Whereas news about Internet security often focuses solely on the latest threats or vulnerabilities, in addition to reporting hacks, data breaches and exposures, we also include advice about the best practices organizations should adopt to mitigate the threat from malware and other malicious software.
Consequently we strongly advise that individuals and organizations never use the same passwords for different accounts, make passwords as complex as possible and change them frequently. We also recommend that sensitive online accounts have 2-factor authentication whenever possible.
Ideally, organizations should implement a web filter to prevent Internet users from accessing websites that could compromise Internet security. With a web filter in place, the potential exists for productivity to increase and also for employees to enjoy a hostility-free workplace environment.
A malvertising campaign has been detected that delivers two forms of malware: The new, previously unknown Vidar information stealer and subsequently, the latest version of GandCrab ransomware.
The packaging of multiple malware variants is nothing new of course, but it has become increasingly common for ransomware to be paired with information stealers. RAA ransomware has been paired with the Pony stealer, njRAT and Lime ransomware were used together, and Reveton ransomware is used in conjunction with password stealers.
These double-whammy attacks help threat actors increase profits. Not everyone pays a ransom, so infecting them with an information stealer can make all infections profitable. In many cases, information can be obtained and sold on or misused and a ransom payment can also be obtained.
The latest campaign uses the Vidar information stealer to steal sensitive information from a victim’s device. The Vidar information stealer is used to obtain system information, documents, browser histories, cookies, and coins from cryptocurrency wallets. Vidar can also obtain data from 2FA software, intercept text messages, take screenshots, and steal passwords and credit/debit card information stored in browsers. The information is then packaged into a zip file and sent back to the attackers’ C2 server.
The Vidar information stealer is customizable and allows threat actors to specify the types of data they are interested in. It can be purchased on darknet sites for around $700 and is supplied with an easy to use interface that allows the attacker to keep track of victims, identify those of most interest, find out the types of data extracted, and send further commands.
Vidar also acts as a malware dropper and has been used to deliver GandCrab ransomware v5.04 – The latest version of the ransomware for which no free decryptor exists.
While many ransomware variants are delivered via spam email or are installed after access to systems is gained using brute force tactics on RDP, this campaign delivers the malicious payload through malvertising that directs traffic to a websites hosting the Fallout or GrandSoft exploit kits. Those EKs exploits unpatched vulnerabilities in Internet Explorer and Flash Player. The campaign targets users of P2P file sharing sites and streaming sites that attract large amounts of traffic.
Infection with the Vidar information stealer may go undetected. New malware variants such as this may be installed before AV software malware signatures are updated, by which time highly sensitive information may have been stolen, sold on, and misused. If GandCrab ransomware executes, files will be permanently encrypted unless a ransom is paid or files can be recovered from backups.
Businesses can protect against attacks such as these by ensuring that all operating systems and software are promptly patched. Drive-by downloads will not occur if the exploits for vulnerabilities used by the exploit kit are not present.
An additional, important protection is a web filter. Web filters prevent users from visiting websites known to host exploit kits and also sites that commonly host malicious adverts – torrents sites for instance. By carefully controlling the sites that employees can access, businesses can add an extra layer of protection while avoiding legal liability from illegal file downloads and improving productivity by blocking access to non-work-related websites.
For further information on web filters for businesses and MSPs, contact the TitanHQ team today.
New figures released by anti-virus firms McAfee and Symantec have shown the extent to which hackers are using cryptocurrency mining malware in attacks on consumers and businesses.
Cryptocurrency mining malware hijacks system resources and uses the processing power of infected computers to mine cryptocurrencies – Validating transactions so they can be added to the blockchain public ledger. This is achieved by solving difficult computational problems. The first person to solve the problem is rewarded with a small payment.
For cryptocurrency mining to be profitable, a lot of processing power is required. Using one computer for mining cryptocurrency will generate a few cents to a few dollars a day; however, hackers who infect thousands of computers and use them for cryptocurrency mining can generate significant profits for little work.
The use of cryptocurrency mining malware has increased considerably since Q4, 2017 when the value of Bitcoin and other cryptocurrencies started to soar. The popularity of cryptocurrency mining malware has continued to grow steadily in 2018. Figures from McAfee suggest cryptocurrency mining malware has grown by 4,000% in 2018.
McAfee identified 500,000 new coin mining malware in the final quarter of 2017. In the final quarter of 2018, the figure had increased to 4 million. Figures from Symantec similarly show the scale of the problem. In July 2018, Symantec blocked 5 million cryptojacking events. In December, the firm blocked 8 million.
There are many different ways of infecting end users. Hackers are exploiting unpatched vulnerabilities to silently download the malware. They package coin mining malware with legitimate software, such as the open-source media player Kodi, and upload the software to unofficial repositories.
One of the easiest and most common ways of installing the malware is through email. Spam emails are sent containing a hyperlink which directs users to a website where the malware is silently downloaded. Links are similarly distributed through messaging platforms such as Slack, Discord, and Telegram. One campaign using these messaging platforms included links to a site that offered software that claimed to fix coin mining malware infections. Running the fake software installer executed code on the computer which silently downloaded the malware payload.
Unlike ransomware, which causes immediate disruption, the presence of cryptocurrency mining malware may not be noticed for some time. Computers infected with coin mining malware will slow down considerably. There will be increased energy usage, batteries on portable devices will be quickly drained, and some devices may overheat. Permanent damage to computers is a possibility.
The slowdown of computers can have a major impact for businesses and can result in a significant drop in productivity if large numbers of devices are infected. Businesses that have transitioned to cloud computing that are charged for CPU usage can see their cloud bills soar.
Anti-virus software can detect known coin mining malware, but new malware variants will be unlikely to be detected. With so many new malware variants now being released, AV software alone will not be effective. It is therefore important to block the malware at source. Spam filters, such as SpamTitan, will help to prevent malicious emails from reaching end users’ inboxes. Web filters, such as WebTitan, prevent users from accessing infected websites, unofficial software repositories, and websites with coin-mining code installed that uses CPU power through browser sessions.
Managed Service Providers can spend a significant amount of time dealing with phishing attacks and other security breaches. While MSPs provide an invaluable service and help their clients deal with cyberattacks, by providing security services, MSPs can not only protect their clients and prevent attacks, but also save themselves a considerable amount of time and improve their bottom lines.
The Devastating Consequences of an SMB Cyberattack
Successful cyberattacks on businesses can be catastrophic. The average cost of a data breach has now risen to $3.86 million, according to the Ponemon Institute. Such a high cost means many SMBs struggle to stay in business following a major breach.
A data breach can cause a significant drop in share price. While many businesses see share prices return to near pre-breach levels around 6 months after a major breach, many SMBs do not survive that long. Figures from the National Cyber Security Alliance show that up to 60% of SMBs permanently close their doors within 6 months of suffering a data breach.
Not only do businesses have to cover the cost of remediating a breach, they can lose market share which can be difficult to recover. Customers can also be very unforgiving. If customers’ personal information is exposed as a result of a data breach, the loss of business can be considerable. The damage caused to the reputation of a business by a cyberattack can take a very long time to repair.
Many SMBs believe they are too small to be worth hacking, yet the National Cyber Security Alliance’s figures show that is far from the case. 70% of cyberattacks target small businesses, and while not all of those attempts are successful, nearly 50% of SMBs around the globe report that they have experienced at least one successful cyberattack.
Cybersecurity Solutions for MSPs
MSPs that start offering cybersecurity to their clients can prevent the majority of these cyberattacks, providing the right solutions are chosen. Businesses will naturally need a robust firewall to prevent direct attacks, but many attackers are able to bypass this perimeter control by targeting the weakest link in security: Employees.
Cybercriminals are able to bypass perimeter controls by sending phishing emails to employees. Two recent examples have clearly demonstrated this. The San Diego School District discovered a hacker had gained access to its network and a database of 500,000 staff and student records with phishing emails. 50 email accounts were compromised in that attack. Cape Cod Community College also experienced a phishing attack targeting the finance department, the end result of which was fraudulent transfers being made to criminal-controlled bank accounts totaling more than $800,000. End user training could have made all the difference, as could an advanced spam filtering solution – both of which could easily be provided by MSPs.
Why Web Filtering Should be Part of Your Security Stack
Email security is an area often lacking at SMBs, even though email is the most common attack vector. Web-based attacks are also common, and this is an area where many SMBs are particularly vulnerable. This is another area where MSPs can help improve security.
Web filtering is often overlooked as traditionally this has been a security control that is difficult for MSPs to implement. Appliance-based filters require hardware purchases and site visits. Standard web filters require content to be downloaded before access is blocked and that they can cause major latency problems. DNS filtering solves these problems. Since filtering takes place at the DNS level, controls are applied before any content is downloaded and latency issued are avoided and web-based threats are blocked at source. Since there is no need for hardware to be purchased, it is cost effective for most businesses to implement. There are also no software downloads and deploying the solution is a quick and easy Process. Everything can be set up remotely in a matter of minutes and clients can be protected from malware attacks, phishing, and ransomware downloads while also controlling content and blocking illegal and unacceptable web activity.
WebTitan: MSP-Friendly Web Filtering to Protect Wired and Wireless Networks
In contrast to many DNS-based web filtering solutions, WebTitan has been developed to meet the needs of MSPs. One of the main problems with most DNS-based web filters for MSPs is the inability to add MSP branding. It is abundantly clear it is a third-party solution.
WebTitan can be totally rebranded, allowing MSPs to add their own logos and reinforce their brand image. WebTitan can be hosted on TitanHQ’s servers or within an MSPs own environment. WebTitan also has a well-established channel program and offers special pricing packages specifically for MSPs with generous margins and monthly billing. No other web filtering solution is as MSP friendly.
Other key features of WebTitan include:
Highly granular filtering controls: Filter by category, content, and keyword
Supports whitelists and blacklists
Intuitive control panel requiring no user training
Highly scalable solution with virtually no upper limit on number of clients or users
Embedded malware filter supported by dual AV engines
Extensive reporting suite and ability to brand and schedule client reports
Real time view of web activity
Remote management and monitoring via APIs and easy integration into billing and auto-provisioning systems
Flexible polices for different environments and users
Protection for wired and WiFi networks
Ability to provision new clients in minutes
Full product available on a free trial
Industry leading customer support
For further information on TitanHQ’s cybersecurity solutions for MSPs including WebTitan Cloud, WebTitan Cloud for WiFi, and the TitanHQ spam filter, SpamTitan Cloud, contact the MSP Alliance Team today.
Local authorities and private sector bus companies are now adding Wi-Fi services to their bus fleets, but without appropriate Wi-Fi security for busses, bus fleet operators can run into problems.
There is no doubt that Wi-Fi is a big hit with passengers, especially for long distance travel. Business commuters can connect to email and their work network without having to use their own data and all passengers can enjoy a variety of digital entertainment, such as Internet-based games, online crosswords, YouTube videos, or all manner of Internet based applications, all without eating into their monthly data allowance.
In locations where people have a choice of different transport, the provision of a reliable Wi-Fi network can be a big attraction that can win more business.
Wi-Fi Security for Busses
There are some considerations when providing Wi-Fi on busses. Wi-Fi security for busses is important to ensure that the Wi-Fi network cannot be used for malicious purposes. Over the summer, it was clearly demonstrated how this can easily happen. A hacker was able to hack into the Wi-Fi network on planes and view the Internet activity of passengers, as well as gain access to other important devices on airplanes – All from the ground.
Appropriate Wi-Fi security for busses should be implemented to protect the privacy of passengers, but also to ensure they can use the Wi-Fi network safely. Bus companies should be taking steps to protect passengers from harmful content, such as sites hosting malware and phishing websites.
Content Control for Busses
A third-party Wi-Fi network offers anonymity and some users take advantage and access types of content that they would not access on their home networks. Bus fleet operators have a responsibility to block illegal activity on their Wi-Fi networks.
If a passenger accesses adult content on the Wi-Fi network of a bus, there is a risk that other passengers will catch a glimpse of the screen and children could be exposed to obscene content. It is the responsibility of bus fleet operators to implement content controls to prevent passengers from accessing inappropriate content.
Controlling Bandwidth Use on Busses
There is also the issue of bandwidth. Ensuring all users have decent bandwidth and can connect to the network and enjoy reasonable Internet speeds comes at a cost. If several passengers are using applications or visiting websites that require a considerable amount of bandwidth, that will naturally have an impact on other users of the Wi-Fi network. Limiting what users can do while connected to Wi-Fi networks can save bandwidth and costs. Preventing, or restricting, high bandwidth applications such as video streaming, online games such as Fortnite, and large file downloads can help to conserve bandwidth.
DNS-Level Content Filtering
All of the above issues can be easily solved with a single, cost effective solution – A web filter. A web filter allows network administrators to carefully control what users can do online. It offers both content control and Wi-Fi security for busses by blocking access to illegal content, preventing malware downloads, and offering protection from phishing. Categories of web content can be blocked to create a family-friendly Wi-Fi network and control bandwidth use.
Traditional web filters require an appliance through which Internet traffic is routed. This is a costly way of adding Wi-Fi security for busses. A DNS-level filter on the other hand is a low cost, flexible solution that serves the same purpose. When a user connects to the Wi-Fi network, the DNS process sends domain names to the name server and the name server returns the IP address associated with the application server. When content is filtered at the DNS level, no software needs to be downloaded and no appliances need to be purchased.
Not only do DNS-level filters offer excellent Wi-Fi security for busses, they also save on bandwidth as content is not downloaded before the decision is taken to block the content.
WebTitan Cloud for Wi-Fi – Content Filtering and Wi-Fi Security for Busses
WebTitan Cloud for Wi-Fi is an ideal web filtering solution for bus fleets. Since it is DNS-based it is easy to implement, highly scalable, and is cost-effective to set up and run. WebTitan Cloud for Wi-Fi can protect entire bus fleets, in multiple cities, and licenses can be easily scaled up and down to meet bus operators’ needs.
Some of the key features of WebTitan Cloud for Wi-Fi are detailed below:
No hardware purchases or software downloads required
No patching or software updates required
Protects multiple Wi-Fi routers from a single, web-based administration control panel
Protects against malware with dual anti-virus engines
Protects users from phishing and other malicious websites
Allows network administrators to protect the Wi-Fi network from unauthorized users
Highly granular controls allow precise content control without overblocking content
Block content by category with a single click
No latency – Internet speeds are unaffected
Supports static and dynamic IPs
Supports whitelists and blacklists
No restriction on bandwidth, number of devices, or the number of hotspots
Full suite of reports gives network administrators full visibility into their Wi-Fi networks and user activity
If you are looking to improve Wi-Fi security for busses and want to implement content controls to keep your Wi-Fi networks family-friendly, contact TitanHQ today for further information on WebTitan Cloud for Wi-Fi.
Many businesses now offer their customers free access to their Wi-Fi networks, but if guest Wi-Fi best practices are not followed, opening up Wi-Fi networks to guest users is not without risk. You may have provided security awareness training to your employees, but guest users are unlikely to be as careful while connected to your network. Customers and guests may accidentally download malware or visit malicious websites, or even engage in illegal activities due to the anonymity offered by someone else’s Wi-Fi network.
If guest Wi-Fi best practices are not followed, there will be people that take advantage of your lax security. They could launch an attack on your business network, explore your network assets, change router settings, or even gain access to confidential data.
If you run a hotel, restaurant, shop, or another business that provides Wi-Fi access to customers, it is important to create a safe browsing environment for all Wi-Fi users and take steps to secure your access points and control the activities that users can engage in while connected.
Guest Wi-Fi Best Practices for Hotspot Providers
Create A Separate Wi-Fi Network for Guests and Employees
You will no doubt have a Wi-Fi network that is used by your employees. It is important that this is totally separate from the one used by guests and customers. Guest users should access a totally separate network. Ideally, there should be a network firewall that separates guest users from employees. If you use enterprise switches, create a separate VLAN for access points that broadcast the guest wireless SSID. Also make sure you use a software firewall to block traffic from the guest network from your company’s servers and computers. Also make sure guest users can only access the Internet while connected.
Naming Your SSID
An SSID is the name you give to your Wi-Fi network that identifies it as belonging to your business. Care should be taken when choosing a name. Your choice should depend on the nature of your business and who the Wi-Fi network serves. If you run a coffee shop, for instance, you should make it clear which is your Wi-Fi network and prominently display that information. That will make it harder for rogue hotspots to be created to fool customers into connecting to an evil twin – A hotspot set up and controlled by a hacker to fool customers into connecting in the belief it is your hotspot.
Encrypt your Wireless Signals
Unsecured Wi-Fi networks may be easier to set up and use, but they also allow anyone within range to connect, even if they are not in your establishment. To connect, it should be necessary for a password to be entered. You should also encrypt your wireless network to make it harder for hackers to intercept users’ data. Secure your wireless network with WPA2 encryption or, even better, WPA3 if it is supported by your access point.
Create a Safe Browsing Experience and Control the Internet Content That Can be Accessed
You should develop and implement a guest Wi-Fi access policy covering what is and is not permitted on your Wi-Fi network. You should also enforce that policy with technical controls. A cloud-based web filter is ideal for this.
It is easy to deploy and configure and will allow you to carefully control the content that can be accessed while connected. You should block access to known malicious sites and illegal web content through blacklists. Category based filters are useful for blocking access to inappropriate content such as pornography and restricting bandwidth-heavy activities that can slow down Internet speeds for all users. By filtering content, not only will you keep your Wi-Fi users protected, you will also reduce legal liability and ensure that your Wi-Fi network is family friendly.
Adopt these guest Wi-Fi best practices to improve safety and security, keep your customers protected, and make it harder for cybercriminals to attack your network or your guest users.
It’s the time of year when the poor password practices of users are highlighted. This month has seen the list of the worst passwords of 2018 published and a list of 2018’s worst password offenders.
The Worst Passwords of 2018
So, what were the worst passwords of 2018? SplashData has recently published a list of the worst passwords of 2018 which shows little has changed since last year. End users are still making very poor password choices.
To compile the list, SplashData analyzed passwords that had been revealed through data dumps of passwords obtained in data breaches. More than 5 million exposed passwords were sorted to find out not only the weakest passwords used, but just how common they were. The list of the top 100 worst passwords of 2018 was published, although we have only listed the top 25 worst passwords of 2018:
Unsurprisingly, there has been no change in the top two passwords this year. 123456 and password have held number 1 and 2 spots for the past five years. Donald is a new addition but would not keep a user’s account secure for long, even if their name isn’t Donald. 654321 is also new this year but offers little more protection than 123456.
Other new entries include qwerty123 and password1 – Clear attempts to get around the requirement of including numbers and letters in a password.
How common are the worst passwords of 2018? According to SplashData, 3% of users have used 123456 and 10% of people have used at least one password in the list of the top 25 worst passwords of 2018!
Poor Password Practices and the Worst Password Offenders of 2018
DashLane has published its list of the worst password offenders of the year. In addition to the list containing users who have made very poor password choices by selecting some of the worst passwords of 2018, the report highlights some of the terrible password practices that many individuals are guilty of. Poor password practices that render their passwords absolutely useless.
This year has seen many major password failures, several of which came from the White House, where security is critical. Topping the list was a password faux pas by a visitor to the oval office – Kanye West. Not only was ‘Ye’ guilty of using one of the worst possible passwords on his phone ‘000000’, he also unlocked his phone in full view of an office full of reporters who were filming his meeting with President Trump. Ye’s poor password was broadcast to the nation (and around the world). This incident highlights the issue of ‘shoulder surfing.’ Looking over someone’s shoulder at their screen to see passwords being entered. Something that can easily happen in public places.
Another White House password failure concerned a staffer who committed the cardinal password sin of writing down a username and password to make it easier to remember. It is something that many employees do, but most do not write it on White House stationary and then leave the document at a bus stop.
Password security should be exemplary at the White House, but even more so at the Pentagon. Even staff at the Pentagon are guilty of poor password hygiene, as was discovered by Government Accountability Office (GAO) auditors. GAO auditors discovered default passwords were used for software associated with weapons systems. Default passwords are publicly available online which renders them totally useless. GAO auditors were also able to guess admin passwords with full privileges in only 9 seconds.
These are just three examples of terrible password practices. While they are shocking given the individuals concerned, they are sadly all too common.
Password Best Practices to Keep Accounts Secure
A password prevents other individuals from gaining access to an account and the sensitive information contained therein. Choose a strong password or passphrase and it will help to make sure that personal (or business) information remains confidential. Choose a weak password and an account can easily get hacked. Choose an exceptionally weak password and you may as well have no password at all.
To ensure passwords are effective, make sure you adopt the password best practices detailed below:
Make sure you set a password – Never leave any account open
Always change default passwords – They are just placeholders and are next to useless
Never reuse old passwords
Use a unique password for all accounts – Never use the same password for multiple accounts
Do not use names, dictionary words, or strings of consecutive numbers or letters
Ensure passwords are longer than 8 characters and contain at least one number, lowercase letter, uppercase letter, and a symbol – Long passphrases that are known only to you are ideal
Use a random mix of characters for passwords and use a password manager so you don’t have to remember them. Just make sure you set a very strong password for your password manager master password.
Set up multi-factor authentication on all of your accounts
Never write down a password
Never share passwords with others, no matter how much you trust them
Password Best Practices for Businesses
Verizon’s 2018 Data Breach Investigations Report revealed 81% of hacking-related data breaches were due to weak passwords or stolen credentials. It is therefore critical that businesses adopt password best practices and ensure users practice good password hygiene. Businesses need to:
Train end users on good password hygiene and password best practices
Enforce the use of strong passwords: Blacklist dictionary words, previously exposed passwords, previously used passwords, and commonly used weak passwords
Set the minimum password length to 8 characters (or more) and avoid setting a maximum length to encourage the use of passphrases.
Follow the password advice published by the National Institute of Standards and Technology (NIST)
Don’t enforce password changes too often. End users will just reuse old passwords or make very minor changes to past passwords.
Implement multi-factor authentication
Encrypt all stored passwords
Consider the use of other authentication methods – Fingerprint scanners, facial recognition software, voice prints, or iris scans
There has been much debate over the use of web filters for libraries. On one side are those that believe that as places of learning, there should be no restrictions placed on the types of information that can be accessed through libraries. Libraries house books that are sexually explicit, racist, or contain material some may find distasteful or offensive, but banning those books would be inappropriate.
That same thinking has been applied to the Internet, access to which is often provided in libraries. The application of a web filter to block certain types of content is viewed as unacceptable by some people, even if as a result of a lack of technical controls library computers are used to access hardcore pornography. The American Library Association does not advocate the use of web filters for libraries, instead suggesting acceptable usage policies and educational programs are more appropriate.
The other camp considers the use of web filters in libraries to be a necessity to ensure libraries can be used by children and adults without others subjecting them to obscene and potentially harmful web content. Acceptable usage policies only discourage users from accessing pornography. Policies do not prevent such activities.
New Hampshire Library Considers Using Web Filtering Technology to Block Porn
The use of public library computers for viewing offensive sexual content is common. There have been many cases of library patrons discovering other users accessing adult content on computers in full sight of other users, as was recently the case at the Lebanon Public Library in New Hampshire.
A complaint was made to Lebanon Public Library about two children (of middle school age) who are alleged to have used the library computers to access pornography. Jim Vanier, youth center coordinator for the Carter Community Building Association, overheard the children discussing pornography at the computers, although they denied accessing adult content.
Vanier’s complaint prompted the Library Board of Trustees to form a task force to investigate current internet usage policies and the task force will consider whether a web filter is appropriate for the library.
While web filters for libraries are available to prevent obscene videos and images from being accessed, relatively few libraries have started implementing even the most basic content controls. The Children’s Internet Protection Act requires the use of web filters in libraries and schools, but only as a condition to obtain e-rate discounts and federal grants. In order to qualify for funds, obscene images, child pornography, and other information deemed harmful to minors must be blocked.
The municipal libraries in Lebanon have taken steps to curb Internet misuse and have introduced policies that prohibit computers from being used for any disruptive or inappropriate behavior, including the viewing of images of a pornographic nature. However, policies alone are insufficient to prevent all cases of inappropriate Internet use.
The reason why many libraries choose not to apply filters is often because web filters for libraries are not perfect, and as a result, they could filter out unintended content.
Accuracy of Content Blocking by Web Filters for Libraries
While there have been issues with web filters for libraries overblocking content in the past, there have been major advances in web filtering technology over the past 10 years. Web filters can now more accurately assess and categorize content.
WebTitan Cloud, for instance, has highly granular controls and allows libraries to carefully control the content that can be accessed without overblocking.
While there is potential for user error when setting policies, WebTitan Cloud solves this issue by having an easy to use user interface that requires no technical skill to use. This helps to eliminate user error that often leads to overblocking of web content.
With WebTitan Cloud, libraries can easily filter out pornography, child pornography, and other obscene and harmful content to comply with CIPA and meet parents’ expectations without restricting access to valuable, educational websites.
WebTitan Cloud also blocks access to websites that host malware to prevent malicious software from being downloaded onto library computers, as well as blocking a wide range of Internet threats such as phishing.
WebTitan Cloud – An Accurate and Easy to Use Web Filter for Libraries
WebTitan Cloud is an ideal web filter for libraries. It is 100% cloud-based so not costly hardware purchases are required. It is easy to implement, simple to use, and allows Internet content to be carefully controlled without blocking access to valuable educational material.
Some of the key features in TitanHQ’s web filters for libraries have been detailed below:
WebTitan Cloud Features
Highly granular controls to allow precise filtering of Internet content
Unmatched combination of coverage, accuracy, and flexibility
Real-time classification of more than 500 million websites and 6 billion web pages in 200 languages
100% coverage of the Alexa 1 million most visited websites
Easy to use interface requiring no technical skill
100% cloud-based filtering – No hardware purchases or software downloads required
Supports Safe Search and YouTube for Schools
Supports whitelists and blacklists for creating exceptions to allow/block content outside general policy controls
Category-based filtering allows blocking through 53 pre-defined website categories and 10 customizable categories
Customizable block pages
Supports time-controlled cloud keys to allow certain users to bypass filtering controls – for research purposes for instance
Provides full visibility into network usage
Full reporting suite including real-time Internet activity
For further information on TitanHQ’s web filter for libraries, to arrange a product demonstration, and to register for a free trial to evaluate WebTitan Cloud in your own environment, contact the TitanHQ team today.
Are you looking for a Cisco OpenDNS alternative that is both easier to use and much more cost effective? On Wednesday December 5, 2018, you can discover how you can save money on web filtering without cutting any corners on protection.
A web filter is now an essential cybersecurity solution to protect against web-based threats such as phishing, viruses, malware, ransomware, and botnets. A web filter also allows businesses to carefully control the online activities of employees by restricting access to NSFW web content such as pornography and curb productivity-draining Internet use.
In addition to offering threat protection and content control on wired networks, a DNS-based web filter offers protection for BYOD and company owned devices regardless where they connect to the Internet. Multiple locations can be protected through a central web-based console.
A DNS-based web filter is cost effective to implement as no hardware purchases are required and no software needs to be installed. A DNS-based filter is also easy to maintenance and requires no software updates or patches.
With DNS-based filters, content control and online threat protection is simple; but what about cost? Many businesses have looked at Cisco OpenDNS to meet their web filtering requirements but are put off due to the high cost. Fortunately, there is a more cost-effective way of filtering the Internet.
TitanHQ and Celestix are hosting a webinar on a WebTitan-powered Cisco OpenDNS alternative, Celestix WebFilter Cloud.
Celestix will be joined by by TitanHQ EVP of Strategic Alliances, Rocco Donnino, and Senior Sales Engineer, Derek Higgins, who will explain how Celestix WebFilter Cloud works, why it is an ideal Cisco OpenDNS alternative, and how you can have total protection against web-based threats at a fraction of the cost of running OpenDNS.
The webinar will be taking place on Wednesday December 5, 2018 at 10:00 AM US Pacific Time
A massive Marriott data breach has been detected which could affect as many as 500 million individuals who previously made bookings at Starwood Hotels and Resorts. While the data breach is not the largest ever reported – The 2013 Yahoo breach exposed around 3 billion records – it shares second place with the 2014 Yahoo data breach that also impacted around half a billion individuals.
Largest Ever Hotel Data Breach
The Marriott data breach may not have affected as many people as the 2013 Yahoo data breach but due to the types of information stolen it is arguably more serious. Approximately 173 million individuals have had their name, mailing address, email address stolen and around 327 million individuals have had a combination of their name, address, phone number, email address, date of birth, gender, passport number, booking data, arrival and departure dates, and Starwood Guest Program (SPG) account numbers stolen. Further, Marriott also believes credit card details may have been stolen. While the credit card numbers were encrypted, Marriott cannot say for certain whether the two pieces of information required to decrypt the credit card numbers was also obtained by the hacker.
In addition to past guests at Starwood Hotels and Resorts and Starwood-branded timeshare properties, guests at Sheraton Hotels & Resorts, Westin Hotels & Resorts, W Hotels, St. Regis, Aloft Hotels, Element Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, and Four Points by Sheraton have been affected, along with guests at Design Hotels that participate in SPG program.
The data breach was detected by Marriott on September 8, 2018, following an attempt by an unauthorized individual to access the Starwood database. The investigation revealed the hacker behind the attack first gained access to the Starwood database in 2014. It is currently unclear how access to the database was gained.
The Marriott hotels data breach is naturally serious and will prove costly for the hotel group. Marriott has already committed to offering U.S. based victims free enrollment in WebWatcher, has paid for third party experts to investigate and help mitigate the data breach, and the hotel group will be bolstering its security and phasing out Starwood systems.
Even though the Marriott hotels data breach has only just been announced, two class action lawsuits have already been filed. One of the lawsuits seeks damages totaling $12.5 billion – $25 per breach victim.
There is also a possibility of a E.U. General Data Protection Regulation (GDPR) fine. Fines of up to €20 million are possible, or 4% of global annual turnover, whichever is greater. That could place Marriott at risk of a $916 million (€807 million) fine. The UK’s Information Commissioner’s Office – the GDPR supervisory authority in the UK – has been notified of the breach and is making enquiries.
Harder to calculate is the damage to the Marriott brand. Share prices dropped by 8.7% following the Marriott data breach announcement, and they are currently around $5 down. While share prices will likely recovery over time, the breach will almost certainly result in loss of business.
Risk of Marriott Data Breach Related Phishing Attacks
Email notifications sent to breach victims by Marriott came from the domain: email-marriott.com. Rendition Infosec/FireEye researchers purchased the domains email-marriot.com and email.mariott.com shortly after the announcement to keep them out of the hands of scammers. Other similar domains may be purchased by less scrupulous individuals to be used for phishing.
A breach on this scale is also ideal for speculative phishing attempts that spoof the email domain used by Marriott. Mass email campaigns are likely to be sent randomly in the hope that they will reach breach victims or individuals that have previously stayed at a Marriott hotel or one of its associated brands.
Consequently, any email received that is related to the breach should be viewed as potentially malicious.
In 2016, Starbucks agreed to filter out pornography from its WiFi networks, but two years on and a Starbuck WiFi filter has yet to be applied anywhere other than the UK.
The 2016 promise came in response to public pressure to take action to prevent customers from abusing its free WiFi network to view pornography. While Starbucks had an acceptable use policy and prohibited the viewing of pornography on its WiFi network, there were no controls in place to prevent customers from accessing such content.
Leading the campaign for a Starbucks WiFi filter was the Internet safety group Enough is Enough. Back in 2016, as part of its Porn Free WiFi Campaign (since renamed SAFE WiFi Campaign) the group stepped up its efforts to convince big businesses to take the lead and implement filtering technology to enforce acceptable internet usage policies on their free WiFi networks. McDonalds and Starbucks were two such brands that were petitioned by the group – a coalition of 75 partner organizations.
More than 50,000 petitions were sent to Starbucks and McDonald’s in 2016, and in response, both agreed to start filtering pornographic web content on their WiFi networks. While McDonald’s acted quickly and started blocking adult content, the Starbucks WiFi filter failed to materialize. The coffee shop chain did implement a WiFi filter in its UK locations, but the Starbucks WiFi filter was not rolled out in other countries.
Since McDonalds took the lead and created a family-friendly free WiFi network, Chick-fil-A has followed suit and has implemented a WiFi filter in its 2,200 restaurants, as have many other restaurant and coffee shop chains. However, two years on and Starbucks has not made good on its promise. The lack of apparent action prompted Enough is Enough to issue a new call for the coffee shop chain to take action.
Enough is Enough Issues Fresh Call for Starbucks WiFi Filter Rollout
“Starbucks has had a tremendous opportunity to put its best foot forward in protecting its customers from images deemed obscene and illegal under the law, but they haven’t budged, despite their promise two years ago and despite the fact that they voluntarily filter this same content in the UK,” said Enough is Enough president and CEO, Donna Rice Hughes. “By breaking its commitment, Starbucks is keeping the doors wide open for convicted sex offenders and others to fly under the radar from law enforcement and use free, public WiFi services to access illegal child porn and hard-core pornography.”
Despite the promise, there has been little news issued on the Starbucks WiFi filter front. “To date, no action has taken place to suggest Starbucks has moved forward with its public commitment. EIE has made repeated attempts to reach out to Starbucks executives by phone, e-mail and certified mail since 2016. Starbucks has remained unresponsive with the exception of a form letter from customer relations,” explained Donna Rice Hughes on November 26, 2018.
Enough is Enough has called for members of the public to petition Starbucks once again and demand a WiFi filtering solution be applied to prevent customers from accessing inappropriate content in its coffee shops.
Starbucks has now confirmed to Business Insider that the chain has been taking action and has been evaluating WiFi filtering solutions to determine whether they can be applied to block access to pornography without inadvertently blocking other types of content. A solution has now been chosen at last and it will be rolled out in 2019.
WiFi Filtering Made Simple with WebTitan Cloud for WiFi
While web filters have been criticized in the past for overblocking web content, today, web filters such as TitanHQ’s WebTitan Cloud for WiFi allow fine control of Internet content thanks to highly granular controls. Blocking access to pornography, or any other category of Internet content, requires just a couple of clicks of a mouse.
WebTitan Cloud for WiFi includes 53 preset categories of Internet content that can be filtered out in seconds once the solution has been implemented. Implementing WebTitan Cloud for WiFi, configuring the filter, and protecting customers (and employees) takes just a few minutes. No hardware purchases are required, and no software downloads are necessary. Simply change the DNS to point to WebTitan and controls can easily be applied.
In addition to blocking pornography, illegal content such as child pornography and copyright-infringing file downloads via P2P file sharing sites and be blocked. WiFi users will also be protected from malicious sites that download malware, phishing websites, and other web-based threats.
WebTitan Cloud for WiFi is highly scalable and can be used to protect multiple WiFi access points, regardless of where they are located, through an easy-to-use web-based interface. With WebTitan Cloud for WiFi, filtering the Internet and protecting customers could not be any easier.
If you run a business and you offer your customers free, unfiltered WiFi access, now is the perfect time to make a change and send a message to your customers that you are leading the fight against online pornography and are taking action to protect customers by creating a family-friendly WiFi environment.
Contact TitanHQ today for more information, to book a product demonstration, or to sign up for a free WebTitan Cloud for WiFi trial.
Managed Service providers that want to start offering WiFi filtering to clients should contact the TitanHQ MSP Alliance team to find out how WebTitan (and other TitanHQ products) can be integrated into their security stacks.
Business email compromise (BEC) attacks cost businesses billions of dollars each year, and business email account compromises are soaring.
What is a Business Email Compromise Attack?
As the name suggests, these attacks involve the hijacking of business email accounts. The primary aim is to compromise the account of the CEO or CFO, which is usually achieved through a spear phishing attack. Once the email account has been compromised, it is used to send phishing emails to other employees in the company, most commonly, employees in the accounts, finance, and payroll departments.
The emails commonly request wire transfers be made to accounts under the control of the attackers. Requests are also made for sensitive information such as the W-2 Forms of employees.
Since the emails are sent from the CEO or CFO’s own account, there is a much higher chance of an employee responding to the request than to a standard phishing attempt from an external email address. Since the emails come from within an organization, they are also much harder to detect as malicious – a fact not lost on the scammers.
With access to the email account, it is much easier to craft convincing messages. The signature of the CEO can be copied along with their style of writing from sent messages. Email conversations can be started with employees and messages can be exchanged without the knowledge of the account holder.
Fraudulent transfers of tens or hundreds of thousands of dollars may be made and the W-2 Forms of the entire workforce can be obtained. The latter can be used to submit fake tax returns in victims’ names to obtain tax refunds. The profits for the attackers can be considerable, and with the potential for a massive payout, it is no surprise that these attacks are on the rise.
Business Email Account Compromises Have Increased by 284% in a Year
FBI figures in December 2016 suggest $5.3 billion had been lost to BEC scams since October 2013. That figure had now increased to $12.5 billion. More than 30,000 complaints of losses due to BEC attacks were reported to the FBI’s Internet Crime Complaints Center (IC3) between June 2016 and May 2018.
The specialist insurance service provider Beazley has been tracking business email account compromises. The firm’s figures show business email account compromises have increased each quarter since Q1, 2017. In the first quarter of 2017, 45 business email account compromises were detected. In Q2, 2018, 184 business email account compromises were detected. Between 2017 to 2018, there was a 284% increase in compromised business email accounts.
While the CEO’s email credentials are often sought, the credentials of lowlier employees are also valuable. Any email account credentials that can be obtained can be used for malicious purposes. Email accounts can be used to send phishing messages to other individuals in an organization, and to business contacts, vendors, and customers.
Beazley notes that once one account has been compromised, others will soon follow. When investigating business email account compromises, businesses often discover that multiple accounts have been compromised. Typically, a company is only aware of half the number of its compromised accounts.
The High Cost of Resolving Business Email Account Compromises
Business email account compromises can be extremely costly to resolve. Forensic investigators often need to be brought in to determine the full extent of the breach. Each breached email account must then be checked to determine what information has been compromised. While automated searches can be performed, manual checks are inevitable. For one client, the automated search revealed 350,000 document attachments had potentially been accessed, and each of those documents had to be checked manually to determine the information IT contained. The manual search alone cost the company $800,000.
How to Protect Your Organization from Business Email Compromise Attacks
A range of measures are required to protect against business email compromise attacks. An advanced spam and anti-phishing solution is required to prevent phishing and spear phishing emails from being delivered to inboxes.
SpamTitan is an easy-to-implement spam filtering solution that blocks advanced phishing and spear phishing attacks at source. In contrast to basic email filters, such as those incorporated into Office 365, SpamTitan uses heuristics, Bayesian analysis, and machine learning to identify highly sophisticated phishing attacks and new phishing tactics. These advanced techniques ensure more than 99.9% of spam and malicious messages are blocked.
The importance of security awareness training should not be underestimated. End users should be trained how to recognize phishing attempts. Training should be ongoing to ensure employees are made aware of current campaigns and new phishing tactics. Phishing simulation exercises should also be conducted to reinforce training and identify weak links.
Multi-factor authentication is important to prevent third parties from using stolen credentials to access accounts. If a login attempt is made from an unfamiliar location or unknown device, an additional form of identification is required to access the account.
Password policies should be enforced to ensure that employees set strong passwords or passphrases. This will reduce the potential for brute force and dictionary attacks. If Office 365 is used, connection to third party applications should be limited to make it harder for PowerShell to be used to access email accounts. A web filtering solution should also be implemented to block access to phishing accounts where email credentials are typically obtained.
Defense in depth is the key to protecting against BEC attacks. For more information about email and web security controls to block BEC attacks, give the TitanHQ team a call. Our experienced advisers will recommend the best spam and web filtering options to meet the needs of your business and can book a product demonstration and set you up for a free trial.
A massive malvertising campaign has been detected that has so far hijacked at least 300 million browser sessions in the space of just 48 hours.
What is Malvertising?
Malveristing is a method of generating traffic to websites that would otherwise be unlikely to be visited by Internet users. The technique involves using code in adverts submitted to advertising networks to redirect users to a specific website. Clicking a link in one of the adverts can trigger multiple redirects, first to the site detailed in the Ad code, then onto another web page.
Malvertising is often used to direct Internet users to malicious websites, such as those hosting exploit kits that probe for vulnerabilities and silently download malware or phishing websites, tech support scams, and other scam sites.
As spam filtering technology has improved, fewer spam emails are being delivered to inboxes, which means fewer individuals click links in emails and visit malicious websites. Malvertising is a suitable alternative that generates huge volumes of traffic.
Users Directed to Phishing Websites
The latest malvertising campaign is being used to direct Internet users to a variety of web pages, including adult websites and ‘You’ve Won a Gift Card’ scams.
Malvertising is nothing new and there are more than a dozen threat actors that are primarily using this method to generate traffic to web pages, but this campaign stands out due to its scale and the volume of visitors that have been redirected to malicious websites.
How to Protect Your Business from Malvertising Attacks
As with spam email, malvertising is a serious risk for businesses. The majority of businesses now use a spam filtering solution to prevent malicious messages from reaching inboxes, but fewer businesses have protections in place to prevent their employees from malvertising and other web-based attacks.
Anti-virus and anti-malware solutions may identify malware downloads that take place through these malicious websites, but usually only once the malware has been downloaded. Since most AV solutions are signature-based, if a new malware variant is downloaded it will not be detected.
The most effective way of blocking malvertising is a web filtering solution. A web filter is most commonly used to control the types of content that can be accessed by employees and serves a similar purpose to parental control software. However, in contrast to parental control solutions, enterprise class-web filtering solutions also prevent network users from accessing malicious websites such as those used for phishing and to distribute malware.
WebTitan Cloud – An Easy to Use, Powerful Web Filtering Solution
WebTitan Cloud is an enterprise-class web filtering solution that has been developed to offer protection against web-based attacks, including malvertising.
WebTitan Cloud is a 100% cloud-based web filtering solution. As such, it requires no hardware purchases or software downloads. Implementation is quick and easy and only takes a few minutes. No technical skill is required to start filtering the Internet and start protecting your business from web-based threats.
In addition to blocking access to malicious websites, WebTitan Cloud allows users to restrict internet activity through 53 category-based filters. More than 700 million URLs are crawled, analyzed, and categorized every day, and the solution provides 100% coverage of the Alexa top 1 million most visited websites and blocks more than 3 million malicious URLS at any one time. More than 7,500 businesses around the world trust WebTitan to protect them from malicious web content.
WebTitan Cloud is also an ideal web filtering solution for managed service providers (MSPs), allowing them to easily add web filtering to their security stacks. WebTitan Cloud comes with a variety of hosting options, including the option of hosting the solution within an MSP’s own data center. The solution can also be provided as a white-label ready to take MSP branding.
For further information on WebTitan Cloud for managed service providers and SMBs, details of pricing, and to book a product demonstration, contact the TitanHQ team today.
WiFi networks are a potential security weak point for businesses, although the introduction of WPA3 will improve Wi-Fi security. WPA3 Wi-Fi security enhancements address many WP2 vulnerabilities, but WPA3 alone is not enough to block all WiFi threats.
WiFi Security Protocols
The WPA WiFi security protocol was introduced in 1999, and while it improved security, cracking WPA security is far from difficult. Security enhancements were introduced with WPA2 in 2004, but while more secure, WPA2 does not fix all vulnerabilities. Little has changed in the past 14 years, but at long last, WPA3 is here. Use WPA3 and Wi-Fi security will be significantly enhanced, as several important WP2 vulnerabilities have been fixed.
WPA3 WiFi Security Enhancements
One of the biggest WiFi security threats is open networks. These are WiFi networks that require no passwords or keys. Users can connect without entering a pre-shared key. All a user needs to know is the SSID of the access point to connect. These open networks are used in establishments such as coffee shops, hotels, and restaurants as it is easy for customers to connect. The problem is users send plain text to the access point, which can easily be intercepted.
WPA3 spells an end to open networks. WPA3 uses Opportunistic Wireless Encryption (OWE). Any network that does not require a password, will encrypt data without any user interaction or configuration. This is achieved through Individualized Data Protection or IDP. Any device that attempts to connect to the access point receives its own key from the access point, even if no connection to the AP has been made before. This control means the key cannot be sniffed and even if a password is required, having access to that password does not allow the data of other users to be accessed.
Another security enhancement that has been made in WP3 reduces potential for password cracking attacks such as the WPA2 KRACK Attack. WPA2 is vulnerable to brute force and dictionary-based attacks. That is because security relies on the AP provider setting a secure password and many establishments don’t. With WPA3, the Pre-Shared Key (PSK) exchange protocol is replaced with Simultaneous Authentication of Equals (SAE) or the Dragonfly Key Exchange, which improves security of the initial key exchange and offers better protection against offline dictionary-based attacks.
WPA3 also addresses security vulnerabilities in the WiFi Protected Setup (WPS) that made it easy to link new devices such as a WiFi extender. In WPA3, this has been replaced with Wi-Fi Device Provisioning Protocol (DPP).
Configuring IoT devices that lack displays has been made easier, the 192-bit Commercial National Security Algorithm is used for enhanced protection for government, defense and industrial networks, and better controls have been implemented against brute force attacks. These and other enhancements mean WPA3 is far more secure.
Unfortunately, at present, very few manufacturers support WPA3, although that is likely to change in 2019.
WPA3 WiFi Security Issues
Even with WPA3 WiFi security enhancements, WiFi networks will still be vulnerable. WPA3 includes encryption for non-password-protected networks, but it does not require authentication. That is up to hotspot providers to set. WPA3 it is just as susceptible to man-in-the-middle attacks and offers no protection against evil twin attacks. The user must ensure they access the genuine access point SSID.
The connection to the AP may be more secure, but WPA3 does not offer protection against malware downloads. Users will still be at risk from malicious websites unless a DNS filtering solution is used – A web filter to protect WiFi networks.
Improve WiFi Security with a DNS-Based WiFi Filtering Solution
A DNS-based WiFi filtering solution such as WebTitan Cloud for WiFi protects users of a WiFi network from malware attacks, ransomware downloads, and phishing threats. The cloud-based filter also allows businesses that provide WiFi access points to carefully control the content that can be accessed by employees, customers, and other guest users.
By upgrading to WPA3 WiFi security will be improved. With WebTitan Cloud for WiFi, users will also be protected once they are connected to the network.
Further information on WebTitan Cloud for WiFi is detailed in the video below. For further information on WiFi security, including WebTitan pricing and to book a product demonstration, contact the TitanHQ team today.
Businesses that fail to secure their WiFi networks are taking a huge risk, and one that could prove catastrophic. In this article we explain why WiFi security is so important and cover the main WiFi filtering security benefits for businesses.
What are the Consequences of Poor Cybersecurity?
Customers often feel loyal to a particular brand. The company gives them what they want, the prices are reasonable, the quality of products/services are good. One of the most important factors influencing customer loyalty is trust in a brand. If trust in a brand is lost, it can be difficult win customers back. They may be permanently lost. Those customers then speak to their friends and colleagues and word spreads and further business can be lost.
One of the easiest ways to lose the trust of customers is a data breach. Ask customers why they love a particular brand, and “The company keeps my data safe” will not make the top ten list. That said, if a company experiences a data breach, customers will leave in droves.
Some industries are more prone to high customer churn rates following a data breach than others. The healthcare and insurance industries do experience customer loss, but many breach victims are tied to those providers and leaving is not straightforward. The banking and retail industries on the other hand see high churn rates. There is usually plenty of choice and customers explore other options after a breach.
A study of 10,000 consumers by Gemalto in November 2017 showed 70% of customers would stop doing business with a company after a data breach. Could your business cope with an overnight loss of 70% of your customers?
Further, the cost of a data breach report revealed the average cost of a data breach has now risen to $3.86 million. A 70% loss of customers and a $3.86 million data breach bill would prove catastrophic for many businesses. It is therefore no surprise that the National Cyber Security Alliance reports that 60% of SMBs go out of business within 6 months of a data breach.
Defense in Depth is Essential
The Gemalto study found that 62% of consumers felt that a company that holds their data is responsible for security, highlighting the importance customers place on the privacy of their data.
For businesses, ensuring systems and data are kept secure can be a major challenge. The only way to meet that challenge is through defense in depth. A range of cybersecurity solutions are required to secure systems and data, block cyberattacks, and prevent data breaches.
The best place to start is by performing a risk assessment to highlight all potential risks to your systems and data. Consider all possible ways that an attack can occur, assess the risk of each, and develop a risk management plan to address those risks, addressing the highest risk areas first.
While many companies implement a host of network and email security solutions, one area of security that is often overlooked is the WiFi network, even though WiFi poses a considerable risk, not only to the business but also to customers that are allowed to connect to the WiFi network. Some of the important WiFi filtering security benefits are detailed in the section below.
Important WiFi Filtering Security Benefits for Businesses
There are many WiFi filtering security benefits for businesses. Implementing a WiFi filter will not only improve security for the business and its customers, it can also help to improve the productivity of the workforce.
Some of the most important WiFi security benefits are detailed below:
Block Malware and Ransomware Downloads
One of the most important WiFi filtering security benefits for businesses is protection from malware and ransomware downloads. Malware allows hackers to steal customer data, intellectual property, and obtain credentials to plunder corporate bank accounts. Malware infections can prove incredibly costly to resolve and ransomware attacks can bring businesses to a grinding halt. A WiFi filter help improve security by blocking access to sites hosting exploit kits and preventing drive-by malware downloads.
Prevent WiFi Users from Visiting Phishing Websites
Phishing is a major risk for all businesses. While most phishing attacks start with an email, they invariably link to websites that harvest credentials. A WiFi filter ensures that employees and guest users cannot access websites known to be used for phishing.
Stop Users from Accessing Illegal Website Content
Businesses have a responsibility to ensure that their WiFi networks cannot be used to access illegal content such as child pornography or to perform copyright-infringing file downloads. In addition to the potential for these actions to lead to legal problems for employers, these illegal online activities increase the risk of a malware infection.
Prevent Users from Accessing Inappropriate Websites
Businesses should take steps to prevent employees and guest WiFi users from accessing inappropriate websites – Websites that have no work purpose and those that are likely to cause offense to other individuals – adult content for example. Inappropriate internet use is a major drain of productivity and poses a security risk.
Other Important WiFi Filtering Benefits
All companies must take steps to reduce legal liability and employee Internet access is one area where companies can experience legal problems. Web content that seems funny to some employees could be highly offensive to others and lead to the creation of a hostile working environment and subsequent legal action by employees. Any company that fails to block illegal online activities such as copyright-infringing downloads, could be found to be vicariously liable for the actions of its WiFi users.
Businesses can use a WiFi filter to control bandwidth use. By blocking access to bandwidth heavy activities such as video streaming at busy times, business can ensure all users can enjoy fast Internet speeds.
WebTitan Cloud for WiFi: WiFi Filtering Made Simple
Gaining the above WiFi filtering security benefits is easy with TitanHQ’s innovative WiFi filtering solution – WebTitan Cloud for WiFi.
WebTitan Cloud for WiFi is easy to implement, simple to use, and effortless to maintain. WebTitan Cloud for WiFi allows businesses to carefully control Internet access, reduce risk, make important productivity gains, and improve their security posture.
WebTitan Cloud for WiFi can be implemented in minutes, requires no hardware purchases and needs no software downloads. An intuitive user interface can be accessed from anywhere with an internet connection and no technical skill is required to configure and maintain the solution.
WebTitan Cloud for WiFi allows business of all sizes to gain the WiFi filtering security benefits with no slowing of Internet speeds.
WebTitan WiFi Filtering Security Benefits
Blocks access to web pages hosting malware
Blocks ransomware, malware, virus, and botnet downloads
Prevents employees and guests from accessing phishing websites
Requires no user updates or patches
Blocks the use of anonymizers
Inspects all Internet traffic, including encrypted content
Reports can be generated to show which employees are attempting to bypass filtering controls
Policies can be created for different users, departments, or locations
Different filtering controls can be set for employees and guest WiFi users
For further information on WebTitan Cloud for WiFi, details of pricing, to book a product demonstration, or to sign up for a free 14-day trial of the full solution, contact the TitanHQ team today.
Many employees access their work emails and work networks via public Wi-Fi hotspots, even though there is a risk that sensitive information such as login credentials could be intercepted by hackers. Many employees are unaware of the Wi-Fi security threats that lurk in their favorite coffee shop and fail to take precautions. Even employees who are aware of the Wi-Fi security threats often ignore the risks.
This was highlighted by a 2017 survey by Symantec. 55% of survey participants said they would not hesitate to connect to a free Wi-Fi hotspot if the signal was good and 46% said they would rather connect to a free, open wireless network than to wait to get a password to a secure access point.
60% of survey participants believed public Wi-Fi networks are safe and secure but even though 40% are aware of the Wi-Fi security threats, 87% said that they would access financial information such as their online banking portal or view their emails on public Wi-Fi networks.
The majority of users of public Wi-Fi networks who were aware of the Wi-Fi security threats said they ignored the risks. Millennials were the most likely age group to ignore Wi-Fi security threats: 95% of this age group said they had shared sensitive information over open Wi-Fi connections.
Consumers may be willing to take risks on public Wi-Fi networks, but what about employees? According to a 2018 Spiceworks survey, conducted on 500 IT professionals in the United States, employees are also taking risks.
61% of respondents to the survey said their employees connect to public Wi-Fi hotspots in coffee shops, hotels, and airports to work remotely. Only 64% of respondents said their employees were aware of the Wi-Fi security threats. A similar percentage said their employees were aware of the risks and connect to their work networks using a VPN, which means that 4 out of 10 workers were unaware of the importance of establishing a secure connection.
Even though 64% of respondents were confident that employees were aware of the risks, only half were confident that data stored on mobile devices was adequately protected against threats from public Wi-Fi hotspots. 12% of respondents said they have had to deal with a public Wi-Fi related security incident, although a further 34% were not sure if there had been a security breach as many incidents are never reported.
WiFi Security Threats Everyone Should be Aware of
All employers should now be providing security awareness training to their employees to make the workforce more security aware. Employees should be trained how to identify phishing attempts, warned of the risk from malware and ransomware, and taught about the risks associated with public Wi-Fi networks.
Five threats associated with open public Wi-Fi hotspots are detailed below:
Evil Twins – Rogue Wi-Fi Hotspots
One of the most common ways of obtaining sensitive information is for a cybercriminal to set up an evil twin hotspot. This is a fake Wi-Fi access point that masquerades as the legitimate access point, such as one offered by a coffee shop or hotel. An SSID could be set up such as “Starbuck Guest Wi-Fi” or even just state the name of the establishment. Any information disclosed while connected to that hotspot can be intercepted.
Using a packet sniffer, a hacker can identify, intercept, and monitor web traffic over unsecured Wi-Fi networks and capture personal information such as login credentials to bank accounts and corporate email accounts. If credentials are obtained, a hacker can gain full control of an account.
Many people have file-sharing enabled on their devices. This feature is useful at home and in the workplace, but it can easily be abused by hackers. It gives them an easy way to connect to a device that is connected to a Wi-Fi hotspot. A hacker can abuse this feature to drop malware on a device when it connects to a hotspot.
Not all threats are hi-tec. One of the simplest methods of obtaining sensitive information is to observe someone’s online activities by looking over their shoulder. Information such as passwords may be masked so the information is not visible on a screen, but cybercriminals can look at keyboards and work out the passwords when they are typed.
Malware and Ransomware
When connecting to a home or work network, some form of anti-malware control is likely to have been installed, but those protections are often lacking on public Wi-Fi hotspots. Without the protection of AV software and a web filter, malware can be silently downloaded.
Employers can reduce risk by providing comprehensive training to employees to make sure they are aware of the risks from public Wi-Fi hotspots and make sure that employees are aware they should only connect to public Wi-Fi networks if they use a VPN. Employers can further protect workers with WebTitan Cloud – An enterprise-class web filter that protects workers from online threats, regardless of where they connect.
Hotspot providers can protect their customers by securing their Wi-Fi hotspots with WebTitan Cloud for Wi-Fi. WebTitan Cloud for Wi-Fi is a powerful web filter that protects all users of a hotspot from malware and phishing attacks, and can also be used to control the types of sites that can be accessed. If you offer Wi-Fi access, yet are not securing your hotspot, your customers could be at risk. Contact TitanHQ today to find out how you can protect your customers from online threats, control the content that can be accessed, and create a family-friendly Wi-Fi environment.
In this post we explain the importance of WiFi filtering and brand protection. It can take years of hard work for businesses to develop trust in their brand. That trust can easily be lost if customers are not protected while connected to business WiFi networks and come to harm or suffer losses.
If Trust is Lost in a Brand it Can Take Years to Recover
Trust is a cornerstone of all successful brands, but it is not something that can be developed overnight. Developing trust in a brand takes an extraordinary amount of time and money, but once established, companies will be rewarded by customer loyalty.
While trust can be difficult to earn, it is certainly not difficult to lose. One of the easiest ways for consumers to lose trust in a brand is through privacy breaches and cyberattacks. If the personal data of customers is exposed or stolen, customers will lose faith in the brand and are likely to take their business elsewhere.
A 2017 study by Gemalto revealed 70% of customers would stop doing business with a company that failed to protect their personal data and suffered a data breach. Regaining customers trust after a data breach can take years. Protecting customer data is therefore essential if a business is to succeed and continue to enjoy success.
Wi-Fi Security and Brand Protection
One aspect of security that is often overlooked is protecting customers who connect to Wi-Fi networks. Many businesses offer free Wi-Fi access to their customers yet fail to implement controls over what customers can do while connected. Consequently, customers may be exposed to malware, phishing, and other harmful content.
Even businesses that claim to be family friendly often do not always filter the Internet and block access to adult and other age-inappropriate web content. It was only relatively recently that McDonald’s started filtering its WiFi networks to protect customers. Starbucks has also agreed to implement WiFi filters to block porn next year.
How are Wi-Fi filtering and brand protection related? Imagine someone uses your WiFi network to access pornography and a child views their screen? Or a parent finds out their child has been viewing adult content on the establishment’s Wi-Fi network? It only takes one person to complain via a social media network for the story to go viral and for the company’s reputation to be tarnished. The same goes for a malware infection as a result of an establishment failing to implement anti-malware controls on its WiFi network.
Implementing a WiFi filter shows customers that you are doing all you can to protect them from online threats and harmful content. WiFi security is therefore important for brand protection.
There have also been cases of businesses temporarily losing Internet access over illegal Internet activity – Employees who have used a corporate WiFi network to engage in illegal activities such as downloading pirated content. ISPs can terminate internet access if complaints are received and loss of Internet access can cripple a business. Legal action can also be taken by the copyright holder against the business.
WebTitan Cloud for WiFi: The Easy Way to Secure Wi-Fi Networks
TitanHQ has been protecting SMBs from cyber threats for more than 20 years and has expanded its portfolio of solutions to cover WiFi security and brand protection solutions.
TitanHQ has developed WebTitan Cloud for WiFi to make it easy for businesses to secure their WiFi networks and for MSPs to offer WiFi filtering to their clients.
WebTitan Cloud for WiFi is a 100% cloud based WiFi filtering solution that is quick and easy to implement and requires no hardware purchases or software downloads. The solution blocks malware downloads, access to malicious websites, lets businesses carefully control the content that can be accessed via their Wi-Fi networks and control bandwidth use by employees and customers. In short, WebTitan Cloud for WiFi lets businesses create a safe environment to access the Internet.
To find out more about WebTitan Cloud for WiFi, including details on pricing, contact TitanHQ today. All businesses can book a product demonstration and sign up for a free WebTitan Cloud for WiFi trial to evaluate the solution in their own environment.
If you are using Umbrella and are finding the web filtering solution to be a drain of your time or your budget, consider making the switch from Umbrella to WebTitan.
Web Filtering Doesn’t Have to be Complicated
There are many factors that need to be considered when choosing a web filtering solution. Aside from allowing you to identify and block threats and control the content that can be accessed by network users, a web filter should be easy to configure and maintain.
To get the most benefit from your chosen solution, you will need to have all the information you need at your fingertips. You should be able to tweak settings, block/unblock sites, and get the reports you need on users that are attempting to, or succeeding in, accessing dangerous web content.
All too often, it is only when the solution is set up that the discovery is made that it is a pig to use. The information you need is not easily accessible and maintaining and managing the solution is headache inducing. However, it needn’t be that way.
Usability is one area where WebTitan excels. WebTitan is powerful, feature rich, yet simple to use. WebTitan can be used by anyone, regardless of their level of IT knowhow. The user interface is crisp, clean, and provides all the important information in one place.
Complex interfaces mean more time is spent making minor changes and accessing reports, which takes time away from more important tasks. Further, if Your IT team hates using a solution, they will spend as little time as possible using it, and that could jeopardize security.
That is exactly what was happening with Saint Joseph Seminary College, which, after experiencing problems, made the switch from Cisco Umbrella to WebTitan.
Benefits of Switching from Umbrella to WebTitan: A Case Study
Web filter usability was a key issue for Saint Joseph Seminary College, which had been using Cisco Umbrella to control the web content staff and students could access. While Umbrella did allow content controls to be applied, using the solution was time consuming and difficult. Finding information, generating reports, and changing settings was just taking too much time. So much time that IT department avoided using the solution as far as possible. Hardly an ideal situation for such an important college cybersecurity control.
“I prefer an interface to be simple while giving me as much information as possible in one place. I don’t need rounded corners and elegant fonts when I am trying to see who has been visiting dangerous websites. I need to clearly see domain names and internal IPs,” explained Saint Joseph’s IT Director, Todd Russell. Russell went on to explain that it wasn’t always that way. “In my opinion, after Cisco bought OpenDNS, they made some major changes to the UI which made it virtually useless for quickly looking through blocked traffic for signs of particular types of usage.”
This is sadly a common problem. In an attempt to cram in as many features as possible into a user interface, too little consideration is given to the people that have to use and manage the solution. For busy IT departments, it is important to make things as simple as possible. Sysadmins have more than their fair share of complexity as it is.
It was the complexity of Umbrella – and the cost – that led Saint Joseph’s to see an Umbrella alternative.
An Easy to Use, More Cost-Effective Alternative to Umbrella
When looking for an Umbrella alternative, several solutions were considered; however, TitanHQ’s feature-rich web filter, WebTitan, stood out from the crowd and warranted closer inspection.
“It didn’t take long to realize that WebTitan was the best alternative for an efficient, cost-effective, and easy to use filtering solution to replace Cisco Umbrella,” explained Russell.
WebTitan has been developed with usability at the heart of the design process. Before UI changes are made, they are extensively tested to make sure they do not negatively impact the user experience.
After switching from Umbrella to WebTitan, the benefit was immediately gained. The IT department had easy access to actionable insights into threat traffic and web activity. Reports could be generated and viewed with two clicks of the mouse, The IT department liked using the solution, and further, an enormous amount of time was saved, and costs were slashed.
“WebTitan immediately gave us visibility into our users’ traffic. Within days, the UI allowed us to see clear signals of dangerous activity. Thanks to the easily accessible and understandable data available on the WebTitan UI, we have been able to launch investigations more quickly and work on remediation.” Said Russell. “The whole experience with WebTitan has been terrific.”
Benefits Gained from the Switch from Umbrella to WebTitan
By changing from Umbrella to WebTitan, Saint Joseph’s was able to:
Have easy access to actionable insights on threats and web activity
Remediate issues far more quickly
Quickly generate basic and advanced reports
Secure data and users more effectively
Slash administration and remediation time
Reduce the cost of web security by 50%
Block thousands more threats per hour
Time to Change from Umbrella to WebTitan?
If you want to gain the above benefits, it could not be simpler. Contact the TitanHQ team to schedule a product demonstration to see just how easier WebTitan is to use. You can also trial WebTitan before you make a decision to confirm the benefits for yourself. You will get access to the full product in the trial, assistance will be provided to get you up and running, and full support is available through out the trial period.
Why is DNS filtering for MSPs so important? Find out how you can better protect your clients against web-based attacks and the MSP benefits of offering this easy to implement cybersecurity solution.
A recent survey conducted by Spiceworks has revealed that DNS filtering is now considered an essential element of cybersecurity defenses at the majority of large firms. A survey was conducted on companies with more than 1,000 employees which revealed 90% of those firms are using a solution such as a DNS filter to restrict access to the internet to protect against malware and ransomware attacks.
89% of firms use DNS filters or other web filtering technology to improve productivity by blocking access to sites such as social media platforms, 84% of firms block access to inappropriate websites, and 66% use the technology to avoid legal issues.
Given the risk of a malware or ransomware download over the Internet and the high cost of mitigating such an attack, it is no surprise that so many large firms are using web filtering technology to reduce risk.
Why DNS Filtering is so Important for SMBs
Phishing attacks and ransomware/malware downloads are major risks for large businesses, but SMBs face the same threats. SMBs are also less likely to have the resources to cover the cost of such an attack. For example, the average cost of a ransomware attack on an SMB is $46,800, according to Datto, and many SMBs fold within 6 months of experiencing a data breach.
DNS filtering is an important control to prevent malware and ransomware attacks over the Internet, both by blocking downloads and preventing employees from visiting malicious websites where malware is downloaded. Web filters are also essential as part of phishing defenses.
According to the Spiceworks survey, 38% of organizations have experienced at least one security incident as a result of employee Internet activity. By restricting access to certain categories of website and blocking known malicious websites, SMBs will be much better protected against costly attacks.
Add to that the amount of time that is lost to casual internet surfing and web filtering is a no-brainer. 28% of employees waste more than 4 hours a week on websites unrelated to their work, but the percentages rise to 45% in mid-sized businesses and 51% of employees in small businesses.
There is no latency with DNS filtering, plus controls can be implemented to restrict certain bandwidth heavy activities to improve network performance.
DNS Filtering for MSPs – The Ideal Web Filtering Solution
DNS web filtering is a low-cost cybersecurity solution that actually pays for itself in terms of the productivity gains and the blocking of cyber threats that would otherwise lead to data breaches. Further, in contrast to appliance-based web filters, DNS filtering requires no hardware purchases or software installations which means no site visits are required. DNS filtering can be set up for clients remotely in a matter of minutes.
DNS filtering is ideal for MSPs as it is hardware and software independent. It doesn’t matter what devices and operating systems your clients have because DNS filtering simply forwards web traffic to a cloud-based filter without the need to install any clients or agents on servers or end points.
TitanHQ’s DNS filtering for MSPs has a low management overhead, so there is little in the way of ongoing maintenance required. A full suite of customizable reports can be automatically generated and sent to clients to show them what threats have been blocked, and who in the organization has been trying to access restricted content, and the employees who are the biggest drain on network performance.
MSPs can easily add in web filtering to existing security packages to provide greater value or offer web filtering as an add-on service to generate extra, recurring monthly revenue and attract more business.
If you are yet to offer web filtering to your clients, call TitanHQ today for more information on our DNS filtering for MSPs and for further information on the MSP Alliance program.
One of the ways that threat actors install malware is through malvertising – The placing of malicious adverts on legitimate websites that direct visitors to websites where malware is downloaded. The HookAds malvertising campaign is one such example and the threat actors behind the campaign have been particularly active of late.
The HookAds malvertising campaign has one purpose. To direct people to a website hosting the Fallout exploit kit. An exploit kit is malicious code that runs when a visitor lands on a web page. The visitor’s computer is probed to determine whether there are any vulnerabilities – unpatched software – that can be exploited to silently install files.
In the case of the Fallout exploit kit, users’ devices are checked for several known Windows vulnerabilities. If one is identified, it is exploited and a malicious payload is downloaded. Several malware variants are currently being delivered via Fallout, including information stealers, banking Trojans, and ransomware.
According to threat analyst nao_sec, two separate HookAds malvertising campaigns have been detected: One is being used to deliver the DanaBot banking Trojan and the other is delivering two malware payloads – The Nocturnal information stealer and GlobeImposter ransomware via the Fallout exploit kit.
Exploit kits can only be used to deliver malware to unpatched devices, so businesses will only be at risk of this web-based attack vector if they are not 100% up to date with their patching. Unfortunately, many businesses are slow to apply patches and exploits for new vulnerabilities are frequently uploaded to EKs such as Fallout. Consequently, a security solution is needed to block this attack vector.
HookAds Malvertising Campaign Highlights Importance of a Web Filter
The threat actors behind the HookAds malvertising campaign are taking advantage of the low prices offered for advertising blocks on websites by low quality ad networks – Those often used by owners of online gaming websites, adult sites, and other types of websites that should not be accessed by employees. While the site owners themselves are not actively engaging with the threat actors behind the campaign, the malicious adverts are still served on their websites along with legitimate ads. Fortunately, there is an easy solution that blocks EK activity: A web filter.
TitanHQ has developed WebTitan to allow businesses to carefully control employee Internet access. Once WebTitan has been installed – a quick and easy process that takes just a few minutes – the solution can be configured to quickly enforce acceptable Internet usage policies. Content can be blocked by category with a click of the mouse.
Access to websites containing adult and other NSFW content can be quickly and easily blocked. If an employee attempts to visit a category of website that is blocked by the filter, they will be redirected to a customizable block screen and will be informed why access has been prohibited.
WebTitan ensures that employees cannot access ‘risky’ websites where malware can be downloaded and blocks access to productivity draining websites, illegal web content, and other sites that have no work purpose.
Key Benefits of WebTitan
Listed below are some of the key benefits of WebTitan
No hardware purchases required to run the web filter
No software downloads are necessary
Internet filtering settings can be configured in minutes
Category-based filters allow acceptable Internet usage policies to be quickly applied
An intuitive, easy-to-use web-based interface requires no technical skill to use
No patching required
WebTitan Cloud can be applied with impact on Internet speed
No restriction on devices or bandwidth
WebTitan is highly scalable
WebTitan protects office staff and remote workers
WebTitan Cloud includes a full suite of pre-configured and customizable reports
Reports can be scheduled and instant email alerts generated
Suitable for use with static and dynamic IP addresses
White label versions can be supplied for use by MSPs
Multiple hosting options are available
WebTitan Cloud can be used to protect wired and wireless networks
For further information on WebTitan, for details of pricing, to book a product demonstration, or register for a free trial, contact the TitanHQ team today.
Further information on WebTitan is provided in the video below:
Hackers are targeting healthcare organizations, educational institutions, hotels, and organizations in the financial sector, but restaurants are also in hackers’ cross-hairs. If restaurant cybersecurity solutions are not deployed and security vulnerabilities are not addressed, it will only be a matter of time before hackers take advantage.
Cyberattacks on restaurants can be extremely profitable for hackers. Busy restaurant chains process hundreds of credit card transactions a day. If a hacker can gain access to POS systems and install malware, customer’s credit card details can be silently stolen.
Cheddar’s Scratch Kitchen, Applebee’s, PDQ, Chili’s, B&BHG, Zaxby’s, Zippy’s, Chipotle, and Darden restaurants have all discovered hackers have bypassed restaurant cybersecurity protections and have gained access to the credit card numbers of large numbers of customers.
One of the biggest threats from a data breach is damage to a restaurant’s reputation. The cyberattack and data breach at Chipotle saw the brand devalued by around $400 million.
A restaurant data breach can result in considerable loss of customers and a major fall in revenue. According to a study by Gemalto, 70% of the 10,000 consumers surveyed said that they would stop doing business with a brand if the company suffered a data breach. Most restaurants would not be able to recover from such a loss.
Restaurant Cybersecurity Threats
Listed below are some of the common restaurant cybersecurity threats – Ways that hackers gain access to sensitive information such as customers’ credit card numbers.
The primary goal of most restaurant cyberattacks is to gain access to customers’ credit card information. One of the most common ways that is achieved is through malware. Malicious software is installed on POS devices to silently record credit card details when customers pay. The card numbers are then sent to the attacker’s server over the Internet.
Phishing is a type of social engineering attack in which employees are fooled into disclosing their login credentials and other sensitive information. Phishing emails are sent to employees which direct them to a website where credentials are harvested. Phishing emails are also used to install malware through downloaders hidden in file attachments.
Whenever an employee or a customer accesses the Internet they will be exposed to a wide range of web-based threats. Websites can harbor malware which is silently downloaded onto devices.
Restaurants often have Wi-Fi access points that are used by employees and guests. If these access points are not secured, it gives hackers an opportunity to conduct attacks and gain access to the restaurant network, install malware, intercept web traffic, and steal sensitive information.
Restaurant Cybersecurity Tips
Listed below are some of the steps you should take to protect your customers and make it harder for hackers to gain access to your systems and data.
Conduct a risk analysis to identify all vulnerabilities that could potentially be exploited to gain access to networks and customer data
Develop a risk management plan to address all vulnerabilities identified during the risk assessment
Ensure all software and operating systems are kept up to date and are promptly patched
Become PCI compliant – All tools used to accept payments must comply with PCI standards
Implement security controls on your website to ensure customers can use it securely. Sensitive data such as loyalty program information must be protected.
Ensure you implement multi-factor authentication on all accounts to protect systems in case credentials are compromised
Ensure all default passwords are changed and strong, unique passwords are set
Ensure all sensitive data are encrypted at rest and in transit
Secure Wi-Fi networks with a web filter to block malware downloads and web-based threats
Implement a spam filter to block phishing attempts and malware
Provide cybersecurity training to staff to ensure they can recognize the common restaurant cybersecurity threats
Restaurant Cybersecurity Solutions from TitanHQ
TitanHQ has developed two cybersecurity solutions that can be implemented by restaurants to block the main attack vectors used by hackers. SpamTitan is a powerful email security solution that prevents spam and malicious emails from reaching end users’ inboxes.
WebTitan is a cloud-based web filtering solution that prevents staff and customers from downloading malware and visiting phishing websites. In addition to blocking web-based attacks, WebTitan allows restaurants to prevent customers from accessing illegal and unsuitable web content to create a family-friendly Wi-Fi zone.
Both solutions can be set up in a matter of minutes on existing hardware and require no software downloads.
To find out more about TitanHQ’s restaurant cybersecurity solutions, call the TitanHQ sales team today.
TitanHQ has expanded its partnership with Z Services, the leading SaaS provider of cloud-based cybersecurity solutions in the MENA region.
UAE-based Z Services operates 17 secure data centers in the UAE, Saudi Arabia, Qatar, Egypt, Jordan, Kuwait, Oman, Bahrain, and Morocco and is the only company in the Middle East and North Africa to offer an in-country multi-tenant cloud-based cybersecurity architecture.
In February 2017, Z Services partnered with TitanHQ and integrated TitanHQ’s award-winning email filtering technology into its service stack and started offering SpamTitan-powered Z Services Anti-Spam SaaS to its clients. TitanHQ’s email filtering technology now helps Z Services’ clients filter out spam email and protect against sophisticated email-based threats such as malware, viruses, botnets, ransomware, phishing and spear phishing.
The integration has proved to be a huge success for Z Services, so much so that the firm has now taken its partnership with TitanHQ a step further and has integrated two new TitanHQ-powered SaaS solutions into its service stack. TitanHQ’s award-winning web filtering technology – WebTitan – and its innovative email archiving solution – ArcTitan have both been incorporated into Z Services’ MERALE SaaS offering. MERALE is a suite of cybersecurity, threat protection, and compliance solutions specifically developed to meet the needs of small to medium sized enterprises.
“With cybersecurity growing as a critical business concern across the region, there is a clear need to make security an operational rather than a capital expense. Hence the paradigm shift in the delivery of effective security solutions from the traditional investment and delivery model to an agile SaaS model through the primary connectivity provider of SMEs – the ISPs,” said Nidal Taha, President – Middle East and North Africa, Z Services. “MERALE will be a game-changer in how small and medium businesses in the region ensure their protection, and as a subscription-based service, it removes the need for heavy investments and long-term commitments.”
“We are delighted to continue our successful partnership with Z Services and share their vision for serving the SME segment with leading edge SaaS based security solutions,” said Ronan Kavanagh, CEO of TitanHQ. “With this development Z Services is strengthening its leadership position as an innovative cloud-based cybersecurity solutions provider in the Middle East and North Africa.”
TitanHQ’s cloud-based cybersecurity solutions have been developed from the ground up specifically to meet the needs of Managed Service Providers. The email filtering, web filtering, and email archiving solutions are currently being used by more than 7,500 businesses around the world and more than 1,500 MSPs are now offering TitanHQ solutions to their clients.
In contrast to many cybersecurity solution providers, TitanHQ offers its products with a range of hosting options – including within an MSP’s own infrastructure – as full white label solutions ready for MSPs to apply their own branding. By protecting clients with TitanHQ solutions MSPs are able to significantly reduce support and engineering costs by blocking a wide range of cyber threats at source. MSPs also benefit from generous margins and industry-leading customer service and support.
If you are a managed service provider and have yet to incorporate email filtering, web filtering, and email archiving solutions into your service stack, if you are unhappy with your current providers, or are looking to increase profits while ensuring your clients have the best protection against email and web-based threats, contact TitanHQ today for further information.
DNS filtering for businesses is essential for all companies to protect against web-based threats such as phishing and malware and is particularly important for any business that allows employees to work remotely. In this post we explain the risks, features, and benefits of DNS filtering and how a DNS filter can protect employees and their portable devices from Wi-Fi threats.
Why is DNS Filtering for Businesses so Important?
DNS filtering for businesses can no longer be considered an optional cybersecurity solution due to the high risk of web-based attacks. Phishing attacks on businesses are increasing with many thousands of new phishing web pages created each day. Exploit kits probe for vulnerabilities and silently download malware, and ransomware attacks are rife. DNS filtering for businesses offers an additional layer of protection that prevents employees from visiting websites known to be used for malicious purposes.
DNS filters also allow businesses to enforce acceptable Internet usage policies and block access to illegal website content, websites containing content unsuitable for the workplace and categories of sites that are a major drain on productivity.
It is easy to set up DNS filtering for businesses’ internal networks and apply content controls and block online threats; however, a DNS filter is not restricted to one physical location. DNS filtering for businesses is not bound to a single location and works on wired networks, internal WiFi networks and even public WiFi hotspots.
The Dangers of Public WiFi Networks
A recent survey conducted by Purple revealed more than 90% of businesses that offer Wi-Fi have open networks without any filters or security applied. Connecting to open Wi-Fi networks without any filtering controls in place increases the risk of virus, malware, and ransomware downloads.
To a certain extent, risk can be reduced if anti-malware software is installed on mobile devices. However, the software is only capable of detecting malware variants if their signatures are in the database. If the database is out of date, malware will not be detected. Anti-malware software also does not provide protection against zero-day malware – new malware variants that have yet to be identified – and offers no protection against phishing attacks.
Further, hackers take advantage of open Wi-Fi networks to conduct man-in-the-middle attacks to intercept sensitive data such as banking credentials and other login information. Mobile workers often connect to their work networks and on portable devices via open Wi-Fi networks such as those offered in coffee shops, even though doing so may be a violation of company policy.
DNS Filtering for Businesses Protects Off-Site Workers from Wi-Fi Threats
A business that issues mobile devices such as smartphones, tablets or laptops to employees can struggle to secure those devices outside the office. DNS filtering for businesses is one solution that can be used to improve security.
DNS filtering solves the security challenge as it acts as a barrier between the end user’s device and the Internet that blocks web-based threats. When a remote worker uses their laptop to connect the Internet through a web browser, a DNS lookup must be performed. Before the website can be loaded it must be found. That requires the fully qualified domain name (FQDN) – google.com for instance – to be matched with an IP address by a DNS server. Only then can the content be displayed.
With DNS filtering, instead of the IP address being identified and the web browser displaying the content of a web page, before any content is displayed certain checks are performed. The requested site/web page is checked against Real Time Blacklists (RBLs). RBLs contain lists of websites and web pages that host illegal web content, are used for phishing, or host malware or exploit kits. Content controls are also applied. If content violates corporate policies or a match is found in an RBL, the content will not be downloaded. Instead the user will be directed to a block page where they are informed that access to the web page/site has been blocked.
Any business that fails to implement DNS filtering is taking a significant risk if workers can use company-issued smartphones and laptops to access the Internet and web applications outside the protection of the office environment.
WebTitan Cloud – DNS Filtering for Businesses Made Simple
TitanHQ offers DNS filtering for businesses and MSPs through WebTitan Cloud and WebTitan Cloud for Wi-Fi. WebTitan requires no software downloads or hardware purchases and can be used to protect wired and wireless business networks and remote workers using portable devices on public Wi-Fi hotspots.
WebTitan uses six Real Time Blacklists that are constantly updated with new malicious webpages. Any request to access a web page must pass checks on all six RBLs before the URL can be accessed. These checks are performed with no latency – the speed of accessing web content is unaffected.
Once businesses are signed up they can quickly and easily configure the solution to match their requirements through a web-based interface, through which content controls can be applied. WebTitan uses 53 different categories of web-content and has 10 customizable categories. Those categories include 100% of Alexa’s 1 million most visited websites and more than 500 million websites in 200 languages – which equates to 6 billion web pages.
The solution supports whitelists – for companies that want maximum control – and additional blacklists. It is also easy to set custom controls for different workers and user groups, as well as apply controls at the organization level.
An extensive suite of reporting options keeps businesses 100% up to date on user behavior, including sites that have been visited and attempts by employees to access restricted web content.
In short, WebTitan is an invaluable tool that provides protection from web-based threats and allows businesses to have total control over the content that can be accessed on desktop computers and portable devices, regardless of where the employee is located.
Contact TitanHQ for a Product Demonstration and No-Obligation Free Trial
If you are not yet using DNS filtering to block web-based threats and exercise control over the content your employees can access, contact the TitanHQ team today. TitanHQ’s experienced sales staff will answer your questions, provide details of pricing, and can book you in for a product demonstration.
You can also sign up for a 14-day free trial to evaluate WebTitan in your own environment. The free trial includes full use of the product and experienced sales engineers are on hand to help make sure you get the most out of your free trial.
Business and leisure travelers looking for secure hotel Wi-Fi access in addition to fast and reliable Internet access. If you take steps to secure hotel WiFi access points, you can gain a significant competitive advantage.
The Importance of Hotel Wi-Fi to Guests
The number one hotel amenity that most travelers can simply not do without is fast, free, reliable, Internet access. In 2013, a joint study conducted by Forrester Research and Hotels.com revealed that 9 out of ten gusts rated Wi-Fi as the top hotel amenity. 34% of respondents to the survey said free Wi-Fi was a ‘deal breaker.’ Now four years on, those percentages will certainly have increased.
Wi-Fi access is essential for business travelers as they need to be able to stay in touch with the office and be able to communicate with their customers. Leisure travelers need free Internet access to keep in touch with friends, look up local attractions, and enjoy cheap entertainment in the comfort of their rooms. Younger travelers need constant access to social media accounts and online games such as Fortnite as they get at home.
It doesn’t matter whether you run a small family bed and breakfast or a large chain of hotels, Wi-Fi access for guests is essential. Any hotel that doesn’t have reliable and fast Wi-Fi will lose business to establishments that do.
It is now easy for potential guests to check if an establishment has Wi-Fi and even find out about the speed and reliability of the connection. The hotelwifitest.com website lets travelers check the speed of Internet access in hotels before booking.
Guests don’t post rave reviews based on the speed of Internet connections, but they will certainly make it known if Internet access is poor or nonexistent. Many of the negative comments on hotel booking websites and TripAdvisor are related to Wi-Fi. Put simply, you will not get anywhere near the same level of occupancy if your Wi-Fi network isn’t up to scratch.
Secure Hotel Wi-Fi is Now as Important as Offering Wi-Fi to Guests
Businesses are now directing a considerable percentage of their IT budgets to cybersecurity to prevent hackers from gaining access to their networks and sensitive data. Securing internal systems is relatively straightforward, but when employees have to travel for work and access networks remotely, hackers can take advantage.
When employees must travel for business, their hotel is often the only place where they can connect to the office network and their email. They need to know that they can login securely from the hotel and that doing so will not result in the theft of their credentials or a malware infection. A hotel will be failing its business customers if it does not offer safe and secure Wi-Fi access.
All it takes is for one malware infection or cyberattack to occur while connected to a hotel Wi-Fi network for the reputation of the hotel to be tarnished. Hotels really cannot afford to take any risks.
Multiple Levels of Wi-Fi Access Should be Offered
Parents staying in hotels will want to make sure that their children can access the Internet safely and securely and will not accidentally or deliberately be able to gain access to age-inappropriate websites. If a hotel claims to be family-friendly, that must also extend to the Wi-Fi network. Any hotel that fails to prevent minors from accessing obscene images while connected to hotel Wi-Fi cannot claim it is family-friendly.
Hotels can offer Wi-Fi access for families that blocks adult websites and anonymizers, which are commonly used to bypass filtering controls. Safe Search can also be enforced, but not all users will want that level of control.
To cater to the needs of all guests, different levels of Wi-Fi access are likely to be required. Some guests will want to be able to access the types of websites they do at home without restrictions and business travelers will certainly not want anonymizers to be blocked. Some customers insist on the use of VPNs when employees connect to their business network or email.
Hotels that implement a web filtering solution can easily create different tiers of Internet access. One for families and a less restrictive level for other users. Free internet access could be limited to a basic level that includes general web and email access but blocks access to video streaming services such as YouTube and Netflix. Those services could be offered as part of a low-cost Wi-Fi package to generate some extra revenue. These tiers can easily be created with a web filtering solution.
How to Easily Secure Hotel Wi-Fi
Offering secure hotel Wi-Fi to guests does not require expensive hardware to be purchased. While appliance-based web filters are used by many businesses, there is a much lower cost option that is better suited for hotel use.
A cloud-based web filter for Wi-Fi – such as WebTitan for Wi-Fi -is the easiest to implement secure hotel Wi-Fi solution. With WebTitan Cloud for Wi-Fi, your Wi-Fi network can be secured with just a simple change to your DNS records. No hardware is required and there is no need to install any software. One solution will protect all Wi-Fi access points and can be up and running in a matter of minutes. There is no limit on the number of access points that can be protected by WebTitan Cloud for Wi-Fi.
Once your DNS is pointed to WebTitan, you can apply your content controls – which is as simple as clicking on a few checkboxes to block categories of web content that your guests shouldn’t be allowed to access.
You can create multiple accounts with different controls – one for business users, one for families, and one for employees for example. No training is required to administer the solution as it has been developed to require no technical skill whatsoever. All of the complex elements of web filtering are handled by TitanHQ.
If you run a hotel and you are not currently filtering the internet, talk to TitanHQ about how you can your secure your hotel Wi-Fi access points, protect your guests, and ensure all users can access the Internet safely and securely.
An IT security audit conducted by the U.S. Geological Survey (USGS) at its Earth Resources Observation and Science Center has highlighted the importance of implementing technical solutions to control employee internet use.
Most organizations and businesses have strict rules covering acceptable use of the Internet on work computers. Those rules are usually explained when a new employee starts work. A document must be signed that confirms that the Rules have been understood and the employee is aware of the repercussions if the rules are violated.
For many organizations and businesses, those measures are deemed to be sufficient. Most employees understand the rules and adhere to them, but even though rule violations will likely result in termination, some employees take the risk as they believe they will not be caught.
During a recent USGS IT security audit, suspicious Internet traffic was identified. The discovery prompted an investigation by the U.S. Department of the Interior Office of Inspector General (OIG) to determine the source of the suspicious traffic.
The OIG investigation revealed malware had been installed on an employee’s computer and that the malware was the source of the suspicious communications. Further investigation revealed the employee had been routinely visiting adult websites, which routed through Russian websites that hosted malware. As a result of visiting those websites, the employee had inadvertently downloaded malware onto the work computer. Pornographic images had been downloaded, which were then transferred to an Android mobile and portable USB drive. The mobile was similarly infected with malware.
The employee was discovered to have viewed over 9,000 adult websites, even though USGS Rules of Behavior had been explained and a document was signed confirming those rules had been understood. Annual security training had also been provided in which the Rules of Behavior were reinforced.
Had USGS implemented a technical solution to control employee internet use and enforce its Rules of Behavior, the malware infection would have been avoided.
OIG made several recommendations to prevent future malware infections and similar abuses of its Rules of Behavior, which included enforcing a strong blacklist of URLs and to regularly monitor employee Internet use. Additionally, it was recommended that USGS implement controls that prevent employees from using unauthorized USB devices on their work computers.
In addition to implementing an advanced intrusion detection system and firewall, USGS is now enhancing its preventative countermeasures by detecting and blocking known pornographic websites and other websites with suspicious origins.
This is not the first time that the U.S. government has discovered employees have accessed pornography at work and it certainly will not be the last.
The problem is believed to be so widespread that Rep. Mark Meadows (R-NC11) proposed the Eliminating Pornography from Agencies Act on three occasions. The Act was prompted by the discovery that an Environmental Protection Agency had been accessing pornography at work. In that case, the employee had viewed pornography for 252 hours in a single year without detection.
The Easy Way to Control Employee Internet Use and Block Web-Based Threats
These cases show that organizations and businesses that rely on internal policies to control employee internet use are taking a considerable risk. It is not just the visiting of adult websites that carries an increased risk of malware infections. Malware can be downloaded from an extensive range of websites, even seemingly ‘legitimate’ sites.
Only by implementing a web filtering solution to control employee internet use will organizations and businesses be able to effectively reduce risk. A web filter is an appliance, virtual appliance, or cloud-based solution that prevents employees from accessing website content that violates acceptable Internet usage policies and blocks the accessing of websites that are known to be used for malicious purposes or have been infected with malware and exploit kits.
Control Employee Internet Use with WebTitan
WebTitan is a lightweight but powerful web filtering solution that allows organizations and businesses to carefully control employee internet use and block access to websites known to host pornography and other unsuitable for work content. A comprehensive reporting suite also allows employee internet use to be carefully monitored, including attempts to view prohibited content even if those attempts are not successful.
WebTitan can be deployed as a gateway solution on existing hardware or hypervisors or as a cloud-based solution hosted on TitanHQ servers. The solution is quick and easy to implement and configure and can be up and running in a matter of minutes. In addition to category-based filtering controls, the solution can block by keyword or keyword score and supports whitelists and blacklists.
If you want to control employee internet use and manage risk, call TitanHQ today for further information on WebTitan and find out how it can reduce the risk from web-based threats at your place of work.
A new ransomware threat has been detected called FilesLocker which is currently being offered as ransomware-as-a-service (RaaS) on a TOR malware forum. FilesLocker ransomware is not a particularly sophisticated ransomware variant, but it still poses a significant threat.
FilesLocker ransomware is a dual language ransomware variant that displays ransom notes in both Chinese and English. MalwareHunterTeam has identified a Chinese forum on TOR where it is being offered to affiliates to distribute for a cut of the ransom payments.
Unless advertised more widely, the number of affiliates that sign up may be limited, although it may prove popular. There are several features which could see the ransomware variant favored over other RaaS offerings, notably a sliding scale on commissions. The developers are offering a 60% cut of ransoms, which will increase to 75% if sufficiently high numbers of infections can be generated.
While relatively small and simple, FilesLocker ransomware still uses an RSA 2048+AES algorithm to lock files and it deletes Windows shadow copies to hamper attempts to recover files without paying the ransom. FilesLocker is also capable of file encryption in a broken network environment.
No server is required and the ransomware is effective on all Windows versions later than XP plus 32-bit and 64-bit Windows Server. Users are also able to easily monitor infections through a tracking feature which displays infections by country.
There is no free decryptor for FilesLocker ransomware. Recovery will only be possible by restoring files from backups.
While news of a new RaaS offering is never good, there has at least been some good news on the ransomware front this week, at least for some victims.
Free Decryptor Developed for GandCrab Ransomware
GandCrab ransomware is another RaaS offering that has been available since January 2018. It has been widely adopted, with many affiliates signing up to distribute the ransomware over the past 10 months.
A GandCrab ransomware decryptor was developed by Bitdefender in February that was able to unlock files encrypted by version 1.0 and v1.1 of GandCrab ransomware. The decryptor was developed after private keys were leaked online. However, it didn’t take long for v2.0 to be released, for which no free decryptor is available. There have been several further updates to GandCrab ransomware over the past few months, with v5.0 of the ransomware variant released in late September.
This week, Bitdefender has announced that after collaboration with the Romanian Police, Europol and other law enforcement agencies, a new decryption tool has been developed that allows GandCrab ransomware victims to decrypt files for free, provided they have been attacked with version 1, 4, or 5 of the ransomware.
The version can be determined by the extension used on encrypted files. V1=GDCB; v2/3=CRAB; v4=KRAB; and v5 uses a random 10-character extension.
The free GandCrab ransomware decryptor has been uploaded to the NoMoreRansom Project website. Bitdefender is currently working on a free decryptor for v2 and v3 of GandCrab ransomware.
The past few months have seen an increase in new, versatile malware downloaders that gather a significant amount of data about users’ systems before deploying a malicious payload. That payload is determined on the users’ system.
Marap malware and Xbash are two notable recent examples. Marap malware fingerprints a system and is capable of downloading additional modules based on the findings of the initial reconnaissance. XBash also assesses the system, and determines whether it is best suited for cryptocurrency mining or a ransomware attack and deploys its payload accordingly.
Stealthy sLoad Downloader Used in Highly Targeted Attacks
A further versatile and stealthy malware variant, known as the sLoad downloader, can now be added to that list. SLoad first appeared in May 2018, so it predates both of the above malware variants, although its use has been growing.
The primary purpose of sLoad appears to be reconnaissance. Once downloaded onto a system, it will determine the location of the device based on the IP address and performs several checks to ascertain the type of system and the software that is running and will determine whether it is on a real device or in a sandbox environment. It checks the processes running on the system, compares against a hardcoded list, and will exit if certain security software is installed to avoid detection.
Provided the system is suitable, a full scan of all running processes will be performed. The sLoad downloader will search for Microsoft Outlook files, ICA files associated with Citrix, and other system information. sLoad is capable of taking screenshots and searches the browser history looking for specific banking domains. All of this information is then fed back to the attackers’ C2 server.
Once the system has been fingerprinted, further malware variants are downloaded, primarily banking Trojans. Geofencing is used extensively by the threat actors using sLoad which helps to ensure that banking Trojans are only downloaded onto systems where they are likely to be effective – If the victim uses one of the banks that the Trojan is targeting.
In most of the campaigns intercepted to date, the banking Trojan of choice has been Ramnit. The attacks have also been highly focused on specific countries including Canada, and latterly, Italy and the United Kingdom – Locations which are currently being targeted by Ramnit. Other malware variants associated with the sLoad downloader include the remote desktop tool DarkVNC, the Ursnif information stealer, DreamBot, and PsiBot.
The sLoad downloader is almost exclusively delivered via spam email, with the campaigns often containing personal information such as the target’s name and address. While there have been several email subjects used, most commonly the emails relate to purchase orders, shipping notifications, and missed packages.
The emails contain Word documents with malicious macros in ZIP files, or alternatively embedded hyperlinks which will download the ZIP file if clicked.
The sLoad downloader may be stealthy and versatile, but blocking the threat is possible with an advanced spam filter. End user training to condition employees never to click on hyperlinks from unknown senders nor open attachments or enable macros will also help to prevent infection. Web filtering solutions provide an additional layer of protection to block attempts to download malicious files from the Internet.
Find out why WiFi filters for coffee shops are so important and how the failure to filter the Internet could prove to be extremely harmful to your brand.
Serving the best coffee in town will certainly bring in the crowds, but there is more to a successful coffee shop than providing patrons with a morning jolt of caffeine and comfy chairs. Coffee is big business and there is stiff competition when it comes to providing jitter juice to the masses.
In addition to free newspapers, high quality flapjacks and a fine blend of beans, patrons look for the other necessity of modern life: Free Internet access. Establishments that offer free, reliable WiFi access with decent bandwidth stand a much better chance of attracting and retaining customers.
However, simply setting up a WiFi router is no longer enough. Coffee shops also need to make sure that the WiFi network that their customers connect to is safe and secure. Just as the provision of free WiFi can translate into positive TripAdvisor and Yelp reviews, coffee shops that fail to secure their connections and exercise control over the content that can be accessed can easily get the reverse. WiFi filters for coffee shops ensure that customers’ activities online can be carefully controlled.
Why Unfiltered WiFi Networks Can Result in Bad Reviews
It is important for all shops to ensure that their WiFi networks cannot be used for any illegal or unsavory activities. If a webpage is not suitable for work, it is not suitable for a coffee shop. While there all manner of sites that should be blocked with WiFi filters for coffee shops, one of the most important categories of content is Internet porn.
While enjoying a nice coffee, patrons should not be subjected to obscene videos, images or audio. All it takes is for one patron to catch a glimpse of porn on another customer’s screen to trigger a bad review. The situation would be even worse if a minor caught a glimpse or even deliberately accessed adult content while connected to the WiFi network. A bad TripAdvisor review could easily send potential customers straight to the competition and a social media post could all too easily go viral.
What are the chances of that happening? Well, it’s not just a hypothetical scenario, as Starbucks discovered. In 2011, Starbucks received a warning that minors had been subjected to obscene content in its coffee shops and the chain did little about the complaints. The following year, as the bad feedback continued, the story was picked up by the media.
The bad feedback mounted and there were many calls for the public to boycott Starbucks. In the UK, Baroness Massey announced to the House of Lords that she had boycotted the brand and heavily criticized the chain for failing to set an example. Naturally, competitors – Costa Coffee for example – were more than happy to point out that they had been proactive and already provided filtered Internet to prevent minors from accessing adult content on their WiFi networks.
It was not until 2016 when Starbucks took action and implemented WiFi filters for coffee shops in the UK and started providing family-friendly WiFi access. A chain the size of Starbucks could weather the bad press. Smaller coffee shops would no doubt fare far worse.
WiFi Filters for Coffee Shops are Not Only About Blocking Adult Content
WiFi filters for coffee shops are important for blocking obscene content, but that is far from the only threat to a brand. The Internet is home to all manner of malicious websites that are used to phish for sensitive information and spread malicious software such as malware and ransomware. WiFi filters for coffee shops can be used to carefully control the content that can be accessed by consumers, but they can also keep them protected from these malicious sites.
Just as users have safe search functionality on their home networks, they expect the same controls on public WiFi access points. Phishing attacks and malware infections while connected to coffee shop WiFi networks can also be damaging to a brand. With WiFi filters for coffee shops, instead of being phished, a user will be presented with a block screen that explains that the business has blocked access to a malicious site to keep them protected and that will send a positive message that you care about your customers.
Once WiFi filters for coffee shops have been implemented, it is possible to apply to be assessed under the government’s Friendly Wi-Fi scheme. That will allow a coffee shop to display the friendly WiFi symbol and alert potential customers that safe, secure, family-friendly filtered Internet access is provided.
WebTitan – TitanHQ’s Easy to Implement WiFi Filters for Coffee Shops
Fortunately, WiFi filters for coffee shops are not expensive or difficult to implement. If you use a cloud-based solution such as WebTitan Cloud for WiFi, you will not need to purchase any hardware or install any software. Your WiFi network can be secured in a matter of minutes. A simple change to point your DNS to WebTitan is all that is required (you can be talked through that process to get you up and running even faster).
Since the controls are highly granular, you can easily block any type of web content you wish with a click of a mouse, selecting the categories of content you don’t want your users to access through the web-based control panel. Malicious sites will automatically be blocked via constantly updated blacklists of known malicious and illegal web pages.
With WebTitan you are assured that customers cannot view adult and illegal content, you can block illegal file sharing, control streaming services to save bandwidth, and enforce safe search on Google and apply YouTube controls.
To find out more about the features and benefits of WebTitan, details of pricing, and to sign up for a demo and free trial, contact the TitanHQ team today.
The U.S. midterm elections have been attracting considerable attention, so it is no surprise that cybercriminals are taking advantage and are running a midterm elections SEO poisoning campaign. It was a similar story in the run up to the 2016 presidential elections and the World Cup. Whenever there is a major newsworthy event, there are always scammers poised to take advantage.
Thousands of midterm elections themed webpages have sprung up and have been indexed by the search engines, some of which are placing very highly in the organic results for high-traffic midterm election keyword phrases.
The aim of the campaign is not to influence the results of the midterm elections, but to take advantage of public interest and the huge number of searches related to the elections and to divert traffic to malicious websites.
What is SEO Poisoning?
The creation of malicious webpages and getting them ranked in the organic search engine results is referred to as search engine poisoning. Search engine optimization (SEO) techniques are used to promote webpages and convince search engine algorithms that the pages are newsworthy and relevant to specific search terms. Suspect SEO practices such as cloaking, keyword stuffing, and backlinking are used to fool search engine spiders into rating the webpages favorably.
The content on the pages appears extremely relevant to the search term to search engine bots that crawl the internet and index the pages; however, these pages do not always display the same content. Search engine spiders and bots see one type of content, human visitors will be displayed something entirely different. The scammers are able to differentiate human and bot visitors through different HTTP headers in the web requests. Real visitors are then either displayed different content or are redirected to malicious websites.
Midterm Elections SEO Poisoning Campaign Targeting 15,000+ Keywords
The midterm elections SEO poisoning campaign is being tracked by Zscaler, which notes that the scammers have managed to get multiple malicious pages ranking in the first page results for high traffic phrases such as “midterm elections.”
However, that is just the tip of the iceberg. The scammers are actually targeting more than 15,000 different midterm election keywords and are using more than 10,000 compromised websites in the campaign. More sites are being compromised and used in the campaign each day.
When a visitor arrives at one of these webpages from a search engine, they are redirected to one of many different webpages. Multiple redirects are often used before the visitor finally arrives at a particular landing page. Those landing pages include phishing forms to obtain sensitive information, host exploit kits that silently download malware, or are used for tech support scams and include various ruses to fool visitors into installing adware, spyware, cryptocurrency miners, ransomware or malicious browser extensions. In addition to scam sites, the campaign is also being used to generate traffic to political, religious and adult websites.
This midterms elections SEO poisoning campaign poses a significant threat to all Internet users, but especially businesses that do not control the content that can be accessed by their employees. In such cases, campaigns such as this can easily result in the theft of credentials or malware/ransomware infections, all of which can prove incredibly costly to resolve.
One easy-to-implement solution is a web filter such as WebTitan. WebTitan can be deployed in minutes and can be used to carefully control the content that can be accessed by employees. Blacklisted websites will be automatically blocked, malware downloads prevented, and malicious redirects to phishing websites and exploit kits stopped before any harm is caused.
For further information on the benefits of web filtering and details of WebTitan, contact the TitanHQ team today.
A new and improved version of Azorult malware has been identified. The latest version of the information stealer and malware downloader has already been used in attacks and is being distributed via the RIG exploit kit.
Azorult malware is primarily an information stealer which is used to obtain usernames and passwords, credit card numbers, and other information such as browser histories. Newer versions of the malware have seen cryptocurrency wallet-stealing capabilities added.
Azorult malware was first identified in 2016 by researchers at Proofpoint and has since been used in a large number of attacks via exploit kits and phishing email campaigns. The latter have used links to malicious sites, or more commonly, malicious Word files containing malware downloaders.
Back in 2016, the malware variant was initially installed alongside the Chthonic banking Trojan, although subsequent campaigns have seen Azorult malware deployed as the primary malware payload. This year has seen multiple threat actors pair the information stealer with a secondary ransomware payload.
Campaigns have been detected using Hermes and Aurora ransomware as secondary payloads. In both campaigns, the initial aim is to steal login credentials to raid bank accounts and cryptocurrency wallets. When all useful information has been obtained, the ransomware is activated, and a ransom payment is demanded to decrypted files.
A new version of the Azorult was released in July 2018 – version 3.2 – which contained significant improvements to both its stealer and downloader functions. Now Proofpoint researchers have identified a new variant – version 3.3 – which has already been added to RIG. The new variant was released shortly after the source code for the previous version was leaked online.
The new variant uses a different method of encryption, has improved cryptocurrency stealing functionality to allow the contents of BitcoinGold, electrumG, btcprivate (electrum-btcp), bitcore, and Exodus Eden wallets to be stolen, a new and improved loader, and an updated admin panel. The latest version has a lower detection rate by AV software ensuring more installations.
If your operating systems and software are kept fully patched and up to date you will be protected against these exploit kit downloads as the vulnerabilities exploited by RIG are not new. However, many companies are slow to apply patches, which need to be extensively tested. It is therefore strongly advisable to also deploy a web filtering solution such as WebTitan to provide additional protection against exploit kit malware downloads. WebTitan prevents end users from visiting malicious websites such as those hosting exploit kits.
The latest version of Azorult malware was first listed for sale on October 4. It is highly probable that other threat actors will purchase the malware and distribute it via phishing emails, as was the case with previous versions. It is therefore strongly advisable to also implement an advanced spam filter and ensure that end users are trained how to recognize potentially malicious emails.
TitanHQ, the leading provider of spam filtering, web filtering, and email archiving solutions for managed service providers (MSPs) recently partnered with Datto Networking, the leading provider of MSP-delivered IT solutions to SMBs.
The partnership has seen TitanHQ’s advanced web filtering technology incorporated into the Datto Networking Appliance to provide secure internet access to all users connected the network.
The new technology providing enhanced protection against web-based threats while allowing administrators to carefully control the web content that can be accessed by employees and guest users.
On October 18, 2018, Datto and TitanHQ will be hosting a webinar that will explain the new functionality of the Datto Networking Appliance to MSPs, including a deep dive into the new web filtering technology.
The use of fake software updates to spread malware is nothing new, but a new malware campaign has been detected that is somewhat different. Fake Adobe Flash updates are being pushed that actually do update the user’s Flash version, albeit with an unwanted addition of the XMRig cryptocurrency miner on the side.
The campaign uses pop-up notifications that are an exact replica of the genuine notifications used by Adobe, advising the user that their Flash version needs to be updated. Clicking on the install button, as with the genuine notifications, will update users’ Flash to the latest version. However, in the background, the XMRig cryptocurrency miner is also downloaded and installed. One installed, XMRig will run silently in the background, unbeknown to the user.
The campaign was detected by security researchers at Palo Alto Network’s Unit 42 team. The researchers identified several Windows executable files that started with AdobeFlashPlayer that were hosted on cloud servers not controlled by Adobe.
An analysis of network traffic during the infection process revealed most of the traffic was linked to updating Adobe Flash from an Adobe controlled domain, but that soon changed to traffic through a domain associated with installers known to push cryptocurrency miners. Traffic was later identified over TCP port 14444 that was associated with the XMRig cryptocurrency miner.
Further analysis of the campaign revealed it has been running since mid-August, with activity increasing significantly in September when the fake Adobe Flash updates started to be distributed more heavily.
End users are unlikely to detect the downloading and installation of the XMRig cryptocurrency miner, but there is likely to be a noticeable slowdown in the speed of their computer. The installation of the XMRig cryptocurrency miner may be stealthy, but when it runs it uses almost all of the computer’s CPU for cryptocurrency mining. Any user that checks Task Manager will see Explorer.exe hogging their CPU. As with most cryptocurrency miners, XMRig mines Monero. What is not currently known is which websites are distributing the fake Adobe Flash updates, or how traffic is being generated to those sites.
Any notification about a software update that pops up while browsing the internet should be treated as suspicious. The window should be closed, and the official website of that software provider should be visited to determine if an update is necessary. Software updates should only ever be downloaded from official websites, in the case of Adobe Flash, that is Adobe.com.
The Palo Alto researchers note “Organizations with decent web filtering and educated users have a much lower risk of infection by these fake updates.”
Its conference season and the TitanHQ team is hitting the road again. The TitanHQ team will be travelling far and wide and will be attending the major MSP industry events in the United States and Europe throughout October and November.
The conferences give new and current MSP partners the chance to meet the TitanHQ team face to face, get answers to questions, pick up tips and tricks to get the most out of TitanHQ products, and find out about the latest innovations for MSPs from TitanHQ.
Conference season kicks off with the third annual Kaseya Connect Europe Conference in Amsterdam (October 2-4) at the NH Collection Amsterdam Grand Hotel Krasnapolsky in Amsterdam. Kaseya is the leading provider of complete IT infrastructure management solutions for MSPs, offering best-in-class solutions to help MSPs efficiently manage and secure IT environments for their clients.
TitanHQ is an Emerald Sponsor for the event and will be showcasing its SpamTitan spam filtering and WebTitan web filtering solutions for MSPs. TitanHQ will be at booth 4 at the event, next to Datto and Bitdefender – both of which are TitanHQ partners.
Next stop for the TitanHQ tour bus is the CompTIA EMEA Member & Partner Conference at Etc. Venues County Hall on the south bank of the Thames in London (October 16-17). The Computing Technology Industry Association is the world’s leading tech association, providing education, training, certification, advocacy, philanthropy and market research. The conference brings together members and thought leaders from the entire tech industry with panel discussions, keynote speeches, and the latest news and advice about the key trends and topics impacting the tech industry.
TitanHQ is a key sponsor of the event and will be on hand give product demonstrations and explain about the opportunities that exist for MSPs to add web filtering, spam filtering, and email archiving services to their client offerings.
At the end of October, the TitanHQ team will be heading to sunny Spain for DattoCon18 at the Fairmont Rey Juan Carlos I in Barcelona (October 29-31). The conference is focused on helping business owners run their businesses more effectively through the use of Autotask + Datto solutions. There will be a host of educational sessions and keynote speeches at the event, with plenty of opportunities for networking. TitanHQ will be showcasing its security solutions for MSPs at the conference.
At the start of November, TitanHQ will be in attendance at the leading conference for the WiFi industry. The WiFi Now Europe conference is being held in Berlin ((November 6-8) at the Holiday Inn Berlin City-West. The event offers three full days dedicated to all things WiFi. Attendees will find out about key developments in WiFi and the latest industry trends, with opportunities to learn from industry experts, meet key industry influencers, and discover new business opportunities.
TitanHQ will be showcasing its WebTitan Cloud for WiFi solution at the event and will be explaining how MSPs can incorporate web filtering into their service stacks to provide greater value to their clients and improve their bottom lines
Next comes a quick hop across the Atlantic to the HTG Peer Groups Q4 conference in at the Omni Orlando Resort in Orlando, Florida (October 10-16). HTG is an international consulting, coaching and peer group organization that helps business by igniting personal, leadership, business and legacy transformation to get companies to achieve their full potential.
There will be a full program of events throughout the week including peer group meeting and opportunities for learning and building relationships. TitanHQ will be in attendance and will be showcasing its innovative business security solutions.
Summary of TitanHQ Conference Schedule 2018
October 2-4: Kaseya Connect Europe, Amsterdam, Netherlands. Booth #4
October 16-17: CompTia EMEA Member & Partner Conference; London, UK. Booth #28
October 29-31: DattoCon18, Barcelona, Spain.
November 6-8: WiFi Now, Berlin, Germany.
November 10-16: HTG Peer Groups Q4 Conference, Orlando, FL, USA.
A new version of GandCrab ransomware (GandCrab v5) has been released. GandCrab is a popular ransomware threat that is offered to affiliates under the ransomware-as-a-service distribution model. Affiliates receive a cut of the profits from any ransoms payed by individuals they manage to infect.
GandCrab was first released in January 2018 and fast grew into one of the most widely used ransomware variants. In July it was named the top ransomware threat and is regularly updated by the authors.
There have been several changes made in GandCrab v5, including the change to a random 5-character extension for encrypted files. The ransomware also uses an HTML ransom note rather than dropping a txt file to the desktop.
Bitdefender released free decryptors for early versions of the ransomware, although steps were taken by the authors to improve security for version 2.0. Since version 2.0 was released, no free decryptors for GandCrab ransomware have been developed.
Recovery from a GandCrab v5 infection will only be possible by paying the ransom – approximately $800 in the Dash cryptocurrency – or by restoring files from backups. Victims are only given a limited time for paying the ransom before the price to decrypt doubles. It is therefore essential that backups are created of all data and for those backup files to be checked to make sure files can be recovered in the event of disaster.
Since this ransomware variant is offered under the ransomware-as-a-service model, different vectors are used to distribute the ransomware by different threat actors. Previous versions of the ransomware have been distributed via spam email and through exploit kits such as RIG and GrandSoft. GandCrab v5 has also been confirmed as being distributed via the new Fallout exploit kit.
Traffic is directed to the exploit kit using malvertising – malicious adverts that redirect users to exploit kits and other malicious websites. These malicious adverts are placed on third party advertising networks that are used by many popular websites to provide an extra income stream.
Any user that clicks one of the malicious links in the adverts is redirected to the Fallout exploit kit. The Fallout exploit kit contains exploits for several old vulnerabilities and some relatively recent flaws. Any user that has a vulnerable system will have GandCrab ransomware silently downloaded onto their device. Local files will be encrypted as well as files on all network shares, not just mapped drives.
Whenever a new zero-day vulnerability is discovered it doesn’t take long for an exploit to be incorporated into malware. The publication of proof of concept code for a Task Scheduler ALPC vulnerability was no exception. Within a couple of days, the exploit had already been adopted by cybercriminals and incorporated into malware.
The exploit for the Task Scheduler ALPC vulnerability allows executable files to be run on a vulnerable system with System privileges and has been incorporated into GandCrab v5. The exploit is believed to be used to perform system-level tasks such as deleting Windows Shadow Volume copies to make it harder for victims to recover encrypted files without paying the ransom. Microsoft has now issued a patch to correct the flaw as part of its September Patch Tuesday round of updates, but many companies have yet to apply the patch.
The most important step to take to ensure that recovery from a ransomware attack is possible is to ensure backups are created. Without a viable backup the only way of recovering files is by paying the ransom. In this case, victims can decrypt one file for free to confirm that viable decryption keys exist. However, not all ransomware variants allow file recovery.
Preventing ransomware infections requires software solutions that block the main attack vectors. Spam filtering solutions such as SpamTitan prevent malicious messages from being delivered to inboxes. Web filters such as WebTitan prevent end users from visiting malicious sites known to host exploit kits. Remote desktop services are often exploited to gain system access, so it is important that these are disabled if they are not required, and if they are, they should only be accessible through VPNs.
Patches should be applied promptly to prevent vulnerabilities from being exploited and advanced antimalware solutions should be deployed to detect and quarantine ransomware before files are encrypted.
A Bristol Airport ransomware attack has resulted in its customer display screens being taken offline for two days. Staff at the airport have had to resort to using dry markers and whiteboards to display flight arrival and departure information while the malicious software was removed and files were decrypted.
Ransomware was installed on its administrative computer system in the early hours on Friday, 14 September. As a result of the attack, several applications had to be taken offline as part of the airport’s efforts to contain the attack and prevent critical airport systems from being affected. The application used to display arrival and departure information throughout the airport was one of the casualties.
A statement was provided to the media confirming that a ransom demand had been received but the decision was taken not to give in to the attacker’s demand. Instead, IT staff at the airport chose to restore affected systems from backups. That process continued throughout the weekend. Screens in key locations throughout the airport were slowly brought back online on Sunday and efforts are continuing to restore files on all other affected computers at the airport.
Bristol Airport spokesman, James Gore, said initial investigations suggest this was a speculative rather than a targeted attack on the airport and that it was an online attack on its administrative systems. The exact nature of the Bristol Airport ransomware attack has not yet been disclosed and it is not known what variant of ransomware was used.
The recovery process has taken longer than was expected as the airport has adopted a particularly cautious approach due to the number of critical and security systems at the airport which could potentially have been affected. As it was, customer and airport safety were not affected by the ransomware attack and flights were not delayed.
Ransomware Still Poses a Major Threat to Businesses
Ransomware attacks have declined in recent months as many cybercriminals have turned to cryptocurrency mining as an easier way of generating an income, but the Bristol Airport ransomware attack shows that the threat of ransomware attacks is ever present. Cybercriminals have certainly not totally abandoned ransomware and it remains a serious threat.
Online attacks are also common. Ransomware is still widely distributed via exploit kits – Software loaded onto compromised websites that probes for vulnerabilities in browsers and plugins. When vulnerabilities are identified, they are exploited and ransomware is silently downloaded.
How to Prevent Ransomware Attacks
Protecting against ransomware attacks requires layered security solutions to block the key attack vectors. Spam filtering software will block the majority of malicious emails and prevent them from being delivered to end users’ inboxes. Security awareness training will help to ensure that employees can identify any malicious emails than make it past perimeter email security controls.
One of the most effective solutions for blocking web-based attacks is a web filter. Web filters can be configured to prevent end users from visiting malicious websites and will block drive-by downloads of malware. Naturally, all software, including browsers and browser plugins, should be kept up to date and fully patched to prevent vulnerabilities from being exploited. Anti-virus software on all servers and end points is also a must.
As was the case with the Bristol airport ransomware attack, files could be recovered from backups without the need to pay the ransom demand. To ensure file recovery is possible, regular backups must be made.
A good backup practice will see at least three backup copies created, on at least two separate media, with one copy stored securely offsite on a device that is not connected to a network or the Internet.
For more information on anti-ransomware solutions for businesses, speak to TitanHQ today. TitanHQ offers award-winning spam filtering and web filtering technology that blocks malware and ransomware attacks and other email and web-based threats.
There are many new services that managed service providers (MSPs) can add to their service stacks, such as cloud migration and digitization services, but the biggest area for growth is currently cybersecurity services.
The number of cyberattacks on SMBs and enterprises has increased substantially in recent years. More attacks are now being conducted than ever before, and many of those attacks are succeeding.
A successful attack can prove extremely profitable for an attacker and extremely costly for an enterprise. When a network or email account is breached, sensitive information can be stolen, such as the personal data of customers and employees and corporate secrets and proprietary data.
When customer information is stolen, the damage to a company’s reputation can be considerable. Customer churn rate increases, business is lost, and there may be regulatory fines to cover and lawsuits to fight. Notifications need to be issued and credit monitoring and identity theft protection services may need to be provided to customers. When proprietary data is stolen, a company’s competitive advantage can easily be lost.
Following any security breach, hours must be committed to forensic analyses to search for possible backdoors and malware. The breach cause must be identified and security holes must be plugged. All those costs (and more) add up. This year’s Cost of a Data Breach study conducted by the Ponemon Institute/IBM Security revealed the average cost of a data breach of up to 100,000 personal records has risen to $3.86 million in 2018 – a 6.4% increase since 2017.
The massive disruption to businesses caused by cyberattacks and the considerable cost of mitigating data breaches means SMBs and enterprises need to take precautions and invest in cybersecurity defenses. However, the shortage of skilled staff in this area and already overworked IT departments has meant many companies have had to turn to MSPs and managed security service providers (MSSPs) to help shore up their defenses, monitor for potential intrusions, and respond to breaches when they occur.
Many MSPs have responded to the demand and are now offering security services to their clients to meet the demand. That demand is so great, that managed security services are now a huge growth area for MSPs.
Each year, Channel Futures conducts its MSP 501 survey, which evaluates the revenue growth, service deliverables, and business models and strategies adopted by the most progressive and forward-thinking MSPs around the globe. This year, the survey revealed that the biggest growth area is security services. 73% of all surveyed MSPs said security was their fastest growing service. As a point of comparison, the next biggest growth area was professional services (55%), followed by Office 365 (52%) and consulting (51%).
With huge demand for managed security services, it is no longer a question of whether they should be added to MSPs service stacks, but more a question of how they can be integrated, how to architect those services, and how to package security services together to meet customers’ needs.
What Security Services are Being Offered by MSPs?
Many enterprises and SMBs that attempt to go it alone end up deploying dozens of different security solutions at considerable cost, only to discover they are still attacked and suffer network breaches. Most businesses do not have the staff to commit to implementing, monitoring, and managing large numbers of cybersecurity solutions. This creates an opportunity for MSPs.
Some MSPs have opted to provide clients with a suite of cybersecurity solutions from a single provider, as the solutions work seamlessly together and there is less potential for security gaps to exist. While this has worked for some MSPs, the problem with this approach is clients could approach that vendor and decide to go direct. MSPs that have succeeded with this model are adding considerable value – such as their expertise in running those solutions.
Logicalis, ranked #10 in the MSP 501 list, has taken a different approach and is bundling together a range of solutions that can be easily managed together and match customers’ needs exactly. “We pick our swim lanes, we pick our areas that are most relevant to our skills, to our customers, and we make sure we have the disciplines and domain expertise to deliver against that,” said Logicalis’ chief sales officer Mike Houghton.
Clients often get the best value – and protection – when MSPs package together cybersecurity products from a wide range of cybersecurity solution providers to provide a comprehensive security service, as Tom Clancy, CEO of Valiant Technology and #206 in Channel Future’s MSP 501 list explained. “Providing a bundle of offerings from different vendors that work well together is the most effective way for an MSP to retain its role as a trusted adviser.”
Valiant Technology has even taken this a step further and is moving towards making security a ‘non-optional’ offering. Clancy explained to Channel Futures that, “Our managed services plans will say, ‘It costs this much per seat, and it’s this much if you want the security package. And by the way, you really want the security package, otherwise here’s my limitation of liability.”
Naturally, putting together a package of security services requires considerable research and planning, new staff may need to be hired, and training on the products must be provided. It is a lot of work, but the potential rewards are considerable.
How Can TitanHQ Help?
TitanHQ has developed a suite of security products that are ideally suited for MSPs, offering a winning combination of easy deployment, remote management, superb protection against a wide range of threats, and excellent margins. The solutions mitigate the threat from web and email-based attacks integrate seamlessly into MSPs existing service stacks.
SpamTitan provides world-class protection from spam and malicious emails, preventing malware, ransomware, and phishing emails from reaching end users’ inboxes. The solution is complimented by WebTitan, a powerful web filtering solution that prevents end users from visiting malicious websites, blocks drive-by downloads of malicious software, and enforces acceptable Internet usage policies.
To find out more about how these two solutions benefit MSPs and their clients, and the tools available to seamlessly integrate these technology-agnostic security services into MSPs security packages, contact the TitanHQ team today.
Vulnerabilities in the VPNs NordVPN and ProtonVPN have been identified that allow execution of arbitrary code with system level privileges, highlighting the risk that can be introduced if VPN software is not kept fully patched and up to date.
VPNs May Not be As Secure as You Think
One common method used to securely access the Internet on public WiFi networks is to connect through a VPN. A VPN helps to prevent man-in-the-middle attacks and the interception of data by creating a secure tunnel through which data flows. Using VPN software means a user’s data is encrypted preventing information from being accessed by malicious actors.
While the connection is secured using a VPN, that does not always mean that a user is well protected. VPNs may not be quite as secure as users believe. Like any software, there can be vulnerabilities in VPNs that can be exploited. If the latest version of VPN software is not used, data may be vulnerable.
High Severity Vulnerabilities Identified in Popular VPNs
Recently, two of the most popular VPN clients have been found to contain a privilege escalation bug that could be exploited to allow an attacker to execute arbitrary code with elevated privileges.
The bug is present in NordVPN and ProtonVPN clients, both of which use the open-source OpenVPN software to create a tunnel through which information passes. In April, a flaw was identified which allowed an attacker with low level privileges to run arbitrary code and elevate their privileges to system level. Further, the flaw was not difficult to exploit.
A change could easily be made to the OpenVPN configuration file, adding parameters such as “plugin”, “script-security”, “up”, and “down”. Files specified within those parameters would be executed with elevated privileges. The flaw was identified by security researcher Fabius Watson of VerSprite Security, and prompt action was taken to patch the flaw.
However, while patches were issued by NordVPN and ProtonVPN that prevented the “plugin”, “script-security”, “up”, and “down” parameters from being added to the configuration file by standard users, the flaw had only been partially corrected.
Researchers at Cisco Talos discovered the same parameters could still be added to the configuration file if they were added in quotation marks. Doing that would bypass the mitigations of the patches. These vulnerabilities have been tracked under separate CVE codes – CVE-2018-3952 for ProtonVPN and CVE-2018-4010 for NordVPN. Both flaws are considered high-severity and have been assigned a CVSS v3 base score of 8.8 out of 10.
NordVPN and ProtonVPN have now released an updated patch which prevents the addition of these parameters using quotation marks, thus preventing threat actors from exploiting the vulnerability. Both vendors have tackled the problem in different ways, with ProtonVPN opting to put the configuration file in the installation directory to prevent standard users from making any changes, while NordVPN used an XML model to generate the configuration file. Standard users are not able to modify the template.
Securing Connections on Public WiFi Access Points
VPNs are an excellent way of improving security when connecting to public WiFi networks, but policies and procedures should be implemented to ensure that patches are applied promptly. It is not always possible to configure VPN clients to automatically update to the latest version. If vulnerabilities in VPNs are not addressed, they can be a major security weak point.
An additional protection that can be implemented to protect remote workers when connecting to WiFi networks is a web filtering solution such a WebTitan. WebTitan allows businesses to carefully control the web content that can be accessed by employees no matter where they connect – through wired networks, business WiFi networks, and when connecting to the Internet through public WiFi networks.
By controlling the types of sites that can be accessed, and using blacklists of known malicious sites, the potential for malware downloads can be greatly reduced.
If you want to improve WiFi security or implement web filtering controls for remote workers, contact the TitanHQ team today to find out more about WebTitan and the difference it can make to your security posture.
A new exploit kit has been detected that is being used to deliver Trojans and GandCrab ransomware. The Fallout exploit kit was unknown until August 2018, when it was identified by security researcher Nao_sec. Nao_sec observed the Fallout exploit kit being used to deliver SmokeLoader – a malware variant whose purpose is to download other types of malware.
Nao_sec determined that once SmokeLoader was installed, it downloaded two further malware variants – a previously unknown malware variant and CoalaBot – A HTTP DDoS Bot that is based on August Stealer code. Since the discovery of the Fallout exploit kit in August, it has since been observed downloading GandCrab ransomware on vulnerable Windows devices by researchers at FireEye.
While Windows users are being targeted by the threat group behind Fallout, MacOS users are not ignored. If a MacOS user encounters Fallout, they are redirected to webpages that attempt to fool visitors into downloading a fake Adobe Flash Player update or fake antivirus software. In the case of the former, the user is advised that their version of Adobe Flash Player is out of date and needs updating. In the case of the latter, the user is advised that their Mac may contain viruses, and they are urged to install a fake antivirus program that the website claims will remove all viruses from their device.
The Fallout exploit kit is installed on webpages that have been compromised by the attacker – sites with weak passwords that have been brute-forced and those that have out of date CMS installations or other vulnerabilities which have been exploited to gain access.
The two vulnerabilities exploited by the Fallout exploit kit are the Windows VBScript Engine vulnerability – CVE-2018-8174 – and the Adobe Flash Player vulnerability – CVE-2018-4878, both of which were identified and patched in 2018.
The Fallout exploit kit will attempt to exploit the VBScript vulnerability first, and should that fail, an attempt will be made to exploit the Flash vulnerability. Successful exploitation of either vulnerability will see GandCrab ransomware silently downloaded.
The first stage of the infection process, should either of the two exploits prove successful, is the downloading of a Trojan which checks to see if certain processes are running, namely: filemon.exe, netmon.exe, procmon.exe, regmon.exe, sandboxiedcomlaunch.exe, vboxservice.exe, vboxtray.exe, vmtoolsd.exe, vmwareservice.exe, vmwareuser.exe, and wireshark.exe. If any those processes are running, no further action will be taken.
If those processes are not running, a DLL will be downloaded which will install GandCrab ransomware. Once files are encrypted, a ransom note is dropped on the desktop. A payment of $499 is demanded per device to unlock the encrypted files.
Exploit kits will only work if software is out of date. Patching practices tend to be better in the United States and Europe, so attackers tend to rely on other methods to install their malicious software in these regions. Exploit kit activity is primarily concentrated in the Asia Pacific region where software is more likely to be out of date.
The best protection against the Fallout exploit kit and other EKs is to ensure that operating systems, browsers, browser extensions, and plugins are kept fully patched and all computers are running the latest versions of software. Companies that use web filters, such as WebTitan, will be better protected as end users will be prevented from visiting, or being redirected to, webpages known to host exploit kits.
To ensure that files can be recovered without paying a ransom, it is essential that regular backups are made. A good strategy is to create at least three backup copies, stored on two different media, with one copy stored securely offsite on a device that is not connected to the network or accessible over the Internet.
Security awareness training best practices to help your organization tackle the weakest link in the security chain: Your employees.
The Importance of Security Awareness Training
It doesn’t matter how comprehensive your security defenses are and how much you invested on cybersecurity products, those defenses can all be bypassed with a single phishing email. If one such email is delivered to an end user who does not have a basic understanding of security and they respond to that message, malware can be installed, or the attacker can otherwise gain a foothold in your network.
It is the risk of such an attack that has spurred many organizations to develop a security awareness training program. By teaching all employees cybersecurity best practices – from the CEO to the lowest level workers – security posture can be greatly enhanced and susceptibility to phishing attacks and other cyberattacks will be greatly reduced.
However, simply providing employees with a training session when they join the company is not sufficient. Neither is it enough to give an induction in cybersecurity followed by an annual refresher training session. Employees cannot be expected to retain knowledge for 12 months unless frequent refresher training sessions are provided. Further, cybercriminals are constantly developing new tactics to fool end users. Training programs must keep up with those changing tactics.
To help organizations develop an effective security awareness training program we have compiled a list of security awareness training best practices to follow. Adopt these security awareness training best practices and you will be one step closer to developing a security culture in your organization.
Security Awareness Training Best Practices
Listed below are some security awareness training best practices that will help you develop an effective training program that will ultimately help you to prevent data breaches.
C-Suite Involvement is a Must
It is often said that the weakest link in the security chain are an organization’s employees. While that is undoubtedly true, the C-Suite is also a weak link. If the C-Suite does not take an active interest in cybersecurity and does not realize the importance of the human element in security, it is unlikely that sufficient support will be provided and unlikely that appropriate resources are made available. C-suite involvement can also help with organization-wide collaboration. It will be very difficult to create a security culture in an organization if there is no C-Suite involvement in cybersecurity.
An Organization-Wide Effort is Required
A single department will likely be given the responsibility for developing and implementing a security awareness program, but it will not be easy in isolation. Assistance will be required from other departments. The heads of different departments can help to ensure that the security awareness training program is given the priority it deserves.
To ease the burden on the IT department, members of other departments can be trained and can assist with the provision of support or may even be able to assist with the training efforts. Other departments, such as marketing, can help developing content for newsletters and other training material. The HR department can help by setting policies and procedures.
Creation of Security Awareness Training Content
There is no need to develop training content for employees from scratch as there are many free resources available that can give you a head start. Many firms offer high quality training material for a price, which is likely to be lower than the cost of developing training material in-house. Take advantage of these resources but make sure that you develop a training program that is specific to the threats faced by your organization and the sector in which you operate. Your training program must be comprehensive. If any gaps exist, they are likely to be exploited sooner or later.
Diversity of Training
A one-size-fits-all approach to training will ultimately fail. People respond differently to different training methods. Some may retain more knowledge through classroom-based training, others may need one-to-one training, and many will benefit more from CBT training sessions. Your training program should include a wide range of different methods to help with different learning styles. The more engaging your program is, the more likely knowledge will be retained. Use posters, newsletters, email security alerts, games, and quizzes and you will likely see major improvements in your employees’ security awareness.
You can develop a seriously impressive training program for your employees that looks perfect on paper, but if your employees only manage to retain 20% of the content, your training program will not be very effective. The only way you can determine how effective your training program is through attack simulations. Phishing simulation exercises and simulations of other attack scenarios should be conducted before, during, and after training. You will be able to assess how effective all elements of the training program have been, and it will give you the feedback you need to identify weak links and take action to improve your training program.
Security Awareness Training Needs to be a Constant Process
Security awareness training is not a checkbox item that can be completed and forgotten about for another year. Your program should be running constantly and should consist of an annual training session for all employees, semi-annual training sessions, and other training efforts spread throughout the year. The goal should be to make sure security issues are always fresh in the mind.
Cybersecurity best practices for restaurants that you can adopt to make your network more secure and prevent hackers from gaining access to your POS system and customers’ credit card information.
Cybercriminals are Targeting Restaurants’ POS Systems
If you run a busy restaurant you will most likely be processing thousands of credit and debit card transactions every month. Every time someone pays with a card you have a legal responsibility to ensure that the card details that are read through your point of sale (POS) system remain private and cannot be stolen by your employees or obtained by cybercriminals.
So far this year there have been several major cyberattacks on restaurants that have resulted in the credit and debit card numbers of customers being stolen. In August, Darden Restaurants discovered that hackers gained access to the POS system used in its Cheddar’s Scratch Kitchen restaurants and potentially stole over half a million payment card numbers.
Applebee’s, PDQ, Zippy’s, and Chili’s have all experienced cyberattacks in 2018 which have resulted in hackers gaining access to customers’ payment cards. Last year also saw several cyberattacks on restaurants, including attacks on Shoney’s, Arby’s, Chipotle, and the Sonic Drive-In chain. These restaurant cyberattacks are notable due to the amount of card numbers that were stolen. The cyberattack on Cheddar’s is thought to have resulted in the theft of more than half a million payment card numbers, expiry dates and CVV codes, while the Sonic data breach has been estimated to have impacted millions of customers.
Not all cyberattacks on restaurants are conducted on large restaurant chains. Smaller restaurants are also being attacked. These smaller establishments may not process anywhere near as many payment card transactions as a chain the size of Applebee’s, but the attacks can still prove profitable for criminals. Card details sell for upwards of $7, so the theft of 1,000 card numbers from a small restaurant will still generate a decent profit and the effort required to conduct cyberattacks on small restaurants is often far less than an attack on a large chain.
All restaurants are at risk of hacking. Steps must therefore be taken by all restaurants to make it as hard as possible for hackers to gain access to the network, POS systems, and customer data. With this in mind we have listed cybersecurity best practices for restaurants to adopt to avoid a data breach.
Cybersecurity Best Practices for Restaurants
Listed below are some cybersecurity best practices for restaurants to adopt to make it harder for hackers to gain access to your network and data. There is no silver bullet that will stop all cyberattacks, but these cybersecurity best practices for restaurants will help to improve your security posture.
Network Segmentation is a Must
You will most likely have multiple computers in use in your restaurant as well as many other devices that connect to your network via an ethernet connection or WiFi. Every device that connects to your network is a possible entry point that could be exploited by a hacker. It is therefore important to stake steps to ensure that if one device is compromised, access cannot be gained to your entire network. Your POS system needs to be segregated from other parts of the network and users should only be permitted to access parts of the network that are required to complete their assigned duties.
Patch Management and Vulnerability Scanning
All it takes is for one vulnerability to remain unaddressed for you to be vulnerable to attack. It is therefore essential to maintain an inventory of all devices that connect to your network and ensure that patches and software updates are applied on all those devices as soon as they are released. You should also conduct regular vulnerability scans to identify possible weak points and take prompt action to ensure those weak points are addressed.
Secure the Perimeter with a Firewall
One of the most important cybersecurity solutions to implement to prevent hackers from gaining access to your network is a firewall. A firewall monitors and controls incoming and outgoing network traffic and serves as a barrier between a trusted internal network and an untrusted external network. A firewall is also an important element of PCI compliance.
Implement a Spam Filter to Block Malicious Emails
Email is the most common vector used to install malware. Phishing attacks are commonplace and are an easy way for hackers to gain login credentials and get a foothold in the network. Use a spam filter such as SpamTitan to prevent malicious messages from being delivered to end users’ inboxes and block all malware-laced emails.
Protect Your WiFi Network with a Web Filtering Solution
Your WiFi network is a potential weak spot and must be secured. If you provide WiFi access to your customers, ensure they are only provided with access to a guest network and not the network used by your staff. Implement a web filter to control what users can do when connected to your network. A web filter will help to prevent malware from being downloaded and can be configured to block access to risky websites. WebTitan is an ideal web filter for restaurants to improve WiFi security.
Purchase Antivirus Software
Antivirus software is one of the most basic software solutions to protect against malware. Malware is commonly installed on POS systems to record and exfiltrate payment card information. Not only should you ensure that a powerful antivirus solution is installed, you should also ensure regular scans of the network are performed.
Provide Security Awareness Training to Staff
Your employees are a potential weak point in your security defenses. Don’t assume that your employees are security aware. Teach your staff cybersecurity best practices for restaurants, provide anti-phishing training, and explain about risky behaviors that could easily lead to a data breach.
Backup and Backup Again
You should perform regular backups of all your essential data to protect against saboteurs and provide protection against ransomware attacks. If disaster strikes, you will need to record all your data. Adopt the 3-2-1 approach to creating backups. Create three copies, on two separate media, and store one copy securely off site on an air-gapped device that is not connected to the Internet.
Vet your Vendors
Access to your network may be gained through your vendors. The cyberattack on PDQ restaurants occurred via a remote access tool used by one of its technology vendors. If a vendor is able to connect to your network, it is essential that they have appropriate security controls in place. Be sure to check how secure your vendor is and what controls they have in place to prevent hacking before giving them network access.
Adopt these cybersecurity best practices for restaurants and you will make it harder for hackers to gain access to your network and you should be able to avoid a costly data breach.
A new SharePoint phishing scam has been detected that attempts to steal Office 365 credentials. The scam emails being sent in this campaign are similar to those used in countless Google Docs phishing attacks, which appear at face value to be attempts to collaborate through the sharing of files. These scams are often used to spread malware, with the documents often containing malicious macros or links to websites where malware is silently downloaded.
These brand impersonation attacks use an email format that is identical to those used in genuine messages. The phishing emails contain logos, formatting and links that makes the messages identical to legitimate messages requesting collaboration on a project.
This SharePoint phishing scam includes a hyperlink to a genuine SharePoint document, which may not be flagged as malicious since the file itself does not contain malware.
The SharePoint file advises the user that the content they are looking for has been uploaded to OneDrive for Business and a further click is necessary to access the file. A hyperlink named “Access Document” is included in the SharePoint file along with the genuine OneDrive for Business logo and appropriate graphics. At face value the document does not appear malicious, although checking the destination URL of the link will reveal that it directs the user to a suspect website.
It is that website where the phishing attempt takes place. After clicking the link the user is presented with a login window for Office 365 and their Microsoft login details must be entered. Entering Office 365 credentials at this point will pass them to the criminals behind this campaign. The user is unlikely to realize that they have been successfully phished as after entering credentials they will be directed to a genuine Office site.
This SharePoint phishing scam appears to target businesses. Business users are likely to be used to collaborating using SharePoint and are therefore more likely to respond. Gaining access to a business Office 365 account is more lucrative for the attackers, allowing them to access to email accounts to use in further phishing campaigns and access to data stored in those accounts and other sensitive data.
Email addresses for business users can easily be located through sites such as LinkedIn or lists of business email addresses could be purchased on the dark web and hacking forums.
This SharePoint phishing scam, Google Docs phishing scams, and similar campaigns spoofing Dropbox are commonplace and highly effective. They take advantage of familiarity with these collaboration services, trust in the brands, a lack of security awareness, and business employees that do not stop and think before clicking.
Preventing these attacks requires technological solutions to stop the messages from being delivered. Security awareness training can be highly effective at conditioning employees to stop and think before taking any action, while web filters can block these attacks by preventing malicious URLs from being visited. Without these controls in place, businesses will be vulnerable.