishing detection and keep users’ inboxes free from spam, phishing, and other malicious emails. Further, TitanHQ operates a highly competitive pricing policy and SpamTitan can be used at a fraction of the cost of other anti-phishing solutions.

Contact TitanHQ and arrange a product demonstration, sign up for a free trial of the full solution (including support), and discover the difference SpamTitan can make to your organization’s security posture.

Protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. Book a FREE WebTitan demo.
Book Free Demo

Cybersecurity Selling Techniques for MSPs

Small businesses often lack the budget to employ full time IT staff, so instead rely on Managed Service Providers (MSPs) to meet their IT and cybersecurity needs. Small businesses know about the importance of having good IT support and will also likely be aware of the need to have some cybersecurity defenses in place, but it can sometimes be difficult to get clients to commit to purchasing the cybersecurity solutions they need to block cyberattacks that could cripple the business.

MSPs therefore need to communicate the importance of cybersecurity and the solutions that are necessary to reduce risk to protect their clients. Without the right solutions in place, clients will be at risk of suffering a costly data breach, and potentially regulatory fines and litigation. It will also be the MSP that will most likely be required to put the time and effort into getting the business back up and running following a cyberattack, and an MSP may also be blamed for not preventing the breach in the first place.

So how can MSPs sell cybersecurity solutions to their clients? What techniques can be used to get clients to commit to purchasing the solutions they need to protect their networks and infrastructure from attack?

Cybersecurity Selling Techniques for MSPs to Improve Customers’ Defenses and Monthly Revenue

Many small businesses will have little in the way of cybersecurity defenses, so this presents MSPs with an opportunity to increase their revenue, but first they must make sure that a client is aware of the importance of cybersecurity and having the right infrastructure and security solutions in place. It is up to the MSP to communicate the need for cybersecurity defenses to block credible threats, as many businesses will not understand the risks they face and the true cost of a data breach.

One of the most important elements of selling cybersecurity to clients is to have a good understanding of the risks a business faces and the level of risk each business is prepared to tolerate. Each business will be different and, most likely, there will be different risks within each business that need to be addressed.

It pays to take some time to audit and review those risks, and then to develop a cybersecurity strategy for the business that is tailored to its needs, rather than trying to sell a standard package of security solutions.

It is unlikely that a small business will be effective at conducting their own cybersecurity risk assessments. By becoming proficient in conducting risk assessments, MSPs will be able to gain a competitive advantage. If an MSP can present an accurate risk assessment to a customer, along with cybersecurity solutions that will reduce all risks identified to a reasonable an acceptable level, it will be much easier to get clients to buy in and sign up for the products and services they need to reduce those risks.

When selling cybersecurity solutions, it pays to focus more on the risks and how they will be addressed, rather than the technical aspects of each solution. That information can naturally be shared if required, but it is better to explain how the solutions meet the needs of the business and the benefits they provide. Cybersecurity solutions are expensive for small businesses, so before a business commits to a purchase – which can involve a significant upfront cost – they need to know the benefits the investment will bring and how it will likely save them considerable costs in the long run by preventing costly data breaches and the resultant downtime.

Customer Support Needs to Include Cybersecurity

Having the right cybersecurity solutions in place is only part of the story. It is also important to ensure that there is adequate monitoring in place. Cybersecurity solutions must be correctly configured and maintained so MSPs will need to make sure the staff is on hand to identify and respond quickly to any threat and neutralize it. Cybersecurity support also needs to be sold to clients.

You must be clear about the different between IT support and cybersecurity support. Clients are likely to need an MSP to provide basic IT support but may also expect the MSP to deal with cybersecurity issues as well. It is vital to communicate the difference and to cover cybersecurity support when onboarding a new client.

By explaining the need for cybersecurity and providing tailored solutions and the right level of support, MSPs will be able to earn the trust of their clients and be able to reassure them that their infrastructure and data will be kept safe and secure. As the business grows, that trust will be invaluable in getting the business to buy into more advanced cybersecurity solutions as their risk profile changes.

When it comes to finding solutions to meet the needs of MSP clients, TitanHQ can help. TitanHQ provides reasonably priced, powerful and effective cybersecurity solutions to block the most common attack vectors, along with a solution for backing up and archiving business critical data.

For more information on these solutions give the TitanHQ team a call and ask about TitanHQ email security, DNS filtering, and email archiving, and the TitanShield Partner Program. MSPs that join the TitanShield Program will be provided with extensive tools, marketing resources, and training aids to help them sell cybersecurity solutions to their clients more effectively.

Security Mistakes That Make Life Easy for Ransomware Gangs

Over the past 12 months the number of successful ransomware attacks has increased sharply. Many attacks have been headline news due to the disruption they have caused and the high cost of remediation. The healthcare industry in the United States has been targeted, with the attacks disrupting patient care and putting patient safety at risk. Recently there was an attack on Colonial Pipeline that resulted in the shutdown of a main fuel pipeline serving the East Coast of the United States, while JBS suffered an attack that threatened food production at its U.S. plants.

Ransom payments have also increased and threat actors are stealing data prior to encrypting files to increase the pressure on victims to pay up. Regardless of whether the ransom is paid, the recovery process is slow. Many victims have suffered disruption to business operations for several months and businesses have been forced to permanently close after an attack due to the high costs of recovery.

Ransomware gangs have conducted highly sophisticated attacks but in the most part they have exploited vulnerabilities in security defenses that should not have existed. Most attacks exploit weaknesses that could have been easily addressed had network security best practices been followed. So what mistakes are businesses making that leaves them vulnerable to ransomware attacks?

Security Mistakes That Make Life Easy for Ransomware Gangs

In order for ransomware gangs to conduct a successful attack they must first gain access to the business network by exploiting security vulnerabilities.

Email Security

While there are many possible attack vectors, the most common is phishing. A phishing campaign is conducted with one of two aims: To steal credentials that allow perimeter defenses to be bypassed, or to install malware that gives the attackers persistent access to the network.

With credential theft, the aim is to obtain credentials of an individual with high-level privileges such as the CEO. With high privileges, an attacker can easily gain persistent access to the network and move laterally. Alternatively, campaigns can be conducted to target lower-level employees and trick them into installing malware.

Most businesses have implemented a spam filter to block malicious messages, but many rely on default Office 365 spam filters, which do not offer a high enough level of protection. Implementing an advanced AI-based spam filter with sandboxing will improve protection.

Multifactor Authentication

Stolen credentials allow an attacker to access network resources, but not if multi-factor authentication has been implemented. While not infallible, multi-factor authentication will prevent attackers from using stolen credentials to gain access to networks in the vast majority of cases.

Web Security

Anti-spam solutions and multi-factor authentication will provide protection from email attacks, but ransomware and other malware is often downloaded via the internet. By implementing a web filtering solution, employees can be prevented from visiting malicious websites and malware downloads can be blocked. Many businesses fail to protect against the web-based component of attacks.

Security Awareness Training

Many businesses rely on technical measures to block threats and neglect the human element. Attacks often target employees, so it is important for security awareness training to be provided and for regular refresher sessions to be conducted to reinforce training. Without training, employees cannot be expected to recognize and avoid threats.

Patching and Software Updates

Vulnerabilities in software, firmware, and operating systems are often exploited. Prompt patching is therefore important. It can be difficult to stay on top of patches and security updates, so patching should be prioritized. Many ransomware attacks have succeeded by exploiting years-old vulnerabilities. If vulnerabilities are not addressed, it will only be a matter of time before they are exploited.

Password Management

Brute force tactics to guess weak passwords are often effective. As well as creating password policies that require all default passwords to be changed and strong passwords to be set, those policies must be enforced. Provide employees with tools to make creating strong passwords easier, such as providing them with a password management solution.

Network Segmentation

In the event of an attack, it is vital that damage is limited. Network segmentation is important in this regard. If an attacker bypasses the perimeter defenses, they should not be able to access the entire network. Segmenting the network will limit the potential for lateral movement and minimize the damage that can be caused.

Incident Response Plan

Businesses that have prepared for the worst and have developed and tested an incident response plan will recover much faster and will be able to limit the harm caused. Importantly, the business will be able to continue to operate while the attack is remediated.

Data Backups

Many businesses mistakenly believe that having backups will allow them to recover quickly in the event of an attack when that is often not the case. Regular backups must be created, and those backups must be tested to make sure file recovery is possible and data have not been corrupted. One copy of a backup must also be stored on an isolated system or device that cannot be accessed from the network where the data resides.

By addressing these common security mistakes, ransomware gangs will find it much harder to breach defenses.

The best place to start is by speaking to TitanHQ’s security experts about implementing cybersecurity solutions to block the most common attack vectors. Give the TitanHQ team a call today and take the first step toward improving your security posture against ransomware, malware, and phishing attacks.

Webinar: June 30, 2021: Best Practices to Combat Phishing and Ransomware

The pandemic forced businesses to adopt different working practices. Rather than having employees working from the office, restrictions introduced to combat COVID-19 meant businesses had to allow their employees to work from home. Protecting business networks when virtually all workers are accessing those networks remotely was a major challenge and it was inevitable that vulnerabilities would be introduced that could potentially be exploited by threat actors.

Those vulnerabilities were exploited, with cybercriminals and APT groups targeting at-home workers mostly by exploiting vulnerabilities in remote access systems and through phishing attacks to obtain credentials to allow networks to be accessed. While these attacks had many different goals, one of the most common was to encrypt files using ransomware to prevent them from being accessed, usually with data theft prior to file encryption.

According to Osterman Research, the three main priorities for cybersecurity in 2021 are protecting endpoints, educating users about ransomware and stopping them becoming victims of attacks, and protecting backups from ransomware. The fact that two of the three main priorities are related to ransomware show just how serious the threat has become.

Protecting endpoints requires a combination of cybersecurity solutions, one of the most important being an advanced email security solution. Email is the attack vector of choice in cyberattacks and is commonly the initial attack vector in ransomware attacks. Phishing campaigns are easy to conduct and they target the weakest link in cybersecurity – employees. Further, with many employees working from home, phishing has become even easier. Studies have shown at-home employees have been taking security shortcuts, with many also admitting to clicking links in phishing emails and opening potentially malicious email attachments. When errors such as this are made, many employees fail to report the matter to their IT department out of fear of reprisals.

Cybersecurity training is important to teach and reinforce cyber hygiene best practices and raise awareness of the threat from ransomware. If employees are not taught how to identify phishing emails and ransomware, they cannot be expected to avoid those threats. With training, susceptibility to phishing can be greatly reduced. However, even with training employees will make mistakes and will fail to recognize every threat.

A recent study conducted by Osterman Research and TitanHQ looked into the main cybersecurity threats faced by security professionals in 2021. The biggest threats were found to be business email compromise (BEC) attacks that tricked employees, phishing messages that result in malware infections, and phishing messages that result in account compromises. The latter is usually the first step in a BEC attack. 85% of interviewed organizations said they had experienced at least one security incident in the past 12 months, and while security professionals were aware of the dangers of phishing and ransomware attacks, only 37% rated their defenses as highly effective.

Due to the lack of confidence in defenses against phishing and ransomware attacks identified by the study, TitanHQ and Osterman Research are hosting a webinar in which attendees will discover the most effective mitigations against phishing and ransomware attacks and will learn best practices they need to adopt to avoid those threats.

Webinar attendees will also learn about the full findings of the in-depth cybersecurity study into the rising threat from phishing and ransomware and how risk can be reduced to a low and acceptable level.

The webinar will be taking place on June 30, 2021:

Webinar Details:

How to Reduce the Risk of Phishing and Ransomware Attacks

Wednesday, June 30, 2021

Time:

  • 7:00 p.m. to 8:00 p.m. BST
  • 2:00 p.m. to 3:00 p.m. EST
  • 11:00 a.m. to 12:00 p.m. PST

The webinar will be conducted by Michael Sampson, Senior Analyst at Osterman Research and Sean Morris, Chief Technology Officer at TitanHQ.

You Can Register Your Place Here

Most Common Wireless Network Attacks

In this post, we explore some of the common wireless network attacks and offer advice on simple steps that can be taken to secure wireless networks and prevent costly data breaches.

Many Businesses are Neglecting WiFi Security

Many businesses have moved from wired to wireless technologies which has had a negative impact on their security posture. Wired networks are generally a lot easier to secure than wireless networks, and poor implementation often introduces vulnerabilities in WiFi networks. Many businesses also fail to perform a thorough risk analysis which means those vulnerabilities are not identified and addressed. Because of these security flaws, and the ease of exploiting them, wireless networks attacks are common.

The Importance of WiFi Security

Wi-Fi access used to be something you had to pay for, but now free WiFi is something many people take for granted. Visitors to a hotel, coffee shop, bar, retail outlet, or restaurant now expect WiFi to be provided free of charge. The decision to use a particular establishment is often influenced by whether free WiFi is available, but increasingly the quality of the connection is a factor in the decision process.

The quality of the WiFi on offer is not just a question of there being enough bandwidth and fast internet speeds. Parents often choose to visit establishments that provide secure WiFi with content control, for instance, businesses that have been verified under the Friendly WiFi scheme. In order to be accredited under the scheme, businesses must have implemented appropriate filtering controls to ensure minors are prevented from accessing age-inappropriate material.

The massive rise in cyberattacks via public WiFi networks coupled with warnings about WiFi risks in the mainstream media has seen many consumers favor establishments that offer secure WiFi access.

If you run a business and are providing WiFi to customers or if you are considering adding a WiFi hotspot to attract more customers, be sure to consider the security of the network. The past couple of years have seen many attacks on WiFi networks and customers who use those wireless services. The increase in WLAN attacks means WiFi security has never been so important.

Before covering some of the most common wireless attacks, it is worthwhile exploring some of the common wireless network vulnerabilities that can be exploited to eavesdrop on traffic, infect users with malware, and steal sensitive information.

Protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. Book a FREE WebTitan demo.
Book Free Demo

Common Wireless Vulnerabilities

Listed below are some of the most common wireless network vulnerabilities and steps that can be taken to prevent the vulnerabilities from being exploited. These wireless network vulnerabilities could easily be exploited in real-world attacks on wireless networks to steal sensitive data, take control of a router or connected device, or install malware or ransomware.

Use of Default SSIDs and Passwords

WIFi access points are shipped with a default SSID and password which need to be changed, but all too often, those default passwords are left in place. That makes it easy for an attacker to log in and take control of the router, change settings or firmware, load malicious scripts, or even change the DNS server so that all traffic is directed to an IP owned by the attacker. Default passwords must be changed to prevent anyone within range of the signal from connecting and sniffing traffic.

If wireless controllers are used to manage WiFi access points via web interfaces, make sure the default passwords are also changed. These default passwords can be easily found online and can be used to attack wireless networks.

Placing an Access Point Where Tampering Can Occur

If the access point is placed in a location where it can be physically accessed, tampering can occur. It takes just seconds to revert the access point to factory default settings. Make sure the access point is located in a secure location, such as a locked closet.

Use of Vulnerable WEP Protocol

The Wired Equivalent Privacy (WEP) protocol was the first protocol used to encrypt wireless traffic. WEP, as the name suggests, was intended to make wireless networks as secure as their wired counterparts, but that does not make WEP wireless networks secure.

WEP is based on the RC4 cypher, which is secure. The problem is how RC4 is implemented in WEP. WEP allows an initialization vector to be re-used, and the re-use of keys is never a good idea. That allows an attacker to crack the encryption with ease. Several other vulnerabilities have been identified in WEP which make it far from secure.

Even though WEP has been depreciated and there are much more secure wireless encryption protocols to use, many businesses continue to use WEP in the mistaken belief that it is secure. WEP is more secure than no encryption at all – bad security is better than no security – but there are much more secure options for encrypting WiFi traffic. If you want to improve security and prevent WLAN attacks, upgrade to WPA2 or WPA3, which use the much more secure Advanced Encryption Standard (AES) and lack the vulnerabilities of WEP.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

WPA2 Krack Vulnerability

WPA may be more secure than WEP, but it is not without its own wireless vulnerabilities. Two Belgian researchers – Mathy Vanhoef and Frank Piessens of the University of Leuven – identified a serious flaw in the WPA security protocol.  The flaw was named KRACK, short for Key Reinstallation Attack. The flaw can be exploited in a man-in-the-middle attack to steal sensitive data sent via the WPA encrypted WiFi connection. If the WPA flaw is exploited, an attacker could eavesdrop on traffic and obtain banking credentials, passwords, and credit card information.

The vulnerability exists in the four-way handshake. An encrypted WPA2 connection starts with a four-way handshake, but not all parts of that handshake are required. To speed up re-connections, the third part is retransmitted. That third part of the handshake may be repeated several times, and it is this step that could be used in a wireless network attack.

By repeatedly resetting the nonce transmitted in the third step of the handshake, an attacker can gradually match encrypted packets and discover the full keychain used to encrypt traffic.

A threat actor could set up a clone of a WiFi access point that a user has previously connected to – an evil twin. To the user, nothing would appear untoward as Internet access would be provided via that evil twin. An attacker can force a user to connect to the cloned WiFi network and all information sent via that evil twin WiFi network can be intercepted. While the attack will not work on sites with SSL/TLS encryption, tools can be used that make this possible by forcing a user to visit an HTTP version of the website.

In order to execute a KRACK WiFi attack, the WiFi network must be using WPA2-PSK or WPA-Enterprise and the attacker needs to be within range of the WiFi signal. Virtually all routers currently in use are vulnerable to KRACK WiFi attacks. The best defense is to keep routers up to date and for users to only connect to wireless networks using a paid-for, up-to-date VPN. The issue has been addressed in WPA3, which is supported by the latest wireless access points. However, even with this exceptionally common wireless network vulnerability, WPA2 is still far more secure than WEP.

NetSpectre – Remote Spectre Exploit

Spectre is a vulnerability that affects microprocessors that perform branch prediction. The vulnerability can be exploited to allow an attacker to access chosen virtual memory locations and thus obtain sensitive data. In order for the flaw to be exploited, an attacker would first need to convince a user to download and run malicious code or to visit a website where JavaScript is run in the browser. Researchers at Graz University of Technology have developed a new type of attack that can be performed via network connections, including WiFi networks. The attack – termed NetSpectre – is fortunately complex so there are far easier ways to attack an organization. The risk of exploitation is therefore low.

Protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. Book a FREE WebTitan demo.
Book Free Demo

What are the Most Common Wireless Network Attacks?

Many of the most common wireless network attacks are opportunistic in nature. WiFi hackers look for wireless networks that are easy to attack.

Hackers are more than happy to take advantage of poor security controls to gain access to sensitive information and distribute malware. Why waste time attacking well-secured WiFi networks when there are plenty with scant or no security?

Poorly secured WiFi networks are also targeted by more sophisticated cybercriminals and organized crime groups to gain a foothold in the network. The attacks can be extremely lucrative. Access to a business network can allow ransomware to be installed and if malware can be installed on POS systems, the credit/debit card numbers of tens or hundreds of thousands of customers can be stolen.

Types of Wireless Network Attacks

There are several different types of WiFi attacks that hackers use to eavesdrop on wireless network connections to obtain passwords and banking credentials and spread malware. The main types of WiFi attacks are detailed below.

Fake WiFi Access Points, Evil Twins, and Man in the Middle Attacks

Visitors to hotels, coffee shops, and malls often connect to the free WiFi on offer, but various studies have shown that care is not always taken when connecting. Customers often choose the WiFi access point based on the SSID without checking it is the wireless network set up by a particular establishment for customer use.

Criminals can easily set up fake WiFi access points, often using the name of the establishment in the SSID. An SSID called ‘Free Airport WiFi’ would be enough to get many people to connect. When customers connect to these rogue WiFi networks they can still access the Internet, so are unlikely to realize anything is wrong. However, once connected to that network, everything they do online will be monitored by cybercriminals. Sensitive information entered online, such as email addresses and passwords, credit card numbers, or banking credentials, can and will be stolen.

How is this done? The attacker simply creates a hotspot on a smartphone and pairs it with a tablet or laptop. The hacker can then sit in a coffee shop drinking a latte while monitoring the traffic of everyone that connects. Alternatively, they can use a router with the same name and password as the one currently in use. This may also have a stronger WiFi signal, which may see more people connect. Through the “evil twin” all traffic will be plainly visible to the attacker and all data sent over the network can be captured.

Fake access points and evil twins are among the most common wireless network attacks. They are easy to conduct, require little technical skill, and are very effective. One study indicated more than a third of WiFi hotspot users take no precautions when accessing WiFi hotspots and frequently connect to unsecured networks.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

Packet Sniffing: Interception of Unencrypted Traffic

Research by Kaspersky Lab in 2016 showed more than a quarter of public Wi-Fi hotspots set up in malls were insecure and lacked even basic security controls. A quarter did not encrypt traffic at all, while research conducted by Skycure showed that five of the 10 busiest malls in the USA had risky WiFi networks.

One mall in Las Vegas was discovered to be operating 14 risky WiFi access points. Hackers can use packet sniffers to intercept traffic on unencrypted WiFi networks. Packet sniffing is one of the most common wireless attacks.

These common wireless network attacks are easy on older routers, such as those using WEP encryption. WPA offers better security, WPA2 is better still, or ideally, the new WPA3 encryption protocol should be used if it is supported by your access point.

Wardriving

Wardriving is a technique used to identify and map vulnerable access points. The name comes from the fact that attackers drive around a neighborhood and use a laptop with a GPS device, antenna to identify and record the location of wireless networks.  This technique is effective since many WiFi networks used by businesses extend beyond the confines of the building and poor security controls are applied to secure those networks.

Warshipping

Warshipping is a more efficient method of attacking WiFi networks as it allows attacks to be conducted remotely, even if the attacker is not within range of a WiFi network. The tactic was explained by IBM X-Force Red researchers at Black Hat USA. They used cheap (under $100) and easy-to-obtain components to create a single-board computer with WiFi and 3G capabilities that runs on a cell phone battery. The device can be used to locally connect to the WiFi network and send information back to the attackers via the 3G cellular connection.

Since the device is small, it can easily be hidden inside a small package, and getting that package into a building is easy. It can just be mailed. Since the package may be addressed to someone not working it the company, it could sit in the mailroom for a while before it is opened. Since the package can be tracked, the attackers will know when it is in the building. Alternatively, it could be hidden in any number of items from plant pots to teddy bears. If the device is within range of WiFi networks, it could be used to attack those networks.

Hashed network access codes can be sent back to the attackers to crack, and the device can then connect to WiFi networks in the building and harvest data. The device could be used in a man-in-the-middle attack by impersonating an internal WiFi network.

MAC Spoofing

Many businesses use MAC filtering to prevent specific devices from connecting to their WiFi networks. While this is useful for preventing individuals from taking advantage of free WiFi for customers, this method of blocking users can be easily bypassed. It is easy to spoof a MAC address and bypass this filtering control.

Protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. Book a FREE WebTitan demo.
Book Free Demo

Examples of WiFi Network Attacks

Attacks on wireless networks are not just theoretical. Listed below are some examples of common wireless networks attacks that have resulted in the installation of malware or theft of sensitive information. These latest wireless security attacks could easily have been prevented had appropriate security controls been implemented.

Latest Wireless Security Attacks

Tel Aviv Free WiFi Network Hacking Incident

One notable example of how easy it can be for a hacker to take over a WiFi network comes from Tel Aviv. Tel Aviv offers a city-wide free WiFi network, which incorporates basic security controls to keep users secure on the network. However, it did not prove to be as secure as city officials thought.

While commuting home, Tel Aviv resident Amihai Neiderman noticed a new WiFi access point had appeared. The FREE_TLV access point was provided by the city and Neiderman decided to test its security controls. After determining the IP address through which WiFi clients accessed the Internet, he disconnected, scanned the router, and discovered the web-based login interface was run through HTTPS port 443.

While he found no major vulnerabilities, after extensive analysis he identified a buffer overflow vulnerability which he successfully exploited to take full control of the router. By doing so, if he was so inclined, he could have intercepted the traffic from tens of thousands of users.

Toasters Used to Hack Unsecured WiFi Networks

Perhaps not one of the most common WiFi network attacks, but notable nonetheless due to the rise in the use of IoT devices. IoT capability has been incorporated into all manner of devices from toasters to washing machines. These devices can be vulnerable to supply chain attacks – Where hardware is altered to allow the devices to be used to attack WiFi networks. In 2016, Russian officials discovered chips imported from China had been altered and were being used to spread malware that could eavesdrop on unsecured WiFi networks from a range of 200 meters. They were used to infect those networks with malware that could steal information.

In-Flight WiFi Network Hacking from the Ground

Cybersecurity expert Ruben Santamarta has demonstrated it is possible to hack into airline WiFi networks from the ground and view the internet activity of passengers and intercept their information. More worryingly, he was also able to gain access to the cockpit network and SATCOM equipment. He claims the same technique could be used for ships, industrial facilities, and even military installations. He explained how he did it in his “Last Call for SATCOM Security” presentation at the 2018 black hat hacker conference.

Orange Modems Leaking Wi-Fi Passwords

A vulnerability has been identified in Orange LiveBox ADSL modems that causes them to leak the SSID and WiFi passwords in plaintext. The flaw was identified by Bad Packets researchers who observed their honeypots being actively attacked. A search on Shodan showed there are nearly 20,000 vulnerable Orange modems that leak Wi-Fi passwords and SSIDs in plaintext. In many cases, the default credentials of admin/admin were still being used! The flaw means the WiFi networks could easily be attacked remotely. Attackers could change device settings, alter firmware, and even obtain the phone number and conduct a range of other attacks.

WeWork WiFi Security Flaws

WeWork, a provider of custom workspaces, private offices, and on-demand workspaces equipped with high-bandwidth WiFi, has made an error implementing those WiFi networks which makes them far from secure.

WeWork used the same WiFi password at many of its shared offices for several years. To make matters worse, that password was weak and regularly features in the top 25 lists of extremely poor passwords. However, there was no need to guess it as it was available through the WeWork app in plaintext. Such a simple yet serious error placed all users of those workspaces at risk for several years. The researchers investigated several locations in San Francisco and found the same weak password used at multiple locations. Further, the WiFi network was only protected with WPA2 Personal security.

Teemu Airamo checked the security of the workspace he had just moved into and found hundreds of other companies’ devices exposed. Subsequent scans on the WeWork network revealed an enormous amount of sensitive data had been exposed. Password reuse is never a good idea, and neither is using dictionary words or heaven forbid, any of the top 25 lists of shockingly awful passwords.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

WiFi Networks Can be Used to Gain Access to Business Data

Creating a WiFi network for guests is simple. Ensuring it is secure and cannot be used for attacks on the business network or customers requires more thought and effort. Any business that allows customers to make purchases using credit and debit cards is a major target for hackers and poor WiFi security is likely to be exploited sooner or later. The past few years have seen many major attacks that have resulted in malware being installed on POS systems. These are now some of the most common wireless network attacks.

How Can Businesses Prevent the Most Common Wireless Network Attacks?

How can businesses protect against some of the most common wireless network attacks? While it is difficult to prevent the creation of fake WiFi hotspots, there are steps that can be taken to prevent many common wireless network attacks and keep the WiFi network secure.

Isolate the Guest Network

If your business network is not isolated from your guest WiFi network, it could be used to gain access to business data and could place your POS at risk of compromise. Use a router that offers multiple SSIDs – most modern routers have that functionality. These routers often have a guest SSID option or separate guest portal. Make sure it is activated when it is deployed. Alternatively, your wireless router may have a wireless isolation feature that will prevent WiFi users from accessing your internal network and other client devices. If you require multiple access points throughout your establishment, you are likely to need a VLAN or EoIP tunnel configuration – A more complicated setup that will require you to seek professional advice on security.

Encrypt WiFi Traffic with WPA2 or WPA3

If you have an old router that does not support WPA2 encryption it’s time for an upgrade. WPA2 is the minimum standard for WiFi security, and while it can still be cracked, it is time-consuming and difficult. WPA3 has now been released and an upgrade should be considered. You should also make sure that WPS is turned off.

Update Firmware Promptly

All software and devices contain vulnerabilities and require updating. Software should be patched and devices such as routers will need to have their firmware upgraded when new versions are released. Check your device manufacturer’s website periodically for details of firmware updates and ensure your device is updated.

Create a Secure SSID

Your router will have a default SSID name, but this should be changed to personalize it to your business. If you make it easily identifiable, it will reduce the potential for rogue access points to be confused with your own.  Ensure that you enforce WPA2 encryption with a shared key and post that information for your customers along with your SSID in a prominent place where they can see it.

Restrict WiFi Access

If your wireless router or access point is too powerful, it could be accessed from outside your premises. Choose a router that allows you to alter the strength of your signal and you can ensure only your customers will use your connection. Also, ensure that your WiFi access point is only available during business hours. If your access points are left unsupervised when your business is closed, it increases the risk of an attack.

Secure Your Infrastructure

Administrator access can be abused, so ensure that your login name and your passwords are secure. If the default credentials are not changed, it will only be a matter of time before they are abused. Change the username from ‘admin’ or any other default username. Set a strong password that includes upper and lower-case letters, at least one number, and a special character. The password must be at least 8 characters although more is better.  Alternatively use a 14-character+ passphrase.

Protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. Book a FREE WebTitan demo.
Book Free Demo

Use a Web Filter

A web filtering solution is an essential protection for all WiFi networks. Web filters will prevent users from visiting websites and web pages that are known to have been compromised or have been confirmed as malicious. This will protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. A web filter will also allow you to prevent your network from being used to download or view unacceptable content such as pornography and lets you control bandwidth usage to ensure all customers can enjoy decent Internet speeds.

TitanHQ offers a scalable, easy to deploy, granular web filter for WiFi networks. WebTitan Cloud for WiFi requires no hardware purchases or software downloads as it is 100% cloud-based, can be managed and monitored from any location, and can help protect you against the most common wireless network attacks.

How Does WebTitan Cloud for WiFi Work?

protection from the common wireless network attacks

Features of WebTitan Cloud for WiFi

  • No hardware or software installation required
  • Quick and easy to implement
  • Fast: DNS solution provides almost zero additional latency
  • Supports both static and dynamic IPs addresses
  • No specialist training required
  • Protects against all web-based threats
  • Precision control over the content that can be accessed over WiFi
  • Instant alerts about users trying to access restricted content
  • Can be integrated into existing systems for easy management
  • Available to MSPs and resellers in white-label form
  • Fully multi-tenanted platform

WebTitan Cloud for WiFi, live all TitanHQ solutions, is available on a free trial for you to evaluate the full solution in your own environment. During the trial, you will receive full product support to ensure you get the most out of your trial.

Contact TitanHQ today to arrange your trial, for details of pricing, or to book a product demonstration. Our Customer Service team will be more than happy to answer any questions you have about the product.

Web Filtering FAQs

How can I make my guest Wi-Fi network secure?

You should change your SSID from the default, set a strong password, enable encryption (WPA2 or WPA3), prevent guests from accessing router settings and local network resources, and set up a web filtering solution to restrict access to potentially harmful web content.

How much does content filtering cost?

You can expect to pay between $1 and $3 per user, per month depending on the Wi-Fi content filtering solution you choose. At TitanHQ, we offer powerful content filtering at an affordable price for all businesses. WebTitan Cloud for Wi-Fi starts at $1.01 per user per month.

What is the best way to block phishing attacks?

Two anti-phishing solutions that businesses should implement are an email security gateway or spam filter to block malicious emails and a web filter to prevent employees from visiting phishing websites, either from links in malicious emails or through web browsing and redirects.

How easy is it to start filtering the Internet?

With WebTitan Cloud for Wi-Fi, content filtering is easy. Simply point your DNS to WebTitan, log in to your web-based user interface, then select the categories of content you want to block. It is that simple. Everything is intuitive and you have additional options if you want more precise control or need to implement different controls for different user groups. If ever you get stuck, you benefit from world-class customer support to get you back on track.

Should I enable SSL inspection?

SSL inspection allows you to inspect traffic to and from encrypted websites. Since most websites now secure the connection between the site and browser, this traffic will be invisible unless you enable SSL inspection. Malicious websites often have SSL certificates and will pose a serious threat if traffic is not inspected.

Ransomware Mitigations to Protect Your Business

It has been a particularly bad year for ransomware attacks on businesses. Many of the attacked businesses have been unprepared for a ransomware attack and did not implement sufficient ransomware mitigations. Had proactive steps been taken, many of the attacks could have been prevented.

Recently, the DarkSide ransomware operation attacked a critical infrastructure firm and brought fuel delivery to the Eastern Seaboard in the United States to a halt. The fuel pipelines that delivered 45% of the fuel required by the U.S. East Coast were shut down for 5 days due to the attack. Better preparation and more extensive ransomware mitigations could have prevented the attack or at least hastened recovery. The company could also have avoided the $5 million ransom payment and major losses from disruption to operations.

The DarkSide ransomware gang had also attacked the second largest chemical distribution firm in the United States earlier in May, again causing major disruption to operations. In that case, a ransom of around $4.4 million was paid to the gang for the keys to unlock files and to prevent the release of sensitive business data stolen in the attack. The ransom payment was negotiated down from $7.5 million, and as part of that negotiation and payment process, the attacker provided details about how network access was gained. The attacker had purchased stolen credentials from another threat actor. The DarkSide ransomware affiliate also provided some useful advice – Improve your antivirus software and implement multi-factor authentication. These are two important ransomware mitigations that could well have stopped the attack dead.

These are just two examples of recent attacks by one ransomware gang. There are currently more than 17 ransomware gangs that steal data prior to encrypting files and many more that simply encrypt files and demand a ransom for the keys to unlock the encryption. The threat from ransomware also continues to grow. The Verizon 2021 Data Breach investigations Report shows ransomware attacks increased by 6% in 2020 an accounted for 10% of all data breaches.

Ransomware gangs, and their affiliates that conduct the attacks, use a range of different method to get the network access they need. Vulnerabilities in software and operating systems are exploited, and attacks are conducted on Remote Desktop Protocol (RDP) and remote access solutions such as VPNs. Phishing is commonly used to steal credentials that provide access to accounts, malware such as remote access Trojans are used to gain access to networks, along with several other tactics. Consequently, there is no single cybersecurity measure that can be implemented to block these attacks. Multiple ransomware mitigations are required to block each of the attack vectors.

Ransomware Mitigations to Prevent Attacks and Ensure a Fast Recovery

There are several ransomware mitigations that can be implemented to reduce the risk of ransomware attacks and limit the severity of an attack should a network be compromised.

Implement a robust spam filter – A robust spam filter will block phishing attacks and malware delivered via email. Phishing is one of the most common methods of gaining access to networks.

Implement multi-factor authentication – Stolen credentials, including those obtained in phishing attacks, allow ransomware actors to access networks. Multi-factor authentication is an effective measure for preventing stolen credentials from being used.

Conduct end user security awareness training – Ensure employees know how to identify phishing emails and are taught cybersecurity best practices and discourage risky behavior.

Filter network traffic with a web filter – Implement a web filter to block access to malicious websites and prevent communications with known malicious IP addresses.

Purchase top-grade AV software – Implement an advanced anti-virus solution, ensure it is set to update automatically, and conduct regular scans of all IT assets for malware.

Patch promptly and update software – Prompt patching is important to prevent the exploitation of vulnerabilities. Prioritize patching to address the most critical vulnerabilities first. Most vulnerabilities exploited in attacks are months old, yet patches were not applied. Also ensure software and operating systems are updated regularly.

Restrict access to network resources – Apply the principle of least privilege and severely limit administrative access and the ability to install and execute programs.

Restrict or block Remote Desktop Protocol (RDP) – Assess whether RDP is required and block if possible. If needed, ensure originating sources are restricted and implement multi-factor authentication.

Disable macro scripts in Office files – Disable Office macros on all computers unless there is a business need for allowing them. Open Office files sent via email using Office Viewer software rather than the full Office application.

Use application allowlisting – Only permit applications and systems to execute programs allowed by your security policy. Block the execution of programs from commonly used ransomware locations such as temporary folders and the LocalAppData folder.

Implement a strong backup policy – Ensure backups of critical data are regularly created and tested to ensure file recovery is possible. Store a copy of the backup in a secure offline location.

Implement network segmentation – In the event of an attack, it is important that the attackers cannot access all systems and networks. Use network segmentation to limit the harm that can be caused.

Block inbound connections from Cobalt Strike servers – Also block the use of other post-exploitation tools as far as is possible.

Block inbound connections from anonymization services – Block access from Tor and other anonymization services to IP addresses and ports where external connections are not expected or necessary.

Warnings Issued Following Spike in Ransomware Attacks on Schools

The disruption to learning from a pandemic that has lasted more than a year is bad enough, but many schools have experienced even more disruption just as many have opened their gates and allowed students back into classrooms.  The SARS-CoV-2 virus may have been brought under control thanks to lockdown measures and the rollout of vaccines, but another type of virus is proving to be a major threat – ransomware.

FBI Warns of Targeted Ransomware Attacks on K12 Schools and Higher Education

Ransomware attacks on schools have been stepped up in recent months and schools and higher education institutions are being actively targeted. In the United States, the Federal Bureau of Investigation recently issued an alert to the education sector warning about the threat of attacks involving Pysa ransomware. The threat actors behind this ransomware variant have been actively targeting K12 schools, higher education, and seminaries. Buffalo City Schools were forced to close their schools in March following a ransomware attack that crippled their IT systems, just before students were about to return to classrooms as part of a phased reopening of schools.

The ransomware is deployed manually after compromising the network. The attack often starts with a phishing email, which gives the attackers the foothold in the network they need. They then conduct reconnaissance, move laterally, and compromise entire networks before deploying their ransomware.

Prior to running the encryption routine that cripple IT systems, the attackers steal sensitive data. Files containing student information are obtained and threats are issued to publish or sell the stolen data if the ransom is not paid. The gang, like many others, has a leak site and routinely follows through on the threat.

Spike in Ransomware Attacks on UK Schools

Ransomware attacks on schools are not confined to the United States. The Pysa ransomware gang is also targeting schools in the United Kingdom and many other countries, and the Pysa gang is not alone. Many other ransomware operations have been attacking schools.

Following a rise in ransomware attacks on UK schools, the UK’s National Cyber Security Centre (NCSC) issued an alert to educational institutions about the growing threat of attacks. NCSC has observed an increase in ransomware attacks on schools from late February 2021, which coincides with students returning to classrooms after an extensive period of school closures due to the pandemic.

The NCSC said there is no reason to believe that these attacks are being conducted by the same criminal group. This appears to be the work of multiple threat groups. These attacks have caused varying levels of disruption, including rendering entire networks inoperable, disabling email and websites, and hampering the ability of students to learn. In some cases, students have lost coursework as a result of the attacks, records of COVID-19 tests have been rendered inaccessible, and school financial records have been lost.

Unfortunately, even paying the ransom is no guarantee of being able to recover encrypted files. While the attackers claim they have the keys to unlock the encryption, they may not be provided. There is also no guarantee that stolen data will be deleted when the ransom is paid. There have been many cases when further ransom demands have been issued after payment has been made.

Adopt a Defense in Depth Strategy to Block Ransomware Attacks

The Department for Education (DfE) has recently urged UK schools to review their cybersecurity defenses and take the necessary steps to harden their defenses against cyberattacks. The NCSC explained that there is no single cybersecurity solution that will provide protection against these attacks. What is required is a defense in depth approach to security.

Defense in depth means implementing multiple overlapping layers of security. If one layer fails to block an attack, others are in place to block the attack.

In practice this means good patch management – applying updates to software, firmware, and operating systems promptly. Antivirus software must be installed on all devices and be kept up to date. Spam filtering solutions should be implemented to block the phishing emails that give the attackers access to the network. These filters can also be used to block email attachments that are not typically received.

Web filters should be used to block access to malicious websites. These filters inspect the content of websites to determine if it is malicious. They also categorize web content, and the filters allow schools to carefully control the types of content that students and staff can access to reduce risk.

Multi factor authentication should be implemented on all remote access points and email accounts, remote access ports that are not being used should be blocked, and a VPN should be used for remote access. The rule of least privilege should be applied for remote access and all staff and student accounts.

It is also recommended to prevent all non-administrator accounts from being able to install software, office macros should be disabled, as should autorun on portable devices.

It is also vital that all files are backed up daily and backups tested to make sure file recovery is possible. Backups should be stored on non-networked devices and must not be accessible from the systems where the data resides. Ideally, multiple backup copies should be created with at least one stored on an air-gaped device.

Steps Businesses Should Take to Block CLOP Ransomware Attacks

CLOP Ransomware is a fairly new ransomware variant that first emerged in early 2019, when it started to be used in attacks on large enterprises in the United States, Germany, Mexico, India, and Turkey. The number of attacks has been steadily increasing, with a major increase in attacks identified in October 2020. Since then, the ransomware has been used in many attacks on large enterprises and the ransom demands are often huge. An attack on the software company Software AG saw a ransom demand issued for $20 million.

As is the case with well over a dozen of the most prolific ransomware operations, the CLOP ransomware gang exfiltrates data prior to encrypting files. If victims have a valid backup and try to recover their encrypted files without paying the ransom, the group will leak stolen data on the darkweb making it available to other cybercriminal operations. The media are tipped off to the data dumps, and the subsequent coverage can result in companies suffering serious reputational damage. In recent months there have been many class action lawsuits filed following ransomware attacks where stolen data has been leaked online.

CLOP ransomware is believed to be operated by a threat group known as FIN11, which is an arm of a prolific Russian cybercriminal organization known as TA505. FIN11 has targeted many different industries, although recently manufacturing, healthcare and retail have been a major focus. When attacks are conducted on organizations and companies in these sectors, the losses from downtime can be considerable, which increases the likelihood of victims paying the ransom. One attack on the South Korean retailer E-Land saw 23 of its stores close when they were unable to access their IT systems. An attack on the German manufacturer Symrise AG rendered more than 1,000 computers inoperable, causing huge losses as manufacturing was halted. Attacks on the healthcare industry mean patient records cannot be accessed, which places patient safety at risk.

Many ransomware gangs have exploited weaknesses in Remote Desktop Protocol, VPN solutions, and vulnerabilities in software and operating systems to gain they access they need to internal networks to deploy ransomware. However, the initial attack vector in CLOP ransomware attacks (and also many other ransomware variants) is spam email. Large scale spam campaigns are conducted, often targeting certain industry sectors or geographical locations. These are referred to as “spray and pray” campaigns. The aim is to gain access to as many networks as possible. The ransomware gang can then pick and choose which companies are worthwhile attacking with ransomware.

Once CLOP ransomware is installed, detection can be difficult as the threat group has programmed the ransomware to disable antivirus software such as Microsoft Security Essentials and Windows Defender. The key to blocking attacks is to stop the initial infection, which means preventing the spam emails from reaching inboxes where they can be opened by employees.

Blocking the attacks requires an advanced spam filtering solution with robust antivirus protections. SpamTitan, for instance, uses dual antivirus engines to catch known malware variants and sandboxing to identify malicious attachments containing previously unknown malware, ransomware, or malicious scripts. Machine learning techniques are also employed to identify emerging threats in real time.

The spam emails used in these campaigns try to obtain credentials such Office 365 logins and passwords or get users to download malware downloaders. Additional protection against this phase of the attack can be provided by a web filter such as WebTitan. WebTitan blocks the phishing component of these attacks by preventing these malicious URLs from being accessed by employees, as well as blocking downloads of malware from the Internet.

Staff training is also important to help employees recognize phishing emails and multi-factor authentication should be implemented to prevent stolen credentials from being used to access email accounts and cloud apps.

If you want to improve your security defenses against ransomware, malware and phishing attacks, give the TitanHQ team a call and ask about SpamTitan and WebTitan. Both solutions are available on a free trial to allow you to see for yourself how effective they are at blocking threats and how easy the are to implement and use.

Phishing Attacks on Businesses Doubled in 2020 and SSL Encryption is Now the Norm

The COVID-19 pandemic created many new opportunities for cybercriminals who were all too happy to take advantage. In 2020, businesses had to rapidly change their working practices to deal with national lockdowns and changed to a more distributed, remote workforce. In response, cybercriminals stepped up phishing attacks to obtain credentials to email accounts, VPNs, and remote access solutions.

The increase in email threats and phishing activity was recently highlighted by the Anti-Phishing Working Group which has been gathering data on phishing attacks from its member organizations throughout the year. Its latest report shows phishing attacks doubled in 2020, peaking in October 2020 when previous records were shattered. In October, 225,304 new phishing sites were detected, compared with under 100,000 in January 2020. From August to December 2020, more than 200,000 new phishing sites were detected each month.

Links to these phishing websites are sent in large scale phishing campaigns and many of the messages land in inboxes where they attract a click. The pandemic made that much easier for cybercriminals who expertly exploited the thirst for knowledge about COVID-19 to conduct their scams. As the year progressed other COVID-19 themed lures were used including COVID-19 relief payments for businesses, offers of early vaccines, small business loans, tax deadline extensions, and many more.

Cybercriminals often use compromised websites for hosting their phishing forms, but it is now much more common for the attackers to purchase their own domains that are tailored for each phishing campaign. These lookalike domains can easily fool individuals into believing they are on a legitimate website.

Cybercriminals have also been using encryption to hide their phishing URLs and fool employees. Hosting phishing URLs on HTTPS sites can fool employees into believing the web content is genuine, and many security solutions do not examine encrypted content which makes the URLs hard to identify and block. In Q4, 2020, 84% of phishing URLs used SSL encryption.

The increase in use of SSL encryption is a concern, as many people mistakenly believe that a site starting with HTTPS is secure when that is not the case. SSL inspection means the connection between the browser and the website is secure, which means users are protected against the interception of sensitive information, but a cybercriminal may own or control that website. The secure connection just means other cybercriminals will not be able to intercept login credentials as they are entered on a phishing site.

The problem for businesses has been how to block these threats as they grow in number and sophistication. Many businesses have previously relied on Office 365 anti-spam protections for blocking spam and phishing threats, but large volumes of these malicious emails are delivered to Office 365 inboxes. When that happens and a malicious link is clicked, they have no way of stopping employees from disclosing sensitive information.

One way that businesses can better protect against these phishing attacks is by implementing a web filtering solution with SSL inspection. WebTitan for instance can decrypt websites, inspect the content, and then re-encrypt which means malicious websites are not hidden and can be identified and blocked.

WebTitan also incorporates multiple threat intelligent feeds to ensure that as soon as a phishing URL is detected, all WebTitan users will be immediately protected. WebTitan ensures that protection is provided against emerging phishing URLs and zero-minute threats. When combined with an advanced spam filtering solution such as SpamTitan to block phishing emails at source and ensure they do not reach inboxes, businesses will be well protected against phishing attacks.

Tips for Protecting Against Vishing and Smishing Attacks

Cybercriminals use many tactics to obtain credentials that they then use to remotely access corporate accounts, cloud services, and gain access to business networks. Phishing is the most common method, which is most commonly conducted via email. Attackers craft emails using a variety of lures to trick the recipient into visiting a malicious website where they are required to enter their credentials that are captured and used by the attackers to remotely access the accounts.

Businesses are now realizing the benefits of implementing an advanced spam filtering solution to block these phishing emails at source and ensure they do not reach inboxes. Advanced antispam and anti-phishing solutions will block virtually all phishing attempts, so if you have yet to implement such a solution or you are relying on Microsoft Office 365 protections, we urge you to get in touch and give SpamTitan a trial.

Phishing is not only performed via email. Rather than using email to deliver the hook, many threat groups use SMS or instant messaging platforms and increasing numbers of phishing campaigns are now being conducted by telephone and these types of phishing attack are harder to block.

Smishing for Credentials

When phishing occurs through SMS messages it is known as Smishing. Rather than an email, an SMS message is sent with a link that users are instructed to click. Instant messaging platforms such as WhatsApp are also used. Many different lures are used, but it is common for security alerts to be sent that warn the recipient about a fraudulent transaction or other security threat that requires them to login to their account.

Recently, Allied Irish Bank (AIB) customers in Ireland were targeted with such as smishing campaign. The SMS message advises the recipient that there has been a suspected fraudulent transaction which they are required to review by clicking a link and logging in. Their credentials are harvested, and they are instructed to provide codes from their card reader or one-time passwords as part of the security check. Doing so will allow the scammers to access the account and make fraudulent transactions. A variation on this theme involves the user being told they have been locked out of their account.

In this campaign the scammers use a URL on the domain secureonlineservicepayeeroi.com, although these domains frequently change. Many campaigns mask the destination URL using URL shortening services, and one recent campaign conducted by an Iranian threat group used a seemingly legitimate google.com URL and several redirects before the user landed on the phishing page. Smishing is also often used in PayPal phishing attacks using messages warning about the closure of an account.

Vishing Attacks on Businesses Spike

In December 2019, the U.S. Federal Bureau of Investigation (FBI) identified a campaign where cybercriminals were conducting phishing over the telephone – termed vishing. Since then, the number of cases of vishing attacks has increased, prompting the FBI and the Cybersecurity and Infrastructure Security Agency to issue a joint alert in the summer about a campaign targeting remote workers. This month, the FBI has issued a further alert following a spike in vishing attacks on businesses.

Cybercriminals often target users with high levels of privileges, but not always. There has been a growing trend for cybercriminals to target all credentials, so all users are at risk. Once one set of credentials is obtained, attempts are made to elevate privileges and reconnaissance is performed to identify targets in the company with the level of permissions they need – I.e. permissions to perform email changes.

The scammers make VoIP calls to employees and convince them to visit a webpage where they need to login. In one attack, an employee of the company was found in the company’s chatroom, and was contacted and convinced to login to their company’s VPN on a fake VPN page. Credentials were obtained and used to perform reconnaissance. Another target was identified that likely had advanced permissions, and that individual was contacted and scammed into revealing their credentials.

How to Block Smishing and Vishing Attacks

Blocking these types of phishing attacks requires a combination of measures. In contrast to email phishing, these threats cannot be easily blocked at source. It is therefore important to cover these threats in security awareness training sessions as well as warning about the risks of email phishing.

A web filtering solution is recommended to block attempts to visit the malicious domains where the phishing pages are hosted. Web filters such as WebTitan can be used to control the websites that employees can access on their corporate-issued phones and mobile devices and will provide protection no matter where an employee accesses the Internet.

It is also important to set up multifactor authentication to prevent any stolen credentials from being used by attackers to remotely access accounts. The FBI also recommends granting network access using the rule of least privilege: ensuring users are only given access to the resources they need to complete their jobs. The FBI also recommends regularly scanning and auditing user access rights given and monitoring for any changes in permissions.

2021 is Unlikely to See Reduction in Ransomware Attacks

COVID-19 has made 2020 a terrible year for many businesses, bringing unprecedented challenges that many have struggled to overcome. The year was made worse by cybercriminals stepping up their attacks, with ransomware used to pile even more misery during extremely challenging times.

Ransomware is nothing new of course. It has been used since the early 2000s to extort money from individuals and businesses. Ransomware grew in popularity in the mid-2010s when encryption methods were adopted that were tough to crack, and the past couple of years have seen ransomware grow into the biggest cyber threat for businesses, and 2020 has been especially bad.

In Q3, 2020, ransomware attacks increased by 40% according to data from Kroll. Almost 200 million attacks occurred in the quarter, and attacks continued to increase as the year progressed. Not only are more businesses now being attacked, the amount demanded by the attackers has also dramatically increased. A report from Coveware, a firm that assists companies recovering from ransomware attacks, indicates ransom demands doubled in Q4, 2019 and there has been another doubling of demands in 2020. A recent H1 2020 Cyber Insurance Claims Report from Coalition indicates 87% of all cyber-related insurance claims are the result of ransomware attacks.

Ransomware gangs have also adopted a new tactic to increase the likelihood of their ransom demand being paid. In 2019, the Maze ransomware gang started stealing data prior to encrypting files and using double extortion tactics. In addition to paying to recover data, victims had to pay to prevent the public release of their stolen data. Since then, at least 17 ransomware gangs have adopted this tactic and threaten to publish or sell stolen data if the ransom is not paid.

The healthcare industry was hit particularly hard by ransomware in 2020, especially in the latter half of the year. Healthcare systems and hospitals have been battling with the pandemic and during these extremely challenging times they have been targeted by ransomware gangs. There was a major spike in attacks on hospitals in September and the attacks have continued at high levels since.

The pandemic has given ransomware gangs new opportunities to conduct attacks, as more remote workers introduced vulnerabilities that are easy for the gangs to exploit. Vulnerabilities in new VPN and remote access solutions are exploited, emails spreading ransomware have targeted remote workers, and ransomware has been delivered via drive-by downloads masquerading as free online collaboration tools. COVID-19 has also been exploited in lures that deliver ransomware, first offering advice on the new virus, then possible cures, and latterly vaccine related lures.

The large increase in attacks toward the end of 2020 does not bode well for 2021, and there are no signs that ransomware activity will fall in 2021. In fact, the situation may even get worse before it gets better. As long as ransomware attacks continue to be profitable, the attacks will continue. What businesses need to do is make sure they take steps to block attacks, identify them quickly when they do occur, and make sure they have a plan in place to help them recover quickly should disaster strike.

Some of the important steps to take to prevent, detect, and limit the severity of an attack are summarized below:

Prevention

With so many methods of deploying ransomware, there is no single solution that will prevent all attacks. You should therefore consider the following:

  • Implement an advanced spam filter with best of breed protection against malware and ransomware, that uses signature-based detection to block known ransomware variants and sandboxing to identify new threats.
  • Ensure patches are applied promptly and software is updated quickly to the latest version.
  • Train your staff how to recognize email-based threats and provide general security training to eliminate risky behaviors.
  • Stay up to date on the latest threat intelligence and take proactive steps to address threats.
  • Use a web filtering solution to block access to risky and malicious websites to prevent downloads of ransomware from the Internet.
  • Enforce the use of strong passwords to prevent brute force attacks.
  • Implement multi-factor authentication wherever possible.

Detection

If you can detect unauthorized accessing of your systems in real time, you may be able to block an attack before ransomware is deployed. Many threat actors spend time moving laterally to identify as many devices as possible before conducting an attack and they will attempt to find and exfiltrate data, which provides a window to detect and block the attack. You should implement a monitoring system in place that generates alerts when suspicious activity is detected and, ideally, one that can automatically remediate attacks when they are detected. Many attacks occur at the weekend and public holidays when monitoring by IT teams is likely to be reduced so consider the mechanisms you have in place when staffing levels are lower.

Remediation

You may not be able to block an attack, but you can prepare and limit the damage caused. First and foremost, backup your data as you do not want to be at the mercy of the attackers. Ensure a backup is stored in a location that cannot be accessed from the network where the data resides, store a copy of a backup on a non-networked device, and ensure backups are performed regularly and are checked to make sure data can be recovered.

You should also create a disaster recovery plan that can kick into action as soon as an attack occurs to make sure your business can continue to function until the attack is fully mitigated.

Advanced Cybersecurity Defenses Needed to Combat New Phishing and Malware Campaigns

Cybercriminals are using an increasing range of tactics, techniques and procedures to fool the unwary into disclosing their credentials or installing malware, which is making it hard for end users to distinguish between genuine and malicious messages.

It is common for cybercriminals to purchase lookalike domains for use in phishing scams and for distributing malware. Oftentimes the domains purchased are very similar to the domains they impersonate, aside from one or two changed letters.

For instance, the letters v v could be used in place of a w for a domain spoofing Wal-Mart – e.g. VVal-Mart. In internationalized domain name (IDN) homograph attacks, aka script spoofing, Greek, Latin, and Cyrillic letters are used in domains instead of standard letters. This can lead to domains being almost indistinguishable from the domains they are spoofing, especially since the web pages hosted on those domains include the logos and color schemes used on the official websites.

FBI Warns of Use of Spoofed FBI Domains

Recently the Federal Bureau of Investigation (FBI) issued a warning following the discovery that many FBI-related domain names have been purchased that closely resemble official FBI websites. While these domains are not believed to have been used for malicious purposes to date, it is probable that the individuals registering these domains were intending to use them in phishing attacks, for distributing malware, or for disinformation campaigns. The domains include fbidefense.com, fbimaryland, fbi-ny, fib.ca, fbi-intel.com, fbi.systems, and fbi.health.

These domains can be used to host phishing kits or exploit kits, but the domains can be used to create official-looking email addresses. An email from one of these domains, that has the FBI in the name, could easily scare someone into taking an action demand in the email, such as disclosing their login credentials or opening a malicious email attachment.

Legitimate Cloud Services Leveraged in Sophisticated Phishing Attacks

There have also been phishing campaigns detected in recent weeks that use legitimate cloud services to mask the malicious nature of the emails. Campaigns have been detected that use links to Google Forms, Google Docs, Dropbox, and cloud services from Amazon and Oracle. Emails are sent that include fake notifications with links to these cloud services; however, once the link is clicked, the user is taken through a series of redirects to a malicious website hosting fake Office 365 login prompts that steal credentials.

Several of these campaigns involved checks to make sure the recipient is a real person, with automated responses directed to official domains to prevent analysis. Phishers are also continuing to use typosquatting – the name given to the use of domains with natural typographical errors – to catch out careless typists.

Sophisticated Campaigns Call for Sophisticated Cybersecurity Defenses

The sophisticated nature of today’s phishing and malware campaigns, together with cybercriminals’ constantly changing tactics, techniques, and procedures, mean it is becoming harder for end users to distinguish between genuine and malicious emails. End user security awareness training is still important, but it has never been more important to have effective technical solutions in place to ensure that these threats are identified and blocked before any harm is caused.

The first line of defense against phishing is an email security gateway solution through which all emails need to pass before they reach inboxes. These solutions need to use a range of advanced mechanisms for identifying malicious and suspicious emails, so should one mechanism fail to identify a malicious email, others are in place to provide protection.

SpamTitan from TitanHQ is one such solution that incorporates many layers of protection to detect and block phishing and malware attacks via email. Checks are performed on the message headers, content is analyzed, and machine learning is incorporated to identify never before seen threats, in addition to blacklisting of known malicious email addresses and domains. To block malware threats, SpamTitan uses dual anti-virus engines to block known threats and sandboxing to identify and block zero-day malware threats. Working seamlessly together, these mechanisms will block 99.97% of malicious messages.

An additional anti-phishing solution that you may not have considered is a web filtering solution. Web filters are important for blocking the web-based component of phishing attacks and preventing individuals from visiting sites used for malware delivery. A web filter can also block redirects to malicious websites that hide behind links to legitimate cloud services.

WebTitan from TitanHQ is a smart, DNS-based web filtering solution that uses automation and advanced analytics to block emerging phishing and other malicious URLs, not just those that have been already used in attacks and have been added to blacklists. Through the use of AI-based technology, WebTitan can provide protection from zero-minute threats.

Advanced cybersecurity defenses do not need to be complicated for end users to use. Both SpamTitan and WebTitan have been developed to be easy to implement, use, and maintain. While they incorporate all the required protections and allow advanced users to drill down and analyze threats, they can also easily be used to protect networks and devices by users with little technical skill. The ease of implementation, use, and maintenance together with the superb threat protection are why the solutions are consistently rated so highly on review sites such as Capterra, GetApp, Software Advice, and on Google Reviews.

To improve your defenses against cybersecurity threats delivered via email and via the web, give the TitanHQ a team a call today and find out more about SpamTitan Email Security and WebTitan DNS filtering.