Internet Security

Whereas news about Internet security often focuses solely on the latest threats or vulnerabilities, in addition to reporting hacks, data breaches and exposures, we also include advice about the best practices organizations should adopt to mitigate the threat from malware and other malicious software.

Consequently we strongly advise that individuals and organizations never use the same passwords for different accounts, make passwords as complex as possible and change them frequently. We also recommend that sensitive online accounts have 2-factor authentication whenever possible.

Ideally, organizations should implement a web filter to prevent Internet users from accessing websites that could compromise Internet security. With a web filter in place, the potential exists for productivity to increase and also for employees to enjoy a hostility-free workplace environment.

Exploit Kit Activity Triples in a Year – Is Your Business Protected?

Exploit kit activity may be at a fraction of the level of 2016 when peak activity was reached, but the threat has not gone away. In fact, the mid-year cybersecurity roundup from Trend Micro shows exploit kit activity is now triple the level of mid-2018. Websites hosting exploit kits still pose a significant threat to businesses.

Exploit kits are toolkits that contain exploits for vulnerabilities in popular software applications, such as Internet Explorer and Adobe Flash Player. When a user lands on a web page that hosts an exploit kit, it will scan the user’s browser for vulnerabilities. If an exploitable flaw is identified, malware is automatically downloaded and executed on the user’s device. In many cases, the downloading of a Trojan, ransomware, or other form of malware is not identified by the user.

Traffic is sent to exploit kits through malvertising – malicious advert – on high traffic websites. User’s can be directed to malicious websites through phishing emails, and it is also common for hackers to hijack high traffic websites and use them to host their exploit kit. That means users could visit a malicious website just through general web browsing.

There are several exploit kits currently in use such as Magnitude, Underminer, Fallout, Green Flash/Sundown, Rig, GrandSoft, and Lord. These exploit kits are pushing cryptocurrency miners and botnet loaders, although ransomware and banking Trojans are the most common payloads.

Many of the exploits used by these toolkits are for old vulnerabilities, but since businesses are often slow to apply patches, they still pose a major threat. Exploit kits such as GrandSoft and Rig are regularly updated and now host exploits for much more recently disclosed vulnerabilities.

One of the most recently identified campaigns has seen the threat actors behind Nemty ransomware team up with the operators of RIG to push their ransomware on businesses still using old, vulnerable versions of Internet Explorer.

A new exploit kit named Lord is being used to infect users with Eris ransomware. In this case, traffic is being directed to the exploit kit through malvertising on the PopCash ad network. The EK primarily uses exploits for flaws in Adobe Flash Player such as CVE-2018-15982.

Protecting against exploit kits is straightforward on paper. Businesses need to ensure that vulnerabilities are identified and patched promptly. If there are no vulnerabilities to exploit, no malware can be downloaded. Unfortunately, in practice things are not quite so simple. Many businesses are slow to patch or fail to apply patches on all devices in use.

Anti-spam software can help to reduce risk by blocking phishing emails containing links to exploit kits, but most of the traffic comes from search engines and malvertising, which anti-spam software will do nothing to block. To improve your defenses against exploit kits, drive-by downloads, and phishing websites, one of the best cybersecurity solutions to deploy is a DNS filtering solution.

A DNS filter allows businesses to carefully control the websites that employees can access when connected to the business’s wired and wireless networks. Controls can be set to block different types of web content such as gambling, gaming, and adult websites but crucially, the DNS filter also blocks all known malicious websites. DNS filters use blacklists of known malicious websites such as those hosting exploit kits or phishing forms. If a web site or web page is included in the blacklist, it will automatically be blocked.  Websites are also scanned in real time to identify malicious content.

Since all filtering takes place at the DNS level, access to malicious or undesirable content is blocked without any content being downloaded. Setting up the solution is also quick and easy, as it only requires a change to the DNS record to point it to the service provider. No hardware is required and there is no need to download any software.

If you want to improve your defenses against malware, ransomware, botnets, and phishing and are not yet controlling the web content that your employees can access, contact TitanHQ today and ask about WebTitan. Alternatively, sign up for a free trial of the solution by clicking the image below.

Ransomware Attacks on Businesses Have Doubled in 2019

The year 2018 saw a reduction in ransomware attacks on businesses as cybercriminals opted for alternative means to make money. Major ransomware attacks were still occurring, just at a slightly lower rate than in 2017.

Some reports were released that suggested ransomware was no longer such a massive threat as it was in 2016 and 2017, but the number of reported attacks in 2019 have shown that is definitely not the case. Any business that has not implemented defenses to protect against ransomware attacks could well be the next victim and have to pay millions to recover from an attack.

Make no mistake. Ransomware is one of the most dangerous threats faced by businesses. If ransomware is installed on the network, all files, including backups, could be encrypted. That could prove catastrophic, as one small Michigan medical practice discovered.

The two-doctor practice in Battle Creek, MI suffered an attack that resulted in the encryption of all patient data. A ransom demand was issued by the attackers, but as there was no guarantee that files could be recovered after the ransom was paid, the decision was taken not to pay up. The hackers then deleted all the encrypted files. Faced with having to rebuild the practice from scratch, the doctors decided to call it quits and took early retirement.

Ransomware attacks on healthcare providers are now being reported at an alarming rate and government entities, cities, and municipalities are being extensively targeted. The city of Baltimore suffered a major attack in May involving a ransomware variant called RobbinHood. The attack brought down the city’s servers and systems, causing major disruption across the city. A ransom of $6 million was paid for the keys to regain access to the encrypted files.

Two small cities in Florida also suffered major attacks. Lake City was forced to pay a ransom of $460,000 and Riviera Beach paid a ransom of $600,000, while Jackson County in Georgia paid $400,000 after its court system was attacked.

As the year has progressed, the attacks have increased. A report from Malwarebytes indicates there was a 195% increase in ransomware attacks in Q1, 2019. Figures from Kaspersky Lab show ransomware attacks almost doubled in Q2, 2019, with 46% more attacks reported than the corresponding period in 2018.

The increase in attacks means businesses need to be prepared and have the necessary security tools in place to make it difficult for the attacks to succeed.

There is no one cybersecurity solution that can be implemented to eliminate the threat of attack, as hackers are using a variety of methods to gain access to networks and download their malicious payloads. Layered defenses are key to repelling an attack.

Email is the primary method of delivering ransomware. All it takes if for a malicious email to arrive in an inbox and for an employee to be fooled into opening a malicious attachment or clicking on a hyperlink for ransomware to be installed. An advanced email filtering solution such as SpamTitan Cloud is therefore needed to block malicious emails and ensure they do not reach employees’ inboxes.

SpamTItan includes Domain-based Message Authentication, Reporting, and Conformance (DMARC) to block email impersonation attacks and a sandbox where suspicious attachments can be executed in safety and studied for malicious activity. Sandboxing is essential as it allows zero-day ransomware threats to be identified and blocked.

Not all attacks occur via email. Attacks over the Internet are also common. A web filtering solution should therefore be implemented to block these web-based attacks. A web filter will prevent employees from accessing known malicious sites where ransomware is automatically downloaded. With these two technical measures in place, businesses will be well protected from attacks. Along with security awareness training for staff and the adoption of good data backup practices, businesses can mount a strong defense against ransomware attacks.

Phishers Use Google Drive Links to Bypass Office 365 Anti-Phishing Controls

A new phishing campaign has been detected that uses Google Drive links to avoid detection by Office 365 Exchange Online Protection and ensure messages are delivered to inboxes.

The emails, reported through Cofense Intelligence, impersonated the CEO of the company who was attempting to share an important document. The document had been shared via Google Drive and came with the message, “Important message from – CEO.”

Google Drive allows files and collaboration requests to be easily sent to other individuals. The account holder chooses who to share a file with and the system generates an email alert containing a link to the shared file.

In this case, the name of the CEO was correct, but the email address used was different to the format used by the company. While this is a clear sign that the emails are not what they seem, some employees would likely be fooled by the message.

Importantly, the messages are not detected as malicious by EOP and are delivered to inboxes. A scan of the message would reveal nothing untoward, as the embedded URL is a legitimate shared link to a genuine cloud service operated by Google.

The shared document itself is not malicious, but it does link to another Google Docs document and a phishing URL. Any anti-phishing solution that only assesses the embedded hyperlink in the email to determine whether it is malicious would allow the email to be delivered. Only a deeper inspection would reveal the true nature of the URL.

If the link is visited by an end user, a fake login window is presented. If login credentials are entered, they are captured and stored on the attacker’s server.

This campaign highlights the importance of multi-layered anti-phishing defenses and the risks of relying on EOP to provide protection against phishing attacks.

An advanced spam filtering solution should be implemented on top of Office 365 to provide greater protection from phishing and other email-based attacks. This will ensure more sophisticated phishing attacks are blocked.

If a malicious message is delivered and a link is clicked, the connection to the malicious webpage could be blocked using a web filtering solution.

WebTitan is a DNS-based content filtering solution that serves as an additional layer in organization’s anti-phishing defenses.  Should an attempt be made by an employee to visit a malicious website or suspicious domain, the attempt would be blocked before any content is downloaded. WebTitan assesses each website when the DNS query is made. Malicious websites and those that violate an organization’s content control policies are blocked.

To find out more about how a DNS filter can improve your defenses against phishing attacks and malware downloads, contact TitanHQ today.

How a DNS-Based Filter Detects and Blocks Malicious Activity

Malware creators are constantly developing new techniques to circumvent traditional anti-virus defenses and ensure their malicious code can run undetected on a targeted machine.

Zero-day malware variants, those which have never been seen before, are not picked up by signature-based AV solutions. However, the malware will need to communicate with its owner, so the source code will contain URLs and IPs for that purpose. These URLs can be detected when scanning files. If the URLS are detected and they are known to be malicious, the file will be deemed to be malicious and will be quarantined.

To ensure this does not happen, malware developers use a variety of techniques to hide the URLs and IPs in the source code. This is often achieved by converting the IP address into a decimal value, which is stored as XML content. When in decimal format, even a malicious URL would not be detected as such by most antivirus software. When the IP address is needed by the malware, it can be converted back to its original form and then reconverted to digital when no longer required.

Similarly, a URL – or part of a URL – could be encoded in its hexadecimal equivalent. That URL would be unlikely to be detected as malicious yet can be read by a browser. AV software would likely detect the file example.com/maliciousfile.exe as malicious in nature and would block it accordingly. In hexadecimal, that translates to:

%65%78%61%6D%70%6C%65%2E%63%6F%6D%2F%6D%61%6C%69%63%69%6F%75%73%66%69%6C%65%2E%65%78%65

That address would not be recognizable as malicious and would likely go undetected during a scan by an AV solution. The use of both obfuscation techniques together is not unusual, to make it even harder for AV solutions to detect malicious URLs and IPs.

While these techniques can be used to fool endpoint AV solutions, connections to those malicious servers can be blocked using a DNS-based content filter such as WebTitan.

It doesn’t matter how the URL or IP address is masked. Before a connection can be made, it is necessary to make a DNS query, and the collection must be permitted by the DNS-based filter. If the URL is malicious, the DNS filter will block the attempt to connect before any content is downloaded.

WebTitan works in conjunction with a real time database of millions of malicious URLS and uses a real-time classification system to assign websites to one of 53 categories. Those categories can be allowed or blocked with the click of a mouse. In addition to blocking access to malicious content, the category-based controls can be used to prevent employees from accessing content that could cause offense or lower productivity.

To find out more about how WebTitan can benefit your organization and improve your security posture, contact the TitanHQ team today.

U.S. Mayors Vow Not to Give in to Ransom Demands

Ransomware attacks have been increasing since late December 2018 and attacks have been reported with increasing frequency as 2019 has progressed. Ransomware may have fallen out of favor with cybercriminals in 2018, but it is once again a firm favorite as it was in 2016 and 2017.

In recent months there has been an extensive ransomware campaign targeting local government offices, cities, and municipalities. These attacks have caused massive disruption, and many have resulted in ransoms being paid.

In the past few days alone, three ransomware attacks have been reported that have seen more than $1,200,000 in ransoms paid. Riviera Beach in Florida paid a ransom of $600,000 for the keys to unlock its encrypted files and Lake City in Florida paid around $460,000. Most recently, La Porte County in Indiana paid a ransom demand of $130,000.

These are just three of many. According to the United States Conference of Mayors, in the past 6 years, more than 170 city, county, or state government systems have been taken out of action as a result of ransomware attacks and there have been 22 attacks so far in 2019.

Cybercriminals will continue to conduct attacks as long as it is profitable to do so. When ransoms are paid, it simply encourages further attacks. The United States Conference of Mayors has decided to take a stand. The organization represents more than 1,400 majors across the United States and has vowed that in the event of attack, ransom demands will not be paid.

That is a necessary step to take to de-incentivize attacks but it could potentially be very costly. In 2018, the City of Atlanta was attacked with ransomware and refused to pay the $50,000 ransom demand. The city has ended up spending tens of millions of dollars on recovery.

The high cost of recovery without paying the ransom could prove too much for small cities, which is why several have been advised by their insurers to pay the ransoms.

In such cases, help is required from the federal government. The majors have urged Congress to pass the State Cyber Resiliency Act, which would give state and local governments the support needed to help them implement their cyber resiliency plans

What is also needed is greater investment in cybersecurity defenses. Attacks are being conducted because there are security holes that can be easily exploited. Until those holes are plugged, the attacks will continue.

TitanHQ can help plug those holes and thwart ransomware attacks by blocking the main attack vectors. SpamTitan is a powerful email security solution that blocks email-threats at source and keeps inboxes threat free. WebTitan protects users while online and blocks malicious websites and malware downloads. With both of these powerful, but low-cost solutions in place, you will be well protected against ransomware attacks.

Monroe College Ransomware Attack: $2 Million Ransom Demand Issued

There has been a spate of ransomware attacks on cities and government agencies in recent months and the healthcare industry sees more than its fair share of attacks, but they are not the only industries being targeted.

Schools, colleges, and universities are prime targets for hackers and ransomware attacks are common. One recent attack stands out due to its scale and the massive ransom demand that was issued. The attackers demanded $2 million (170 BTC) for the keys to unlock the encryption.

Monroe College in New York City was attacked at 6:45am on Wednesday, July 10, 2019. The ransomware quickly spread throughout the network, shutting down the computer systems at its campuses in Manhattan, New Rochelle and St. Lucia and taking down the college website.

The college has switched to pen and paper and is finding workarounds to ensure students taking online courses receive their assignments. No mention has been made about whether files will be recovered from backups or if the ransom will need to be paid.

This is one of many recent ransomware attacks in the United States. Ransomware may have fallen out of favor with cybercriminals in 2018, but it now appears to be back in vogue and attacks are rising sharply. So too have the ransom demands.

$2 million is particularly high, but there have been several recent attacks involving ransom demands for hundreds of thousands of dollars. In several cases, the ransom has been paid.

Riviera Beach City in Florida was attacked and was forced to pay a $600,000 ransom to regain access to its files and bring its computer systems back online. Lake City in Florida also paid a sizeable ransom – $500,000. Jackson County was also attacked and paid a $400,000 ransom.

There have been several cases where ransoms have not been paid. The City of Atlanta was attacked and around $51,000 in Bitcoin was demanded. Atlanta refused to pay. Its cleanup bill has already reached $3 million. With such high costs it is clear to see why many choose to pay up.

In all of the above cases, the cost of implementing cybersecurity solutions to protect against the main attack vectors would have cost a tiny fraction of the cost of the ransom payment or the mitigation costs after an attack.

For less than $2 per employee, you can ensure that the email network is secured and you are well protected against web-based attacks. To find out more, call TitanHQ today.

New Spelevo Exploit Kit Pushes Banking Trojans via IE and Flash Exploits

Sodinokibi and Buran ransomware are being pushed via the RIG exploit kit and now another exploit kit has joined the ranks, although its payload is currently banking Trojans.

Exploit kits are utility programs on websites that conduct automated attacks on visitors. When a visitor lands on a page hosting the exploit kit, the user’s browser and browser-based applications are probed to determine whether vulnerabilities exist.

Exploit kits contain exploits for several vulnerabilities, only one of which is required to silently download and execute a malicious payload on a visitor’s device. Traffic to these malicious pages is generated through malvertising/malicious redirects. The exploit kit code is also commonly added to compromised high-traffic websites.

Exploit kits were once the malware delivery mechanism of choice, but they fell out following a law enforcement crackdown. The threat from exploit kits has never disappeared, but activity has been at a much-reduced level. In recent months however, exploit activity has been at an elevated level.

The new exploit kit is called Spelevo and its purpose is to deliver two banking Trojans – Dridex and IceD – via a business to business website. The exploit kit was discovered by a security researcher named Kafeine in March 2019.

The exploit kit currently hosts multiple exploits for Adobe Flash and one for Internet Explorer. A user visiting a web page hosting the Spelevo exploit kit would unlikely tell that anything untoward was occurring. A tab would be opened to the gate and the browser would appear to go through a series of redirects before landing on Google.com. The entire process from the user landing on a page hosting the exploit kit, to a vulnerably being identified, exploited, and the user redirected to Google.com takes just a few seconds.

The exploit kit could be hosted on an attacker-owned domain, but it is easy to add the exploit kit to any website. All that is required is the addition of four lines of code once a website has been compromised.

Exploit kits are an efficient, automated way of delivering a malware payload, but they are reliant on users that have not patched their browsers and plugins. If browsers and plugins are kept up to date, there are no vulnerabilities to exploit.

The Spelevo exploit kit appears to be used in a campaign targeting businesses. IT teams often struggle to keep on top of patching and have poor visibility into the devices that connect to the network. As a result, it is easy for devices to be missed and remain unpatched. If one device is compromised, an attacker can use a variety of tools to spread laterally and infect other devices and servers.

The primary defense against exploit kits is patching, but additional protections are required. To protect against attacks while patching takes place, to prevent attacks from succeeding using zero-day exploits, and to stop users from visiting websites hosting exploit kits, a web filter is required.

WebTitan is a DNS filter that provides real-time, automated threat detection and blocking and protects against exploit kits and web-based phishing attacks. The WebTitan database contains three million malicious URLs that are blocked to protect end users. More than 300,000 malware and ransomware websites are blocked every day.

If you want to improve protection against web-based threats, exercise control over the content that your employees can access, and gain visibility into what your employees are doing online, WebTitan Cloud is the answer and it can be set up in minutes.

For further information, contact TitanHQ today.

Sodinokibi Ransomware Poised to Become New GandCrab

As one ransomware-as-a-service operation shuts down, another is vying to take its place.  Sodinokibi ransomware attacks are increasing and affiliates are trying to carve out their own niche in the ransomware-as-a-service operation.

Developing ransomware and staying one step ahead of security researchers is important, but what made the GandCrab operation so successful were the affiliates conducting the campaigns that generated the ransom payments. The GandCrab developers have now shut down their operation and that has left many affiliates looking for an alternative ransomware variant to push.

Sodinokibi ransomware could well fill the gap. Like GandCrab, the developers are offering their creation under the ransomware-as-a-service model. They already have a network of affiliates conducting campaigns, and attacks are on the increase.

As is the case with most ransomware-as-a-service operations, spam email is one of the most common methods of ransomware delivery. One Sodinokibi ransomware campaign has been detected that uses spoofed Booking.com notifications to lure recipients into opening a Word document and enabling macros. Doing so triggers the download and execution of the Sodinokibi payload.

Download websites are also being targeted. Access is gained the websites and legitimate software installers are replaced with ransomware installers. Managed Service Providers (MSPs) have also been targeted. The MSP attacks have exploited vulnerabilities in RDP to gain access to MSP management consoles.

Two cases have been reported where an MSP was compromised and malicious software was pushed to its clients through the client management console. In one case, the Webroot Management Console and the Kaseya VSA console in the other.

Recently, another attack method has been detected. Sodinokibi ransomware is being distributed through the RIG exploit kit. Malvertising campaigns are directing traffic to domains hosting RIG, which is loaded with exploits for several vulnerabilities.

With so many affiliates pushing Sodinokibi ransomware and the wide range of tactics being used, no single cybersecurity solution will provide full protection against attacks. The key to preventing attacks is defense in depth.

TitanHQ can help SMBs and MSPs secure the email and web channels and block the main attack vectors. Along with security awareness training and good cybersecurity best practices, it is possible to mount a formidable defense against ransomware, malware, and phishing attacks.

Find out About Web and Email Security for MSPs at DattoCon2019

The excitement is building as DattoCon19 draws ever closer. Starting on June 17, 2019 in San Diego and running for three days, DattoCon19 is an unmissable event for managed service providers (MSPs).

At the conference, attendees benefit from practical advice and best practices to grow their businesses, increase sales, and boost monthly recurring revenue (MRR). A huge range of vendors will be on hand to offer information on exciting products and attendees will have the opportunity to learn strategies to increase business impact growth, boost profitability, and broaden their service stacks.

Sessions will be taken by industry experts and leading MSPs who will share tips and tricks to take back home and apply at the office. On average, attendees at DattoCon achieve 41% sales growth year-over-year as a result of attending the conference.

TitanHQ is sponsoring DattoCon19 and is excited about having the opportunity to meet new MSPs and help them grow their businesses. As a Datto Select Vendor, TitanHQ offers MSPs three cloud-based solutions that can be easily integrated into existing MSPs service stacks: Anti-phishing and anti-spam protection, DNS-based web filtering, and email archiving. All three solutions are available through the TitanShield program for MSPs.

MSPs can meet the TitanHQ team at booth 23 at DattoCon19 to find out more about the TitanShield program and the exciting opportunities for MSPs that work with TitanHQ. TitanHQ will be on hand to help MSPs that support Office 365 to improve protection against phishing attacks and malware. MSPs can also find out more about the TitanHQ threat intelligence that protects Datto DNA and D200 boxes, and how TitanHQ’s DNS filter is a direct swap out for Cisco Umbrella and the cost advantages of doing so.

TitanHQ Executive Vice President-Strategic Alliances, Rocco Donnino, is one of the panel members for the Datto Select Avendors event on Monday. The event brings together experts from different fields to help come up with solutions for some of the major problems faced by MSPs in today’s marketplace.

TitanHQ at DattoCon19

  • TitanHQ will be at booth 23
  • Special Show Pricing available
  • Daily TitanHQ vintage Irish whiskey raffle
  • TitanHQ and BVOIP are sponsoring a GasLamp District Takeover Party on Monday 6/17 and Wed, 6/19.

DattoCon19 will be taking place in San Diego, California on June 17-19, 2019. If you are not yet registered for the event you can do so here

Contact the TitanHQ team in advance:

  • Rocco Donnino, Executive Vice President-Strategic Alliances, LinkedIn
  • Eddie Monaghan, MSP Alliance Manager, LinkedIn
  • Marc Ludden, MSP Alliance Manager, LinkedIn


 

TitanHQ Announces New TitanShield Partner Program

TitanHQ Announces New TitanShield Partner Program

TitanHQ, the leading provider of cloud security solutions for SMBs, has announced a new partner program has been launched to support Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), Cloud Distributors, Wi-Fi Providers, OEM Partners and Technology Alliance Partners..

TitanHQ started its journey in 1999. Initially, the company provided anti-spam solutions to local businesses in Ireland. Over the next two decades, the company expanded its range of products to include DNS filtering and email archiving solutions and is now a leading global player of cloud-based cybersecurity solutions.

While TitanHQ initially focused on meeting the needs of the SMB market, its products have been developed to meet the needs of MSPs. For instance, TitanHQ solutions are available with a range of hosting options, including the ability to host the solution within the MSPs own environment, and they can be provided in white-label form ready to take MSP’s branding.

TitanHQ’s cloud-based solutions have been developed to be easy to implement, use, and manage and are already a firm favorite with MSPs.

To make TitanHQ cloud security solutions even more attractive for MSPs, the existing partner program has been significantly enhanced and relaunched as TitanShield.

The TItanShield Partner Program makes it even easier to offer TitanHQ cloud security products to clients. Partners benefit from access to engineers, a highly capable support team that understands the needs of MSPs, and a dedicated account manager.

Partners have access to APIs to allow them to easily sell, onboard, manage and deliver advanced network security solutions directly to their client base from within their own user interfaces. In addition, partners receive free access to sales and technical resources, deal registration and lead generation resources, and benefit from flexible, volume-based monthly pricing models and profitable margins.

Under the new, enhanced partner program, customers are separated into their specific areas of expertise to ensure that each can be provided with focused information for the markets and customers they serve.

“Our program takes a unique and strategic approach for our partners and can be customized to fit all business models,” said Rocco Donnino, Executive VP of Strategic Alliances at TitanHQ.

If you want to become a highly valued member of the TitanHQ TitanShield Partner Program, enrollment is now open. Call TitanHQ today or email partners@titanhq.com for further information.

 

Web Filtering for MSPs (Part 2): Why WebTitan Cloud is the Best Web Filtering Service for MSPs

In our previous post we explained why managed service providers (MSPs) should be offering a web filtering service to their customers and the benefits that can be gained by customers and MSPs alike. In this post we explain what makes WebTitan Cloud the go-to web filtering solution for MSPs and why so many MSPs have chosen TitanHQ as their web filtering partner.

Why WebTitan Cloud is the Best Web Filter for MSPs

One problem MSPs face before they can start offering a web filtering service to their clients is how to incorporate the solution into their service stacks and their existing cloud offerings. While there are many providers of web filtering services, not all solutions have been developed with MSPs in mind. TitanHQ differs in that respect.

TitanHQ’s web filtering solution, WebTitan Cloud, has been developed specifically to meet the needs of MSPs and make it as easy as possible for the solution to be added to their existing cloud offerings. WebTitan Cloud seamlessly integrates within existing workflows regardless of whether MSPs self-host, use AWS, Azure, or other cloud platforms.

How Does WebTitan Cloud Integrate into MSPs Management Systems?

To make integration as easy as possible, TitanHQ uses RESTful API, which allows fast and risk-free integration into MSPs management systems. WebTitan Cloud uses the OAuth 1.0 protocol for authentication and has a full set of keys and secrets in the WebTitan Cloud user interface (UI). Once an MSP has signed up, no further registration or authentication is necessary. The API client provides the appropriate oauth_signature to authorize requests to protected resources.

Best Web Filtering Service for MSPs

 

Overly complex user interfaces are a problem with many cloud-based solutions. With WebTitan Cloud, the UI is made as clean and easy to use as possible. MSPs can remove all elements from the UI that are not required to keep the UI clean and simple. WebTitan Cloud can also be integrated into MSP cloud interfaces to create a better user experience and greater consistency for customers.

Having information at your fingertips is important when customers send in requests or when reports are required on web use and blocking. WebTitan Cloud allows MSPs to create and integrate a full suite of high-level system and customer reports into their own management consoles.

Onboarding new customers is also a quick and simple process, which can be integrated into current MSP on-boarding processes. New customer accounts can easily be created (or deleted) from within an MSP’s own UI, in addition to performing updates and listing all current customer accounts.

Onboarding customers with WebTitan Cloud

 

MSPs can connect to WebTitan Cloud to manage their customers settings, including locations, whitelists, and blacklists. Customers that would prefer to manage their own settings can perform a limited number of operations themselves using APIs. Since WebTitan Cloud is available in a full white label, customers who do access their own settings can be given a UI with MSP branding rather than TitanHQ’s to maintain consistency and help reinforce the MSPs brand.

TitanHQ also operates an extremely competitive pricing strategy with generous margins for MSPs and aligned monthly billing cycles through the TitanShield MSP Program.

Onboarding Customers with WebTitan Cloud APIs

WebTitan APIs for MSPs

The full set of APIs available to MSPs can be found on this link: https://apidoc.webtitancloud.com/

If you have yet to start offering web filtering to your clients as part of your service stack or if you are unhappy with your current provider’s product, contact TitanHQ today and as about becoming a member of the TitanShield MSP Program. Product demonstrations can also be scheduled on request.
 

Web Filtering for MSPs (Part 1): Why Web Filtering is so Important

A web filtering service allows Managed Service Providers (MSPs) to better protect their clients from accidental malware downloads and phishing attacks while improving their bottom lines. Further, by preventing phishing attacks and malware infections, they can reduce the amount of time they spend fighting fires. For busy MSPs, the latter will be especially beneficial.

Why is Web Filtering Important?

There are several reasons why MSP clients will benefit from a web filtering service. First and foremost, a web filter will help to prevent their customers’ employees from visiting phishing websites and malicious URLs. Most phishing attacks start with a phishing email, so a powerful spam filtering solution is essential. While commercial spam filters such as SpamTitan will block more than 99% of spam and phishing emails, additional protections are required to protect against the 1% that bypass spam defenses.

Naturally end user security awareness training will help in this regard, but as the 2018 Verizon Data Breach Investigations Report shows, 30% of delivered phishing messages are opened by end users and 12% of those users also click on malicious links in the messages.

A web filter is an additional layer of anti-phishing and anti-malware defenses that kicks in when malicious links are clicked and when end users attempt to visit other malicious sites while browsing the Internet. With a web filter in place, when an employee attempts to access a malicious web page, that attempt will be blocked before any content is downloaded. Instead of displaying the web page, a block page will be displayed.

Web filters also allow companies to carefully control the types of content their employees can access. This allows them to enforce acceptable internet usage policies with ease. Employers can prevent their employees from accessing NSFW content such as pornography, illegal content and, if tighter controls are required to improve productivity, other categories of web content such as dating sites, social media networks, gambling sites, and gaming sites.

With a web filter in place, security and productivity can both be quickly improved and the gains in both of those areas is likely to more than pay for the cost of the web filtering package provided by their MSP.

Cloud Based Web Filtering Solutions for MSPs

Convincing customers to implement a web filtering solution should be straightforward given the number of phishing attacks that are now being conducted and the cost of mitigating phishing attacks and malware infections. The cost of web filtering is tiny by comparison.

For MSPs, cloud-based filtering solutions are the natural choice. They can be implemented in minutes once a customer request has been received, no hardware is required, there is no software to install, and patching is handled by the service provider. All that is required from the MSP is a brief set up and configuration for each customer and ongoing management and reporting.

Web Filtering for MSPs

However, not all cloud-based web filtering solutions make set up, management and reporting simple. WebTitan Cloud differs in this respect. Not only does the solution offer excellent protection, the solution has been developed specifically with MSPs in mind. The ease of integration into MSP’s back-end systems and management has made WebTitan Cloud the go-to web filtering solution for MSPs.

In our next post we will explain how WebTitan Cloud differs from other web filtering solutions, why it is the easiest solution for MSPs to integrate into their existing cloud offerings, and how TitanHQ makes getting started, provisioning new customers, and managing customer accounts a quick and easy process requiring the minimal management overhead.

Click here for Web Filtering for MSPs (Part 2)
 

Fake Game of Thrones Video Files Embedded with Malware

For many people, Game of Thrones Season 8 is the TV highlight of the past 12 months, but not all fans of the series are keen to pay for the channel to watch the latest installments of this hugely popular series.

Some fans are turning to P2P file sharing sites to download the latest episodes, but hackers are ready and waiting. Many illegal video files of Game of Thrones episodes have been embedded with malware, most commonly adware and Trojans.

Research from Kaspersky Lab revealed Trojans to be the most common form of malware to be embedded in rogue video files. A third of all fake TV show downloads that have been impregnated with malware include a Trojan.

When one of these infected files is opened after it has been downloaded, the Trojan is launched and silently runs in the background on the infected device.

Many of the Trojans embedded into video files are brand new. These zero-day malware variants are not detected by traditional AV solutions as their signatures are not present in malware definition lists. That means malware infections are likely to go undetected. When signatures are updated, the malware may continue to run until a full system scan is completed. Either way, during the time that the malware is active it could be collecting a range of sensitive data including usernames and passwords.

Malware can also be installed that gives the attacker access to an infected device and the ability to run commands, change programs, download further malware variants, and add the infected device to a botnet.

File sharing websites offer an easy way of distributing malware. Users of the platforms voluntarily download the files onto their computers. However, only a small percentage of internet users visit P2P file sharing sites. Hackers therefore have turned to other methods to get users to execute their infected video files.

Prior to the release date of Game of Thrones Season 8, offers of free access to the TV show were being distributed via email. Campaigns were also detected offering episodes in advance of the release date to tempt GOT fans into installing malicious software or visiting malicious websites.

It is no surprise that fake Game of Thrones video files have been embedded with malware, given the huge popularity of the show. However, Game of Thrones fans are not the only people targeted using this tactic of malware distribution. In the past few months, malware has been detected in fake videos files claiming to be the latest episodes of the Walking Dead, Suits, and the Vikings to name but a few.

Some people feel the risk of a malware infection from downloading pirated video files to be low, or they do not even consider the risks. That is bad news for businesses. When employees ignore the risks and download illegal files at work, they risk infecting their network with malware.

The easiest solution to prevent illegal downloads at work and the visiting of other malicious websites is to use a web filtering solution. A web filter – WebTitan for instance – can be configured to prevent users from accessing file sharing and torrents websites. WebTitan uses a continuous stream of ActiveWeb URLs from over 550 million end users, which provides important threat intelligence to TitanHQ’s machine learning technology. This allows new, malicious URLs to be identified, and users are then prevented from visiting those malicious URLs.

Blocking email attacks is simple with SpamTitan. SpamTitan blocks 99.97% of spam emails to prevent malicious messages from reaching end users, including messages offering free access to Game of Thrones and other TV shows. In addition to dual AV engines to protect against known malware, SpamTitan also now has a sandboxing feature. Suspicious attachments can be safely executed and analyzed in the sandbox to identify potentially malicious actions. The sandboxing feature provides superior protection against zero-day malware which AV software does not block.

With both of these solutions in place, businesses will be well protected against malware, ransomware, botnets, viruses, and phishing attacks.

Each solution is available with a range of different deployment options to suit the needs of all businesses. For a product demonstration and further information, contact the TitanHQ team today.

Cybersecurity Protections for SMBs Found to Be Lacking

A new report has confirmed the need for robust, multi-layered cybersecurity protections for SMBs to prevent successful cyberattacks. SMBs are increasingly being targeted by cybercriminals as security is often weak and attacks are easy to pull off.

While large corporations are an attractive target for cybercriminals, large corporations tend to have mature cybersecurity programs and they are usually very well protected. A successful attack could prove extremely profitable but breaking through the cybersecurity defenses of large corporations is difficult and attacks can be extremely time consuming and labor intensive.

Cybercriminals often choose the path of least resistance, even though the potential for profit may not be so high. Cyberattacks on SMBs are much easier and hackers are concentrating their efforts on SMB targets. This was clearly demonstrated in the latest cybersecurity report from Beazley Breach Response (BBR) Services.

BBR Services analyzed all of the data breaches that it investigated in 2018. 9% of the successful attacks involved ransomware and 71% of those ransomware attacks were on SMBs. The healthcare industry suffered the highest number of ransomware attacks, and accounted for one third of successful attacks. Companies in the professional and financial services sectors accounted for 12% of ransomware attacks each, followed by the retail industry with 8% of attacks.

The costs of those ransomware attacks can be considerable. If companies are unable to recover data from backups, a sizable ransom must be paid to recover encrypted data. In 2018, the average ransom demand was $116,400 and the median ransom demand was $10,310. One client was issued a ransom demand of $8.5 million. The highest ransom demand paid was $935,000.

Massive demands for payment for the keys to unlock encrypted files may not be the norm, but even at the lower end of the spectrum SMBs may struggle to find the money to pay. The ransom demand is also likely to be considerably higher than the cost of cybersecurity protections for SMBs to prevent ransomware attacks.

One of the main ways that hackers gain access to the networks of SMBs is by exploiting flaws in Remote Desktop Protocol. SMBs that leave RDP ports open are at a much higher risk of being attacked. RDP is required by many SMBs because they outsource IT to managed service providers, which need to use RDP to access their systems. In such cases it is essential for default RDP ports to be changed and for very strong passwords to be implemented to reduce the risk of brute force attacks succeeding.

There was also an increase in sextortion scams in 2018. These scams attempt to extort money by threatening to expose victims’ use of adult websites. While these scams usually contain empty threats, they are often successful. In addition to attempting to extort money, the scams are used to install malware or ransomware.  Email attachments are sent which claim to contain videos of the victim accessing adult websites, which the scammers claim to have been recorded using the computer’s webcam. When the files are opened to be checked, malware or ransomware is installed.

2018 also saw a 133% increase in Business Email Compromise attacks. These attacks spoof the email address of a senior executive to make the emails and requests seem more plausible. These scams are usually conducted to obtain sensitive information or to get employees to make fraudulent wire transfers. BEC attacks accounted for 24% of all breaches investigated by BBR Services in 2018.

One of the most important cybersecurity protections for SMBs to implement to prevent these attacks is an advanced email filtering solution – One that is capable of detecting spoofed emails. SpamTitan, TitanHQ’s cloud-based spam filtering solution, has recently been updated to include DMARC authentication to detect email impersonation attacks such as BEC scams. The solution also now includes a new sandboxing feature that allows potentially malicious attachments to be analyzed in detail in the sandbox where no harm can be caused. This helps to identify more malicious attachments and better protect SMBs from zero-day malware and other malicious files.

TitanHQ’s powerful cybersecurity protections for SMBs can greatly improve email security and block a wide range of web-based attacks. For further information on effective cybersecurity protections for SMBs to deploy to improve security posture and block costly attacks, contact TitanHQ today.

Risk of Phishing Attacks and Malware Downloads from Visiting Adult Websites

The threat of malware downloads from visiting adult websites has long been thought to be a major risk; however, not all studies on the subject have demonstrated that the risk is any higher than visiting other types of websites. The owners of adult websites, as legitimate business owners, have a vested interest in keeping their sites malware free.

However, new research from Kaspersky suggests the threat of malware downloads from visiting adult websites is real, and adult-themed phishing attacks increased in 2018.

Is There a High Risk of Malware Downloads from Visiting Adult Websites?

According to its latest report, there is a real risk of malware downloads from visiting adult websites. Naturally for consumers who visits adult websites, the risk is theirs to take. For businesses however, risks taken by employees can prove incredibly costly.

One of the major stories to be covered in the media on this theme in 2018 involved a government employee with a prolific thirst for such content. He was discovered to have accessed more than 9,000 adult websites and had inadvertently downloaded malware onto his work computer and the network. After visiting so many sites, that is perhaps understandable, but there have been many such malware downloads from far less prolific surfing of adult sites.

Kaspersky Lab’s research indicates that most malware downloads from malicious websites involves malware disguised as videos. Oftentimes, users are required to download a supposedly benign but malicious file in order to access the video.

Cybercriminals are also using black-hat techniques to poison the search results and get malicious sites appearing high up in the listings. The top 20% of porn-related search terms accounted for 80% of malware disguised as porn. Kaspersky’s tracking indicated 87,227 users had downloaded malware-disguised as porn and 8% of those did so via their work network.

The use of these porn tags is also common to get users to download non-malware threats such as adware and downloaders, although the latter are often capable of downloading much more malicious files.  While the number of these attacks decreased by 36% year-over-year, attacking people searching for adult content is still common.

The most common threats associated with adult content were Trojan downloaders (45%) and Trojans (20%), followed by adware (9%) and worms (8%).

Adult-Themed Phishing Attacks Increased by 1,000% in Q4, 2018

While it was previously uncommon for phishing scams to use porn as a lure, that changed in 2018. It is still common for cybercriminals to use impersonate or create fake hookup sites to lure people into divulging credentials but there was also a 1,000% increase in phishing attacks using websites that masquerade as porn websites. Most commonly these were spoofed versions of the top 10 adult sites on the web. The rise in these types of phishing scams could be indicative of a trend that will grow in 2019.

The research shows that malware downloads from visiting adult websites is still a risk and the threat from adult-themed phishing attacks has grown at an alarming rate. Businesses should take note and take steps to limit risk.

The easiest way to do that is with a DNS web filter – A solution that allows businesses to carefully control the web content that can be accessed on work devices and via their wireless networks. With a DNS web filtering solution in place, businesses can block access to adult websites, commonly spoofed hookup and dating sites, and web-based phishing threats.

Not only will a DNS web filter provide protection against phishing, ransomware, and malware downloads, by blocking access to these adult sites, legal liability can be reduced and staff issues can be avoided.

If you have yet to start filtering the internet and preventing your users from accessing adult websites, other NSFW web content, and sites that are a drain on productivity, TitanHQ can help.

For a very low cost, businesses can protect all users of their wired and wireless networks and block a wide range of web-based threats. MSPs can also start providing filtered internet service to better protect their clients.

For further information, contact TitanHQ today and ask about WebTitan Cloud and WebTitan Cloud for WiFi – TitanHQ’s award winning web filtering solution for businesses.

TitanHQ Kicks Off 2019 MSP Roadshow Campaign

TitanHQ has launched a busy campaign of MSP roadshows and conferences with two Valentine’s Day events in London and Tampa, Florida.

Over the coming five months, the TitanHQ team will be attending 15 events in Ireland, the Netherlands, the UK, and the USA, and will be meeting with managed service providers (MSPs), Wi-Fi providers, ISPs, and technology partners to introduce and explain about TitanHQ’s award-winning suite of email security, web filtering, and email archiving solutions.

The 2019 roadshow campaign started in London where Alliance Manager Eddie Monaghan met with current and prospective MSP partners at the IT Nation Q1 EMEA Meeting. Eddie will be at the event all week and will be discussing TitanHQ’s MSP solutions and finding out more about what is happening in the MSP world. TitanHQ has learned a great deal since joining the IT Nation community two years ago and has really enjoyed the experience thus far.

TitanHQ Alliance Manager, Eddie Monaghan

On the other side of the Atlantic, Alliance Manager Patrick Regan has been meeting with MSPs from Florida and beyond at the TitanHQ-sponsored Datto Roadshow in Tampa. Since joining the Datto community as a strategic partner, TitanHQ has worked closely with Datto MSP partners helping them to integrate email security, DNS filtering, and email archiving into their product offerings and providing tips and tricks to help them to get the most out of the products.

TitanHQ has been increasing its technology partners over the past year and is now working closely with industry giants Comcast, BitDefender, Microsoft, Kaseya, and ViaSat and is a proud member of IT Nation (HTG Peer Groups), Datto Roadshows, COMPTIA, and ASCII.

From humble beginnings as an indigenous Irish company providing anti-spam appliances to the local market, over the following 20 years TitanHQ has developed an innovative range of cloud-based solutions and has matured into a global provider of network security solutions for enterprises, SMBs, and MSPs. TitanHQs award-winning cybersecurity solutions are now offered by a network of more than 1,500 MSP partners and have been adopted by several thousand businesses in 200 countries around the globe.

The TitanHQ product suite has been developed to meet the exacting needs of MSP partners and are delivered via the TitanShield Program. The products help MSPs to protect themselves and their clients, while saving valuable time and effort by blocking threats at source before they can cause any harm.

TitanHQ’s spam filtering solution – SpamTitan – and web filtering solution – WebTitan – help MSPs keep their clients protected from malware, ransomware, viruses, botnets, phishing attacks and other email and web-based threats.

The cloud-based solutions are easy for MSPs to slip into their service stacks to build a high-margin security practice offering clients world-class network security services.

If you are already a TitanHQ TitanShield partner or want to find out more about the MSP program and TitanHQ products, be sure to attend one of the upcoming events and come and meet the TitanHQ team.

We look forward to meeting you at one of the upcoming roadshow events in 2019.

TitanHQ 2019 MSP Roadshow Dates

February 2019

Date Event Location
February 14, 2019 IT Nation (HTG) Q1 EMEA Meeting London, UK
February 14, 2019 Datto Roadshow Tampa, FL, USA

March 2019

Date Event Location
March 5, 2019 CompTIA UK Channel Community Manchester, UK
March 7, 2019 Datto Roadshow EMEA Dublin, IE
March 11, 2019 CompTIA Community Forum Chicago, IL, USA
March 12, 2019 Datto Roadshow NA Norwalk, CT, USA
March 19, 2019 Datto Roadshow EMEA London, UK
March 26, 2019 Datto Roadshow EMEA Houten, Netherlands
March 26, 2019 Datto Roadshow NA Toronto, Canada

April 2019

Date Event Location
April 25, 2019 Datto Roadshow Long Island, NY, USA
April 29, 2019 IT Nation Evolve (HTG 2) Dallas, TX, USA

May 2019

Date Event Location
May 6, 2019 Connect IT Global (Kaseya Connect) Las Vegas, NV, USA
May 13, 2019 IT Nation (HTG) Q1 EMEA Meeting Birmingham, UK
May 14, 2019 Wifi Now Washington DC, USA

June 2019

Date Event Location
June 17, 2019 DattoCon San Diego, CA, USA

An Easy Solution for Web Filtering Multiple Locations

Web filtering at multiple locations can be a headache but it is a necessity. Human error can easily result in an email account breach, malware download, or ransomware attack. Every employee is a potential security risk, so it is important for controls to be implemented to reduce the risk of mistakes leading to a costly security incident.

One of the main ways that data breaches occur is through phishing. The web pages used in phishing attacks host phishing kits that collect login credentials and send them to the scammers. The web pages usually contain identical copies of the login boxes used by the likes of Microsoft Office 365, Google, and Facebook. The web pages are incredibly realistic and can be difficult for employees to identify as malicious.

Hyperlinks in emails also direct employees to websites containing exploit kits which probe for vulnerabilities and silently download malware. A user could visit a website for a couple of seconds, yet still trigger a malware download. Even general web surfing can see users redirected to malicious websites.

The solution is to implement a web filter. A web filter allows businesses to control the web content that users can visit, and it also blocks access to malicious web sites.

Web Filtering at Multiple Locations

While a web filter is easy to implement on premises, protecting mobile workers and multiple offices can be more of a challenge. Traditionally, web filters were physical appliances through which all Internet traffic flowed. Rules were applied to the appliance to control what sites can be visited by employees.

One of the main disadvantages when web filtering multiple locations, is a separate appliance needs to be used at each location. Not only is this costly, installing and maintaining the appliance requires technicians to be available on site. For many businesses running multiple offices, IT is managed remotely. IT staff are not available at each site. An appliance-based filter at each site is far from ideal.

An alternative is to backhaul Internet traffic to the corporate office, but this has a major impact on Internet speed. The latency issued can cause major problems for remote offices so this option is also not ideal.

The best solution is a cloud-based DNS web filter. A DNS web filter can be applied, configured and maintained remotely without the need for site visits or on-site support staff. No hardware is required and no software needs to be downloaded. All that is required is for a change be made to internal DNS servers or DNS settings.

Not only does this approach eliminate the need for any costly hardware purchases, with a cloud-based DNS filter there is no latency. The DNS-filter can be applied for all locations and managed through a single web-based interface. Controls can also be applied for different locations via an AD/LDAP client.

A cloud-based DNS filter is ideal for web filtering multiple locations, but what about protecting employees on the move? When employees travel for business, their mobile devices similarly need to be protected. A DNS filter can protect those employees online no matter where they access the Internet without the need to backhaul traffic.

Cloud-based DNS web filters are also the ideal solution for managed service providers (MSPs) who want to offer web filtering to their clients. The filters are highly scalable, and they offer multitenant management for MSPs and allow all clients settings to be configured and managed through a single pane of glass. Separate polices can be applied for each clients and reports can be easily generated. There is no need for any site visits, no need for patching, and web filtering can be offered no matter where the client is based.

WebTitan Cloud – Web Filtering Multiple Locations Made Simple

TitanHQ is a leading provider of DNS-based web filtering for businesses. WebTitan Cloud is an enterprise-class DNS-based web filtering solution that makes web filtering multiple locations effortless.  The solution takes minutes to implement and requires no training to use. All web filtering controls can be applied remotely via an intuitive user interface.

If you run a business in multiple geographical locations, want to protect remote workers, or if you are a managed service provider that wants to add web filtering to your service stack, contact TitanHQ for further information on WebTitan Cloud.
 

Anatova Ransomware: A Serious New Malware Threat for 2019

Anatova ransomware is a new cryptoransomware variant that appears to have been released on January 1, 2019. It is stealthy, can infect network shares, has already been used in attacks in many countries around the world. It could well prove to become a major ransomware threat in 2019.

Ransomware has somewhat fallen out of favor with cybercriminals as cryptocurrency mining malware offers greater potential for profit. The development of new ransomware variants has slowed, but new variants are still emerging and the threat from ransomware is not going away any time soon. Ransomware attacks are still profitable for cybercriminals and as long as that remains the case the attacks will continue.

Anatova ransomware was identified and named by security researchers at McAfee. The name was taken from the name on the ransomware note. The previously unknown ransomware variant has been used in at least 10 countries, with over 100 Anatova ransomware attacks identified in the United States, more than 65 in Belgium, and over 40 in France and Germany.

Not only does the ransomware variant employ a range of techniques to avoid detection, infection can cause major damage and widespread file encryption. Further, the modular design allows the developers to easily add new functionality in the future.

Most of the strings in Anatova ransomware have been encrypted and different keys are required to decrypt them. Those keys have been embedded in the executable. 90% of calls are dynamic and use non-suspicious Windows APIs and standard C-programming language.

Once downloaded and executed, the ransomware performs a check of the name of the logged in user against a list of encrypted names and will exit if there is a match. Names that prompt an exit include tester, lab, malware, and analyst. These names are commonly used on virtual machines and sandboxes. A check will also be performed to determine the country in which the device is located. The ransomware will exit if the device is in any CIS country, Egypt, Syria, Morocco, Iraq, or India.

Anatova ransomware scans for files smaller than 1MB and checks for network shares, although care is taken not to disrupt the operating system during this process and raise a flag before files are encrypted. Once files have been identified, the encryption routine starts. The ransomware uses its own key, so each victim requires a separate key to unlock the encryption.

Once the encryption process has run, the ransom note is dropped on the desktop, the memory is cleaned, and volume shadow copies are overwritten 10 times to ensure files cannot be recovered from local backup files.

The ransom demand is relatively high – Around $700 (10 DASH) per infected machine. Since multiple devices can be infected with a single installation, the total ransom demand could well be considerable.

What is not 100% certain is how the ransomware is being distributed. McAfee detected one sample on a P2P file sharing network which masquerades as a free software program complete with game/application icon to encourage users to download and run the installer. Other attack vectors may also be used. Based on the current distribution vector, a web filter will offer protection against attacks if P2P file sharing/torrents sites are blocked.

The researchers believe Anatova ransomware has been created by highly skilled malware authors who are currently distributing a prototype of the ransomware. More widespread attacks are to be expected once this testing phase has been completed.

How Small Businesses Can Improve Wi-Fi Security

Hackers are taking advantage of poor Wi-Fi security to attack small businesses. This post covers simple steps to take to improve Wi-Fi security to block cyberattacks.

Small businesses can implement a robust firewall to protect against cyberattacks, but the Wi-Fi router is often a weak point. A Wi-Fi router providers wireless coverage for your business and it is a likely attack vector if security is lax. By attacking wireless routers, hackers can bypass your firewall.

Fortunately, there are simple steps you can take to improve Wi-Fi security and block attacks. Seven simple steps to take to improve Wi-Fi security have been listed below.

Simple Steps for Small Businesses to Take to Improve Wi-Fi Security

Some of the steps below are obvious security measures, but there have been many instances when small businesses have overlooked these simple protections, only for them to be exploited by hackers.

  1. Change Router Admin Credentials

Changing default credentials is one of the easiest but most important steps to take to improve Wi-Fi security. Because it is so simple, no business should be guilty of this security faux pas, but many are, even large businesses. In November, a school system discovered that its WAN provider had not changed the passwords on routers that had been in use for years. This is not the login for Wi-Fi, but the password for the router itself. These default administrator passwords can be found with a simple Internet search.

  1. Disable Remote Administration on Your Router

Many wireless routers allow users to access and change router settings from outside the network. For the majority of businesses, remote administration is not necessary so it should be disabled. While this setting can be convenient, there are other more secure ways to access router settings remotely such as using a VPN. Allowing remote administration makes it far too easy for hackers to access your router.

  1. Monitor Your DNS Settings

In January 2019, the U.S. Department of Homeland Security issued an emergency directive to all government agencies instructing them to perform an urgent audit of their DNS records after it was discovered that a threat group was targeting government agencies and changing their DNS records. By hijacking the DNS, all employees could be directed to malicious websites – clones of legitimate sites. Businesses that do not have an internal DNS server often use their wireless routers for this. Businesses should regularly monitor their DNS settings to ensure that no changes have been made.

  1. Limit the Range of Your Wi-Fi Signal

You will want to make sure that everyone on the premises can access your Wi-Fi network, but it is important that no one outside your offices can do so too. If your Wi-Fi signal is too strong, it could be accessed by someone outside your offices and out of sight – In a car parked in your lot for instance. An overly strong Wi-Fi signal makes it easy for an attacker to conduct brute force attacks without being seen.

  1. Keep Firmware Updated

New router firmware will be periodically released by the manufacturer and, as with all other software updates, they should be applied as soon as possible. Firmware updates are issued to improve security and functionality. They address known vulnerabilities for which exploits exist. Some routers will be set to update automatically, others may require a manual update through the web-based interface. Be sure to check the manufacturers web page, as your router may no longer be supported, which means it is time for an upgrade.

  1. Make Use of Your Guest Network

One of the most important security measures is to segment your network and this is especially important for Wi-Fi. You should not allow any untrusted device to connect to your network, such as those used by visitors. You should have a separate SSID for your employees and guests. This will keep guests away from your primary network.

  1. Ensure Your Wi-Fi Network is Encrypted

You should ensure that your Wi-Fi network is encrypted with WPA as an absolute minimum. Without encryption your network will be open and hackers will be able to intercept wireless traffic. Currently the encryption standard is WPA2, although this will change to WPA3 in 2019. If you are planning on replacing your Wi-Fi router, make sure the new model supports WPA3. If your router only supports WEP it is time to upgrade.
 

10 Cybersecurity Tips for Small Businesses

Hackers are increasingly targeting small businesses. These 10 cybersecurity tips for small businesses can be implemented to improve security, prevent successful cyberattacks, and avoid costly data breaches.

Many small business owners misguidedly think that their company is too small to be a target for hackers but cyberattacks on small businesses are common and they are increasing. A successful attack on a Fortune 500 company is likely to be far more profitable for the hacker, but also much harder. Small businesses are relatively easy targets and attacks can be highly profitable.

Small business owners cannot afford to take cybersecurity lightly. A successful cyberattack could prove catastrophic. With this in mind, we have compiled 10 cybersecurity tips for small businesses that can easily be implemented to improve security.

Top Cybersecurity Tips for Small Businesses

Implement a Robust Firewall

A firewall is a cybersecurity solution that sits between a small business network and the outside world and prevents unauthorized individuals from gaining access to the network and stored data. Not all firewalls are created equal. Extra investment in a next generation firewall is money well spent. Don’t forget to also protect remote workers. Ensure that they are also protected by a firewall.

Create and Enforce Password Policies

You should implement password policies that require all users to set strong, secure passwords. A strong, unique password should be used for all systems. Passwords should include capitals, lower-case letters, a number, and a special character, and should be at least 10 digits long. Teach employees how to create secure passwords and enforce your password policies. Consider using a password manager so passwords do not need to be remembered.  Consult NIST for the latest password guidance.

Security Awareness Training

Make sure you provide the workforce with regular security awareness training. This is the only way that you can create a culture of cybersecurity. Be sure to cover the security basics, safe Internet use, how to handle sensitive data, creation of passwords, and mobile device security. You should provide training to help employees avoid phishing attacks and consider phishing simulation exercises to test the effectiveness of your training program.

Multi-Factor Authentication

Multi-factor authentication involves the use of a password and at least one other method of authentication. If login credentials are compromised, an additional factor is required to gain access to an account or the network such as an SMS message to a user’s smartphone.

Backups

It is essential to have a good backup policy. In the event of disaster, such as a ransomware attack, you need to be able to recover critical data. Backups must also be tested to make sure files can be recovered. Don’t wait until disaster strikes to test whether data can be recovered. A good strategy is the 3-2-1 approach. Three backup copies, on two different types of media, with one copy stored securely offsite.

Software and Firmware Updates

Vulnerabilities are regularly found in computer software. Patches are released to correct those vulnerabilities, including those that are being actively exploited. Make sure patches are applied promptly, software is kept 100% up to date, and the most up to date firmware has been installed. Implement automatic updates where possible and create a schedule for updates if they need to be performed manually.

Network Segmentation

It is a standard best practice to segment networks and split them into subnetworks. Not only will this improve security it can also improve performance. By preventing access between segments, if one part of the network is compromised, an attacker will not have access to all systems and data. Also make sure you limit access to sensitive data and restrict the use of admin credentials. Apply the rule of least privilege. Do not give employees access to data, networks, and software that they do not need for day to day work duties.

Implement a Spam Filter

Arguably the biggest cyber threat that small businesses face is phishing. A single phishing email could allow an attacker to bypass your perimeter defenses and obtain login credentials or install malware. An advanced spam filter will allow you to improve productivity by blocking non-malicious spam emails and prevent phishing emails from being delivered to inboxes.

Secure Wi-Fi Networks

If you have a wireless network in your workplace it needs to be protected. Ensure that it is secured, data are encrypted, and that it is hidden and does not broadcast its SSID. Use WPA2 for encryption (or WPA3 if possible). Change default passwords and ensure your wireless router cannot be accessed from outside the network.

Consider Implementing a Web Filter

A web filter provides protection against web-based attacks by preventing employees from visiting phishing websites and sites that host malware. A DNS-based web filter can protect wired and wireless networks and even remote workers. It will block malware downloads and prevent users from accessing dangerous websites and those that serve no work purpose thus improving productivity.
 

Types of Insider Threats that SMBs Need to Manage

The news headlines frequently warn businesses of the need to improve cybersecurity protections to thwart hackers, but not all threats come from outside the company. There are various types of insider threats that need to be managed and mitigated, yet these are all too often overlooked or insufficient controls are put in place to reduce the risk of a deliberate or accidental breach.

What are Insider Threats?

An insider threat is one that comes from within the company, typically an employee who accidentally or deliberately takes an action that causes harm or loss to the company.

Hackers attack companies to gain access to their networks to spy on companies, obtain secrets, steal data or sabotage systems. Breaking through perimeter defenses can be time consuming and difficult but if an insider wants to steal data or sabotage a system, it is far easier as they already have network access.

Not all insider threats involve intentional malicious actions by employees. An employee can also act in a way that negatively affects their company without intending to cause any harm.

This could be intentionally violating company policies in a non-malicious manner. An example would be the installation of software to save the employee time or to allow them to work more efficiently. Installing unauthorized software carries a risk of a malware or spyware infection. An employee could violate company policies which could lead to an accidental data breach. Then there is human error, such as sending an email containing sensitive information to the wrong person. Such actions could prove costly.

Businesses need to protect against all insider threats if they are to avoid costly data breaches. A great many data breaches result from too little focus on cybersecurity defenses to block the threat from within.

Malicious Acts by Employees

Anyone that has access to sensitive company data could potentially abuse their access rights to view or steal data. There is no particular profile of a malicious insider. Everyone could decide one day to steal information or sabotage systems, but you can protect against malicious insiders and manage the risk.

  • Cover insider threats in security awareness training and encourage employees to be vigilant and report suspicious activity. Provide them with an easy way to report their concerns.
  • Implement tools that monitor for anomalous behavior
  • Implement controls to prevent the use of portable storage devices such as thumb drives
  • Implement tools that prevent employees from downloading and running certain files types – Executable files for instance.
  • Apply the rule of least privilege – Don’t let employees access data/systems that they do not need to access to complete their day to day work duties

Accidents Will Happen…

The insider threats that can be the hardest to defend against are mistakes by employees. These types of insider threats include responding to a phishing email and disclosing login credentials, sending sensitive data to the wrong email recipient, accidentally visiting malicious websites, and inadvertently downloading malware. These threats need to be managed and mitigated through policies and procedures, training, and software solutions.

…But You Can Minimize Risk!

Phishing is arguably the biggest threat. Hackers know all too well that people make mistakes and can easily be fooled. Priority number one should be blocking phishing emails and making sure they are not delivered. For that you need an advanced spam filter. The more phishing emails that are blocked, the lower the risk of a click.

Security awareness training is also essential. When a phishing email lands in an inbox, employees need to have the skills to recognize it as such.  Provide training and make the training interesting to engage employees. Interactive training courses can help in that respect. Make sure you test your employees’ knowledge afterwards with phishing email simulations. They will let you know who has taken the training on board and who needs further training.

Training needs to cover all security threats, not just phishing. Teach employees security best practices, including checking badges before allowing someone into the building, password security, keeping credentials private, and safe use of WiFi.

Another important technical control to implement is a web filter. A web filter allows businesses to control what employees can do online. They block access to phishing websites, block drive-by malware downloads, and prevent employees from visiting questionable websites that carry a high risk of malware infections or malvertising redirects: Adult sites and torrents/P2P file sharing sites for instance.  Some web filters will also keep employees safe and secure when working remotely.

The important thing for businesses is not to leave things to chance or to assume they are too small to worry about insider threats and data breaches. Every business is at risk, regardless of size.

For further information on software solutions that can protect against data security threats give the TitanHQ team a call.
 

Malvertising Campaign Delivers New Vidar Information Stealer and GandCrab Ransomware

A malvertising campaign has been detected that delivers two forms of malware: The new, previously unknown Vidar information stealer and subsequently, the latest version of GandCrab ransomware.

The packaging of multiple malware variants is nothing new of course, but it has become increasingly common for ransomware to be paired with information stealers. RAA ransomware has been paired with the Pony stealer, njRAT and Lime ransomware were used together, and Reveton ransomware is used in conjunction with password stealers.

These double-whammy attacks help threat actors increase profits. Not everyone pays a ransom, so infecting them with an information stealer can make all infections profitable. In many cases, information can be obtained and sold on or misused and a ransom payment can also be obtained.

The latest campaign uses the Vidar information stealer to steal sensitive information from a victim’s device. The Vidar information stealer is used to obtain system information, documents, browser histories, cookies, and coins from cryptocurrency wallets. Vidar can also obtain data from 2FA software, intercept text messages, take screenshots, and steal passwords and credit/debit card information stored in browsers. The information is then packaged into a zip file and sent back to the attackers’ C2 server.

The Vidar information stealer is customizable and allows threat actors to specify the types of data they are interested in. It can be purchased on darknet sites for around $700 and is supplied with an easy to use interface that allows the attacker to keep track of victims, identify those of most interest, find out the types of data extracted, and send further commands.

Vidar also acts as a malware dropper and has been used to deliver GandCrab ransomware v5.04 – The latest version of the ransomware for which no free decryptor exists.

While many ransomware variants are delivered via spam email or are installed after access to systems is gained using brute force tactics on RDP, this campaign delivers the malicious payload through malvertising that directs traffic to a websites hosting the Fallout or GrandSoft exploit kits. Those EKs exploits unpatched vulnerabilities in Internet Explorer and Flash Player. The campaign targets users of P2P file sharing sites and streaming sites that attract large amounts of traffic.

Infection with the Vidar information stealer may go undetected. New malware variants such as this may be installed before AV software malware signatures are updated, by which time highly sensitive information may have been stolen, sold on, and misused. If GandCrab ransomware executes, files will be permanently encrypted unless a ransom is paid or files can be recovered from backups.

Businesses can protect against attacks such as these by ensuring that all operating systems and software are promptly patched. Drive-by downloads will not occur if the exploits for vulnerabilities used by the exploit kit are not present.

An additional, important protection is a web filter. Web filters prevent users from visiting websites known to host exploit kits and also sites that commonly host malicious adverts – torrents sites for instance. By carefully controlling the sites that employees can access, businesses can add an extra layer of protection while avoiding legal liability from illegal file downloads and improving productivity by blocking access to non-work-related websites.

For further information on web filters for businesses and MSPs, contact the TitanHQ team today.
 

2018 Has Seen a 4,000% Increase in Cryptocurrency Mining Malware

New figures released by anti-virus firms McAfee and Symantec have shown the extent to which hackers are using cryptocurrency mining malware in attacks on consumers and businesses.

Cryptocurrency mining malware hijacks system resources and uses the processing power of infected computers to mine cryptocurrencies – Validating transactions so they can be added to the blockchain public ledger. This is achieved by solving difficult computational problems. The first person to solve the problem is rewarded with a small payment.

For cryptocurrency mining to be profitable, a lot of processing power is required. Using one computer for mining cryptocurrency will generate a few cents to a few dollars a day; however, hackers who infect thousands of computers and use them for cryptocurrency mining can generate significant profits for little work.

The use of cryptocurrency mining malware has increased considerably since Q4, 2017 when the value of Bitcoin and other cryptocurrencies started to soar. The popularity of cryptocurrency mining malware has continued to grow steadily in 2018. Figures from McAfee suggest cryptocurrency mining malware has grown by 4,000% in 2018.

McAfee identified 500,000 new coin mining malware in the final quarter of 2017. In the final quarter of 2018, the figure had increased to 4 million. Figures from Symantec similarly show the scale of the problem. In July 2018, Symantec blocked 5 million cryptojacking events. In December, the firm blocked 8 million.

There are many different ways of infecting end users. Hackers are exploiting unpatched vulnerabilities to silently download the malware. They package coin mining malware with legitimate software, such as the open-source media player Kodi, and upload the software to unofficial repositories.

One of the easiest and most common ways of installing the malware is through email. Spam emails are sent containing a hyperlink which directs users to a website where the malware is silently downloaded. Links are similarly distributed through messaging platforms such as Slack, Discord, and Telegram. One campaign using these messaging platforms included links to a site that offered software that claimed to fix coin mining malware infections. Running the fake software installer executed code on the computer which silently downloaded the malware payload.

Unlike ransomware, which causes immediate disruption, the presence of cryptocurrency mining malware may not be noticed for some time. Computers infected with coin mining malware will slow down considerably. There will be increased energy usage, batteries on portable devices will be quickly drained, and some devices may overheat. Permanent damage to computers is a possibility.

The slowdown of computers can have a major impact for businesses and can result in a significant drop in productivity if large numbers of devices are infected. Businesses that have transitioned to cloud computing that are charged for CPU usage can see their cloud bills soar.

Anti-virus software can detect known coin mining malware, but new malware variants will be unlikely to be detected. With so many new malware variants now being released, AV software alone will not be effective. It is therefore important to block the malware at source. Spam filters, such as SpamTitan, will help to prevent malicious emails from reaching end users’ inboxes. Web filters, such as WebTitan, prevent users from accessing infected websites, unofficial software repositories, and websites with coin-mining code installed that uses CPU power through browser sessions.

 

Why Managed Service Providers Should Add DNS Filtering to Their Security Stack

Managed Service Providers can spend a significant amount of time dealing with phishing attacks and other security breaches. While MSPs provide an invaluable service and help their clients deal with cyberattacks, by providing security services, MSPs can not only protect their clients and prevent attacks, but also save themselves a considerable amount of time and improve their bottom lines.

The Devastating Consequences of an SMB Cyberattack

Successful cyberattacks on businesses can be catastrophic. The average cost of a data breach has now risen to $3.86 million, according to the Ponemon Institute. Such a high cost means many SMBs struggle to stay in business following a major breach.

A data breach can cause a significant drop in share price. While many businesses see share prices return to near pre-breach levels around 6 months after a major breach, many SMBs do not survive that long. Figures from the National Cyber Security Alliance show that up to 60% of SMBs permanently close their doors within 6 months of suffering a data breach.

Not only do businesses have to cover the cost of remediating a breach, they can lose market share which can be difficult to recover. Customers can also be very unforgiving. If customers’ personal information is exposed as a result of a data breach, the loss of business can be considerable. The damage caused to the reputation of a business by a cyberattack can take a very long time to repair.

Many SMBs believe they are too small to be worth hacking, yet the National Cyber Security Alliance’s figures show that is far from the case. 70% of cyberattacks target small businesses, and while not all of those attempts are successful, nearly 50% of SMBs around the globe report that they have experienced at least one successful cyberattack.

Cybersecurity Solutions for MSPs

MSPs that start offering cybersecurity to their clients can prevent the majority of these cyberattacks, providing the right solutions are chosen. Businesses will naturally need a robust firewall to prevent direct attacks, but many attackers are able to bypass this perimeter control by targeting the weakest link in security: Employees.

Cybercriminals are able to bypass perimeter controls by sending phishing emails to employees. Two recent examples have clearly demonstrated this. The San Diego School District discovered a hacker had gained access to its network and a database of 500,000 staff and student records with phishing emails. 50 email accounts were compromised in that attack. Cape Cod Community College also experienced a phishing attack targeting the finance department, the end result of which was fraudulent transfers being made to criminal-controlled bank accounts totaling more than $800,000. End user training could have made all the difference, as could an advanced spam filtering solution – both of which could easily be provided by MSPs.

Why Web Filtering Should be Part of Your Security Stack

Email security is an area often lacking at SMBs, even though email is the most common attack vector. Web-based attacks are also common, and this is an area where many SMBs are particularly vulnerable. This is another area where MSPs can help improve security.

Web filtering is often overlooked as traditionally this has been a security control that is difficult for MSPs to implement. Appliance-based filters require hardware purchases and site visits. Standard web filters require content to be downloaded before access is blocked and that they can cause major latency problems. DNS filtering solves these problems. Since filtering takes place at the DNS level, controls are applied before any content is downloaded and latency issued are avoided and web-based threats are blocked at source. Since there is no need for hardware to be purchased, it is cost effective for most businesses to implement. There are also no software downloads and deploying the solution is a quick and easy Process. Everything can be set up remotely in a matter of minutes and clients can be protected from malware attacks, phishing, and ransomware downloads while also controlling content and blocking illegal and unacceptable web activity.

WebTitan: MSP-Friendly Web Filtering to Protect Wired and Wireless Networks

In contrast to many DNS-based web filtering solutions, WebTitan has been developed to meet the needs of MSPs. One of the main problems with most DNS-based web filters for MSPs is the inability to add MSP branding. It is abundantly clear it is a third-party solution.

WebTitan can be totally rebranded, allowing MSPs to add their own logos and reinforce their brand image. WebTitan can be hosted on TitanHQ’s servers or within an MSPs own environment. WebTitan also has a well-established channel program and offers special pricing packages specifically for MSPs with generous margins and monthly billing. No other web filtering solution is as MSP friendly.

Other key features of WebTitan include:

  • Highly granular filtering controls: Filter by category, content, and keyword
  • Supports whitelists and blacklists
  • Intuitive control panel requiring no user training
  • Highly scalable solution with virtually no upper limit on number of clients or users
  • Embedded malware filter supported by dual AV engines
  • Extensive reporting suite and ability to brand and schedule client reports
  • Real time view of web activity
  • No latency
  • Remote management and monitoring via APIs and easy integration into billing and auto-provisioning systems
  • Flexible polices for different environments and users
  • Protection for wired and WiFi networks
  • Ability to provision new clients in minutes
  • Full product available on a free trial
  • Industry leading customer support

For further information on TitanHQ’s cybersecurity solutions for MSPs including WebTitan Cloud, WebTitan Cloud for WiFi, and the TitanHQ spam filter, SpamTitan Cloud, contact the MSP Program Team today.

Content Filtering and Wi-Fi Security for Busses

Local authorities and private sector bus companies are now adding Wi-Fi services to their bus fleets, but without appropriate Wi-Fi security for busses, bus fleet operators can run into problems.

There is no doubt that Wi-Fi is a big hit with passengers, especially for long distance travel. Business commuters can connect to email and their work network without having to use their own data and all passengers can enjoy a variety of digital entertainment, such as Internet-based games, online crosswords, YouTube videos, or all manner of Internet based applications, all without eating into their monthly data allowance.

In locations where people have a choice of different transport, the provision of a reliable Wi-Fi network can be a big attraction that can win more business.

Wi-Fi Security for Busses

There are some considerations when providing Wi-Fi on busses. Wi-Fi security for busses is important to ensure that the Wi-Fi network cannot be used for malicious purposes. Over the summer, it was clearly demonstrated how this can easily happen. A hacker was able to hack into the Wi-Fi network on planes and view the Internet activity of passengers, as well as gain access to other important devices on airplanes – All from the ground.

Appropriate Wi-Fi security for busses should be implemented to protect the privacy of passengers, but also to ensure they can use the Wi-Fi network safely. Bus companies should be taking steps to protect passengers from harmful content, such as sites hosting malware and phishing websites.

Content Control for Busses

A third-party Wi-Fi network offers anonymity and some users take advantage and access types of content that they would not access on their home networks. Bus fleet operators have a responsibility to block illegal activity on their Wi-Fi networks.

If a passenger accesses adult content on the Wi-Fi network of a bus, there is a risk that other passengers will catch a glimpse of the screen and children could be exposed to obscene content. It is the responsibility of bus fleet operators to implement content controls to prevent passengers from accessing inappropriate content.

Controlling Bandwidth Use on Busses

There is also the issue of bandwidth. Ensuring all users have decent bandwidth and can connect to the network and enjoy reasonable Internet speeds comes at a cost. If several passengers are using applications or visiting websites that require a considerable amount of bandwidth, that will naturally have an impact on other users of the Wi-Fi network. Limiting what users can do while connected to Wi-Fi networks can save bandwidth and costs. Preventing, or restricting, high bandwidth applications such as video streaming, online games such as Fortnite, and large file downloads can help to conserve bandwidth.

DNS-Level Content Filtering

All of the above issues can be easily solved with a single, cost effective solution – A web filter. A web filter allows network administrators to carefully control what users can do online. It offers both content control and Wi-Fi security for busses by blocking access to illegal content, preventing malware downloads, and offering protection from phishing. Categories of web content can be blocked to create a family-friendly Wi-Fi network and control bandwidth use.

Traditional web filters require an appliance through which Internet traffic is routed. This is a costly way of adding Wi-Fi security for busses. A DNS-level filter on the other hand is a low cost, flexible solution that serves the same purpose. When a user connects to the Wi-Fi network, the DNS process sends domain names to the name server and the name server returns the IP address associated with the application server. When content is filtered at the DNS level, no software needs to be downloaded and no appliances need to be purchased.

Not only do DNS-level filters offer excellent Wi-Fi security for busses, they also save on bandwidth as content is not downloaded before the decision is taken to block the content.

WebTitan Cloud for Wi-Fi – Content Filtering and Wi-Fi Security for Busses

WebTitan Cloud for Wi-Fi is an ideal web filtering solution for bus fleets. Since it is DNS-based it is easy to implement, highly scalable, and is cost-effective to set up and run. WebTitan Cloud for Wi-Fi can protect entire bus fleets, in multiple cities, and licenses can be easily scaled up and down to meet bus operators’ needs.

Some of the key features of WebTitan Cloud for Wi-Fi are detailed below:

  • No hardware purchases or software downloads required
  • No patching or software updates required
  • Protects multiple Wi-Fi routers from a single, web-based administration control panel
  • Protects against malware with dual anti-virus engines
  • Protects users from phishing and other malicious websites
  • Allows network administrators to protect the Wi-Fi network from unauthorized users
  • Highly granular controls allow precise content control without overblocking content
  • Block content by category with a single click
  • No latency – Internet speeds are unaffected
  • Supports static and dynamic IPs
  • Supports whitelists and blacklists
  • No restriction on bandwidth, number of devices, or the number of hotspots
  • Full suite of reports gives network administrators full visibility into their Wi-Fi networks and user activity

If you are looking to improve Wi-Fi security for busses and want to implement content controls to keep your Wi-Fi networks family-friendly, contact TitanHQ today for further information on WebTitan Cloud for Wi-Fi.

Guest Wi-Fi Best Practices

Many businesses now offer their customers free access to their Wi-Fi networks, but if guest Wi-Fi best practices are not followed, opening up Wi-Fi networks to guest users is not without risk. You may have provided security awareness training to your employees, but guest users are unlikely to be as careful while connected to your network. Customers and guests may accidentally download malware or visit malicious websites, or even engage in illegal activities due to the anonymity offered by someone else’s Wi-Fi network.

If guest Wi-Fi best practices are not followed, there will be people that take advantage of your lax security. They could launch an attack on your business network, explore your network assets, change router settings, or even gain access to confidential data.

If you run a hotel, restaurant, shop, or another business that provides Wi-Fi access to customers, it is important to create a safe browsing environment for all Wi-Fi users and take steps to secure your access points and control the activities that users can engage in while connected.

Guest Wi-Fi Best Practices for Hotspot Providers

Create A Separate Wi-Fi Network for Guests and Employees

You will no doubt have a Wi-Fi network that is used by your employees. It is important that this is totally separate from the one used by guests and customers. Guest users should access a totally separate network. Ideally, there should be a network firewall that separates guest users from employees. If you use enterprise switches, create a separate VLAN for access points that broadcast the guest wireless SSID. Also make sure you use a software firewall to block traffic from the guest network from your company’s servers and computers. Also make sure guest users can only access the Internet while connected.

Naming Your SSID

An SSID is the name you give to your Wi-Fi network that identifies it as belonging to your business. Care should be taken when choosing a name. Your choice should depend on the nature of your business and who the Wi-Fi network serves. If you run a coffee shop, for instance, you should make it clear which is your Wi-Fi network and prominently display that information. That will make it harder for rogue hotspots to be created to fool customers into connecting to an evil twin – A hotspot set up and controlled by a hacker to fool customers into connecting in the belief it is your hotspot.

Encrypt your Wireless Signals

Unsecured Wi-Fi networks may be easier to set up and use, but they also allow anyone within range to connect, even if they are not in your establishment.  To connect, it should be necessary for a password to be entered. You should also encrypt your wireless network to make it harder for hackers to intercept users’ data. Secure your wireless network with WPA2 encryption or, even better, WPA3 if it is supported by your access point.

Create a Safe Browsing Experience and Control the Internet Content That Can be Accessed

You should develop and implement a guest Wi-Fi access policy covering what is and is not permitted on your Wi-Fi network. You should also enforce that policy with technical controls. A cloud-based web filter is ideal for this.

It is easy to deploy and configure and will allow you to carefully control the content that can be accessed while connected. You should block access to known malicious sites and illegal web content through blacklists. Category based filters are useful for blocking access to inappropriate content such as pornography and restricting bandwidth-heavy activities that can slow down Internet speeds for all users. By filtering content, not only will you keep your Wi-Fi users protected, you will also reduce legal liability and ensure that your Wi-Fi network is family friendly.

Adopt these guest Wi-Fi best practices to improve safety and security, keep your customers protected, and make it harder for cybercriminals to attack your network or your guest users.

Worst Passwords of 2018 and Password Best Practices Revealed

It’s the time of year when the poor password practices of users are highlighted. This month has seen the list of the worst passwords of 2018 published and a list of 2018’s worst password offenders.

The Worst Passwords of 2018

So, what were the worst passwords of 2018? SplashData has recently published a list of the worst passwords of 2018 which shows little has changed since last year. End users are still making very poor password choices.

To compile the list, SplashData analyzed passwords that had been revealed through data dumps of passwords obtained in data breaches. More than 5 million exposed passwords were sorted to find out not only the weakest passwords used, but just how common they were. The list of the top 100 worst passwords of 2018 was published, although we have only listed the top 25 worst passwords of 2018:

Top 25 Worst Passwords of 2018

1) 123456
2) password
3) 123456789
4) 12345678
5) 12345
6) 111111
7) 1234567
8) sunshine
9) qwerty
10) iloveyou
11) princess
12) admin
13) welcome
14) 666666
15) abc123
16) football
17) 123123
18) monkey
19) 654321
20) !@#$%^&*
21) charlie
22) aa123456
23) donald
24) password1
25) qwerty123

Unsurprisingly, there has been no change in the top two passwords this year. 123456 and password have held number 1 and 2 spots for the past five years. Donald is a new addition but would not keep a user’s account secure for long, even if their name isn’t Donald. 654321 is also new this year but offers little more protection than 123456.

Other new entries include qwerty123 and password1 – Clear attempts to get around the requirement of including numbers and letters in a password.

How common are the worst passwords of 2018? According to SplashData, 3% of users have used 123456 and 10% of people have used at least one password in the list of the top 25 worst passwords of 2018!

Poor Password Practices and the Worst Password Offenders of 2018

DashLane has published its list of the worst password offenders of the year. In addition to the list containing users who have made very poor password choices by selecting some of the worst passwords of 2018, the report highlights some of the terrible password practices that many individuals are guilty of. Poor password practices that render their passwords absolutely useless.

This year has seen many major password failures, several of which came from the White House, where security is critical. Topping the list was a password faux pas by a visitor to the oval office – Kanye West. Not only was ‘Ye’ guilty of using one of the worst possible passwords on his phone ‘000000’, he also unlocked his phone in full view of an office full of reporters who were filming his meeting with President Trump. Ye’s poor password was broadcast to the nation (and around the world). This incident highlights the issue of ‘shoulder surfing.’ Looking over someone’s shoulder at their screen to see passwords being entered. Something that can easily happen in public places.

Another White House password failure concerned a staffer who committed the cardinal password sin of writing down a username and password to make it easier to remember. It is something that many employees do, but most do not write it on White House stationary and then leave the document at a bus stop.

Password security should be exemplary at the White House, but even more so at the Pentagon. Even staff at the Pentagon are guilty of poor password hygiene, as was discovered by Government Accountability Office (GAO) auditors. GAO auditors discovered default passwords were used for software associated with weapons systems. Default passwords are publicly available online which renders them totally useless. GAO auditors were also able to guess admin passwords with full privileges in only 9 seconds.

These are just three examples of terrible password practices. While they are shocking given the individuals concerned, they are sadly all too common.

Password Best Practices to Keep Accounts Secure

A password prevents other individuals from gaining access to an account and the sensitive information contained therein. Choose a strong password or passphrase and it will help to make sure that personal (or business) information remains confidential. Choose a weak password and an account can easily get hacked. Choose an exceptionally weak password and you may as well have no password at all.

To ensure passwords are effective, make sure you adopt the password best practices detailed below:

  • Make sure you set a password – Never leave any account open
  • Always change default passwords – They are just placeholders and are next to useless
  • Never reuse old passwords
  • Use a unique password for all accounts – Never use the same password for multiple accounts
  • Do not use names, dictionary words, or strings of consecutive numbers or letters
  • Ensure passwords are longer than 8 characters and contain at least one number, lowercase letter, uppercase letter, and a symbol – Long passphrases that are known only to you are ideal
  • Use a random mix of characters for passwords and use a password manager so you don’t have to remember them. Just make sure you set a very strong password for your password manager master password.
  • Set up multi-factor authentication on all of your accounts
  • Never write down a password
  • Never share passwords with others, no matter how much you trust them

Password Best Practices for Businesses

Verizon’s 2018 Data Breach Investigations Report revealed 81% of hacking-related data breaches were due to weak passwords or stolen credentials. It is therefore critical that businesses adopt password best practices and ensure users practice good password hygiene. Businesses need to:

  • Train end users on good password hygiene and password best practices
  • Enforce the use of strong passwords: Blacklist dictionary words, previously exposed passwords, previously used passwords, and commonly used weak passwords
  • Set the minimum password length to 8 characters (or more) and avoid setting a maximum length to encourage the use of passphrases.
  • Follow the password advice published by the National Institute of Standards and Technology (NIST)
  • Don’t enforce password changes too often. End users will just reuse old passwords or make very minor changes to past passwords.
  • Implement multi-factor authentication
  • Encrypt all stored passwords
  • Consider the use of other authentication methods – Fingerprint scanners, facial recognition software, voice prints, or iris scans

Need for Web Filters for Libraries Pondered in New Hampshire

There has been much debate over the use of web filters for libraries. On one side are those that believe that as places of learning, there should be no restrictions placed on the types of information that can be accessed through libraries. Libraries house books that are sexually explicit, racist, or contain material some may find distasteful or offensive, but banning those books would be inappropriate.

That same thinking has been applied to the Internet, access to which is often provided in libraries. The application of a web filter to block certain types of content is viewed as unacceptable by some people, even if as a result of a lack of technical controls library computers are used to access hardcore pornography. The American Library Association does not advocate the use of web filters for libraries, instead suggesting acceptable usage policies and educational programs are more appropriate.

The other camp considers the use of web filters in libraries to be a necessity to ensure libraries can be used by children and adults without others subjecting them to obscene and potentially harmful web content. Acceptable usage policies only discourage users from accessing pornography. Policies do not prevent such activities.

New Hampshire Library Considers Using Web Filtering Technology to Block Porn

The use of public library computers for viewing offensive sexual content is common. There have been many cases of library patrons discovering other users accessing adult content on computers in full sight of other users, as was recently the case at the Lebanon Public Library in New Hampshire.

A complaint was made to Lebanon Public Library about two children (of middle school age) who are alleged to have used the library computers to access pornography. Jim Vanier, youth center coordinator for the Carter Community Building Association, overheard the children discussing pornography at the computers, although they denied accessing adult content.

Vanier’s complaint prompted the Library Board of Trustees to form a task force to investigate current internet usage policies and the task force will consider whether a web filter is appropriate for the library.

While web filters for libraries are available to prevent obscene videos and images from being accessed, relatively few libraries have started implementing even the most basic content controls. The Children’s Internet Protection Act requires the use of web filters in libraries and schools, but only as a condition to obtain e-rate discounts and federal grants. In order to qualify for funds, obscene images, child pornography, and other information deemed harmful to minors must be blocked.

The municipal libraries in Lebanon have taken steps to curb Internet misuse and have introduced policies that prohibit computers from being used for any disruptive or inappropriate behavior, including the viewing of images of a pornographic nature. However, policies alone are insufficient to prevent all cases of inappropriate Internet use.

The reason why many libraries choose not to apply filters is often because web filters for libraries are not perfect, and as a result, they could filter out unintended content.

Accuracy of Content Blocking by Web Filters for Libraries

While there have been issues with web filters for libraries overblocking content in the past, there have been major advances in web filtering technology over the past 10 years. Web filters can now more accurately assess and categorize content.

WebTitan Cloud, for instance, has highly granular controls and allows libraries to carefully control the content that can be accessed without overblocking.

While there is potential for user error when setting policies, WebTitan Cloud solves this issue by having an easy to use user interface that requires no technical skill to use. This helps to eliminate user error that often leads to overblocking of web content.

With WebTitan Cloud, libraries can easily filter out pornography, child pornography, and other obscene and harmful content to comply with CIPA and meet parents’ expectations without restricting access to valuable, educational websites.

WebTitan Cloud also blocks access to websites that host malware to prevent malicious software from being downloaded onto library computers, as well as blocking a wide range of Internet threats such as phishing.

WebTitan Cloud – An Accurate and Easy to Use Web Filter for Libraries

WebTitan Cloud is an ideal web filter for libraries. It is 100% cloud-based so not costly hardware purchases are required. It is easy to implement, simple to use, and allows Internet content to be carefully controlled without blocking access to valuable educational material.

Some of the key features in TitanHQ’s web filters for libraries have been detailed below:

WebTitan Cloud Features

  • Highly granular controls to allow precise filtering of Internet content
  • Unmatched combination of coverage, accuracy, and flexibility
  • Real-time classification of more than 500 million websites and 6 billion web pages in 200 languages
  • 100% coverage of the Alexa 1 million most visited websites
  • Easy to use interface requiring no technical skill
  • 100% cloud-based filtering – No hardware purchases or software downloads required
  • Supports Safe Search and YouTube for Schools
  • Supports whitelists and blacklists for creating exceptions to allow/block content outside general policy controls
  • Category-based filtering allows blocking through 53 pre-defined website categories and 10 customizable categories
  • HTTP/HTTPS filtering
  • Customizable block pages
  • Supports time-controlled cloud keys to allow certain users to bypass filtering controls – for research purposes for instance
  • Provides full visibility into network usage
  • Full reporting suite including real-time Internet activity

For further information on TitanHQ’s web filter for libraries, to arrange a product demonstration, and to register for a free trial to evaluate WebTitan Cloud in your own environment, contact the TitanHQ team today.

Dec 5, 2018 Webinar: A Perfect Cisco OpenDNS Alternative at a Fraction of the Price

Are you looking for a Cisco OpenDNS alternative that is both easier to use and much more cost effective? On Wednesday December 5, 2018, you can discover how you can save money on web filtering without cutting any corners on protection.

A web filter is now an essential cybersecurity solution to protect against web-based threats such as phishing, viruses, malware, ransomware, and botnets. A web filter also allows businesses to carefully control the online activities of employees by restricting access to NSFW web content such as pornography and curb productivity-draining Internet use.

In addition to offering threat protection and content control on wired networks, a DNS-based web filter offers protection for BYOD and company owned devices regardless where they connect to the Internet. Multiple locations can be protected through a central web-based console.

A DNS-based web filter is cost effective to implement as no hardware purchases are required and no software needs to be installed. A DNS-based filter is also easy to maintenance and requires no software updates or patches.

With DNS-based filters, content control and online threat protection is simple; but what about cost? Many businesses have looked at Cisco OpenDNS to meet their web filtering requirements but are put off due to the high cost. Fortunately, there is a more cost-effective way of filtering the Internet.

TitanHQ and Celestix are hosting a webinar on a WebTitan-powered Cisco OpenDNS alternative, Celestix WebFilter Cloud.

Celestix will be joined by by TitanHQ EVP of Strategic Alliances, Rocco Donnino, and Senior Sales Engineer, Derek Higgins, who will explain how Celestix WebFilter Cloud works, why it is an ideal Cisco OpenDNS alternative, and how you can have total protection against web-based threats at a fraction of the cost of running OpenDNS.

The webinar will be taking place on Wednesday December 5, 2018 at 10:00 AM US Pacific Time

Advance registration is required. You can register for the webinar on this link.

Massive Marriott Data Breach Discovered: 500 Million Guests Affected

A massive Marriott data breach has been detected which could affect as many as 500 million individuals who previously made bookings at Starwood Hotels and Resorts. While the data breach is not the largest ever reported – The 2013 Yahoo breach exposed around 3 billion records – it shares second place with the 2014 Yahoo data breach that also impacted around half a billion individuals.

Largest Ever Hotel Data Breach

The Marriott data breach may not have affected as many people as the 2013 Yahoo data breach but due to the types of information stolen it is arguably more serious. Approximately 173 million individuals have had their name, mailing address, email address stolen and around 327 million individuals have had a combination of their name, address, phone number, email address, date of birth, gender, passport number, booking data, arrival and departure dates, and Starwood Guest Program (SPG) account numbers stolen. Further, Marriott also believes credit card details may have been stolen. While the credit card numbers were encrypted, Marriott cannot say for certain whether the two pieces of information required to decrypt the credit card numbers was also obtained by the hacker.

In addition to past guests at Starwood Hotels and Resorts and Starwood-branded timeshare properties, guests at Sheraton Hotels & Resorts, Westin Hotels & Resorts, W Hotels, St. Regis, Aloft Hotels, Element Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, and Four Points by Sheraton have been affected, along with guests at Design Hotels that participate in SPG program.

The data breach was detected by Marriott on September 8, 2018, following an attempt by an unauthorized individual to access the Starwood database. The investigation revealed the hacker behind the attack first gained access to the Starwood database in 2014. It is currently unclear how access to the database was gained.

The Marriott hotels data breach is naturally serious and will prove costly for the hotel group. Marriott has already committed to offering U.S. based victims free enrollment in WebWatcher, has paid for third party experts to investigate and help mitigate the data breach, and the hotel group will be bolstering its security and phasing out Starwood systems.

Even though the Marriott hotels data breach has only just been announced, two class action lawsuits have already been filed. One of the lawsuits seeks damages totaling $12.5 billion – $25 per breach victim.

There is also a possibility of a E.U. General Data Protection Regulation (GDPR) fine. Fines of up to €20 million are possible, or 4% of global annual turnover, whichever is greater. That could place Marriott at risk of a $916 million (€807 million) fine. The UK’s Information Commissioner’s Office – the GDPR supervisory authority in the UK – has been notified of the breach and is making enquiries.

Harder to calculate is the damage to the Marriott brand. Share prices dropped by 8.7% following the Marriott data breach announcement, and they are currently around $5 down. While share prices will likely recovery over time, the breach will almost certainly result in loss of business.

Risk of Marriott Data Breach Related Phishing Attacks

Email notifications sent to breach victims by Marriott came from the domain: email-marriott.com. Rendition Infosec/FireEye researchers purchased the domains email-marriot.com and email.mariott.com shortly after the announcement to keep them out of the hands of scammers. Other similar domains may be purchased by less scrupulous individuals to be used for phishing.

A breach on this scale is also ideal for speculative phishing attempts that spoof the email domain used by Marriott. Mass email campaigns are likely to be sent randomly in the hope that they will reach breach victims or individuals that have previously stayed at a Marriott hotel or one of its associated brands.

Consequently, any email received that is related to the breach should be viewed as potentially malicious.

Starbucks WiFi Filter Will Start Blocking Porn in 2019

In 2016, Starbucks agreed to filter out pornography from its WiFi networks, but two years on and a Starbuck WiFi filter has yet to be applied anywhere other than the UK.

The 2016 promise came in response to public pressure to take action to prevent customers from abusing its free WiFi network to view pornography. While Starbucks had an acceptable use policy and prohibited the viewing of pornography on its WiFi network, there were no controls in place to prevent customers from accessing such content.

Leading the campaign for a Starbucks WiFi filter was the Internet safety group Enough is Enough. Back in 2016, as part of its Porn Free WiFi Campaign (since renamed SAFE WiFi Campaign) the group stepped up its efforts to convince big businesses to take the lead and implement filtering technology to enforce acceptable internet usage policies on their free WiFi networks. McDonalds and Starbucks were two such brands that were petitioned by the group – a coalition of 75 partner organizations.

More than 50,000 petitions were sent to Starbucks and McDonald’s in 2016, and in response, both agreed to start filtering pornographic web content on their WiFi networks. While McDonald’s acted quickly and started blocking adult content, the Starbucks WiFi filter failed to materialize. The coffee shop chain did implement a WiFi filter in its UK locations, but the Starbucks WiFi filter was not rolled out in other countries.

Since McDonalds took the lead and created a family-friendly free WiFi network, Chick-fil-A has followed suit and has implemented a WiFi filter in its 2,200 restaurants, as have many other restaurant and coffee shop chains. However, two years on and Starbucks has not made good on its promise. The lack of apparent action prompted Enough is Enough to issue a new call for the coffee shop chain to take action.

Enough is Enough Issues Fresh Call for Starbucks WiFi Filter Rollout

“Starbucks has had a tremendous opportunity to put its best foot forward in protecting its customers from images deemed obscene and illegal under the law, but they haven’t budged, despite their promise two years ago and despite the fact that they voluntarily filter this same content in the UK,” said Enough is Enough president and CEO, Donna Rice Hughes. “By breaking its commitment, Starbucks is keeping the doors wide open for convicted sex offenders and others to fly under the radar from law enforcement and use free, public WiFi services to access illegal child porn and hard-core pornography.”

Despite the promise, there has been little news issued on the Starbucks WiFi filter front. “To date, no action has taken place to suggest Starbucks has moved forward with its public commitment. EIE has made repeated attempts to reach out to Starbucks executives by phone, e-mail and certified mail since 2016. Starbucks has remained unresponsive with the exception of a form letter from customer relations,” explained Donna Rice Hughes on November 26, 2018.

Enough is Enough has called for members of the public to petition Starbucks once again and demand a WiFi filtering solution be applied to prevent customers from accessing inappropriate content in its coffee shops.

Starbucks has now confirmed to Business Insider that the chain has been taking action and has been evaluating WiFi filtering solutions to determine whether they can be applied to block access to pornography without inadvertently blocking other types of content.  A solution has now been chosen at last and it will be rolled out in 2019.

WiFi Filtering Made Simple with WebTitan Cloud for WiFi

While web filters have been criticized in the past for overblocking web content, today, web filters such as TitanHQ’s WebTitan Cloud for WiFi allow fine control of Internet content thanks to highly granular controls. Blocking access to pornography, or any other category of Internet content, requires just a couple of clicks of a mouse.

WebTitan Cloud for WiFi includes 53 preset categories of Internet content that can be filtered out in seconds once the solution has been implemented. Implementing WebTitan Cloud for WiFi, configuring the filter, and protecting customers (and employees) takes just a few minutes. No hardware purchases are required, and no software downloads are necessary. Simply change the DNS to point to WebTitan and controls can easily be applied.

In addition to blocking pornography, illegal content such as child pornography and copyright-infringing file downloads via P2P file sharing sites and be blocked. WiFi users will also be protected from malicious sites that download malware, phishing websites, and other web-based threats.

WebTitan Cloud for WiFi is highly scalable and can be used to protect multiple WiFi access points, regardless of where they are located, through an easy-to-use web-based interface. With WebTitan Cloud for WiFi, filtering the Internet and protecting customers could not be any easier.

If you run a business and you offer your customers free, unfiltered WiFi access, now is the perfect time to make a change and send a message to your customers that you are leading the fight against online pornography and are taking action to protect customers by creating a family-friendly WiFi environment.

Contact TitanHQ today for more information, to book a product demonstration, or to sign up for a free WebTitan Cloud for WiFi trial.

Managed Service providers that want to start offering WiFi filtering to clients should contact the TitanHQ MSP Program team to find out how WebTitan (and other TitanHQ products) can be integrated into their security stacks.

Lire cet article en français.

Business Email Account Compromises Soaring

Business email compromise (BEC) attacks cost businesses billions of dollars each year, and business email account compromises are soaring.

What is a Business Email Compromise Attack?

As the name suggests, these attacks involve the hijacking of business email accounts. The primary aim is to compromise the account of the CEO or CFO, which is usually achieved through a spear phishing attack. Once the email account has been compromised, it is used to send phishing emails to other employees in the company, most commonly, employees in the accounts, finance, and payroll departments.

The emails commonly request wire transfers be made to accounts under the control of the attackers. Requests are also made for sensitive information such as the W-2 Forms of employees.

Since the emails are sent from the CEO or CFO’s own account, there is a much higher chance of an employee responding to the request than to a standard phishing attempt from an external email address. Since the emails come from within an organization, they are also much harder to detect as malicious – a fact not lost on the scammers.

With access to the email account, it is much easier to craft convincing messages. The signature of the CEO can be copied along with their style of writing from sent messages. Email conversations can be started with employees and messages can be exchanged without the knowledge of the account holder.

Fraudulent transfers of tens or hundreds of thousands of dollars may be made and the W-2 Forms of the entire workforce can be obtained. The latter can be used to submit fake tax returns in victims’ names to obtain tax refunds. The profits for the attackers can be considerable, and with the potential for a massive payout, it is no surprise that these attacks are on the rise.

Business Email Account Compromises Have Increased by 284% in a Year

FBI figures in December 2016 suggest $5.3 billion had been lost to BEC scams since October 2013. That figure had now increased to $12.5 billion. More than 30,000 complaints of losses due to BEC attacks were reported to the FBI’s Internet Crime Complaints Center (IC3) between June 2016 and May 2018.

The specialist insurance service provider Beazley has been tracking business email account compromises. The firm’s figures show business email account compromises have increased each quarter since Q1, 2017. In the first quarter of 2017, 45 business email account compromises were detected. In Q2, 2018, 184 business email account compromises were detected. Between 2017 to 2018, there was a 284% increase in compromised business email accounts.

While the CEO’s email credentials are often sought, the credentials of lowlier employees are also valuable. Any email account credentials that can be obtained can be used for malicious purposes. Email accounts can be used to send phishing messages to other individuals in an organization, and to business contacts, vendors, and customers.

Beazley notes that once one account has been compromised, others will soon follow. When investigating business email account compromises, businesses often discover that multiple accounts have been compromised. Typically, a company is only aware of half the number of its compromised accounts.

The High Cost of Resolving Business Email Account Compromises

Business email account compromises can be extremely costly to resolve. Forensic investigators often need to be brought in to determine the full extent of the breach. Each breached email account must then be checked to determine what information has been compromised. While automated searches can be performed, manual checks are inevitable. For one client, the automated search revealed 350,000 document attachments had potentially been accessed, and each of those documents had to be checked manually to determine the information IT contained. The manual search alone cost the company $800,000.

How to Protect Your Organization from Business Email Compromise Attacks

A range of measures are required to protect against business email compromise attacks. An advanced spam and anti-phishing solution is required to prevent phishing and spear phishing emails from being delivered to inboxes.

SpamTitan is an easy-to-implement spam filtering solution that blocks advanced phishing and spear phishing attacks at source. In contrast to basic email filters, such as those incorporated into Office 365, SpamTitan uses heuristics, Bayesian analysis, and machine learning to identify highly sophisticated phishing attacks and new phishing tactics. These advanced techniques ensure more than 99.9% of spam and malicious messages are blocked.

The importance of security awareness training should not be underestimated. End users should be trained how to recognize phishing attempts. Training should be ongoing to ensure employees are made aware of current campaigns and new phishing tactics. Phishing simulation exercises should also be conducted to reinforce training and identify weak links.

Multi-factor authentication is important to prevent third parties from using stolen credentials to access accounts. If a login attempt is made from an unfamiliar location or unknown device, an additional form of identification is required to access the account.

Password policies should be enforced to ensure that employees set strong passwords or passphrases. This will reduce the potential for brute force and dictionary attacks. If Office 365 is used, connection to third party applications should be limited to make it harder for PowerShell to be used to access email accounts. A web filtering solution should also be implemented to block access to phishing accounts where email credentials are typically obtained.

Defense in depth is the key to protecting against BEC attacks. For more information about email and web security controls to block BEC attacks, give the TitanHQ team a call. Our experienced advisers will recommend the best spam and web filtering options to meet the needs of your business and can book a product demonstration and set you up for a free trial.

Massive Malvertising Campaign Directs Millions of Users to Phishing Websites

A massive malvertising campaign has been detected that has so far hijacked at least 300 million browser sessions in the space of just 48 hours.

What is Malvertising?

Malveristing is a method of generating traffic to websites that would otherwise be unlikely to be visited by Internet users. The technique involves using code in adverts submitted to advertising networks to redirect users to a specific website. Clicking a link in one of the adverts can trigger multiple redirects, first to the site detailed in the Ad code, then onto another web page.

Malvertising is often used to direct Internet users to malicious websites, such as those hosting exploit kits that probe for vulnerabilities and silently download malware or phishing websites, tech support scams, and other scam sites.

As spam filtering technology has improved, fewer spam emails are being delivered to inboxes, which means fewer individuals click links in emails and visit malicious websites. Malvertising is a suitable alternative that generates huge volumes of traffic.

The ad networks are used by many high-traffic websites to provide an additional income stream. While the ad networks incorporate checks to ensure advertisers are legitimate, the use of obfuscated JavaScript to redirect visitors and multiple redirects help attackers pass these checks.

Users Directed to Phishing Websites

The latest malvertising campaign is being used to direct Internet users to a variety of web pages, including adult websites and ‘You’ve Won a Gift Card’ scams.

The campaign was detected by researchers at Confiant on November 12. They claim the threat actors behind the campaign are still active. The initial web pages visited via advert redirects contain obfuscated JavaScript code that redirects visitors to other web pages. Many of the final landing pages phish for sensitive information such as names, addresses, email addresses, revenue information, and other personal data.

Malvertising is nothing new and there are more than a dozen threat actors that are primarily using this method to generate traffic to web pages, but this campaign stands out due to its scale and the volume of visitors that have been redirected to malicious websites.

How to Protect Your Business from Malvertising Attacks

As with spam email, malvertising is a serious risk for businesses. The majority of businesses now use a spam filtering solution to prevent malicious messages from reaching inboxes, but fewer businesses have protections in place to prevent their employees from malvertising and other web-based attacks.

Anti-virus and anti-malware solutions may identify malware downloads that take place through these malicious websites, but usually only once the malware has been downloaded. Since most AV solutions are signature-based, if a new malware variant is downloaded it will not be detected.

The most effective way of blocking malvertising is a web filtering solution. A web filter is most commonly used to control the types of content that can be accessed by employees and serves a similar purpose to parental control software. However, in contrast to parental control solutions, enterprise class-web filtering solutions also prevent network users from accessing malicious websites such as those used for phishing and to distribute malware.

WebTitan Cloud – An Easy to Use, Powerful Web Filtering Solution

WebTitan Cloud is an enterprise-class web filtering solution that has been developed to offer protection against web-based attacks, including malvertising.

WebTitan Cloud is a 100% cloud-based web filtering solution. As such, it requires no hardware purchases or software downloads. Implementation is quick and easy and only takes a few minutes. No technical skill is required to start filtering the Internet and start protecting your business from web-based threats.

In addition to blocking access to malicious websites, WebTitan Cloud allows users to restrict internet activity through 53 category-based filters. More than 700 million URLs are crawled, analyzed, and categorized every day, and the solution provides 100% coverage of the Alexa top 1 million most visited websites and blocks more than 3 million malicious URLS at any one time. More than 7,500 businesses around the world trust WebTitan to protect them from malicious web content.

WebTitan Cloud is also an ideal web filtering solution for managed service providers (MSPs), allowing them to easily add web filtering to their security stacks. WebTitan Cloud comes with a variety of hosting options, including the option of hosting the solution within an MSP’s own data center. The solution can also be provided as a white-label ready to take MSP branding.

For further information on WebTitan Cloud for managed service providers and SMBs, details of pricing, and to book a product demonstration, contact the TitanHQ team today.

WPA3 WiFi Security Enhancements Will Not Block All WiFi Threats

WiFi networks are a potential security weak point for businesses, although the introduction of WPA3 will improve Wi-Fi security. WPA3 Wi-Fi security enhancements address many WP2 vulnerabilities, but WPA3 alone is not enough to block all WiFi threats.

WiFi Security Protocols

The WPA WiFi security protocol was introduced in 1999, and while it improved security, cracking WPA security is far from difficult. Security enhancements were introduced with WPA2 in 2004, but while more secure, WPA2 does not fix all vulnerabilities. Little has changed in the past 14 years, but at long last, WPA3 is here. Use WPA3 and Wi-Fi security will be significantly enhanced, as several important WP2 vulnerabilities have been fixed.

WPA3 WiFi Security Enhancements

One of the biggest WiFi security threats is open networks. These are WiFi networks that require no passwords or keys. Users can connect without entering a pre-shared key. All a user needs to know is the SSID of the access point to connect. These open networks are used in establishments such as coffee shops, hotels, and restaurants as it is easy for customers to connect. The problem is users send plain text to the access point, which can easily be intercepted.

WPA3 spells an end to open networks. WPA3 uses Opportunistic Wireless Encryption (OWE). Any network that does not require a password, will encrypt data without any user interaction or configuration. This is achieved through Individualized Data Protection or IDP. Any device that attempts to connect to the access point receives its own key from the access point, even if no connection to the AP has been made before. This control means the key cannot be sniffed and even if a password is required, having access to that password does not allow the data of other users to be accessed.

Another security enhancement that has been made in WP3 reduces potential for password cracking attacks such as the WPA2 KRACK Attack. WPA2 is vulnerable to brute force and dictionary-based attacks. That is because security relies on the AP provider setting a secure password and many establishments don’t. With WPA3, the Pre-Shared Key (PSK) exchange protocol is replaced with Simultaneous Authentication of Equals (SAE) or the Dragonfly Key Exchange, which improves security of the initial key exchange and offers better protection against offline dictionary-based attacks.

WPA3 also addresses security vulnerabilities in the WiFi Protected Setup (WPS) that made it easy to link new devices such as a WiFi extender. In WPA3, this has been replaced with Wi-Fi Device Provisioning Protocol (DPP).

Configuring IoT devices that lack displays has been made easier, the 192-bit Commercial National Security Algorithm is used for enhanced protection for government, defense and industrial networks, and better controls have been implemented against brute force attacks. These and other enhancements mean WPA3 is far more secure.

Unfortunately, at present, very few manufacturers support WPA3, although that is likely to change in 2019.

WPA3 WiFi Security Issues

Even with WPA3 WiFi security enhancements, WiFi networks will still be vulnerable. WPA3 includes encryption for non-password-protected networks, but it does not require authentication. That is up to hotspot providers to set. WPA3 it is just as susceptible to man-in-the-middle attacks and offers no protection against evil twin attacks. The user must ensure they access the genuine access point SSID.

The connection to the AP may be more secure, but WPA3 does not offer protection against malware downloads. Users will still be at risk from malicious websites unless a DNS filtering solution is used – A web filter to protect WiFi networks.

Improve WiFi Security with a DNS-Based WiFi Filtering Solution

A DNS-based WiFi filtering solution such as WebTitan Cloud for WiFi protects users of a WiFi network from malware attacks, ransomware downloads, and phishing threats. The cloud-based filter also allows businesses that provide WiFi access points to carefully control the content that can be accessed by employees, customers, and other guest users.

By upgrading to WPA3 WiFi security will be improved. With WebTitan Cloud for WiFi, users will also be protected once they are connected to the network.

Further information on WebTitan Cloud for WiFi is detailed in the video below. For further information on WiFi security, including WebTitan pricing and to book a product demonstration, contact the TitanHQ team today.

WiFi Filtering Security Benefits

Businesses that fail to secure their WiFi networks are taking a huge risk, and one that could prove catastrophic. In this article we explain why WiFi security is so important and cover the main WiFi filtering security benefits for businesses.

What are the Consequences of Poor Cybersecurity?

Customers often feel loyal to a particular brand. The company gives them what they want, the prices are reasonable, the quality of products/services are good. One of the most important factors influencing customer loyalty is trust in a brand. If trust in a brand is lost, it can be difficult win customers back. They may be permanently lost. Those customers then speak to their friends and colleagues and word spreads and further business can be lost.

One of the easiest ways to lose the trust of customers is a data breach. Ask customers why they love a particular brand, and “The company keeps my data safe” will not make the top ten list. That said, if a company experiences a data breach, customers will leave in droves.

Some industries are more prone to high customer churn rates following a data breach than others. The healthcare and insurance industries do experience customer loss, but many breach victims are tied to those providers and leaving is not straightforward. The banking and retail industries on the other hand see high churn rates. There is usually plenty of choice and customers explore other options after a breach.

A study of 10,000 consumers by Gemalto in November 2017 showed 70% of customers would stop doing business with a company after a data breach. Could your business cope with an overnight loss of 70% of your customers?

Further, the cost of a data breach report revealed the average cost of a data breach has now risen to $3.86 million. A 70% loss of customers and a $3.86 million data breach bill would prove catastrophic for many businesses. It is therefore no surprise that the National Cyber Security Alliance reports that 60% of SMBs go out of business within 6 months of a data breach.

Defense in Depth is Essential

The Gemalto study found that 62% of consumers felt that a company that holds their data is responsible for security, highlighting the importance customers place on the privacy of their data.

For businesses, ensuring systems and data are kept secure can be a major challenge. The only way to meet that challenge is through defense in depth. A range of cybersecurity solutions are required to secure systems and data, block cyberattacks, and prevent data breaches.

The best place to start is by performing a risk assessment to highlight all potential risks to your systems and data. Consider all possible ways that an attack can occur, assess the risk of each, and develop a risk management plan to address those risks, addressing the highest risk areas first.

While many companies implement a host of network and email security solutions, one area of security that is often overlooked is the WiFi network, even though WiFi poses a considerable risk, not only to the business but also to customers that are allowed to connect to the WiFi network. Some of the important WiFi filtering security benefits are detailed in the section below.

Important WiFi Filtering Security Benefits for Businesses

There are many WiFi filtering security benefits for businesses. Implementing a WiFi filter will not only improve security for the business and its customers, it can also help to improve the productivity of the workforce.

Some of the most important WiFi security benefits are detailed below:

Block Malware and Ransomware Downloads

One of the most important WiFi filtering security benefits for businesses is protection from malware and ransomware downloads. Malware allows hackers to steal customer data, intellectual property, and obtain credentials to plunder corporate bank accounts. Malware infections can prove incredibly costly to resolve and ransomware attacks can bring businesses to a grinding halt. A WiFi filter help improve security by blocking access to sites hosting exploit kits and preventing drive-by malware downloads.

Prevent WiFi Users from Visiting Phishing Websites

Phishing is a major risk for all businesses. While most phishing attacks start with an email, they invariably link to websites that harvest credentials. A WiFi filter ensures that employees and guest users cannot access websites known to be used for phishing.

Stop Users from Accessing Illegal Website Content

Businesses have a responsibility to ensure that their WiFi networks cannot be used to access illegal content such as child pornography or to perform copyright-infringing file downloads. In addition to the potential for these actions to lead to legal problems for employers, these illegal online activities increase the risk of a malware infection.

Prevent Users from Accessing Inappropriate Websites

Businesses should take steps to prevent employees and guest WiFi users from accessing inappropriate websites – Websites that have no work purpose and those that are likely to cause offense to other individuals – adult content for example. Inappropriate internet use is a major drain of productivity and poses a security risk.

Other Important WiFi Filtering Benefits

All companies must take steps to reduce legal liability and employee Internet access is one area where companies can experience legal problems. Web content that seems funny to some employees could be highly offensive to others and lead to the creation of a hostile working environment and subsequent legal action by employees. Any company that fails to block illegal online activities such as copyright-infringing downloads, could be found to be vicariously liable for the actions of its WiFi users.

Businesses can use a WiFi filter to control bandwidth use. By blocking access to bandwidth heavy activities such as video streaming at busy times, business can ensure all users can enjoy fast Internet speeds.

WebTitan Cloud for WiFi: WiFi Filtering Made Simple

Gaining the above WiFi filtering security benefits is easy with TitanHQ’s innovative WiFi filtering solution – WebTitan Cloud for WiFi.

WebTitan Cloud for WiFi is easy to implement, simple to use, and effortless to maintain. WebTitan Cloud for WiFi allows businesses to carefully control Internet access, reduce risk, make important productivity gains, and improve their security posture.

WebTitan Cloud for WiFi can be implemented in minutes, requires no hardware purchases and needs no software downloads. An intuitive user interface can be accessed from anywhere with an internet connection and no technical skill is required to configure and maintain the solution.

WebTitan Cloud for WiFi allows business of all sizes to gain the WiFi filtering security benefits with no slowing of Internet speeds.

WebTitan WiFi Filtering Security Benefits

  • Blocks access to web pages hosting malware
  • Blocks ransomware, malware, virus, and botnet downloads
  • Prevents employees and guests from accessing phishing websites
  • Requires no user updates or patches
  • Blocks the use of anonymizers
  • Inspects all Internet traffic, including encrypted content
  • Reports can be generated to show which employees are attempting to bypass filtering controls
  • Policies can be created for different users, departments, or locations
  • Different filtering controls can be set for employees and guest WiFi users

For further information on WebTitan Cloud for WiFi, details of pricing, to book a product demonstration, or to sign up for a free 14-day trial of the full solution, contact the TitanHQ team today.

Wi-Fi Security Threats You Should be Aware of

Many employees access their work emails and work networks via public Wi-Fi hotspots, even though there is a risk that sensitive information such as login credentials could be intercepted by hackers. Many employees are unaware of the Wi-Fi security threats that lurk in their favorite coffee shop and fail to take precautions. Even employees who are aware of the Wi-Fi security threats often ignore the risks.

This was highlighted by a 2017 survey by Symantec. 55% of survey participants said they would not hesitate to connect to a free Wi-Fi hotspot if the signal was good and 46% said they would rather connect to a free, open wireless network than to wait to get a password to a secure access point.

60% of survey participants believed public Wi-Fi networks are safe and secure but even though 40% are aware of the Wi-Fi security threats, 87% said that they would access financial information such as their online banking portal or view their emails on public Wi-Fi networks.

The majority of users of public Wi-Fi networks who were aware of the Wi-Fi security threats said they ignored the risks. Millennials were the most likely age group to ignore Wi-Fi security threats: 95% of this age group said they had shared sensitive information over open Wi-Fi connections.

Consumers may be willing to take risks on public Wi-Fi networks, but what about employees? According to a 2018 Spiceworks survey, conducted on 500 IT professionals in the United States, employees are also taking risks.

61% of respondents to the survey said their employees connect to public Wi-Fi hotspots in coffee shops, hotels, and airports to work remotely. Only 64% of respondents said their employees were aware of the Wi-Fi security threats. A similar percentage said their employees were aware of the risks and connect to their work networks using a VPN, which means that 4 out of 10 workers were unaware of the importance of establishing a secure connection.

Even though 64% of respondents were confident that employees were aware of the risks, only half were confident that data stored on mobile devices was adequately protected against threats from public Wi-Fi hotspots. 12% of respondents said they have had to deal with a public Wi-Fi related security incident, although a further 34% were not sure if there had been a security breach as many incidents are never reported.

WiFi Security Threats Everyone Should be Aware of

All employers should now be providing security awareness training to their employees to make the workforce more security aware. Employees should be trained how to identify phishing attempts, warned of the risk from malware and ransomware, and taught about the risks associated with public Wi-Fi networks.

Five threats associated with open public Wi-Fi hotspots are detailed below:

Evil Twins – Rogue Wi-Fi Hotspots

One of the most common ways of obtaining sensitive information is for a cybercriminal to set up an evil twin hotspot. This is a fake Wi-Fi access point that masquerades as the legitimate access point, such as one offered by a coffee shop or hotel. An SSID could be set up such as “Starbuck Guest Wi-Fi” or even just state the name of the establishment. Any information disclosed while connected to that hotspot can be intercepted.

Packet Sniffers

Using a packet sniffer, a hacker can identify, intercept, and monitor web traffic over unsecured Wi-Fi networks and capture personal information such as login credentials to bank accounts and corporate email accounts. If credentials are obtained, a hacker can gain full control of an account.

File-Sharing

Many people have file-sharing enabled on their devices. This feature is useful at home and in the workplace, but it can easily be abused by hackers. It gives them an easy way to connect to a device that is connected to a Wi-Fi hotspot. A hacker can abuse this feature to drop malware on a device when it connects to a hotspot.

Shoulder Surfing

Not all threats are hi-tec. One of the simplest methods of obtaining sensitive information is to observe someone’s online activities by looking over their shoulder. Information such as passwords may be masked so the information is not visible on a screen, but cybercriminals can look at keyboards and work out the passwords when they are typed.

Malware and Ransomware

When connecting to a home or work network, some form of anti-malware control is likely to have been installed, but those protections are often lacking on public Wi-Fi hotspots. Without the protection of AV software and a web filter, malware can be silently downloaded.

Employers can reduce risk by providing comprehensive training to employees to make sure they are aware of the risks from public Wi-Fi hotspots and make sure that employees are aware they should only connect to public Wi-Fi networks if they use a VPN. Employers can further protect workers with WebTitan Cloud – An enterprise-class web filter that protects workers from online threats, regardless of where they connect.

Hotspot providers can protect their customers by securing their Wi-Fi hotspots with WebTitan Cloud for Wi-Fi. WebTitan Cloud for Wi-Fi is a powerful web filter that protects all users of a hotspot from malware and phishing attacks, and can also be used to control the types of sites that can be accessed. If you offer Wi-Fi access, yet are not securing your hotspot, your customers could be at risk. Contact TitanHQ today to find out how you can protect your customers from online threats, control the content that can be accessed, and create a family-friendly Wi-Fi environment.

WiFi Filtering and Brand Protection

In this post we explain the importance of WiFi filtering and brand protection. It can take years of hard work for businesses to develop trust in their brand. That trust can easily be lost if customers are not protected while connected to business WiFi networks and come to harm or suffer losses.

If Trust is Lost in a Brand it Can Take Years to Recover

Trust is a cornerstone of all successful brands, but it is not something that can be developed overnight. Developing trust in a brand takes an extraordinary amount of time and money, but once established, companies will be rewarded by customer loyalty.

While trust can be difficult to earn, it is certainly not difficult to lose. One of the easiest ways for consumers to lose trust in a brand is through privacy breaches and cyberattacks. If the personal data of customers is exposed or stolen, customers will lose faith in the brand and are likely to take their business elsewhere.

A 2017 study by Gemalto revealed 70% of customers would stop doing business with a company that failed to protect their personal data and suffered a data breach. Regaining customers trust after a data breach can take years. Protecting customer data is therefore essential if a business is to succeed and continue to enjoy success.

Wi-Fi Security and Brand Protection

One aspect of security that is often overlooked is protecting customers who connect to Wi-Fi networks. Many businesses offer free Wi-Fi access to their customers yet fail to implement controls over what customers can do while connected. Consequently, customers may be exposed to malware, phishing, and other harmful content.

Even businesses that claim to be family friendly often do not always filter the Internet and block access to adult and other age-inappropriate web content. It was only relatively recently that McDonald’s started filtering its WiFi networks to protect customers. Starbucks has also agreed to implement WiFi filters to block porn next year.

How are Wi-Fi filtering and brand protection related? Imagine someone uses your WiFi network to access pornography and a child views their screen? Or a parent finds out their child has been viewing adult content on the establishment’s Wi-Fi network? It only takes one person to complain via a social media network for the story to go viral and for the company’s reputation to be tarnished. The same goes for a malware infection as a result of an establishment failing to implement anti-malware controls on its WiFi network.

Implementing a WiFi filter shows customers that you are doing all you can to protect them from online threats and harmful content. WiFi security is therefore important for brand protection.

There have also been cases of businesses temporarily losing Internet access over illegal Internet activity – Employees who have used a corporate WiFi network to engage in illegal activities such as downloading pirated content. ISPs can terminate internet access if complaints are received and loss of Internet access can cripple a business. Legal action can also be taken by the copyright holder against the business.

WebTitan Cloud for WiFi: The Easy Way to Secure Wi-Fi Networks

TitanHQ has been protecting SMBs from cyber threats for more than 20 years and has expanded its portfolio of solutions to cover WiFi security and brand protection solutions.

TitanHQ has developed WebTitan Cloud for WiFi to make it easy for businesses to secure their WiFi networks and for MSPs to offer WiFi filtering to their clients.

WebTitan Cloud for WiFi is a 100% cloud based WiFi filtering solution that is quick and easy to implement and requires no hardware purchases or software downloads. The solution blocks malware downloads, access to malicious websites, lets businesses carefully control the content that can be accessed via their Wi-Fi networks and control bandwidth use by employees and customers. In short, WebTitan Cloud for WiFi lets businesses create a safe environment to access the Internet.

To find out more about WebTitan Cloud for WiFi, including details on pricing, contact TitanHQ today. All businesses can book a product demonstration and sign up for a free WebTitan Cloud for WiFi trial to evaluate the solution in their own environment.

Change from Umbrella to WebTitan and Save Time, Money, and Improve Security

If you are using Umbrella and are finding the web filtering solution to be a drain of your time or your budget, consider making the switch from Umbrella to WebTitan.

Web Filtering Doesn’t Have to be Complicated

There are many factors that need to be considered when choosing a web filtering solution. Aside from allowing you to identify and block threats and control the content that can be accessed by network users, a web filter should be easy to configure and maintain.

To get the most benefit from your chosen solution, you will need to have all the information you need at your fingertips. You should be able to tweak settings, block/unblock sites, and get the reports you need on users that are attempting to, or succeeding in, accessing dangerous web content.

All too often, it is only when the solution is set up that the discovery is made that it is a pig to use. The information you need is not easily accessible and maintaining and managing the solution is headache inducing. However, it needn’t be that way.

Usability is one area where WebTitan excels. WebTitan is powerful, feature rich, yet simple to use. WebTitan can be used by anyone, regardless of their level of IT knowhow. The user interface is crisp, clean, and provides all the important information in one place.

Complex interfaces mean more time is spent making minor changes and accessing reports, which takes time away from more important tasks. Further, if Your IT team hates using a solution, they will spend as little time as possible using it, and that could jeopardize security.

That is exactly what was happening with Saint Joseph Seminary College, which, after experiencing problems, made the switch from Cisco Umbrella to WebTitan.

Benefits of Switching from Umbrella to WebTitan: A Case Study

Web filter usability was a key issue for Saint Joseph Seminary College, which had been using Cisco Umbrella to control the web content staff and students could access. While Umbrella did allow content controls to be applied, using the solution was time consuming and difficult. Finding information, generating reports, and changing settings was just taking too much time. So much time that IT department avoided using the solution as far as possible. Hardly an ideal situation for such an important college cybersecurity control.

“I prefer an interface to be simple while giving me as much information as possible in one place. I don’t need rounded corners and elegant fonts when I am trying to see who has been visiting dangerous websites.  I need to clearly see domain names and internal IPs,” explained Saint Joseph’s IT Director, Todd Russell. Russell went on to explain that it wasn’t always that way. “In my opinion, after Cisco bought OpenDNS, they made some major changes to the UI which made it virtually useless for quickly looking through blocked traffic for signs of particular types of usage.”

This is sadly a common problem. In an attempt to cram in as many features as possible into a user interface, too little consideration is given to the people that have to use and manage the solution. For busy IT departments, it is important to make things as simple as possible. Sysadmins have more than their fair share of complexity as it is.

It was the complexity of Umbrella – and the cost – that led Saint Joseph’s to see an Umbrella alternative.

An Easy to Use, More Cost-Effective Alternative to Umbrella

When looking for an Umbrella alternative, several solutions were considered; however, TitanHQ’s feature-rich web filter, WebTitan, stood out from the crowd and warranted closer inspection.

“It didn’t take long to realize that WebTitan was the best alternative for an efficient, cost-effective, and easy to use filtering solution to replace Cisco Umbrella,” explained Russell.

WebTitan has been developed with usability at the heart of the design process. Before UI changes are made, they are extensively tested to make sure they do not negatively impact the user experience.

After switching from Umbrella to WebTitan, the benefit was immediately gained. The IT department had easy access to actionable insights into threat traffic and web activity. Reports could be generated and viewed with two clicks of the mouse, The IT department liked using the solution, and further, an enormous amount of time was saved, and costs were slashed.

“WebTitan immediately gave us visibility into our users’ traffic. Within days, the UI allowed us to see clear signals of dangerous activity. Thanks to the easily accessible and understandable data available on the WebTitan UI, we have been able to launch investigations more quickly and work on remediation.” Said Russell. “The whole experience with WebTitan has been terrific.”

Benefits Gained from the Switch from Umbrella to WebTitan

By changing from Umbrella to WebTitan, Saint Joseph’s was able to:

  • Have easy access to actionable insights on threats and web activity
  • Remediate issues far more quickly
  • Quickly generate basic and advanced reports
  • Secure data and users more effectively
  • Slash administration and remediation time
  • Reduce the cost of web security by 50%
  • Block thousands more threats per hour

Time to Change from Umbrella to WebTitan?

If you want to gain the above benefits, it could not be simpler. Contact the TitanHQ team to schedule a product demonstration to see just how easier WebTitan is to use. You can also trial WebTitan before you make a decision to confirm the benefits for yourself.  You will get access to the full product in the trial, assistance will be provided to get you up and running, and full support is available through out the trial period.

DNS Filtering for MSPs: Better Protect Your SMB Clients and Improve Your Bottom Line

Why is DNS filtering for MSPs so important? Find out how you can better protect your clients against web-based attacks and the MSP benefits of offering this easy to implement cybersecurity solution.

A recent survey conducted by Spiceworks has revealed that DNS filtering is now considered an essential element of cybersecurity defenses at the majority of large firms. A survey was conducted on companies with more than 1,000 employees which revealed 90% of those firms are using a solution such as a DNS filter to restrict access to the internet to protect against malware and ransomware attacks.

89% of firms use DNS filters or other web filtering technology to improve productivity by blocking access to sites such as social media platforms, 84% of firms block access to inappropriate websites, and 66% use the technology to avoid legal issues.

Given the risk of a malware or ransomware download over the Internet and the high cost of mitigating such an attack, it is no surprise that so many large firms are using web filtering technology to reduce risk.

Why DNS Filtering is so Important for SMBs

Phishing attacks and ransomware/malware downloads are major risks for large businesses, but SMBs face the same threats. SMBs are also less likely to have the resources to cover the cost of such an attack. For example, the average cost of a ransomware attack on an SMB is $46,800, according to Datto, and many SMBs fold within 6 months of experiencing a data breach.

DNS filtering is an important control to prevent malware and ransomware attacks over the Internet, both by blocking downloads and preventing employees from visiting malicious websites where malware is downloaded. Web filters are also essential as part of phishing defenses.

According to the Spiceworks survey, 38% of organizations have experienced at least one security incident as a result of employee Internet activity. By restricting access to certain categories of website and blocking known malicious websites, SMBs will be much better protected against costly attacks.

Add to that the amount of time that is lost to casual internet surfing and web filtering is a no-brainer. 28% of employees waste more than 4 hours a week on websites unrelated to their work, but the percentages rise to 45% in mid-sized businesses and 51% of employees in small businesses.

There is no latency with DNS filtering, plus controls can be implemented to restrict certain bandwidth heavy activities to improve network performance.

DNS Filtering for MSPs – The Ideal Web Filtering Solution

DNS web filtering is a low-cost cybersecurity solution that actually pays for itself in terms of the productivity gains and the blocking of cyber threats that would otherwise lead to data breaches. Further, in contrast to appliance-based web filters, DNS filtering requires no hardware purchases or software installations which means no site visits are required. DNS filtering can be set up for clients remotely in a matter of minutes.

DNS filtering is ideal for MSPs as it is hardware and software independent. It doesn’t matter what devices and operating systems your clients have because DNS filtering simply forwards web traffic to a cloud-based filter without the need to install any clients or agents on servers or end points.

TitanHQ’s DNS filtering for MSPs has a low management overhead, so there is little in the way of ongoing maintenance required. A full suite of customizable reports can be automatically generated and sent to clients to show them what threats have been blocked, and who in the organization has been trying to access restricted content, and the employees who are the biggest drain on network performance.

MSPs can easily add in web filtering to existing security packages to provide greater value or offer web filtering as an add-on service to generate extra, recurring monthly revenue and attract more business.

If you are yet to offer web filtering to your clients, call TitanHQ today for more information on our DNS filtering for MSPs and for further information on the MSP Program program.

New HookAds Malvertising Campaign Redirects to Sites that Deliver Banking Trojans, Info Stealers and Ransomware

One of the ways that threat actors install malware is through malvertising – The placing of malicious adverts on legitimate websites that direct visitors to websites where malware is downloaded. The HookAds malvertising campaign is one such example and the threat actors behind the campaign have been particularly active of late.

The HookAds malvertising campaign has one purpose. To direct people to a website hosting the Fallout exploit kit. An exploit kit is malicious code that runs when a visitor lands on a web page. The visitor’s computer is probed to determine whether there are any vulnerabilities – unpatched software – that can be exploited to silently install files.

In the case of the Fallout exploit kit, users’ devices are checked for several known Windows vulnerabilities. If one is identified, it is exploited and a malicious payload is downloaded. Several malware variants are currently being delivered via Fallout, including information stealers, banking Trojans, and ransomware.

According to threat analyst nao_sec, two separate HookAds malvertising campaigns have been detected: One is being used to deliver the DanaBot banking Trojan and the other is delivering two malware payloads – The Nocturnal information stealer and GlobeImposter ransomware via the Fallout exploit kit.

Exploit kits can only be used to deliver malware to unpatched devices, so businesses will only be at risk of this web-based attack vector if they are not 100% up to date with their patching. Unfortunately, many businesses are slow to apply patches and exploits for new vulnerabilities are frequently uploaded to EKs such as Fallout. Consequently, a security solution is needed to block this attack vector.

HookAds Malvertising Campaign Highlights Importance of a Web Filter

The threat actors behind the HookAds malvertising campaign are taking advantage of the low prices offered for advertising blocks on websites by low quality ad networks – Those often used by owners of online gaming websites, adult sites, and other types of websites that should not be accessed by employees. While the site owners themselves are not actively engaging with the threat actors behind the campaign, the malicious adverts are still served on their websites along with legitimate ads. Fortunately, there is an easy solution that blocks EK activity: A web filter.

TitanHQ has developed WebTitan to allow businesses to carefully control employee Internet access. Once WebTitan has been installed – a quick and easy process that takes just a few minutes – the solution can be configured to quickly enforce acceptable Internet usage policies. Content can be blocked by category with a click of the mouse.

Access to websites containing adult and other NSFW content can be quickly and easily blocked. If an employee attempts to visit a category of website that is blocked by the filter, they will be redirected to a customizable block screen and will be informed why access has been prohibited.

WebTitan ensures that employees cannot access ‘risky’ websites where malware can be downloaded and blocks access to productivity draining websites, illegal web content, and other sites that have no work purpose.

Key Benefits of WebTitan

Listed below are some of the key benefits of WebTitan

  • No hardware purchases required to run the web filter
  • No software downloads are necessary
  • Internet filtering settings can be configured in minutes
  • Category-based filters allow acceptable Internet usage policies to be quickly applied
  • An intuitive, easy-to-use web-based interface requires no technical skill to use
  • No patching required
  • WebTitan Cloud can be applied with impact on Internet speed
  • No restriction on devices or bandwidth
  • WebTitan is highly scalable
  • WebTitan protects office staff and remote workers
  • WebTitan Cloud includes a full suite of pre-configured and customizable reports
  • Reports can be scheduled and instant email alerts generated
  • Suitable for use with static and dynamic IP addresses
  • White label versions can be supplied for use by MSPs
  • Multiple hosting options are available
  • WebTitan Cloud can be used to protect wired and wireless networks

For further information on WebTitan, for details of pricing, to book a product demonstration, or register for a free trial, contact the TitanHQ team today.

Further information on WebTitan is provided in the video below: