Our news items relating to network security have a very common theme running through them – too many companies are ill-prepared against online threats and vulnerabilities. The failure of organizations to optimize their online defenses – and train their employees on network security – is demonstrated by the huge number of systems that get infected.
A considerable number of network infections are the result of employees downloading infected software onto their computers and mobile devices without authorization. This scenario would be avoided – and network security improved generally – with the implementation of an Internet content filter. Speak with us for more information.
A new phishing campaign has been detected that uses Google Drive links to avoid detection by Office 365 Exchange Online Protection and ensure messages are delivered to inboxes.
The emails, reported through Cofense Intelligence, impersonated the CEO of the company who was attempting to share an important document. The document had been shared via Google Drive and came with the message, “Important message from – CEO.”
Google Drive allows files and collaboration requests to be easily sent to other individuals. The account holder chooses who to share a file with and the system generates an email alert containing a link to the shared file.
In this case, the name of the CEO was correct, but the email address used was different to the format used by the company. While this is a clear sign that the emails are not what they seem, some employees would likely be fooled by the message.
Importantly, the messages are not detected as malicious by EOP and are delivered to inboxes. A scan of the message would reveal nothing untoward, as the embedded URL is a legitimate shared link to a genuine cloud service operated by Google.
The shared document itself is not malicious, but it does link to another Google Docs document and a phishing URL. Any anti-phishing solution that only assesses the embedded hyperlink in the email to determine whether it is malicious would allow the email to be delivered. Only a deeper inspection would reveal the true nature of the URL.
If the link is visited by an end user, a fake login window is presented. If login credentials are entered, they are captured and stored on the attacker’s server.
This campaign highlights the importance of multi-layered anti-phishing defenses and the risks of relying on EOP to provide protection against phishing attacks.
An advanced spam filtering solution should be implemented on top of Office 365 to provide greater protection from phishing and other email-based attacks. This will ensure more sophisticated phishing attacks are blocked.
If a malicious message is delivered and a link is clicked, the connection to the malicious webpage could be blocked using a web filtering solution.
WebTitan is a DNS-based content filtering solution that serves as an additional layer in organization’s anti-phishing defenses. Should an attempt be made by an employee to visit a malicious website or suspicious domain, the attempt would be blocked before any content is downloaded. WebTitan assesses each website when the DNS query is made. Malicious websites and those that violate an organization’s content control policies are blocked.
To find out more about how a DNS filter can improve your defenses against phishing attacks and malware downloads, contact TitanHQ today.
There has been a spate of ransomware attacks on cities, municipalities, mayor’s offices, and local government facilities in recent weeks.
The latest attack was on La Porte County in Indiana. The attack started on July 6, 2019, but prompt action by the IT department allowed the ransomware to be contained. That rapid response meant only 7% of the laptops used by the county were affected. However, two domain controllers were also affected and that rendered the network unavailable.
Experts were brought in to try to restore files from backups and bring the network back online, but those attempts failed as the backup servers had also been infected with the ransomware. La Porte County was left with no alternative other than to pay the ransom demand. The Bitcoin ransom equated to around $130,000, $100,000 of which was covered by an insurance policy.
This attack involved Ryuk ransomware – The same ransomware variant that was used in the attack on Lake City in Florida on June 10, 2019. For Lake City, Ryuk ransomware was delivered by the Trickbot Trojan, which was in turn deployed by the Emotet Trojan. Lake City paid approximately $500,000 to the attackers to obtain the keys to unlock the encryption. Riviera Beach in Florida was also attacked and paid a ransom of around $600,000.
These are just three cases out of several recent attacks. Those three attacks alone have resulted in more than $1,200,000 being paid to cybercriminals. That sends a very clear message to other cybercriminals that these attacks can be extremely profitable. That is the reason the FBI advice is never to pay.
2018 saw a decline in ransomware attacks as cybercriminals pursued other strategies for attacking businesses, but ransomware is now certainly back in favor and is being used in an increasing number of attacks.
Something that several of the targets in the recent ransomware campaigns have in common is they are relatively small cities that have limited resources to devote to cybersecurity. They have hardware and software that has reached end of life and, due to limited funds, security gaps have started to appear.
Riviera Beach, for instance, is a city of 35,000 people with limited resources. It had recently undergone a period of turmoil in management, had suffered scandals, and during the upheaval its cybersecurity contract had been allowed to lapse. That left the door wide open to attack.
These attacks have proven incredibly costly, yet they could have been prevented with a very small spend on a select number of security solutions. The attacks on Rivera Beach and Lake City could have been prevented with an advanced email security solution such as SpamTitan. The ransomware was installed in both of these attacks as a result of employees opening malware-infected email attachments.
SpamTitan incorporates dual anti-virus engines to detect malicious software and a Bitdefender-powered sandbox for deep analysis of suspicious email attachments. SpamTitan incorporates DMARC email authentication to counter email impersonation attacks and a host of other anti-spam and anti-phishing controls.
SpamTitan can be deployed as a gateway solution on existing hardware or as a cloud-based solution, and can be easily layered on top of Office 365 to improve protection against phishing and ransomware attacks.
Further, the cost of protection against ransomware and phishing attacks is likely to be much lower than you think. For more information, contact TitanHQ today.
There has been a spate of ransomware attacks on cities and government agencies in recent months and the healthcare industry sees more than its fair share of attacks, but they are not the only industries being targeted.
Schools, colleges, and universities are prime targets for hackers and ransomware attacks are common. One recent attack stands out due to its scale and the massive ransom demand that was issued. The attackers demanded $2 million (170 BTC) for the keys to unlock the encryption.
Monroe College in New York City was attacked at 6:45am on Wednesday, July 10, 2019. The ransomware quickly spread throughout the network, shutting down the computer systems at its campuses in Manhattan, New Rochelle and St. Lucia and taking down the college website.
The college has switched to pen and paper and is finding workarounds to ensure students taking online courses receive their assignments. No mention has been made about whether files will be recovered from backups or if the ransom will need to be paid.
This is one of many recent ransomware attacks in the United States. Ransomware may have fallen out of favor with cybercriminals in 2018, but it now appears to be back in vogue and attacks are rising sharply. So too have the ransom demands.
$2 million is particularly high, but there have been several recent attacks involving ransom demands for hundreds of thousands of dollars. In several cases, the ransom has been paid.
Riviera Beach City in Florida was attacked and was forced to pay a $600,000 ransom to regain access to its files and bring its computer systems back online. Lake City in Florida also paid a sizeable ransom – $500,000. Jackson County was also attacked and paid a $400,000 ransom.
There have been several cases where ransoms have not been paid. The City of Atlanta was attacked and around $51,000 in Bitcoin was demanded. Atlanta refused to pay. Its cleanup bill has already reached $3 million. With such high costs it is clear to see why many choose to pay up.
In all of the above cases, the cost of implementing cybersecurity solutions to protect against the main attack vectors would have cost a tiny fraction of the cost of the ransom payment or the mitigation costs after an attack.
For less than $2 per employee, you can ensure that the email network is secured and you are well protected against web-based attacks. To find out more, call TitanHQ today.
As one ransomware-as-a-service operation shuts down, another is vying to take its place. Sodinokibi ransomware attacks are increasing and affiliates are trying to carve out their own niche in the ransomware-as-a-service operation.
Developing ransomware and staying one step ahead of security researchers is important, but what made the GandCrab operation so successful were the affiliates conducting the campaigns that generated the ransom payments. The GandCrab developers have now shut down their operation and that has left many affiliates looking for an alternative ransomware variant to push.
Sodinokibi ransomware could well fill the gap. Like GandCrab, the developers are offering their creation under the ransomware-as-a-service model. They already have a network of affiliates conducting campaigns, and attacks are on the increase.
As is the case with most ransomware-as-a-service operations, spam email is one of the most common methods of ransomware delivery. One Sodinokibi ransomware campaign has been detected that uses spoofed Booking.com notifications to lure recipients into opening a Word document and enabling macros. Doing so triggers the download and execution of the Sodinokibi payload.
Download websites are also being targeted. Access is gained the websites and legitimate software installers are replaced with ransomware installers. Managed Service Providers (MSPs) have also been targeted. The MSP attacks have exploited vulnerabilities in RDP to gain access to MSP management consoles.
Two cases have been reported where an MSP was compromised and malicious software was pushed to its clients through the client management console. In one case, the Webroot Management Console and the Kaseya VSA console in the other.
Recently, another attack method has been detected. Sodinokibi ransomware is being distributed through the RIG exploit kit. Malvertising campaigns are directing traffic to domains hosting RIG, which is loaded with exploits for several vulnerabilities.
With so many affiliates pushing Sodinokibi ransomware and the wide range of tactics being used, no single cybersecurity solution will provide full protection against attacks. The key to preventing attacks is defense in depth.
TitanHQ can help SMBs and MSPs secure the email and web channels and block the main attack vectors. Along with security awareness training and good cybersecurity best practices, it is possible to mount a formidable defense against ransomware, malware, and phishing attacks.
The excitement is building as DattoCon19 draws ever closer. Starting on June 17, 2019 in San Diego and running for three days, DattoCon19 is an unmissable event for managed service providers (MSPs).
At the conference, attendees benefit from practical advice and best practices to grow their businesses, increase sales, and boost monthly recurring revenue (MRR). A huge range of vendors will be on hand to offer information on exciting products and attendees will have the opportunity to learn strategies to increase business impact growth, boost profitability, and broaden their service stacks.
Sessions will be taken by industry experts and leading MSPs who will share tips and tricks to take back home and apply at the office. On average, attendees at DattoCon achieve 41% sales growth year-over-year as a result of attending the conference.
TitanHQ is sponsoring DattoCon19 and is excited about having the opportunity to meet new MSPs and help them grow their businesses. As a Datto Select Vendor, TitanHQ offers MSPs three cloud-based solutions that can be easily integrated into existing MSPs service stacks: Anti-phishing and anti-spam protection, DNS-based web filtering, and email archiving. All three solutions are available through the TitanShield program for MSPs.
MSPs can meet the TitanHQ team at booth 23 at DattoCon19 to find out more about the TitanShield program and the exciting opportunities for MSPs that work with TitanHQ. TitanHQ will be on hand to help MSPs that support Office 365 to improve protection against phishing attacks and malware. MSPs can also find out more about the TitanHQ threat intelligence that protects Datto DNA and D200 boxes, and how TitanHQ’s DNS filter is a direct swap out for Cisco Umbrella and the cost advantages of doing so.
TitanHQ Executive Vice President-Strategic Alliances, Rocco Donnino, is one of the panel members for the Datto Select Avendors event on Monday. The event brings together experts from different fields to help come up with solutions for some of the major problems faced by MSPs in today’s marketplace.
TitanHQ at DattoCon19
TitanHQ will be at booth 23
Special Show Pricing available
Daily TitanHQ vintage Irish whiskey raffle
TitanHQ and BVOIP are sponsoring a GasLamp District Takeover Party on Monday 6/17 and Wed, 6/19.
DattoCon19 will be taking place in San Diego, California on June 17-19, 2019. If you are not yet registered for the event you can do so here
The leading review website, G2, has published its 2019 Best Software Companies in EMEA list. This is the first time that the company has produced the list, which ranks the best software companies doing business in EMEA based on the feedback provided by users of those products.
G2 is one of the most well-respected business software review websites. Software solutions may appear to tick all the right boxes, but in practice the solutions can be time consuming and difficult to use and fail to live up to expectations. Since the G2 reviews are from registered users of the products, businesses can not only rely on the reviews but can also use them to make smarter buying decisions.
To compile the list, G2 compiled the reviews of over 66,000 users in the software category. More than 900 companies were represented, but only those that performed best in the reviews have made the cut in their respective categories.
TitanHQ has been awarded top spot in the list of the best software companies of 2019 in EMEA.
TitanHQ has developed powerful cybersecurity solutions to meet the needs of businesses and MSPs, but the solutions have also been developed to be easy to use. The solutions are versatile, flexible,and scalable, and can be managed via an intuitive web-based management console with a full reporting suite. A full range of APIs are supplied to allow the solutions to be integrated into existing management software and industry-leading customer support ensures that help is always available to resolve any customer issues.
“TitanHQ is delighted to have been included in the 2019 Best Software Companies in EMEA list. The inclusion shows the value our customers place on the uncompromised security and real-time threat detection we provide,” said Ronan Kavanagh, CEO, TitanHQ. “The overwhelmingly positive feedback from on G2 Crowd is indicative of our commitment to ensuring the highest levels of customer success.”
“With 750,000+ user reviews, 80,000+ products and 1,600+ tech and service categories on G2, TitanHQ’s recognition on the prestigious Best Software Companies in EMEA list is an exceptional achievement: One that can only be earned through the endorsement of its users,” said CEO Godard Abel.
TitanHQ, the leading provider of cloud security solutions for SMBs, has announced a new partner program has been launched to support Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), Cloud Distributors, Wi-Fi Providers, OEM Partners and Technology Alliance Partners..
TitanHQ started its journey in 1999. Initially, the company provided anti-spam solutions to local businesses in Ireland. Over the next two decades, the company expanded its range of products to include DNS filtering and email archiving solutions and is now a leading global player of cloud-based cybersecurity solutions.
While TitanHQ initially focused on meeting the needs of the SMB market, its products have been developed to meet the needs of MSPs. For instance, TitanHQ solutions are available with a range of hosting options, including the ability to host the solution within the MSPs own environment, and they can be provided in white-label form ready to take MSP’s branding.
TitanHQ’s cloud-based solutions have been developed to be easy to implement, use, and manage and are already a firm favorite with MSPs.
To make TitanHQ cloud security solutions even more attractive for MSPs, the existing partner program has been significantly enhanced and relaunched as TitanShield.
The TItanShield Partner Program makes it even easier to offer TitanHQ cloud security products to clients. Partners benefit from access to engineers, a highly capable support team that understands the needs of MSPs, and a dedicated account manager.
Partners have access to APIs to allow them to easily sell, onboard, manage and deliver advanced network security solutions directly to their client base from within their own user interfaces. In addition, partners receive free access to sales and technical resources, deal registration and lead generation resources, and benefit from flexible, volume-based monthly pricing models and profitable margins.
Under the new, enhanced partner program, customers are separated into their specific areas of expertise to ensure that each can be provided with focused information for the markets and customers they serve.
“Our program takes a unique and strategic approach for our partners and can be customized to fit all business models,” said Rocco Donnino, Executive VP of Strategic Alliances at TitanHQ.
If you want to become a highly valued member of the TitanHQ TitanShield Partner Program, enrollment is now open. Call TitanHQ today or email email@example.com for further information.
In our previous post we explained why managed service providers (MSPs) should be offering a web filtering service to their customers and the benefits that can be gained by customers and MSPs alike. In this post we explain what makes WebTitan Cloud the go-to web filtering solution for MSPs and why so many MSPs have chosen TitanHQ as their web filtering partner.
Why WebTitan Cloud is the Best Web Filter for MSPs
One problem MSPs face before they can start offering a web filtering service to their clients is how to incorporate the solution into their service stacks and their existing cloud offerings. While there are many providers of web filtering services, not all solutions have been developed with MSPs in mind. TitanHQ differs in that respect.
TitanHQ’s web filtering solution, WebTitan Cloud, has been developed specifically to meet the needs of MSPs and make it as easy as possible for the solution to be added to their existing cloud offerings. WebTitan Cloud seamlessly integrates within existing workflows regardless of whether MSPs self-host, use AWS, Azure, or other cloud platforms.
How Does WebTitan Cloud Integrate into MSPs Management Systems?
To make integration as easy as possible, TitanHQ uses RESTful API, which allows fast and risk-free integration into MSPs management systems. WebTitan Cloud uses the OAuth 1.0 protocol for authentication and has a full set of keys and secrets in the WebTitan Cloud user interface (UI). Once an MSP has signed up, no further registration or authentication is necessary. The API client provides the appropriate oauth_signature to authorize requests to protected resources.
Overly complex user interfaces are a problem with many cloud-based solutions. With WebTitan Cloud, the UI is made as clean and easy to use as possible. MSPs can remove all elements from the UI that are not required to keep the UI clean and simple. WebTitan Cloud can also be integrated into MSP cloud interfaces to create a better user experience and greater consistency for customers.
Having information at your fingertips is important when customers send in requests or when reports are required on web use and blocking. WebTitan Cloud allows MSPs to create and integrate a full suite of high-level system and customer reports into their own management consoles.
Onboarding new customers is also a quick and simple process, which can be integrated into current MSP on-boarding processes. New customer accounts can easily be created (or deleted) from within an MSP’s own UI, in addition to performing updates and listing all current customer accounts.
MSPs can connect to WebTitan Cloud to manage their customers settings, including locations, whitelists, and blacklists. Customers that would prefer to manage their own settings can perform a limited number of operations themselves using APIs. Since WebTitan Cloud is available in a full white label, customers who do access their own settings can be given a UI with MSP branding rather than TitanHQ’s to maintain consistency and help reinforce the MSPs brand.
TitanHQ also operates an extremely competitive pricing strategy with generous margins for MSPs and aligned monthly billing cycles through the TitanShield MSP Program.
If you have yet to start offering web filtering to your clients as part of your service stack or if you are unhappy with your current provider’s product, contact TitanHQ today and as about becoming a member of the TitanShield MSP Program. Product demonstrations can also be scheduled on request.
A web filtering service allows Managed Service Providers (MSPs) to better protect their clients from accidental malware downloads and phishing attacks while improving their bottom lines. Further, by preventing phishing attacks and malware infections, they can reduce the amount of time they spend fighting fires. For busy MSPs, the latter will be especially beneficial.
Why is Web Filtering Important?
There are several reasons why MSP clients will benefit from a web filtering service. First and foremost, a web filter will help to prevent their customers’ employees from visiting phishing websites and malicious URLs. Most phishing attacks start with a phishing email, so a powerful spam filtering solution is essential. While commercial spam filters such as SpamTitan will block more than 99% of spam and phishing emails, additional protections are required to protect against the 1% that bypass spam defenses.
Naturally end user security awareness training will help in this regard, but as the 2018 Verizon Data Breach Investigations Report shows, 30% of delivered phishing messages are opened by end users and 12% of those users also click on malicious links in the messages.
A web filter is an additional layer of anti-phishing and anti-malware defenses that kicks in when malicious links are clicked and when end users attempt to visit other malicious sites while browsing the Internet. With a web filter in place, when an employee attempts to access a malicious web page, that attempt will be blocked before any content is downloaded. Instead of displaying the web page, a block page will be displayed.
Web filters also allow companies to carefully control the types of content their employees can access. This allows them to enforce acceptable internet usage policies with ease. Employers can prevent their employees from accessing NSFW content such as pornography, illegal content and, if tighter controls are required to improve productivity, other categories of web content such as dating sites, social media networks, gambling sites, and gaming sites.
With a web filter in place, security and productivity can both be quickly improved and the gains in both of those areas is likely to more than pay for the cost of the web filtering package provided by their MSP.
Cloud Based Web Filtering Solutions for MSPs
Convincing customers to implement a web filtering solution should be straightforward given the number of phishing attacks that are now being conducted and the cost of mitigating phishing attacks and malware infections. The cost of web filtering is tiny by comparison.
For MSPs, cloud-based filtering solutions are the natural choice. They can be implemented in minutes once a customer request has been received, no hardware is required, there is no software to install, and patching is handled by the service provider. All that is required from the MSP is a brief set up and configuration for each customer and ongoing management and reporting.
However, not all cloud-based web filtering solutions make set up, management and reporting simple. WebTitan Cloud differs in this respect. Not only does the solution offer excellent protection, the solution has been developed specifically with MSPs in mind. The ease of integration into MSP’s back-end systems and management has made WebTitan Cloud the go-to web filtering solution for MSPs.
In our next post we will explain how WebTitan Cloud differs from other web filtering solutions, why it is the easiest solution for MSPs to integrate into their existing cloud offerings, and how TitanHQ makes getting started, provisioning new customers, and managing customer accounts a quick and easy process requiring the minimal management overhead.
For many people, Game of Thrones Season 8 is the TV highlight of the past 12 months, but not all fans of the series are keen to pay for the channel to watch the latest installments of this hugely popular series.
Some fans are turning to P2P file sharing sites to download the latest episodes, but hackers are ready and waiting. Many illegal video files of Game of Thrones episodes have been embedded with malware, most commonly adware and Trojans.
Research from Kaspersky Lab revealed Trojans to be the most common form of malware to be embedded in rogue video files. A third of all fake TV show downloads that have been impregnated with malware include a Trojan.
When one of these infected files is opened after it has been downloaded, the Trojan is launched and silently runs in the background on the infected device.
Many of the Trojans embedded into video files are brand new. These zero-day malware variants are not detected by traditional AV solutions as their signatures are not present in malware definition lists. That means malware infections are likely to go undetected. When signatures are updated, the malware may continue to run until a full system scan is completed. Either way, during the time that the malware is active it could be collecting a range of sensitive data including usernames and passwords.
Malware can also be installed that gives the attacker access to an infected device and the ability to run commands, change programs, download further malware variants, and add the infected device to a botnet.
File sharing websites offer an easy way of distributing malware. Users of the platforms voluntarily download the files onto their computers. However, only a small percentage of internet users visit P2P file sharing sites. Hackers therefore have turned to other methods to get users to execute their infected video files.
Prior to the release date of Game of Thrones Season 8, offers of free access to the TV show were being distributed via email. Campaigns were also detected offering episodes in advance of the release date to tempt GOT fans into installing malicious software or visiting malicious websites.
It is no surprise that fake Game of Thrones video files have been embedded with malware, given the huge popularity of the show. However, Game of Thrones fans are not the only people targeted using this tactic of malware distribution. In the past few months, malware has been detected in fake videos files claiming to be the latest episodes of the Walking Dead, Suits, and the Vikings to name but a few.
Some people feel the risk of a malware infection from downloading pirated video files to be low, or they do not even consider the risks. That is bad news for businesses. When employees ignore the risks and download illegal files at work, they risk infecting their network with malware.
The easiest solution to prevent illegal downloads at work and the visiting of other malicious websites is to use a web filtering solution. A web filter – WebTitan for instance – can be configured to prevent users from accessing file sharing and torrents websites. WebTitan uses a continuous stream of ActiveWeb URLs from over 550 million end users, which provides important threat intelligence to TitanHQ’s machine learning technology. This allows new, malicious URLs to be identified, and users are then prevented from visiting those malicious URLs.
Blocking email attacks is simple with SpamTitan. SpamTitan blocks 99.97% of spam emails to prevent malicious messages from reaching end users, including messages offering free access to Game of Thrones and other TV shows. In addition to dual AV engines to protect against known malware, SpamTitan also now has a sandboxing feature. Suspicious attachments can be safely executed and analyzed in the sandbox to identify potentially malicious actions. The sandboxing feature provides superior protection against zero-day malware which AV software does not block.
With both of these solutions in place, businesses will be well protected against malware, ransomware, botnets, viruses, and phishing attacks.
Each solution is available with a range of different deployment options to suit the needs of all businesses. For a product demonstration and further information, contact the TitanHQ team today.
Supply chain attacks allow cybercriminals to attack businesses through weak links in the supply network. Smaller companies are attacked, which gives hackers access to larger and better secured businesses: Businesses that would be harder to attack directly.
This attack method was used to spread NotPetya malware in Ukraine. A software supply company was breached which allowed the malware to be spread to the software supplier’s clients. The massive data breach at Target in 2014 was made possible by first attacking an HVAC system provider. The attack allowed hackers to install malware on the Target’s POS system and obtain the credit card numbers of millions of its customers. According to Symantec, supply chain attacks doubled in 2018.
There are many different types of supply chain attacks, but all serve a similar purpose. By attacking one company it is then possible to attack a bigger fish, or in the case of attacks on cloud service providers and managed service providers, a single attack will give a hacker access to the networks of all MSP clients.
Large businesses often have the budgets to hire their own IT and security staff and can implement robust defenses to prevent attacks. Smaller businesses often struggle to recruit security professionals as they are in high demand. With the shortage of skilled cybersecurity staff and an inability to pay the large salaries that skilled cybersecurity professionals demand, SMBs often turn to MSPs to provide those services.
In order to be able to provide those services, managed service providers are given remote access to their client’s networks. Many of the tasks that need to be performed by MSPs require administrative privileges. Managed service providers also hold login credentials to their clients’ routers and cloud accounts. All of those credentials are extremely valuable to hackers.
Given the typical number of clients each MSP has, a successful attack on an MSP could prove very profitable for a hacker. It is therefore no surprise that there has been an increase in cyberattacks on MSPs and CSPs.
While MSPs are usually good at securing their clients’ networks and ensuring they are well protected, they also need to ensure their own house is in order. Patches must be applied promptly, vulnerabilities must be addressed, and security solutions must be put in place to protect MSPs systems.
MSP staff should be security aware, but when they are busy resolving their clients’ problems, mistakes can easily be made such as responding to a well-crafted spear phishing email. All it takes is for one MSP employee to respond to such an email for a hacker to gain a foothold in the network.
Naturally, security awareness training should be provided to all MSP employees and security solutions need to be deployed to protect against email and web-based attacks.
This is an area where TitanHQ can help. TitanHQ’s anti-spam solution, SpamTitan, offers advanced protection against phishing and spear phishing attacks. A recent update has also seen DMARC email authentication and sandboxing features added to better protect users from phishing and malware attacks.
TitanHQ’s DNS-based content filtering solution further enhances protection against phishing attacks and prevents MSP employees from visiting malicious websites. Being DNS-based, malicious websites are blocked before any content can be downloaded.
In addition to helping MSPs protect their own networks, both solutions are ideal for MSPs to offer to their SMB clients and have been developed to perfectly meet the requirements of MSPs.
If you are an MSP and you have yet to implement a web filter or you are looking for an advanced spam filtering solution for you or your clients, give the MSP team at TitanHQ a call today to find out more about both solutions and how they can protect your business and better protect your clients.
Traditional email security solutions are effective at keeping inboxes free from spam email, but many fall short when it comes to blocking phishing and spear phishing attacks. Cybercriminals are conducting ever more sophisticated campaigns that manage to bypass traditional email security defenses by impersonating legitimate companies and spoofing their domains.
In addition to phishing attacks that attempt to obtain sensitive information, email is often used to spread malware, ransomware and botnets. Traditional anti-virus solutions are effective at blocking known malware threats, but signature-based AV solutions are not effective at blocking never-before-seen malware variants.
Today, new malware variants are being released at record pace. To block these zero-day malware attacks, an advanced email security solution is required which does not rely on signatures to identify malicious file attachments.
SpamTitan was already a powerful email security solution for SMBs and MSPs serving the SMB market and was capable of blocking sophisticated phishing emails and new malware threats. However, new features have now been added that improve detection rates further still and provide superior protection against zero-day malware and phishing attacks that spoof legitimate domains.
TitanHQ has updated SpamTitan to include a DMARC email authentication feature which is capable of detecting and blocking spoofed emails to better protect users from sophisticated phishing attacks.
To better protect against malware, ransomware, botnets, and zero-day attacks, TitanHQ has incorporated a new Bitdefender-powered sandboxing feature into SpamTitan. Email attachments that pass standard checks are safely detonated in the sandbox and are analyzed for malicious activity. The sandboxing feature provides an additional layer of security and greatly enhances protection against malicious attachments. This feature also helps to ensure that more legitimate emails and attachments are delivered to end users.
To explain how these new features work and the benefits to users, TitanHQ is running a webinar. In the webinar, TitanHQ will cover the new features in detail and will explain how SpamTitan can protect against the full range of email-based threats.
Date: Thursday, April 4, 2019
Time: 12pm, EST
The webinar will last 30 minutes and advance registration is necessary.
A new report has confirmed the need for robust, multi-layered cybersecurity protections for SMBs to prevent successful cyberattacks. SMBs are increasingly being targeted by cybercriminals as security is often weak and attacks are easy to pull off.
While large corporations are an attractive target for cybercriminals, large corporations tend to have mature cybersecurity programs and they are usually very well protected. A successful attack could prove extremely profitable but breaking through the cybersecurity defenses of large corporations is difficult and attacks can be extremely time consuming and labor intensive.
Cybercriminals often choose the path of least resistance, even though the potential for profit may not be so high. Cyberattacks on SMBs are much easier and hackers are concentrating their efforts on SMB targets. This was clearly demonstrated in the latest cybersecurity report from Beazley Breach Response (BBR) Services.
BBR Services analyzed all of the data breaches that it investigated in 2018. 9% of the successful attacks involved ransomware and 71% of those ransomware attacks were on SMBs. The healthcare industry suffered the highest number of ransomware attacks, and accounted for one third of successful attacks. Companies in the professional and financial services sectors accounted for 12% of ransomware attacks each, followed by the retail industry with 8% of attacks.
The costs of those ransomware attacks can be considerable. If companies are unable to recover data from backups, a sizable ransom must be paid to recover encrypted data. In 2018, the average ransom demand was $116,400 and the median ransom demand was $10,310. One client was issued a ransom demand of $8.5 million. The highest ransom demand paid was $935,000.
Massive demands for payment for the keys to unlock encrypted files may not be the norm, but even at the lower end of the spectrum SMBs may struggle to find the money to pay. The ransom demand is also likely to be considerably higher than the cost of cybersecurity protections for SMBs to prevent ransomware attacks.
One of the main ways that hackers gain access to the networks of SMBs is by exploiting flaws in Remote Desktop Protocol. SMBs that leave RDP ports open are at a much higher risk of being attacked. RDP is required by many SMBs because they outsource IT to managed service providers, which need to use RDP to access their systems. In such cases it is essential for default RDP ports to be changed and for very strong passwords to be implemented to reduce the risk of brute force attacks succeeding.
There was also an increase in sextortion scams in 2018. These scams attempt to extort money by threatening to expose victims’ use of adult websites. While these scams usually contain empty threats, they are often successful. In addition to attempting to extort money, the scams are used to install malware or ransomware. Email attachments are sent which claim to contain videos of the victim accessing adult websites, which the scammers claim to have been recorded using the computer’s webcam. When the files are opened to be checked, malware or ransomware is installed.
2018 also saw a 133% increase in Business Email Compromise attacks. These attacks spoof the email address of a senior executive to make the emails and requests seem more plausible. These scams are usually conducted to obtain sensitive information or to get employees to make fraudulent wire transfers. BEC attacks accounted for 24% of all breaches investigated by BBR Services in 2018.
One of the most important cybersecurity protections for SMBs to implement to prevent these attacks is an advanced email filtering solution – One that is capable of detecting spoofed emails. SpamTitan, TitanHQ’s cloud-based spam filtering solution, has recently been updated to include DMARC authentication to detect email impersonation attacks such as BEC scams. The solution also now includes a new sandboxing feature that allows potentially malicious attachments to be analyzed in detail in the sandbox where no harm can be caused. This helps to identify more malicious attachments and better protect SMBs from zero-day malware and other malicious files.
TitanHQ’s powerful cybersecurity protections for SMBs can greatly improve email security and block a wide range of web-based attacks. For further information on effective cybersecurity protections for SMBs to deploy to improve security posture and block costly attacks, contact TitanHQ today.
TitanHQ has announced its award-winning anti-spam solution, SpamTitan, has been updated and now has two powerful new features to better protect users from phishing, spear phishing, malware, ransomware, botnets, and APT threats.
SpamTitan has long been the go-to solution for SMBs to improve email security and the solution is popular with managed service providers serving the SMB market. SpamTitan is quick and easy to install, simple to use, and provides excellent protection against a wide range of email threats.
As email threats have become more sophisticated and zero-day attacks and new malware variants have skyrocketed, new features are needed to keep end users protected.
To maintain pace and better protect SpamTitan users, two important new features have now been rolled out with the latest release of SpamTitan: Sandboxing and DMARC authentication.
Sandboxing Feature Added to SpamTitan Product Suite
Blocking known threats is one thing, but detecting and blocking brand new threats that evade AV solutions is another matter, yet businesses need protection from these zero-day threats as well. SpamTitan already incorporates a range of mechanisms to detect these new threats but the latest feature takes protection to the next level.
SpamTitan now incorporates a new next-gen sandboxing feature. The Bitfedender-powered sandbox is a virtual environment that is totally separate from other systems. When an email is sent to a SpamTitan user, the message will be subjected to a range of checks to determine whether it is genuine, benign, and should be delivered or if it is malicious and needs to be rejected. If the message contains a suspicious attachment that is not picked up as a threat from those checks, it is sent to the sandbox.
The SpamTitan sandbox service has been designed to appear as a normal endpoint. Malicious files are opened or executed in the sandbox and any malicious code is run as it would on a standard machine. Its actions are logged and subjected to an in-depth analysis, including its self-protection mechanisms and attempts to evade detection. All actions are then assessed by advanced machine learning algorithms and the results of the analysis are then checked against a wide range of online repositories.
Opening potentially malicious files on an endpoint is dangerous, but in the isolated sandbox all risks are eliminated. Once the analysis is complete, which takes just a few minutes, if the file is determined to be benign it will be released and can be delivered to the end user. If it is malicious, the sandbox solution will automatically report the file to Bitdefender’s cloud threat intelligence service. That threat will then be blocked for all SpamTitan users, so the file will not need to be analyzed again.
This new feature greatly increases detection of elusive threats, provides end users with even greater protection, and it also helps to ensure that more genuine messages are delivered.
Businesses that want sandboxing technology usually need to purchase a separate solution. With SpamTitan, advanced emulation-based malware analysis is provided free of charge.
DMARC Email Authentication Now Included in SpamTitan
Email impersonation attacks are a major threat. They abuse trust in a known contact, company, or government organization to fool end users into taking a specific action – disclosing sensitive information, installing malware, or visiting a phishing webpage, for instance.
While SpamTitan already incorporates several mechanisms to identify email impersonation attacks, DMARC authentication has now been added to block even more threats. DMARC is a powerful tool for identifying the true sender of an email to determine if that individual is authorized to use a particular domain.
Detailed checks of the email header are performed and the sender is checked against DMARC records. If the checks are passed, the message can be delivered. If DMARC authentication fails, the message is rejected.
The new anti-spoofing feature protects SMBs and MSPs against data loss, date breaches, zero-day threats, and highly sophisticated email threats, while the sandboxing feature protects against malware, advanced persistent threats (APTs), malicious URLs, and offers insight into new threats to help mitigate risks.
Both of these features have been made available to current and new TitanHQ customers at no extra charge.
The threat of malware downloads from visiting adult websites has long been thought to be a major risk; however, not all studies on the subject have demonstrated that the risk is any higher than visiting other types of websites. The owners of adult websites, as legitimate business owners, have a vested interest in keeping their sites malware free.
However, new research from Kaspersky suggests the threat of malware downloads from visiting adult websites is real, and adult-themed phishing attacks increased in 2018.
Is There a High Risk of Malware Downloads from Visiting Adult Websites?
According to its latest report, there is a real risk of malware downloads from visiting adult websites. Naturally for consumers who visits adult websites, the risk is theirs to take. For businesses however, risks taken by employees can prove incredibly costly.
One of the major stories to be covered in the media on this theme in 2018 involved a government employee with a prolific thirst for such content. He was discovered to have accessed more than 9,000 adult websites and had inadvertently downloaded malware onto his work computer and the network. After visiting so many sites, that is perhaps understandable, but there have been many such malware downloads from far less prolific surfing of adult sites.
Kaspersky Lab’s research indicates that most malware downloads from malicious websites involves malware disguised as videos. Oftentimes, users are required to download a supposedly benign but malicious file in order to access the video.
Cybercriminals are also using black-hat techniques to poison the search results and get malicious sites appearing high up in the listings. The top 20% of porn-related search terms accounted for 80% of malware disguised as porn. Kaspersky’s tracking indicated 87,227 users had downloaded malware-disguised as porn and 8% of those did so via their work network.
The use of these porn tags is also common to get users to download non-malware threats such as adware and downloaders, although the latter are often capable of downloading much more malicious files. While the number of these attacks decreased by 36% year-over-year, attacking people searching for adult content is still common.
The most common threats associated with adult content were Trojan downloaders (45%) and Trojans (20%), followed by adware (9%) and worms (8%).
Adult-Themed Phishing Attacks Increased by 1,000% in Q4, 2018
While it was previously uncommon for phishing scams to use porn as a lure, that changed in 2018. It is still common for cybercriminals to use impersonate or create fake hookup sites to lure people into divulging credentials but there was also a 1,000% increase in phishing attacks using websites that masquerade as porn websites. Most commonly these were spoofed versions of the top 10 adult sites on the web. The rise in these types of phishing scams could be indicative of a trend that will grow in 2019.
The research shows that malware downloads from visiting adult websites is still a risk and the threat from adult-themed phishing attacks has grown at an alarming rate. Businesses should take note and take steps to limit risk.
The easiest way to do that is with a DNS web filter – A solution that allows businesses to carefully control the web content that can be accessed on work devices and via their wireless networks. With a DNS web filtering solution in place, businesses can block access to adult websites, commonly spoofed hookup and dating sites, and web-based phishing threats.
Not only will a DNS web filter provide protection against phishing, ransomware, and malware downloads, by blocking access to these adult sites, legal liability can be reduced and staff issues can be avoided.
If you have yet to start filtering the internet and preventing your users from accessing adult websites, other NSFW web content, and sites that are a drain on productivity, TitanHQ can help.
For a very low cost, businesses can protect all users of their wired and wireless networks and block a wide range of web-based threats. MSPs can also start providing filtered internet service to better protect their clients.
For further information, contact TitanHQ today and ask about WebTitan Cloud and WebTitan Cloud for WiFi – TitanHQ’s award winning web filtering solution for businesses.
TitanHQ has launched a busy campaign of MSP roadshows and conferences with two Valentine’s Day events in London and Tampa, Florida.
Over the coming five months, the TitanHQ team will be attending 15 events in Ireland, the Netherlands, the UK, and the USA, and will be meeting with managed service providers (MSPs), Wi-Fi providers, ISPs, and technology partners to introduce and explain about TitanHQ’s award-winning suite of email security, web filtering, and email archiving solutions.
The 2019 roadshow campaign started in London where Alliance Manager Eddie Monaghan met with current and prospective MSP partners at the IT Nation Q1 EMEA Meeting. Eddie will be at the event all week and will be discussing TitanHQ’s MSP solutions and finding out more about what is happening in the MSP world. TitanHQ has learned a great deal since joining the IT Nation community two years ago and has really enjoyed the experience thus far.
TitanHQ Alliance Manager, Eddie Monaghan
On the other side of the Atlantic, Alliance Manager Patrick Regan has been meeting with MSPs from Florida and beyond at the TitanHQ-sponsored Datto Roadshow in Tampa. Since joining the Datto community as a strategic partner, TitanHQ has worked closely with Datto MSP partners helping them to integrate email security, DNS filtering, and email archiving into their product offerings and providing tips and tricks to help them to get the most out of the products.
TitanHQ has been increasing its technology partners over the past year and is now working closely with industry giants Comcast, BitDefender, Microsoft, Kaseya, and ViaSat and is a proud member of IT Nation (HTG Peer Groups), Datto Roadshows, COMPTIA, and ASCII.
From humble beginnings as an indigenous Irish company providing anti-spam appliances to the local market, over the following 20 years TitanHQ has developed an innovative range of cloud-based solutions and has matured into a global provider of network security solutions for enterprises, SMBs, and MSPs. TitanHQs award-winning cybersecurity solutions are now offered by a network of more than 1,500 MSP partners and have been adopted by several thousand businesses in 200 countries around the globe.
The TitanHQ product suite has been developed to meet the exacting needs of MSP partners and are delivered via the TitanShield Program. The products help MSPs to protect themselves and their clients, while saving valuable time and effort by blocking threats at source before they can cause any harm.
TitanHQ’s spam filtering solution – SpamTitan – and web filtering solution – WebTitan – help MSPs keep their clients protected from malware, ransomware, viruses, botnets, phishing attacks and other email and web-based threats.
The cloud-based solutions are easy for MSPs to slip into their service stacks to build a high-margin security practice offering clients world-class network security services.
If you are already a TitanHQ TitanShield partner or want to find out more about the MSP program and TitanHQ products, be sure to attend one of the upcoming events and come and meet the TitanHQ team.
We look forward to meeting you at one of the upcoming roadshow events in 2019.
Web filtering at multiple locations can be a headache but it is a necessity. Human error can easily result in an email account breach, malware download, or ransomware attack. Every employee is a potential security risk, so it is important for controls to be implemented to reduce the risk of mistakes leading to a costly security incident.
One of the main ways that data breaches occur is through phishing. The web pages used in phishing attacks host phishing kits that collect login credentials and send them to the scammers. The web pages usually contain identical copies of the login boxes used by the likes of Microsoft Office 365, Google, and Facebook. The web pages are incredibly realistic and can be difficult for employees to identify as malicious.
Hyperlinks in emails also direct employees to websites containing exploit kits which probe for vulnerabilities and silently download malware. A user could visit a website for a couple of seconds, yet still trigger a malware download. Even general web surfing can see users redirected to malicious websites.
The solution is to implement a web filter. A web filter allows businesses to control the web content that users can visit, and it also blocks access to malicious web sites.
Web Filtering at Multiple Locations
While a web filter is easy to implement on premises, protecting mobile workers and multiple offices can be more of a challenge. Traditionally, web filters were physical appliances through which all Internet traffic flowed. Rules were applied to the appliance to control what sites can be visited by employees.
One of the main disadvantages when web filtering multiple locations, is a separate appliance needs to be used at each location. Not only is this costly, installing and maintaining the appliance requires technicians to be available on site. For many businesses running multiple offices, IT is managed remotely. IT staff are not available at each site. An appliance-based filter at each site is far from ideal.
An alternative is to backhaul Internet traffic to the corporate office, but this has a major impact on Internet speed. The latency issued can cause major problems for remote offices so this option is also not ideal.
The best solution is a cloud-based DNS web filter. A DNS web filter can be applied, configured and maintained remotely without the need for site visits or on-site support staff. No hardware is required and no software needs to be downloaded. All that is required is for a change be made to internal DNS servers or DNS settings.
Not only does this approach eliminate the need for any costly hardware purchases, with a cloud-based DNS filter there is no latency. The DNS-filter can be applied for all locations and managed through a single web-based interface. Controls can also be applied for different locations via an AD/LDAP client.
A cloud-based DNS filter is ideal for web filtering multiple locations, but what about protecting employees on the move? When employees travel for business, their mobile devices similarly need to be protected. A DNS filter can protect those employees online no matter where they access the Internet without the need to backhaul traffic.
Cloud-based DNS web filters are also the ideal solution for managed service providers (MSPs) who want to offer web filtering to their clients. The filters are highly scalable, and they offer multitenant management for MSPs and allow all clients settings to be configured and managed through a single pane of glass. Separate polices can be applied for each clients and reports can be easily generated. There is no need for any site visits, no need for patching, and web filtering can be offered no matter where the client is based.
WebTitan Cloud – Web Filtering Multiple Locations Made Simple
TitanHQ is a leading provider of DNS-based web filtering for businesses. WebTitan Cloud is an enterprise-class DNS-based web filtering solution that makes web filtering multiple locations effortless. The solution takes minutes to implement and requires no training to use. All web filtering controls can be applied remotely via an intuitive user interface.
If you run a business in multiple geographical locations, want to protect remote workers, or if you are a managed service provider that wants to add web filtering to your service stack, contact TitanHQ for further information on WebTitan Cloud.
Anatova ransomware is a new cryptoransomware variant that appears to have been released on January 1, 2019. It is stealthy, can infect network shares, has already been used in attacks in many countries around the world. It could well prove to become a major ransomware threat in 2019.
Ransomware has somewhat fallen out of favor with cybercriminals as cryptocurrency mining malware offers greater potential for profit. The development of new ransomware variants has slowed, but new variants are still emerging and the threat from ransomware is not going away any time soon. Ransomware attacks are still profitable for cybercriminals and as long as that remains the case the attacks will continue.
Anatova ransomware was identified and named by security researchers at McAfee. The name was taken from the name on the ransomware note. The previously unknown ransomware variant has been used in at least 10 countries, with over 100 Anatova ransomware attacks identified in the United States, more than 65 in Belgium, and over 40 in France and Germany.
Not only does the ransomware variant employ a range of techniques to avoid detection, infection can cause major damage and widespread file encryption. Further, the modular design allows the developers to easily add new functionality in the future.
Most of the strings in Anatova ransomware have been encrypted and different keys are required to decrypt them. Those keys have been embedded in the executable. 90% of calls are dynamic and use non-suspicious Windows APIs and standard C-programming language.
Once downloaded and executed, the ransomware performs a check of the name of the logged in user against a list of encrypted names and will exit if there is a match. Names that prompt an exit include tester, lab, malware, and analyst. These names are commonly used on virtual machines and sandboxes. A check will also be performed to determine the country in which the device is located. The ransomware will exit if the device is in any CIS country, Egypt, Syria, Morocco, Iraq, or India.
Anatova ransomware scans for files smaller than 1MB and checks for network shares, although care is taken not to disrupt the operating system during this process and raise a flag before files are encrypted. Once files have been identified, the encryption routine starts. The ransomware uses its own key, so each victim requires a separate key to unlock the encryption.
Once the encryption process has run, the ransom note is dropped on the desktop, the memory is cleaned, and volume shadow copies are overwritten 10 times to ensure files cannot be recovered from local backup files.
The ransom demand is relatively high – Around $700 (10 DASH) per infected machine. Since multiple devices can be infected with a single installation, the total ransom demand could well be considerable.
What is not 100% certain is how the ransomware is being distributed. McAfee detected one sample on a P2P file sharing network which masquerades as a free software program complete with game/application icon to encourage users to download and run the installer. Other attack vectors may also be used. Based on the current distribution vector, a web filter will offer protection against attacks if P2P file sharing/torrents sites are blocked.
The researchers believe Anatova ransomware has been created by highly skilled malware authors who are currently distributing a prototype of the ransomware. More widespread attacks are to be expected once this testing phase has been completed.
Hackers are taking advantage of poor Wi-Fi security to attack small businesses. This post covers simple steps to take to improve Wi-Fi security to block cyberattacks.
Small businesses can implement a robust firewall to protect against cyberattacks, but the Wi-Fi router is often a weak point. A Wi-Fi router providers wireless coverage for your business and it is a likely attack vector if security is lax. By attacking wireless routers, hackers can bypass your firewall.
Fortunately, there are simple steps you can take to improve Wi-Fi security and block attacks. Seven simple steps to take to improve Wi-Fi security have been listed below.
Simple Steps for Small Businesses to Take to Improve Wi-Fi Security
Some of the steps below are obvious security measures, but there have been many instances when small businesses have overlooked these simple protections, only for them to be exploited by hackers.
Change Router Admin Credentials
Changing default credentials is one of the easiest but most important steps to take to improve Wi-Fi security. Because it is so simple, no business should be guilty of this security faux pas, but many are, even large businesses. In November, a school system discovered that its WAN provider had not changed the passwords on routers that had been in use for years. This is not the login for Wi-Fi, but the password for the router itself. These default administrator passwords can be found with a simple Internet search.
Disable Remote Administration on Your Router
Many wireless routers allow users to access and change router settings from outside the network. For the majority of businesses, remote administration is not necessary so it should be disabled. While this setting can be convenient, there are other more secure ways to access router settings remotely such as using a VPN. Allowing remote administration makes it far too easy for hackers to access your router.
Monitor Your DNS Settings
In January 2019, the U.S. Department of Homeland Security issued an emergency directive to all government agencies instructing them to perform an urgent audit of their DNS records after it was discovered that a threat group was targeting government agencies and changing their DNS records. By hijacking the DNS, all employees could be directed to malicious websites – clones of legitimate sites. Businesses that do not have an internal DNS server often use their wireless routers for this. Businesses should regularly monitor their DNS settings to ensure that no changes have been made.
Limit the Range of Your Wi-Fi Signal
You will want to make sure that everyone on the premises can access your Wi-Fi network, but it is important that no one outside your offices can do so too. If your Wi-Fi signal is too strong, it could be accessed by someone outside your offices and out of sight – In a car parked in your lot for instance. An overly strong Wi-Fi signal makes it easy for an attacker to conduct brute force attacks without being seen.
Keep Firmware Updated
New router firmware will be periodically released by the manufacturer and, as with all other software updates, they should be applied as soon as possible. Firmware updates are issued to improve security and functionality. They address known vulnerabilities for which exploits exist. Some routers will be set to update automatically, others may require a manual update through the web-based interface. Be sure to check the manufacturers web page, as your router may no longer be supported, which means it is time for an upgrade.
Make Use of Your Guest Network
One of the most important security measures is to segment your network and this is especially important for Wi-Fi. You should not allow any untrusted device to connect to your network, such as those used by visitors. You should have a separate SSID for your employees and guests. This will keep guests away from your primary network.
Ensure Your Wi-Fi Network is Encrypted
You should ensure that your Wi-Fi network is encrypted with WPA as an absolute minimum. Without encryption your network will be open and hackers will be able to intercept wireless traffic. Currently the encryption standard is WPA2, although this will change to WPA3 in 2019. If you are planning on replacing your Wi-Fi router, make sure the new model supports WPA3. If your router only supports WEP it is time to upgrade.
Hackers are increasingly targeting small businesses. These 10 cybersecurity tips for small businesses can be implemented to improve security, prevent successful cyberattacks, and avoid costly data breaches.
Many small business owners misguidedly think that their company is too small to be a target for hackers but cyberattacks on small businesses are common and they are increasing. A successful attack on a Fortune 500 company is likely to be far more profitable for the hacker, but also much harder. Small businesses are relatively easy targets and attacks can be highly profitable.
Small business owners cannot afford to take cybersecurity lightly. A successful cyberattack could prove catastrophic. With this in mind, we have compiled 10 cybersecurity tips for small businesses that can easily be implemented to improve security.
Top Cybersecurity Tips for Small Businesses
Implement a Robust Firewall
A firewall is a cybersecurity solution that sits between a small business network and the outside world and prevents unauthorized individuals from gaining access to the network and stored data. Not all firewalls are created equal. Extra investment in a next generation firewall is money well spent. Don’t forget to also protect remote workers. Ensure that they are also protected by a firewall.
Create and Enforce Password Policies
You should implement password policies that require all users to set strong, secure passwords. A strong, unique password should be used for all systems. Passwords should include capitals, lower-case letters, a number, and a special character, and should be at least 10 digits long. Teach employees how to create secure passwords and enforce your password policies. Consider using a password manager so passwords do not need to be remembered. Consult NIST for the latest password guidance.
Security Awareness Training
Make sure you provide the workforce with regular security awareness training. This is the only way that you can create a culture of cybersecurity. Be sure to cover the security basics, safe Internet use, how to handle sensitive data, creation of passwords, and mobile device security. You should provide training to help employees avoid phishing attacks and consider phishing simulation exercises to test the effectiveness of your training program.
Multi-factor authentication involves the use of a password and at least one other method of authentication. If login credentials are compromised, an additional factor is required to gain access to an account or the network such as an SMS message to a user’s smartphone.
It is essential to have a good backup policy. In the event of disaster, such as a ransomware attack, you need to be able to recover critical data. Backups must also be tested to make sure files can be recovered. Don’t wait until disaster strikes to test whether data can be recovered. A good strategy is the 3-2-1 approach. Three backup copies, on two different types of media, with one copy stored securely offsite.
Software and Firmware Updates
Vulnerabilities are regularly found in computer software. Patches are released to correct those vulnerabilities, including those that are being actively exploited. Make sure patches are applied promptly, software is kept 100% up to date, and the most up to date firmware has been installed. Implement automatic updates where possible and create a schedule for updates if they need to be performed manually.
It is a standard best practice to segment networks and split them into subnetworks. Not only will this improve security it can also improve performance. By preventing access between segments, if one part of the network is compromised, an attacker will not have access to all systems and data. Also make sure you limit access to sensitive data and restrict the use of admin credentials. Apply the rule of least privilege. Do not give employees access to data, networks, and software that they do not need for day to day work duties.
Implement a Spam Filter
Arguably the biggest cyber threat that small businesses face is phishing. A single phishing email could allow an attacker to bypass your perimeter defenses and obtain login credentials or install malware. An advanced spam filter will allow you to improve productivity by blocking non-malicious spam emails and prevent phishing emails from being delivered to inboxes.
Secure Wi-Fi Networks
If you have a wireless network in your workplace it needs to be protected. Ensure that it is secured, data are encrypted, and that it is hidden and does not broadcast its SSID. Use WPA2 for encryption (or WPA3 if possible). Change default passwords and ensure your wireless router cannot be accessed from outside the network.
Consider Implementing a Web Filter
A web filter provides protection against web-based attacks by preventing employees from visiting phishing websites and sites that host malware. A DNS-based web filter can protect wired and wireless networks and even remote workers. It will block malware downloads and prevent users from accessing dangerous websites and those that serve no work purpose thus improving productivity.
The news headlines frequently warn businesses of the need to improve cybersecurity protections to thwart hackers, but not all threats come from outside the company. There are various types of insider threats that need to be managed and mitigated, yet these are all too often overlooked or insufficient controls are put in place to reduce the risk of a deliberate or accidental breach.
What are Insider Threats?
An insider threat is one that comes from within the company, typically an employee who accidentally or deliberately takes an action that causes harm or loss to the company.
Hackers attack companies to gain access to their networks to spy on companies, obtain secrets, steal data or sabotage systems. Breaking through perimeter defenses can be time consuming and difficult but if an insider wants to steal data or sabotage a system, it is far easier as they already have network access.
Not all insider threats involve intentional malicious actions by employees. An employee can also act in a way that negatively affects their company without intending to cause any harm.
This could be intentionally violating company policies in a non-malicious manner. An example would be the installation of software to save the employee time or to allow them to work more efficiently. Installing unauthorized software carries a risk of a malware or spyware infection. An employee could violate company policies which could lead to an accidental data breach. Then there is human error, such as sending an email containing sensitive information to the wrong person. Such actions could prove costly.
Businesses need to protect against all insider threats if they are to avoid costly data breaches. A great many data breaches result from too little focus on cybersecurity defenses to block the threat from within.
Malicious Acts by Employees
Anyone that has access to sensitive company data could potentially abuse their access rights to view or steal data. There is no particular profile of a malicious insider. Everyone could decide one day to steal information or sabotage systems, but you can protect against malicious insiders and manage the risk.
Cover insider threats in security awareness training and encourage employees to be vigilant and report suspicious activity. Provide them with an easy way to report their concerns.
Implement tools that monitor for anomalous behavior
Implement controls to prevent the use of portable storage devices such as thumb drives
Implement tools that prevent employees from downloading and running certain files types – Executable files for instance.
Apply the rule of least privilege – Don’t let employees access data/systems that they do not need to access to complete their day to day work duties
Accidents Will Happen…
The insider threats that can be the hardest to defend against are mistakes by employees. These types of insider threats include responding to a phishing email and disclosing login credentials, sending sensitive data to the wrong email recipient, accidentally visiting malicious websites, and inadvertently downloading malware. These threats need to be managed and mitigated through policies and procedures, training, and software solutions.
…But You Can Minimize Risk!
Phishing is arguably the biggest threat. Hackers know all too well that people make mistakes and can easily be fooled. Priority number one should be blocking phishing emails and making sure they are not delivered. For that you need an advanced spam filter. The more phishing emails that are blocked, the lower the risk of a click.
Security awareness training is also essential. When a phishing email lands in an inbox, employees need to have the skills to recognize it as such. Provide training and make the training interesting to engage employees. Interactive training courses can help in that respect. Make sure you test your employees’ knowledge afterwards with phishing email simulations. They will let you know who has taken the training on board and who needs further training.
Training needs to cover all security threats, not just phishing. Teach employees security best practices, including checking badges before allowing someone into the building, password security, keeping credentials private, and safe use of WiFi.
Another important technical control to implement is a web filter. A web filter allows businesses to control what employees can do online. They block access to phishing websites, block drive-by malware downloads, and prevent employees from visiting questionable websites that carry a high risk of malware infections or malvertising redirects: Adult sites and torrents/P2P file sharing sites for instance. Some web filters will also keep employees safe and secure when working remotely.
The important thing for businesses is not to leave things to chance or to assume they are too small to worry about insider threats and data breaches. Every business is at risk, regardless of size.
For further information on software solutions that can protect against data security threats give the TitanHQ team a call.
A new form of MongoLock ransomware is actively being used in a global campaign. A 0.1 BTC ransom is demanded, although file recovery may not be possible. The ransomware immediately deletes files and formats backup drives and a recoverable copy may not be retained by the attackers.
MongoLock ransomware was first detected in January 2017. A major campaign involving the ransomware was detected in September 2018 with the latest attacks having been ongoing since December 2018. The attackers are gaining access to unprotected or poorly protected MongoDB databases and are deleting data and replacing the databases with a new database. Inside the database is a file called readme that contains the ransom demand.
The attackers claim to have exported the database before encrypting it. Victims are required to make a 0.1 BTC payment to a supplied Bitcoin wallet or contact the attackers via email. Many victims have chosen to pay the ransom; however, there is no guarantee that data can be recovered. It is unclear whether the attackers are making a copy of the database or are simply deleting it.
The attacks are automated and scripts are used to delete the database and create the ransomware note, but the scripts are not always effective. Even if it is the intention of the attackers to obtain a copy of the database, that may not always happen.
The latest version of MongoLock ransomware also conducts a scan of local drives and deletes important data, including files saved to the Desktop, My Documents folder, Recent files, favorites, and any backup files that can be located. The drives are then formatted. This makes payment of the ransom all the more likely. Users are advised they have just 24 hours to make payment before the database is permanently deleted.
The file deletion routine is executed after the files have been uploaded to the attackers’ C2 server, so they can potentially be recovered if the ransom payment is made. However, if the computer is taken offline, file deletion continues but no copy of the file will be obtained by the attackers.
These attacks are primarily conducted on exposed MongoDB databases, which can easily be found using the Shodan search engine. Any businesses that uses MongoDB should ensure that the databases are properly secured, and that authentication is required to gain access. It is also important to ensure the databases cannot be accessed remotely over the Internet.
It is also essential to adopt a good backup strategy. The 3.2.1 approach is recommended. Make three backups, stored on two separate devices, with one copy stored securely off site on a non-networked device.
A malvertising campaign has been detected that delivers two forms of malware: The new, previously unknown Vidar information stealer and subsequently, the latest version of GandCrab ransomware.
The packaging of multiple malware variants is nothing new of course, but it has become increasingly common for ransomware to be paired with information stealers. RAA ransomware has been paired with the Pony stealer, njRAT and Lime ransomware were used together, and Reveton ransomware is used in conjunction with password stealers.
These double-whammy attacks help threat actors increase profits. Not everyone pays a ransom, so infecting them with an information stealer can make all infections profitable. In many cases, information can be obtained and sold on or misused and a ransom payment can also be obtained.
The latest campaign uses the Vidar information stealer to steal sensitive information from a victim’s device. The Vidar information stealer is used to obtain system information, documents, browser histories, cookies, and coins from cryptocurrency wallets. Vidar can also obtain data from 2FA software, intercept text messages, take screenshots, and steal passwords and credit/debit card information stored in browsers. The information is then packaged into a zip file and sent back to the attackers’ C2 server.
The Vidar information stealer is customizable and allows threat actors to specify the types of data they are interested in. It can be purchased on darknet sites for around $700 and is supplied with an easy to use interface that allows the attacker to keep track of victims, identify those of most interest, find out the types of data extracted, and send further commands.
Vidar also acts as a malware dropper and has been used to deliver GandCrab ransomware v5.04 – The latest version of the ransomware for which no free decryptor exists.
While many ransomware variants are delivered via spam email or are installed after access to systems is gained using brute force tactics on RDP, this campaign delivers the malicious payload through malvertising that directs traffic to a websites hosting the Fallout or GrandSoft exploit kits. Those EKs exploits unpatched vulnerabilities in Internet Explorer and Flash Player. The campaign targets users of P2P file sharing sites and streaming sites that attract large amounts of traffic.
Infection with the Vidar information stealer may go undetected. New malware variants such as this may be installed before AV software malware signatures are updated, by which time highly sensitive information may have been stolen, sold on, and misused. If GandCrab ransomware executes, files will be permanently encrypted unless a ransom is paid or files can be recovered from backups.
Businesses can protect against attacks such as these by ensuring that all operating systems and software are promptly patched. Drive-by downloads will not occur if the exploits for vulnerabilities used by the exploit kit are not present.
An additional, important protection is a web filter. Web filters prevent users from visiting websites known to host exploit kits and also sites that commonly host malicious adverts – torrents sites for instance. By carefully controlling the sites that employees can access, businesses can add an extra layer of protection while avoiding legal liability from illegal file downloads and improving productivity by blocking access to non-work-related websites.
For further information on web filters for businesses and MSPs, contact the TitanHQ team today.
The U.S. government has issued a warning following a spate of MSP cyberattacks by nation-state sponsored hackers.
Homeland Security Warns of Targeted MSP Cyberattacks
Managed service providers (MSPs), cloud service providers (CSPs), and managed security service providers (MSSPs) have been warned about an increase in malicious cyber activity and targeted attacks on IT service providers. Nation-state sponsored hackers are targeting IT service providers in an attempt to gain access to their networks, and ultimately, those of their clients.
It is not difficult to see why MSPs, CSPs, and MSSPs are such an attractive target. These IT service providers usually have administrator access to their clients’ networks or certainly elevated privileges that could allow an attacker to gain access to servers, security appliances, and databases of multiple clients.
The threat of attack is theoretical. There has been an increase in MSP cyberattacks in recent months, so much so that the U.S. Department of Homeland Security (DHS) has issued a warning to all IT service providers specifically due to an increase in attacks on IT service providers by Chinese government-backed hackers.
The DHS Cybersecurity and Infrastructure Security Agency (CISA) has issued cybersecurity guidance for IT service providers on steps that need to be taken to improve security, detect attacks quickly, and prevent threat actors from gaining access to their clients’ networks. Since companies that use IT service providers have also been warned of the risk of attack through their IT companies, MSPs, MSSPs and CSPs are likely to be contacted by clients wanting reassurances.
IT service providers should therefore be proactive and n ensure that CISA guidance is being followed to better protect themselves and their clients.
Feds Launch Campaign to Raise Awareness of Cyber Risks
CISA is not the only government agency to issue a warning in the past few days. The Trump administration has launched a new campaign to raise awareness of cyber risks in all industry sectors. The “Know the Risk, Raise your Shield campaign is being spearheaded by the National Counterintelligence and Security Center (NCSC) at the Office of the Director of National Intelligence. The campaign has been launched in response to increased cyberattacks from state sponsored hackers in Russia, China, Iran, and North Korea and independent hackers.
The aim of the campaign is to ensure that cybersecurity best practices are being followed to make it much harder for the attackers to succeed. The NCSC is aware that improved cybersecurity comes at a cost, but explains that investment in cybersecurity defenses is money very well spent and reminds businesses that an ounce of security equates to a pound of protection.
How Can Businesses and MSPs Improve Their Defenses?
With MSP cyberattacks on the increase it is essential that defenses are improved. While there are many ways that MSPs and businesses can be attacked, one of easiest ways is phishing. Phishing targets a weak link in security defenses: Employees. If a phishing email is delivered to an inbox and an employee responds, credentials will be obtained by the attacker that gives them a foothold to launch further attacks on other employees and MSP clients.
It is therefore important to improve awareness of the risks and train employees how to recognize email threats and how to react. It is also important to ensure that technical spam defenses are implemented to make sure phishing threats are blocked on the server and are not delivered to end users’ inboxes or local spam folders. SpamTitan is an ideal solution for MSPs to implement to block these phishing attacks on their employees and their clients.
A DNS based web filter should also be implemented to ensure that should a malicious email make it past the spam defenses, employees are prevented from visiting malicious websites. A DNS-based web filter blocks attempts to access malicious sites during the DNS lookup process and adds an extra layer of security against phishing.
For further information on spam filtering and web filtering for businesses and MSPs, speak to the TitanHQ team today.
Other important steps to take to improve security include:
Use of strong password policies
Applying the principle of least privilege
Ensuring network and host-based monitoring systems are implemented and logs are regularly checked for signs of malicious activity
Performing regular vulnerability scans to identify security weaknesses before they are exploited.
New figures released by anti-virus firms McAfee and Symantec have shown the extent to which hackers are using cryptocurrency mining malware in attacks on consumers and businesses.
Cryptocurrency mining malware hijacks system resources and uses the processing power of infected computers to mine cryptocurrencies – Validating transactions so they can be added to the blockchain public ledger. This is achieved by solving difficult computational problems. The first person to solve the problem is rewarded with a small payment.
For cryptocurrency mining to be profitable, a lot of processing power is required. Using one computer for mining cryptocurrency will generate a few cents to a few dollars a day; however, hackers who infect thousands of computers and use them for cryptocurrency mining can generate significant profits for little work.
The use of cryptocurrency mining malware has increased considerably since Q4, 2017 when the value of Bitcoin and other cryptocurrencies started to soar. The popularity of cryptocurrency mining malware has continued to grow steadily in 2018. Figures from McAfee suggest cryptocurrency mining malware has grown by 4,000% in 2018.
McAfee identified 500,000 new coin mining malware in the final quarter of 2017. In the final quarter of 2018, the figure had increased to 4 million. Figures from Symantec similarly show the scale of the problem. In July 2018, Symantec blocked 5 million cryptojacking events. In December, the firm blocked 8 million.
There are many different ways of infecting end users. Hackers are exploiting unpatched vulnerabilities to silently download the malware. They package coin mining malware with legitimate software, such as the open-source media player Kodi, and upload the software to unofficial repositories.
One of the easiest and most common ways of installing the malware is through email. Spam emails are sent containing a hyperlink which directs users to a website where the malware is silently downloaded. Links are similarly distributed through messaging platforms such as Slack, Discord, and Telegram. One campaign using these messaging platforms included links to a site that offered software that claimed to fix coin mining malware infections. Running the fake software installer executed code on the computer which silently downloaded the malware payload.
Unlike ransomware, which causes immediate disruption, the presence of cryptocurrency mining malware may not be noticed for some time. Computers infected with coin mining malware will slow down considerably. There will be increased energy usage, batteries on portable devices will be quickly drained, and some devices may overheat. Permanent damage to computers is a possibility.
The slowdown of computers can have a major impact for businesses and can result in a significant drop in productivity if large numbers of devices are infected. Businesses that have transitioned to cloud computing that are charged for CPU usage can see their cloud bills soar.
Anti-virus software can detect known coin mining malware, but new malware variants will be unlikely to be detected. With so many new malware variants now being released, AV software alone will not be effective. It is therefore important to block the malware at source. Spam filters, such as SpamTitan, will help to prevent malicious emails from reaching end users’ inboxes. Web filters, such as WebTitan, prevent users from accessing infected websites, unofficial software repositories, and websites with coin-mining code installed that uses CPU power through browser sessions.
A new variant of capitalinstall malware is being used in targeted attacks on a variety of organizations, in particular those in the healthcare and retail industries.
The main purpose of capitalinstall malware is to install an adware package named Linkury that is used to hijack browser sessions on Windows devices. When Linkury adware has been installed, web search results can be altered to display results which would otherwise not be displayed. An infected machine will display unwanted adverts but could also download unwanted programs, some of which may pose a security risk.
Capitalinstall malware has been linked to various malicious websites, although the adware package is actually being hosted on Azure blog storage which is often trusted by organizations and is often whitelisted.
The malware is installed via an executable file that has been packaged inside an ISO file, with the ISO file hosted on websites that offer keys to unlock popular software such as Adobe Creative Cloud.
Upon running the file, a crack for the software claims to be installing and the user is directed to a website where they are urged to install other programs and browser add-ons, such as cryptocurrency miners, with various enticing reasons provided for installing those programs.
This method of distributing unwanted and potentially harmful software is likely to grow in popularity as it offers a way of bypassing security solutions by taking advantage of inherent trust in cloud storage providers.
A web filtering solution can offer protection against downloads of unwanted programs by preventing end users from visiting potentially malicious websites. WebTitan scans and assesses web pages in real time and prevents users from accessing malicious websites and other sites that violate corporate Internet usage policies. With WebTitan in place, users can be prevented from visiting websites that are used for distributing potentially unwanted programs (PUPs) and malware.
In addition to technical controls, it is important to cover the risks of installing unauthorized software in security awareness training, especially the use of software license cracks. These executable files commonly have spyware, adware, and other forms of malware packaged into the installers.
Local authorities and private sector bus companies are now adding Wi-Fi services to their bus fleets, but without appropriate Wi-Fi security for busses, bus fleet operators can run into problems.
There is no doubt that Wi-Fi is a big hit with passengers, especially for long distance travel. Business commuters can connect to email and their work network without having to use their own data and all passengers can enjoy a variety of digital entertainment, such as Internet-based games, online crosswords, YouTube videos, or all manner of Internet based applications, all without eating into their monthly data allowance.
In locations where people have a choice of different transport, the provision of a reliable Wi-Fi network can be a big attraction that can win more business.
Wi-Fi Security for Busses
There are some considerations when providing Wi-Fi on busses. Wi-Fi security for busses is important to ensure that the Wi-Fi network cannot be used for malicious purposes. Over the summer, it was clearly demonstrated how this can easily happen. A hacker was able to hack into the Wi-Fi network on planes and view the Internet activity of passengers, as well as gain access to other important devices on airplanes – All from the ground.
Appropriate Wi-Fi security for busses should be implemented to protect the privacy of passengers, but also to ensure they can use the Wi-Fi network safely. Bus companies should be taking steps to protect passengers from harmful content, such as sites hosting malware and phishing websites.
Content Control for Busses
A third-party Wi-Fi network offers anonymity and some users take advantage and access types of content that they would not access on their home networks. Bus fleet operators have a responsibility to block illegal activity on their Wi-Fi networks.
If a passenger accesses adult content on the Wi-Fi network of a bus, there is a risk that other passengers will catch a glimpse of the screen and children could be exposed to obscene content. It is the responsibility of bus fleet operators to implement content controls to prevent passengers from accessing inappropriate content.
Controlling Bandwidth Use on Busses
There is also the issue of bandwidth. Ensuring all users have decent bandwidth and can connect to the network and enjoy reasonable Internet speeds comes at a cost. If several passengers are using applications or visiting websites that require a considerable amount of bandwidth, that will naturally have an impact on other users of the Wi-Fi network. Limiting what users can do while connected to Wi-Fi networks can save bandwidth and costs. Preventing, or restricting, high bandwidth applications such as video streaming, online games such as Fortnite, and large file downloads can help to conserve bandwidth.
DNS-Level Content Filtering
All of the above issues can be easily solved with a single, cost effective solution – A web filter. A web filter allows network administrators to carefully control what users can do online. It offers both content control and Wi-Fi security for busses by blocking access to illegal content, preventing malware downloads, and offering protection from phishing. Categories of web content can be blocked to create a family-friendly Wi-Fi network and control bandwidth use.
Traditional web filters require an appliance through which Internet traffic is routed. This is a costly way of adding Wi-Fi security for busses. A DNS-level filter on the other hand is a low cost, flexible solution that serves the same purpose. When a user connects to the Wi-Fi network, the DNS process sends domain names to the name server and the name server returns the IP address associated with the application server. When content is filtered at the DNS level, no software needs to be downloaded and no appliances need to be purchased.
Not only do DNS-level filters offer excellent Wi-Fi security for busses, they also save on bandwidth as content is not downloaded before the decision is taken to block the content.
WebTitan Cloud for Wi-Fi – Content Filtering and Wi-Fi Security for Busses
WebTitan Cloud for Wi-Fi is an ideal web filtering solution for bus fleets. Since it is DNS-based it is easy to implement, highly scalable, and is cost-effective to set up and run. WebTitan Cloud for Wi-Fi can protect entire bus fleets, in multiple cities, and licenses can be easily scaled up and down to meet bus operators’ needs.
Some of the key features of WebTitan Cloud for Wi-Fi are detailed below:
No hardware purchases or software downloads required
No patching or software updates required
Protects multiple Wi-Fi routers from a single, web-based administration control panel
Protects against malware with dual anti-virus engines
Protects users from phishing and other malicious websites
Allows network administrators to protect the Wi-Fi network from unauthorized users
Highly granular controls allow precise content control without overblocking content
Block content by category with a single click
No latency – Internet speeds are unaffected
Supports static and dynamic IPs
Supports whitelists and blacklists
No restriction on bandwidth, number of devices, or the number of hotspots
Full suite of reports gives network administrators full visibility into their Wi-Fi networks and user activity
If you are looking to improve Wi-Fi security for busses and want to implement content controls to keep your Wi-Fi networks family-friendly, contact TitanHQ today for further information on WebTitan Cloud for Wi-Fi.
Many businesses now offer their customers free access to their Wi-Fi networks, but if guest Wi-Fi best practices are not followed, opening up Wi-Fi networks to guest users is not without risk. You may have provided security awareness training to your employees, but guest users are unlikely to be as careful while connected to your network. Customers and guests may accidentally download malware or visit malicious websites, or even engage in illegal activities due to the anonymity offered by someone else’s Wi-Fi network.
If guest Wi-Fi best practices are not followed, there will be people that take advantage of your lax security. They could launch an attack on your business network, explore your network assets, change router settings, or even gain access to confidential data.
If you run a hotel, restaurant, shop, or another business that provides Wi-Fi access to customers, it is important to create a safe browsing environment for all Wi-Fi users and take steps to secure your access points and control the activities that users can engage in while connected.
Guest Wi-Fi Best Practices for Hotspot Providers
Create A Separate Wi-Fi Network for Guests and Employees
You will no doubt have a Wi-Fi network that is used by your employees. It is important that this is totally separate from the one used by guests and customers. Guest users should access a totally separate network. Ideally, there should be a network firewall that separates guest users from employees. If you use enterprise switches, create a separate VLAN for access points that broadcast the guest wireless SSID. Also make sure you use a software firewall to block traffic from the guest network from your company’s servers and computers. Also make sure guest users can only access the Internet while connected.
Naming Your SSID
An SSID is the name you give to your Wi-Fi network that identifies it as belonging to your business. Care should be taken when choosing a name. Your choice should depend on the nature of your business and who the Wi-Fi network serves. If you run a coffee shop, for instance, you should make it clear which is your Wi-Fi network and prominently display that information. That will make it harder for rogue hotspots to be created to fool customers into connecting to an evil twin – A hotspot set up and controlled by a hacker to fool customers into connecting in the belief it is your hotspot.
Encrypt your Wireless Signals
Unsecured Wi-Fi networks may be easier to set up and use, but they also allow anyone within range to connect, even if they are not in your establishment. To connect, it should be necessary for a password to be entered. You should also encrypt your wireless network to make it harder for hackers to intercept users’ data. Secure your wireless network with WPA2 encryption or, even better, WPA3 if it is supported by your access point.
Create a Safe Browsing Experience and Control the Internet Content That Can be Accessed
You should develop and implement a guest Wi-Fi access policy covering what is and is not permitted on your Wi-Fi network. You should also enforce that policy with technical controls. A cloud-based web filter is ideal for this.
It is easy to deploy and configure and will allow you to carefully control the content that can be accessed while connected. You should block access to known malicious sites and illegal web content through blacklists. Category based filters are useful for blocking access to inappropriate content such as pornography and restricting bandwidth-heavy activities that can slow down Internet speeds for all users. By filtering content, not only will you keep your Wi-Fi users protected, you will also reduce legal liability and ensure that your Wi-Fi network is family friendly.
Adopt these guest Wi-Fi best practices to improve safety and security, keep your customers protected, and make it harder for cybercriminals to attack your network or your guest users.
It’s the time of year when the poor password practices of users are highlighted. This month has seen the list of the worst passwords of 2018 published and a list of 2018’s worst password offenders.
The Worst Passwords of 2018
So, what were the worst passwords of 2018? SplashData has recently published a list of the worst passwords of 2018 which shows little has changed since last year. End users are still making very poor password choices.
To compile the list, SplashData analyzed passwords that had been revealed through data dumps of passwords obtained in data breaches. More than 5 million exposed passwords were sorted to find out not only the weakest passwords used, but just how common they were. The list of the top 100 worst passwords of 2018 was published, although we have only listed the top 25 worst passwords of 2018:
Unsurprisingly, there has been no change in the top two passwords this year. 123456 and password have held number 1 and 2 spots for the past five years. Donald is a new addition but would not keep a user’s account secure for long, even if their name isn’t Donald. 654321 is also new this year but offers little more protection than 123456.
Other new entries include qwerty123 and password1 – Clear attempts to get around the requirement of including numbers and letters in a password.
How common are the worst passwords of 2018? According to SplashData, 3% of users have used 123456 and 10% of people have used at least one password in the list of the top 25 worst passwords of 2018!
Poor Password Practices and the Worst Password Offenders of 2018
DashLane has published its list of the worst password offenders of the year. In addition to the list containing users who have made very poor password choices by selecting some of the worst passwords of 2018, the report highlights some of the terrible password practices that many individuals are guilty of. Poor password practices that render their passwords absolutely useless.
This year has seen many major password failures, several of which came from the White House, where security is critical. Topping the list was a password faux pas by a visitor to the oval office – Kanye West. Not only was ‘Ye’ guilty of using one of the worst possible passwords on his phone ‘000000’, he also unlocked his phone in full view of an office full of reporters who were filming his meeting with President Trump. Ye’s poor password was broadcast to the nation (and around the world). This incident highlights the issue of ‘shoulder surfing.’ Looking over someone’s shoulder at their screen to see passwords being entered. Something that can easily happen in public places.
Another White House password failure concerned a staffer who committed the cardinal password sin of writing down a username and password to make it easier to remember. It is something that many employees do, but most do not write it on White House stationary and then leave the document at a bus stop.
Password security should be exemplary at the White House, but even more so at the Pentagon. Even staff at the Pentagon are guilty of poor password hygiene, as was discovered by Government Accountability Office (GAO) auditors. GAO auditors discovered default passwords were used for software associated with weapons systems. Default passwords are publicly available online which renders them totally useless. GAO auditors were also able to guess admin passwords with full privileges in only 9 seconds.
These are just three examples of terrible password practices. While they are shocking given the individuals concerned, they are sadly all too common.
Password Best Practices to Keep Accounts Secure
A password prevents other individuals from gaining access to an account and the sensitive information contained therein. Choose a strong password or passphrase and it will help to make sure that personal (or business) information remains confidential. Choose a weak password and an account can easily get hacked. Choose an exceptionally weak password and you may as well have no password at all.
To ensure passwords are effective, make sure you adopt the password best practices detailed below:
Make sure you set a password – Never leave any account open
Always change default passwords – They are just placeholders and are next to useless
Never reuse old passwords
Use a unique password for all accounts – Never use the same password for multiple accounts
Do not use names, dictionary words, or strings of consecutive numbers or letters
Ensure passwords are longer than 8 characters and contain at least one number, lowercase letter, uppercase letter, and a symbol – Long passphrases that are known only to you are ideal
Use a random mix of characters for passwords and use a password manager so you don’t have to remember them. Just make sure you set a very strong password for your password manager master password.
Set up multi-factor authentication on all of your accounts
Never write down a password
Never share passwords with others, no matter how much you trust them
Password Best Practices for Businesses
Verizon’s 2018 Data Breach Investigations Report revealed 81% of hacking-related data breaches were due to weak passwords or stolen credentials. It is therefore critical that businesses adopt password best practices and ensure users practice good password hygiene. Businesses need to:
Train end users on good password hygiene and password best practices
Enforce the use of strong passwords: Blacklist dictionary words, previously exposed passwords, previously used passwords, and commonly used weak passwords
Set the minimum password length to 8 characters (or more) and avoid setting a maximum length to encourage the use of passphrases.
Follow the password advice published by the National Institute of Standards and Technology (NIST)
Don’t enforce password changes too often. End users will just reuse old passwords or make very minor changes to past passwords.
Implement multi-factor authentication
Encrypt all stored passwords
Consider the use of other authentication methods – Fingerprint scanners, facial recognition software, voice prints, or iris scans
Educational institutions are being targeted by cybercriminals for all manner of nefarious purposes: To obtain the personal information of staff and students for identity theft and tax fraud, to steal university funds, and to steal university research.
University research theft is an easy income stream for hackers. Research papers can command high prices on the black market and are highly sought after by nation state governments and businesses.
This fall, the UK’s Daily Telegraph revealed Iranian hackers were selling research papers that had been stolen from top British Universities including Oxford and Cambridge. Several Farsi websites were identified advertising free access to university research papers, including an offer of university research theft to order. Provide the details and, for a price, the research be found and sent through an encrypted channel.
There were papers for sale on highly sensitive subjects such as nuclear research and cybersecurity defenses. Even less sensitive subjects are valuable to foreign businesses. The research could help them gain a competitive advantage at the expense of universities. In the case of Iran, universities are being used to gain access to Western research that would otherwise be off limits due to current sanctions.
It is not just British universities that are being targeted. The hackers are infiltrating university research databases the world over, and it is not just Iranian hackers that have tapped into this income stream. University research theft is a growing problem.
How Are University Databases Breached?
One of the main ways access to research databases is gained is through phishing – A simple method of attack that requires no programming know-how and no malicious software. All that is required is a little time and the ability to create a website.
Phishing emails are sent to staff and students that request a visit a webpage where they are required to enter their credentials to academic databases. If the credentials are disclosed, the phishers have the same access rights as the user. The phishers then download papers or advertise and wait for requests to roll in. They then just search the database, download the papers, and provide them to their customers.
Various social engineering techniques are used to entice users to click the links. Requests are sent instructing the user that they need to reset their password, for instance. The web pages they are directed to are exact copies of the sites used by the universities. Apart from the URL, the websites appear perfectly genuine.
Unfortunately, once credentials have been obtained it can be difficult for universities to discover there has been a breach since genuine login credentials are used to access the research databases.
How to Prevent University Research Theft
No single cybersecurity solution will protect universities from all phishing attacks. The key to mounting an effective defense against phishing is layered phishing defenses.
The primary cybersecurity solution to implement is an advanced spam filter to ensure as many phishing emails as possible are blocked and messages containing malicious attachments do not reach inboxes. SpamTitan for instance, blocks more than 99.9% of spam and phishing messages and 100% of known malware. Even advanced spam filtering solutions will not block all phishing emails, so additional controls are required to deal with the <0.1% of phishing emails that are delivered.
While a web filter can be used to block access to categories of web content such as pornography, it will also block access to known malicious websites: Websites used for phishing and those that host malware.
End user security awareness training is also essential. End users are the last line of defense and will remain a weak link unless training is provided to teach them how to identify malicious emails. Staff and students should be conditioned to report threats to their security teams to ensure action can be taken and to alert first responders when the university is under attack.
Multi-factor authentication should also be implemented. If credentials are stolen and used to access a database, email account, computer, or server, from an unfamiliar device or location, a further form of authentication is required before access is granted.
Universities should have security monitoring capabilities. Logs of access attempts and should generated and network and user activity should be monitored for potential compromises.
For further information on anti-phishing defenses and cybersecurity solutions that can help prevent university research theft, contact the TitanHQ team today.
Are you looking for a Cisco OpenDNS alternative that is both easier to use and much more cost effective? On Wednesday December 5, 2018, you can discover how you can save money on web filtering without cutting any corners on protection.
A web filter is now an essential cybersecurity solution to protect against web-based threats such as phishing, viruses, malware, ransomware, and botnets. A web filter also allows businesses to carefully control the online activities of employees by restricting access to NSFW web content such as pornography and curb productivity-draining Internet use.
In addition to offering threat protection and content control on wired networks, a DNS-based web filter offers protection for BYOD and company owned devices regardless where they connect to the Internet. Multiple locations can be protected through a central web-based console.
A DNS-based web filter is cost effective to implement as no hardware purchases are required and no software needs to be installed. A DNS-based filter is also easy to maintenance and requires no software updates or patches.
With DNS-based filters, content control and online threat protection is simple; but what about cost? Many businesses have looked at Cisco OpenDNS to meet their web filtering requirements but are put off due to the high cost. Fortunately, there is a more cost-effective way of filtering the Internet.
TitanHQ and Celestix are hosting a webinar on a WebTitan-powered Cisco OpenDNS alternative, Celestix WebFilter Cloud.
Celestix will be joined by by TitanHQ EVP of Strategic Alliances, Rocco Donnino, and Senior Sales Engineer, Derek Higgins, who will explain how Celestix WebFilter Cloud works, why it is an ideal Cisco OpenDNS alternative, and how you can have total protection against web-based threats at a fraction of the cost of running OpenDNS.
The webinar will be taking place on Wednesday December 5, 2018 at 10:00 AM US Pacific Time
A massive Marriott data breach has been detected which could affect as many as 500 million individuals who previously made bookings at Starwood Hotels and Resorts. While the data breach is not the largest ever reported – The 2013 Yahoo breach exposed around 3 billion records – it shares second place with the 2014 Yahoo data breach that also impacted around half a billion individuals.
Largest Ever Hotel Data Breach
The Marriott data breach may not have affected as many people as the 2013 Yahoo data breach but due to the types of information stolen it is arguably more serious. Approximately 173 million individuals have had their name, mailing address, email address stolen and around 327 million individuals have had a combination of their name, address, phone number, email address, date of birth, gender, passport number, booking data, arrival and departure dates, and Starwood Guest Program (SPG) account numbers stolen. Further, Marriott also believes credit card details may have been stolen. While the credit card numbers were encrypted, Marriott cannot say for certain whether the two pieces of information required to decrypt the credit card numbers was also obtained by the hacker.
In addition to past guests at Starwood Hotels and Resorts and Starwood-branded timeshare properties, guests at Sheraton Hotels & Resorts, Westin Hotels & Resorts, W Hotels, St. Regis, Aloft Hotels, Element Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, and Four Points by Sheraton have been affected, along with guests at Design Hotels that participate in SPG program.
The data breach was detected by Marriott on September 8, 2018, following an attempt by an unauthorized individual to access the Starwood database. The investigation revealed the hacker behind the attack first gained access to the Starwood database in 2014. It is currently unclear how access to the database was gained.
The Marriott hotels data breach is naturally serious and will prove costly for the hotel group. Marriott has already committed to offering U.S. based victims free enrollment in WebWatcher, has paid for third party experts to investigate and help mitigate the data breach, and the hotel group will be bolstering its security and phasing out Starwood systems.
Even though the Marriott hotels data breach has only just been announced, two class action lawsuits have already been filed. One of the lawsuits seeks damages totaling $12.5 billion – $25 per breach victim.
There is also a possibility of a E.U. General Data Protection Regulation (GDPR) fine. Fines of up to €20 million are possible, or 4% of global annual turnover, whichever is greater. That could place Marriott at risk of a $916 million (€807 million) fine. The UK’s Information Commissioner’s Office – the GDPR supervisory authority in the UK – has been notified of the breach and is making enquiries.
Harder to calculate is the damage to the Marriott brand. Share prices dropped by 8.7% following the Marriott data breach announcement, and they are currently around $5 down. While share prices will likely recovery over time, the breach will almost certainly result in loss of business.
Risk of Marriott Data Breach Related Phishing Attacks
Email notifications sent to breach victims by Marriott came from the domain: email-marriott.com. Rendition Infosec/FireEye researchers purchased the domains email-marriot.com and email.mariott.com shortly after the announcement to keep them out of the hands of scammers. Other similar domains may be purchased by less scrupulous individuals to be used for phishing.
A breach on this scale is also ideal for speculative phishing attempts that spoof the email domain used by Marriott. Mass email campaigns are likely to be sent randomly in the hope that they will reach breach victims or individuals that have previously stayed at a Marriott hotel or one of its associated brands.
Consequently, any email received that is related to the breach should be viewed as potentially malicious.
Business email compromise (BEC) attacks cost businesses billions of dollars each year, and business email account compromises are soaring.
What is a Business Email Compromise Attack?
As the name suggests, these attacks involve the hijacking of business email accounts. The primary aim is to compromise the account of the CEO or CFO, which is usually achieved through a spear phishing attack. Once the email account has been compromised, it is used to send phishing emails to other employees in the company, most commonly, employees in the accounts, finance, and payroll departments.
The emails commonly request wire transfers be made to accounts under the control of the attackers. Requests are also made for sensitive information such as the W-2 Forms of employees.
Since the emails are sent from the CEO or CFO’s own account, there is a much higher chance of an employee responding to the request than to a standard phishing attempt from an external email address. Since the emails come from within an organization, they are also much harder to detect as malicious – a fact not lost on the scammers.
With access to the email account, it is much easier to craft convincing messages. The signature of the CEO can be copied along with their style of writing from sent messages. Email conversations can be started with employees and messages can be exchanged without the knowledge of the account holder.
Fraudulent transfers of tens or hundreds of thousands of dollars may be made and the W-2 Forms of the entire workforce can be obtained. The latter can be used to submit fake tax returns in victims’ names to obtain tax refunds. The profits for the attackers can be considerable, and with the potential for a massive payout, it is no surprise that these attacks are on the rise.
Business Email Account Compromises Have Increased by 284% in a Year
FBI figures in December 2016 suggest $5.3 billion had been lost to BEC scams since October 2013. That figure had now increased to $12.5 billion. More than 30,000 complaints of losses due to BEC attacks were reported to the FBI’s Internet Crime Complaints Center (IC3) between June 2016 and May 2018.
The specialist insurance service provider Beazley has been tracking business email account compromises. The firm’s figures show business email account compromises have increased each quarter since Q1, 2017. In the first quarter of 2017, 45 business email account compromises were detected. In Q2, 2018, 184 business email account compromises were detected. Between 2017 to 2018, there was a 284% increase in compromised business email accounts.
While the CEO’s email credentials are often sought, the credentials of lowlier employees are also valuable. Any email account credentials that can be obtained can be used for malicious purposes. Email accounts can be used to send phishing messages to other individuals in an organization, and to business contacts, vendors, and customers.
Beazley notes that once one account has been compromised, others will soon follow. When investigating business email account compromises, businesses often discover that multiple accounts have been compromised. Typically, a company is only aware of half the number of its compromised accounts.
The High Cost of Resolving Business Email Account Compromises
Business email account compromises can be extremely costly to resolve. Forensic investigators often need to be brought in to determine the full extent of the breach. Each breached email account must then be checked to determine what information has been compromised. While automated searches can be performed, manual checks are inevitable. For one client, the automated search revealed 350,000 document attachments had potentially been accessed, and each of those documents had to be checked manually to determine the information IT contained. The manual search alone cost the company $800,000.
How to Protect Your Organization from Business Email Compromise Attacks
A range of measures are required to protect against business email compromise attacks. An advanced spam and anti-phishing solution is required to prevent phishing and spear phishing emails from being delivered to inboxes.
SpamTitan is an easy-to-implement spam filtering solution that blocks advanced phishing and spear phishing attacks at source. In contrast to basic email filters, such as those incorporated into Office 365, SpamTitan uses heuristics, Bayesian analysis, and machine learning to identify highly sophisticated phishing attacks and new phishing tactics. These advanced techniques ensure more than 99.9% of spam and malicious messages are blocked.
The importance of security awareness training should not be underestimated. End users should be trained how to recognize phishing attempts. Training should be ongoing to ensure employees are made aware of current campaigns and new phishing tactics. Phishing simulation exercises should also be conducted to reinforce training and identify weak links.
Multi-factor authentication is important to prevent third parties from using stolen credentials to access accounts. If a login attempt is made from an unfamiliar location or unknown device, an additional form of identification is required to access the account.
Password policies should be enforced to ensure that employees set strong passwords or passphrases. This will reduce the potential for brute force and dictionary attacks. If Office 365 is used, connection to third party applications should be limited to make it harder for PowerShell to be used to access email accounts. A web filtering solution should also be implemented to block access to phishing accounts where email credentials are typically obtained.
Defense in depth is the key to protecting against BEC attacks. For more information about email and web security controls to block BEC attacks, give the TitanHQ team a call. Our experienced advisers will recommend the best spam and web filtering options to meet the needs of your business and can book a product demonstration and set you up for a free trial.
WiFi networks are a potential security weak point for businesses, although the introduction of WPA3 will improve Wi-Fi security. WPA3 Wi-Fi security enhancements address many WP2 vulnerabilities, but WPA3 alone is not enough to block all WiFi threats.
WiFi Security Protocols
The WPA WiFi security protocol was introduced in 1999, and while it improved security, cracking WPA security is far from difficult. Security enhancements were introduced with WPA2 in 2004, but while more secure, WPA2 does not fix all vulnerabilities. Little has changed in the past 14 years, but at long last, WPA3 is here. Use WPA3 and Wi-Fi security will be significantly enhanced, as several important WP2 vulnerabilities have been fixed.
WPA3 WiFi Security Enhancements
One of the biggest WiFi security threats is open networks. These are WiFi networks that require no passwords or keys. Users can connect without entering a pre-shared key. All a user needs to know is the SSID of the access point to connect. These open networks are used in establishments such as coffee shops, hotels, and restaurants as it is easy for customers to connect. The problem is users send plain text to the access point, which can easily be intercepted.
WPA3 spells an end to open networks. WPA3 uses Opportunistic Wireless Encryption (OWE). Any network that does not require a password, will encrypt data without any user interaction or configuration. This is achieved through Individualized Data Protection or IDP. Any device that attempts to connect to the access point receives its own key from the access point, even if no connection to the AP has been made before. This control means the key cannot be sniffed and even if a password is required, having access to that password does not allow the data of other users to be accessed.
Another security enhancement that has been made in WP3 reduces potential for password cracking attacks such as the WPA2 KRACK Attack. WPA2 is vulnerable to brute force and dictionary-based attacks. That is because security relies on the AP provider setting a secure password and many establishments don’t. With WPA3, the Pre-Shared Key (PSK) exchange protocol is replaced with Simultaneous Authentication of Equals (SAE) or the Dragonfly Key Exchange, which improves security of the initial key exchange and offers better protection against offline dictionary-based attacks.
WPA3 also addresses security vulnerabilities in the WiFi Protected Setup (WPS) that made it easy to link new devices such as a WiFi extender. In WPA3, this has been replaced with Wi-Fi Device Provisioning Protocol (DPP).
Configuring IoT devices that lack displays has been made easier, the 192-bit Commercial National Security Algorithm is used for enhanced protection for government, defense and industrial networks, and better controls have been implemented against brute force attacks. These and other enhancements mean WPA3 is far more secure.
Unfortunately, at present, very few manufacturers support WPA3, although that is likely to change in 2019.
WPA3 WiFi Security Issues
Even with WPA3 WiFi security enhancements, WiFi networks will still be vulnerable. WPA3 includes encryption for non-password-protected networks, but it does not require authentication. That is up to hotspot providers to set. WPA3 it is just as susceptible to man-in-the-middle attacks and offers no protection against evil twin attacks. The user must ensure they access the genuine access point SSID.
The connection to the AP may be more secure, but WPA3 does not offer protection against malware downloads. Users will still be at risk from malicious websites unless a DNS filtering solution is used – A web filter to protect WiFi networks.
Improve WiFi Security with a DNS-Based WiFi Filtering Solution
A DNS-based WiFi filtering solution such as WebTitan Cloud for WiFi protects users of a WiFi network from malware attacks, ransomware downloads, and phishing threats. The cloud-based filter also allows businesses that provide WiFi access points to carefully control the content that can be accessed by employees, customers, and other guest users.
By upgrading to WPA3 WiFi security will be improved. With WebTitan Cloud for WiFi, users will also be protected once they are connected to the network.
Further information on WebTitan Cloud for WiFi is detailed in the video below. For further information on WiFi security, including WebTitan pricing and to book a product demonstration, contact the TitanHQ team today.
Businesses that fail to secure their WiFi networks are taking a huge risk, and one that could prove catastrophic. In this article we explain why WiFi security is so important and cover the main WiFi filtering security benefits for businesses.
What are the Consequences of Poor Cybersecurity?
Customers often feel loyal to a particular brand. The company gives them what they want, the prices are reasonable, the quality of products/services are good. One of the most important factors influencing customer loyalty is trust in a brand. If trust in a brand is lost, it can be difficult win customers back. They may be permanently lost. Those customers then speak to their friends and colleagues and word spreads and further business can be lost.
One of the easiest ways to lose the trust of customers is a data breach. Ask customers why they love a particular brand, and “The company keeps my data safe” will not make the top ten list. That said, if a company experiences a data breach, customers will leave in droves.
Some industries are more prone to high customer churn rates following a data breach than others. The healthcare and insurance industries do experience customer loss, but many breach victims are tied to those providers and leaving is not straightforward. The banking and retail industries on the other hand see high churn rates. There is usually plenty of choice and customers explore other options after a breach.
A study of 10,000 consumers by Gemalto in November 2017 showed 70% of customers would stop doing business with a company after a data breach. Could your business cope with an overnight loss of 70% of your customers?
Further, the cost of a data breach report revealed the average cost of a data breach has now risen to $3.86 million. A 70% loss of customers and a $3.86 million data breach bill would prove catastrophic for many businesses. It is therefore no surprise that the National Cyber Security Alliance reports that 60% of SMBs go out of business within 6 months of a data breach.
Defense in Depth is Essential
The Gemalto study found that 62% of consumers felt that a company that holds their data is responsible for security, highlighting the importance customers place on the privacy of their data.
For businesses, ensuring systems and data are kept secure can be a major challenge. The only way to meet that challenge is through defense in depth. A range of cybersecurity solutions are required to secure systems and data, block cyberattacks, and prevent data breaches.
The best place to start is by performing a risk assessment to highlight all potential risks to your systems and data. Consider all possible ways that an attack can occur, assess the risk of each, and develop a risk management plan to address those risks, addressing the highest risk areas first.
While many companies implement a host of network and email security solutions, one area of security that is often overlooked is the WiFi network, even though WiFi poses a considerable risk, not only to the business but also to customers that are allowed to connect to the WiFi network. Some of the important WiFi filtering security benefits are detailed in the section below.
Important WiFi Filtering Security Benefits for Businesses
There are many WiFi filtering security benefits for businesses. Implementing a WiFi filter will not only improve security for the business and its customers, it can also help to improve the productivity of the workforce.
Some of the most important WiFi security benefits are detailed below:
Block Malware and Ransomware Downloads
One of the most important WiFi filtering security benefits for businesses is protection from malware and ransomware downloads. Malware allows hackers to steal customer data, intellectual property, and obtain credentials to plunder corporate bank accounts. Malware infections can prove incredibly costly to resolve and ransomware attacks can bring businesses to a grinding halt. A WiFi filter help improve security by blocking access to sites hosting exploit kits and preventing drive-by malware downloads.
Prevent WiFi Users from Visiting Phishing Websites
Phishing is a major risk for all businesses. While most phishing attacks start with an email, they invariably link to websites that harvest credentials. A WiFi filter ensures that employees and guest users cannot access websites known to be used for phishing.
Stop Users from Accessing Illegal Website Content
Businesses have a responsibility to ensure that their WiFi networks cannot be used to access illegal content such as child pornography or to perform copyright-infringing file downloads. In addition to the potential for these actions to lead to legal problems for employers, these illegal online activities increase the risk of a malware infection.
Prevent Users from Accessing Inappropriate Websites
Businesses should take steps to prevent employees and guest WiFi users from accessing inappropriate websites – Websites that have no work purpose and those that are likely to cause offense to other individuals – adult content for example. Inappropriate internet use is a major drain of productivity and poses a security risk.
Other Important WiFi Filtering Benefits
All companies must take steps to reduce legal liability and employee Internet access is one area where companies can experience legal problems. Web content that seems funny to some employees could be highly offensive to others and lead to the creation of a hostile working environment and subsequent legal action by employees. Any company that fails to block illegal online activities such as copyright-infringing downloads, could be found to be vicariously liable for the actions of its WiFi users.
Businesses can use a WiFi filter to control bandwidth use. By blocking access to bandwidth heavy activities such as video streaming at busy times, business can ensure all users can enjoy fast Internet speeds.
WebTitan Cloud for WiFi: WiFi Filtering Made Simple
Gaining the above WiFi filtering security benefits is easy with TitanHQ’s innovative WiFi filtering solution – WebTitan Cloud for WiFi.
WebTitan Cloud for WiFi is easy to implement, simple to use, and effortless to maintain. WebTitan Cloud for WiFi allows businesses to carefully control Internet access, reduce risk, make important productivity gains, and improve their security posture.
WebTitan Cloud for WiFi can be implemented in minutes, requires no hardware purchases and needs no software downloads. An intuitive user interface can be accessed from anywhere with an internet connection and no technical skill is required to configure and maintain the solution.
WebTitan Cloud for WiFi allows business of all sizes to gain the WiFi filtering security benefits with no slowing of Internet speeds.
WebTitan WiFi Filtering Security Benefits
Blocks access to web pages hosting malware
Blocks ransomware, malware, virus, and botnet downloads
Prevents employees and guests from accessing phishing websites
Requires no user updates or patches
Blocks the use of anonymizers
Inspects all Internet traffic, including encrypted content
Reports can be generated to show which employees are attempting to bypass filtering controls
Policies can be created for different users, departments, or locations
Different filtering controls can be set for employees and guest WiFi users
For further information on WebTitan Cloud for WiFi, details of pricing, to book a product demonstration, or to sign up for a free 14-day trial of the full solution, contact the TitanHQ team today.
Many employees access their work emails and work networks via public Wi-Fi hotspots, even though there is a risk that sensitive information such as login credentials could be intercepted by hackers. Many employees are unaware of the Wi-Fi security threats that lurk in their favorite coffee shop and fail to take precautions. Even employees who are aware of the Wi-Fi security threats often ignore the risks.
This was highlighted by a 2017 survey by Symantec. 55% of survey participants said they would not hesitate to connect to a free Wi-Fi hotspot if the signal was good and 46% said they would rather connect to a free, open wireless network than to wait to get a password to a secure access point.
60% of survey participants believed public Wi-Fi networks are safe and secure but even though 40% are aware of the Wi-Fi security threats, 87% said that they would access financial information such as their online banking portal or view their emails on public Wi-Fi networks.
The majority of users of public Wi-Fi networks who were aware of the Wi-Fi security threats said they ignored the risks. Millennials were the most likely age group to ignore Wi-Fi security threats: 95% of this age group said they had shared sensitive information over open Wi-Fi connections.
Consumers may be willing to take risks on public Wi-Fi networks, but what about employees? According to a 2018 Spiceworks survey, conducted on 500 IT professionals in the United States, employees are also taking risks.
61% of respondents to the survey said their employees connect to public Wi-Fi hotspots in coffee shops, hotels, and airports to work remotely. Only 64% of respondents said their employees were aware of the Wi-Fi security threats. A similar percentage said their employees were aware of the risks and connect to their work networks using a VPN, which means that 4 out of 10 workers were unaware of the importance of establishing a secure connection.
Even though 64% of respondents were confident that employees were aware of the risks, only half were confident that data stored on mobile devices was adequately protected against threats from public Wi-Fi hotspots. 12% of respondents said they have had to deal with a public Wi-Fi related security incident, although a further 34% were not sure if there had been a security breach as many incidents are never reported.
WiFi Security Threats Everyone Should be Aware of
All employers should now be providing security awareness training to their employees to make the workforce more security aware. Employees should be trained how to identify phishing attempts, warned of the risk from malware and ransomware, and taught about the risks associated with public Wi-Fi networks.
Five threats associated with open public Wi-Fi hotspots are detailed below:
Evil Twins – Rogue Wi-Fi Hotspots
One of the most common ways of obtaining sensitive information is for a cybercriminal to set up an evil twin hotspot. This is a fake Wi-Fi access point that masquerades as the legitimate access point, such as one offered by a coffee shop or hotel. An SSID could be set up such as “Starbuck Guest Wi-Fi” or even just state the name of the establishment. Any information disclosed while connected to that hotspot can be intercepted.
Using a packet sniffer, a hacker can identify, intercept, and monitor web traffic over unsecured Wi-Fi networks and capture personal information such as login credentials to bank accounts and corporate email accounts. If credentials are obtained, a hacker can gain full control of an account.
Many people have file-sharing enabled on their devices. This feature is useful at home and in the workplace, but it can easily be abused by hackers. It gives them an easy way to connect to a device that is connected to a Wi-Fi hotspot. A hacker can abuse this feature to drop malware on a device when it connects to a hotspot.
Not all threats are hi-tec. One of the simplest methods of obtaining sensitive information is to observe someone’s online activities by looking over their shoulder. Information such as passwords may be masked so the information is not visible on a screen, but cybercriminals can look at keyboards and work out the passwords when they are typed.
Malware and Ransomware
When connecting to a home or work network, some form of anti-malware control is likely to have been installed, but those protections are often lacking on public Wi-Fi hotspots. Without the protection of AV software and a web filter, malware can be silently downloaded.
Employers can reduce risk by providing comprehensive training to employees to make sure they are aware of the risks from public Wi-Fi hotspots and make sure that employees are aware they should only connect to public Wi-Fi networks if they use a VPN. Employers can further protect workers with WebTitan Cloud – An enterprise-class web filter that protects workers from online threats, regardless of where they connect.
Hotspot providers can protect their customers by securing their Wi-Fi hotspots with WebTitan Cloud for Wi-Fi. WebTitan Cloud for Wi-Fi is a powerful web filter that protects all users of a hotspot from malware and phishing attacks, and can also be used to control the types of sites that can be accessed. If you offer Wi-Fi access, yet are not securing your hotspot, your customers could be at risk. Contact TitanHQ today to find out how you can protect your customers from online threats, control the content that can be accessed, and create a family-friendly Wi-Fi environment.
A new phishing campaign is bypassing Office 365 anti-phishing defenses and arriving in employees’ inboxes; one of several recent campaigns to slip through the net and test end users’ security awareness knowledge.
The aim of this campaign is not to obtain login credentials or install malware. It is a sextortion scam that aims to get email recipients to make a payment to the scammers.
The scam itself is straightforward. The sender of the email claims to be a hacker who has gained access to the victim’s computer and has installed malware. That malware allowed full access to the user’s device, including control of the webcam. The email claims that the webcam was used to record the victim while he/she was accessing adult web content. The attacker claims to have spliced the webcam recording with the images/videos that were being viewed at the time. The attacker claims the video will be sent to the user’s contacts on social media and via email.
Several similar sextortion scams have been conducted in the past few months, but what makes this campaign different is the extent of the deception. In this campaign, the attacker includes the user’s password in the email body.
I’m a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
This is your password from [user’s email]on moment of hack: [user’s password]”
The password may not be the one currently used, but it is likely to be recognized as it has been taken from a previous data breach. However, its inclusion will be especially worrying for any user who does not regularly change their password and for users that share passwords across multiple sites or reuse old passwords. Changing the password will not block access, according to the email
“Of course, you can and will change it, or already have changed it.
But it doesn’t matter, my malware updated it every time.”
For anyone who has viewed adult content on a laptop or other device with a webcam, this message will no doubt be extremely concerning. Especially, as the email contains ‘evidence’ of email compromise. The From field of the email displays the user’s own email address, indicating that the attacker has sent it from the user’s email account.
The attacker notes in the email, “Do not try to contact me or find me, it is impossible, since I sent you an email from your account.”
While scary, the attacker does not have access to the user’s email account. The From field has been spoofed. This is actually straightforward with a Unix computer set up with mail services. Mass emails can be sent out using the same email address in the From field as the Address field, giving the impression that the messages have been sent from the users’ accounts.
The hacker notes that this is not his/her usual modus operandi. “You are not my only victim, I usually lock computers and ask for a ransom. But I was struck by the sites of intimate content that you often visit.” That will be a particular worry for some users.
To prevent distribution of the video, the user must pay $892 in Bitcoin to the specified address and many email recipients have chosen to pay to avoid exposure. The Bitcoin wallet used for the scam has received 450 payments totaling 6.31131431 BTC – around $27,980. Multiple Bitcoin wallets are often used by scammers, so the actual total is likely to be far higher.
Bypassing of Office 365 Anti-Phishing Defenses a Cause for Concern
This scam may not have any direct impact on a business, as no credentials are compromised, and malware is not installed; however, what is of concern is how the messages have bypassed Office 365 phishing defenses and are arriving in inboxes. The scam was first identified in late September and the messages continued to be delivered to Office 365 inboxes, even those with Advanced Threat Protection that companies pay extra for to provide greater protection against spam and phishing emails.
This is of course just one scam. Others have similarly breached Office 365 anti-phishing defenses, many of which are much more malicious in nature and pose a very real and direct threat to businesses. Office 365 anti-phishing protections do block a lot of threats, and protection is improved with Advanced Threat Protection, but the controls are not particularly effective at blocking sophisticated phishing attempts and zero-day attacks.
The volume of phishing attacks on businesses that are now being conducted, the sophisticated nature of those attacks, and the high cost of mitigating a phishing attack and data breach mean businesses need to improve Office 365 anti-phishing defenses further. That requires a third-party spam solution.
For more than 20 years, TitanHQ has been developing security solutions to protect inboxes and block web-based attacks. During that time, our spam filtering solution, SpamTitan, has been gathering threat intelligence, analyzing spamming and phishing tactics, and protecting end users. Over the years, SpamTitan has receive many updates to improve protection against new threats and phishing tactics. Independent tests have shown SpamTitan now has a catch rate in excess of 99.9%.
The incorporation of a range of predictive techniques ensure SpamTitan is not reliant on signatures and can detect never-before seen phishing attempts and zero-day attacks, and provide superior protection against spam, phishing, malware, viruses, ransomware, and botnets for Office 365 users.
To better protect your email channel and keep your Office 365 inboxes threat free, contact TitanHQ today to schedule a full personalized demo of SpamTitan and to find out just how cost effective the solution is for SMBs and enterprises.
Why is DNS filtering for MSPs so important? Find out how you can better protect your clients against web-based attacks and the MSP benefits of offering this easy to implement cybersecurity solution.
A recent survey conducted by Spiceworks has revealed that DNS filtering is now considered an essential element of cybersecurity defenses at the majority of large firms. A survey was conducted on companies with more than 1,000 employees which revealed 90% of those firms are using a solution such as a DNS filter to restrict access to the internet to protect against malware and ransomware attacks.
89% of firms use DNS filters or other web filtering technology to improve productivity by blocking access to sites such as social media platforms, 84% of firms block access to inappropriate websites, and 66% use the technology to avoid legal issues.
Given the risk of a malware or ransomware download over the Internet and the high cost of mitigating such an attack, it is no surprise that so many large firms are using web filtering technology to reduce risk.
Why DNS Filtering is so Important for SMBs
Phishing attacks and ransomware/malware downloads are major risks for large businesses, but SMBs face the same threats. SMBs are also less likely to have the resources to cover the cost of such an attack. For example, the average cost of a ransomware attack on an SMB is $46,800, according to Datto, and many SMBs fold within 6 months of experiencing a data breach.
DNS filtering is an important control to prevent malware and ransomware attacks over the Internet, both by blocking downloads and preventing employees from visiting malicious websites where malware is downloaded. Web filters are also essential as part of phishing defenses.
According to the Spiceworks survey, 38% of organizations have experienced at least one security incident as a result of employee Internet activity. By restricting access to certain categories of website and blocking known malicious websites, SMBs will be much better protected against costly attacks.
Add to that the amount of time that is lost to casual internet surfing and web filtering is a no-brainer. 28% of employees waste more than 4 hours a week on websites unrelated to their work, but the percentages rise to 45% in mid-sized businesses and 51% of employees in small businesses.
There is no latency with DNS filtering, plus controls can be implemented to restrict certain bandwidth heavy activities to improve network performance.
DNS Filtering for MSPs – The Ideal Web Filtering Solution
DNS web filtering is a low-cost cybersecurity solution that actually pays for itself in terms of the productivity gains and the blocking of cyber threats that would otherwise lead to data breaches. Further, in contrast to appliance-based web filters, DNS filtering requires no hardware purchases or software installations which means no site visits are required. DNS filtering can be set up for clients remotely in a matter of minutes.
DNS filtering is ideal for MSPs as it is hardware and software independent. It doesn’t matter what devices and operating systems your clients have because DNS filtering simply forwards web traffic to a cloud-based filter without the need to install any clients or agents on servers or end points.
TitanHQ’s DNS filtering for MSPs has a low management overhead, so there is little in the way of ongoing maintenance required. A full suite of customizable reports can be automatically generated and sent to clients to show them what threats have been blocked, and who in the organization has been trying to access restricted content, and the employees who are the biggest drain on network performance.
MSPs can easily add in web filtering to existing security packages to provide greater value or offer web filtering as an add-on service to generate extra, recurring monthly revenue and attract more business.
If you are yet to offer web filtering to your clients, call TitanHQ today for more information on our DNS filtering for MSPs and for further information on the MSP Program program.
One of the ways that threat actors install malware is through malvertising – The placing of malicious adverts on legitimate websites that direct visitors to websites where malware is downloaded. The HookAds malvertising campaign is one such example and the threat actors behind the campaign have been particularly active of late.
The HookAds malvertising campaign has one purpose. To direct people to a website hosting the Fallout exploit kit. An exploit kit is malicious code that runs when a visitor lands on a web page. The visitor’s computer is probed to determine whether there are any vulnerabilities – unpatched software – that can be exploited to silently install files.
In the case of the Fallout exploit kit, users’ devices are checked for several known Windows vulnerabilities. If one is identified, it is exploited and a malicious payload is downloaded. Several malware variants are currently being delivered via Fallout, including information stealers, banking Trojans, and ransomware.
According to threat analyst nao_sec, two separate HookAds malvertising campaigns have been detected: One is being used to deliver the DanaBot banking Trojan and the other is delivering two malware payloads – The Nocturnal information stealer and GlobeImposter ransomware via the Fallout exploit kit.
Exploit kits can only be used to deliver malware to unpatched devices, so businesses will only be at risk of this web-based attack vector if they are not 100% up to date with their patching. Unfortunately, many businesses are slow to apply patches and exploits for new vulnerabilities are frequently uploaded to EKs such as Fallout. Consequently, a security solution is needed to block this attack vector.
HookAds Malvertising Campaign Highlights Importance of a Web Filter
The threat actors behind the HookAds malvertising campaign are taking advantage of the low prices offered for advertising blocks on websites by low quality ad networks – Those often used by owners of online gaming websites, adult sites, and other types of websites that should not be accessed by employees. While the site owners themselves are not actively engaging with the threat actors behind the campaign, the malicious adverts are still served on their websites along with legitimate ads. Fortunately, there is an easy solution that blocks EK activity: A web filter.
TitanHQ has developed WebTitan to allow businesses to carefully control employee Internet access. Once WebTitan has been installed – a quick and easy process that takes just a few minutes – the solution can be configured to quickly enforce acceptable Internet usage policies. Content can be blocked by category with a click of the mouse.
Access to websites containing adult and other NSFW content can be quickly and easily blocked. If an employee attempts to visit a category of website that is blocked by the filter, they will be redirected to a customizable block screen and will be informed why access has been prohibited.
WebTitan ensures that employees cannot access ‘risky’ websites where malware can be downloaded and blocks access to productivity draining websites, illegal web content, and other sites that have no work purpose.
Key Benefits of WebTitan
Listed below are some of the key benefits of WebTitan
No hardware purchases required to run the web filter
No software downloads are necessary
Internet filtering settings can be configured in minutes
Category-based filters allow acceptable Internet usage policies to be quickly applied
An intuitive, easy-to-use web-based interface requires no technical skill to use
No patching required
WebTitan Cloud can be applied with impact on Internet speed
No restriction on devices or bandwidth
WebTitan is highly scalable
WebTitan protects office staff and remote workers
WebTitan Cloud includes a full suite of pre-configured and customizable reports
Reports can be scheduled and instant email alerts generated
Suitable for use with static and dynamic IP addresses
White label versions can be supplied for use by MSPs
Multiple hosting options are available
WebTitan Cloud can be used to protect wired and wireless networks
For further information on WebTitan, for details of pricing, to book a product demonstration, or register for a free trial, contact the TitanHQ team today.
Further information on WebTitan is provided in the video below:
Hackers are targeting healthcare organizations, educational institutions, hotels, and organizations in the financial sector, but restaurants are also in hackers’ cross-hairs. If restaurant cybersecurity solutions are not deployed and security vulnerabilities are not addressed, it will only be a matter of time before hackers take advantage.
Cyberattacks on restaurants can be extremely profitable for hackers. Busy restaurant chains process hundreds of credit card transactions a day. If a hacker can gain access to POS systems and install malware, customer’s credit card details can be silently stolen.
Cheddar’s Scratch Kitchen, Applebee’s, PDQ, Chili’s, B&BHG, Zaxby’s, Zippy’s, Chipotle, and Darden restaurants have all discovered hackers have bypassed restaurant cybersecurity protections and have gained access to the credit card numbers of large numbers of customers.
One of the biggest threats from a data breach is damage to a restaurant’s reputation. The cyberattack and data breach at Chipotle saw the brand devalued by around $400 million.
A restaurant data breach can result in considerable loss of customers and a major fall in revenue. According to a study by Gemalto, 70% of the 10,000 consumers surveyed said that they would stop doing business with a brand if the company suffered a data breach. Most restaurants would not be able to recover from such a loss.
Restaurant Cybersecurity Threats
Listed below are some of the common restaurant cybersecurity threats – Ways that hackers gain access to sensitive information such as customers’ credit card numbers.
The primary goal of most restaurant cyberattacks is to gain access to customers’ credit card information. One of the most common ways that is achieved is through malware. Malicious software is installed on POS devices to silently record credit card details when customers pay. The card numbers are then sent to the attacker’s server over the Internet.
Phishing is a type of social engineering attack in which employees are fooled into disclosing their login credentials and other sensitive information. Phishing emails are sent to employees which direct them to a website where credentials are harvested. Phishing emails are also used to install malware through downloaders hidden in file attachments.
Whenever an employee or a customer accesses the Internet they will be exposed to a wide range of web-based threats. Websites can harbor malware which is silently downloaded onto devices.
Restaurants often have Wi-Fi access points that are used by employees and guests. If these access points are not secured, it gives hackers an opportunity to conduct attacks and gain access to the restaurant network, install malware, intercept web traffic, and steal sensitive information.
Restaurant Cybersecurity Tips
Listed below are some of the steps you should take to protect your customers and make it harder for hackers to gain access to your systems and data.
Conduct a risk analysis to identify all vulnerabilities that could potentially be exploited to gain access to networks and customer data
Develop a risk management plan to address all vulnerabilities identified during the risk assessment
Ensure all software and operating systems are kept up to date and are promptly patched
Become PCI compliant – All tools used to accept payments must comply with PCI standards
Implement security controls on your website to ensure customers can use it securely. Sensitive data such as loyalty program information must be protected.
Ensure you implement multi-factor authentication on all accounts to protect systems in case credentials are compromised
Ensure all default passwords are changed and strong, unique passwords are set
Ensure all sensitive data are encrypted at rest and in transit
Secure Wi-Fi networks with a web filter to block malware downloads and web-based threats
Implement a spam filter to block phishing attempts and malware
Provide cybersecurity training to staff to ensure they can recognize the common restaurant cybersecurity threats
Restaurant Cybersecurity Solutions from TitanHQ
TitanHQ has developed two cybersecurity solutions that can be implemented by restaurants to block the main attack vectors used by hackers. SpamTitan is a powerful email security solution that prevents spam and malicious emails from reaching end users’ inboxes.
WebTitan is a cloud-based web filtering solution that prevents staff and customers from downloading malware and visiting phishing websites. In addition to blocking web-based attacks, WebTitan allows restaurants to prevent customers from accessing illegal and unsuitable web content to create a family-friendly Wi-Fi zone.
Both solutions can be set up in a matter of minutes on existing hardware and require no software downloads.
To find out more about TitanHQ’s restaurant cybersecurity solutions, call the TitanHQ sales team today.