Security Awareness

Phishing Simulation Mistakes to Avoid

Phishing simulations are an invaluable training tool and have been proven to help reduce the susceptibility of the workforce to phishing attacks. Phishing simulations are more than just a tool for testing whether employees have understood their training. Quizzes at the end of training sessions are good for that, but phishing simulations test whether the training is being applied when employees are working and not focused on cybersecurity.

If a cybercriminal were to send an employee a phishing email at the moment an employee had finished a training course, chances are the employee would recognize the email for what it is. The longer the time between the training ending and the threat being encountered, the greater the chance that the employee will be fooled.

Phishing simulations test whether employees are likely to be fooled by a real phishing email. The simulations are expected, but employees do not know when the simulations will take place. Phishing simulations mimic real world phishing attacks and tell an organization how an individual is likely to react if a real threat lands in their inbox.

If an employee fails one of these simulations and clicks a link, opens an attachment, or responds in another risky manner, an alert is immediately generated, and the employee is told what went wrong and how it was possible to tell that it was a phishing attempt. The employee can then be provided with a brief training session – generated by the phishing simulator – on how to respond when similar emails are received.

When ongoing security awareness training is provided and phishing simulations are conducted, security awareness improves. Over time, the combination of training and simulations greatly reduces susceptibility to phishing emails – much more than providing training alone. There are, however, some common mistakes that are made by employers that reduce the effectiveness of these phishing tests.

Mistakes to Avoid When Conducting Phishing Simulations

If you want to get the best return on your investment in training and phishing simulations, it is important to set up your program correctly and to avoid making these common mistakes.

Not Telling Employees You Will Be Conducting Phishing Simulations

Don’t broadside employees. Tell them during their training that you will be conducting phishing simulations as part of the training process. If employees are unaware you will be using simulations, they may feel that you are trying to catch them out. Make sure employees are aware that you are conducting these tests to identify training needs and to test how effective your training program has been. Don’t tell employees when you will be sending the emails, and make sure the HR department and other stakeholders are aware that you are conducting phishing simulations.

Making the Simulations Too Difficult

You want to test how employees will respond to a real phishing email; however, building up security awareness is a process. Your simulation program should include emails of varying degrees of difficulty and it is best to start with phishing emails that are relatively easy to identify. That will help build confidence.

Not Conducting Phishing Simulations on the Board

Members of the board are targeted in whaling attacks. They have the highest level of privileges and the credentials for their accounts are the ultimate goal in many phishing campaigns. You want to improve the security awareness of the board, so ensure they are included in your phishing tests. Also don’t avoid conducting phishing attacks on infrequent email users. Any credentials can be valuable. Attackers can use them to conduct internal phishing campaigns and move laterally.

Conducting Phishing Simulations on Everyone at the Same Time

If you use the SafeTitan phishing simulator you can create your simulation program and schedule emails to be sent at set times. Don’t send the same emails to everyone at the same time, as employees will likely tip each other off. You will then not get valid results. Vary the times you send the emails and target different individuals in a department at different times.

Not providing retraining in real-time

You should not be conducting these campaigns and then sitting on the results until you can arrange a training course for everyone that failed the test. The simulator should be configured to automatically tell a user when a test was failed and assign immediate training. The training modules should be brief, and concisely explain how the threat could have been avoided. It should only take a couple of minutes, but that training is likely to be much more effective when delivered instantly.

Punishing employees for failing phishing simulations

It may be tempting to punish employees who repeatedly fail phishing simulations, but this approach is best avoided. The goal of training and phishing simulations is to change employee behavior. You are likely to have far greater success achieving that goal by encouraging employees to take security seriously rather than punishing them for failures. Focus on positives – departments that performed well, individual successes – rather than any failures.

SafeTitan Security Awareness Training and Phishing Simulations

SafeTitan is a comprehensive security awareness training platform that makes it easy for businesses to develop training courses for their employees. The content consists of short training modules on all aspects of security, allowing businesses to create tailored and relevant training courses for the entire workforce, and the phishing simulator has hundreds of customizable templates for conducting realistic phishing tests. The training content is gamified, engaging, and fun, and when combined with simulations, has been proven to be highly effective at changing employee behavior and reducing susceptibility to phishing and other cyberattacks.

Matanbuchus Loader Being Distributed in Phishing Emails using Excel and ZIP Attachments

Phishing emails are commonly used to distribute malware and in recent years malware loaders have been a common payload. Malware loaders include the likes of BazarLoader and Bumblebee, which are used to infect devices with the goal of delivering the malware and ransomware payloads of other threat groups.

Security researchers have identified a relatively new malware loader dubbed Matanbuchus that is being delivered via phishing emails. Like other malware loaders, Matanbuchus is operated under the malware-as-a-service model, and has been developed to stealthily download and execute second-stage malware payloads and executable files. The Matanbuchus loader has recently been observed dropping Cobalt Strike on infected systems. Cobalt Strike is a legitimate adversary simulation framework that is used in red team operations for detecting vulnerabilities that could potentially be exploited, but is also extensively used by criminal hackers for post-exploitation activities.

The Matanbuchus loader is currently being offered on Russian cybercrime forums for $2,500, and has been available since at least February 2021, with a malware developer operating under the moniker BelialDemon believed to be the developer of the malware. BelialDemon is known to have been involved in the development and sale of other malware loaders, such as TrumpLoader.

Matanbuchus, which is an alternate name for the demon Belial, can be used to launch an .exe or .dll file in the memory, add or modify task schedules, launch PowerShell commands, and execute standalone executable files to load a DLL. The malware has already been used in several attacks in the United States, including entities in the education sector.

Researchers at Palo Alto Networks’ Unit 42 team have identified phishing emails being used to deliver the Matanbuchus loader that use Excel documents with malicious macros. As is common in these types of phishing campaigns, if the user opens the attached file, they are informed that the document was created in an earlier version of Microsoft Excel, so the content cannot be viewed unless the user clicks on Enable Editing and then Enable Content. Should content be enabled, Excel 4.0 macros are then leveraged to drop and execute the Matanbuchus loader.

A campaign has also been detected that uses a .zip file attachment that contains an HTML file, which delivers a second .zip file that includes an MSI installer. If that file is executed, an error message is displayed indicating to the user that something has gone wrong, when in the background a DLL file is delivered and executed, which acts as the loader for delivering the Matanbuchus loader DLL file.

To block the delivery of malware loaders such as Matanbuchus, it is important to implement multiple cybersecurity solutions. A Spam filter such as SpamTitan can be used to block the delivery of the phishing emails. SpamTitan includes dual antivirus engines for detecting and blocking known malware and sandboxing to identify unknown malware through in-depth analysis of the behavior of attached files.

A web filter such as WebTitan should be used to block connections to malicious websites that host the malware. WebTitan can also be configured to block downloads of files often used to deliver malware and command-and-control center communications.

It is also strongly recommended to provide comprehensive security awareness training to all members of the workforce to explain the threat of phishing emails, explain the red flags to look for in emails, and not to open attachments unless they can be verified as authentic. TitanHQ can help in this regard through the SafeTitan Security Awareness Training solution, which includes a phishing simulation platform for simulating phishing emails to test how employees respond. For further information on these solutions, contact TitanHQ today.

Webinar: June 7, 2022: Employee Cyber Risks in a Growing Organization: Balancing Safety and Agility

It can be a challenge for organizations to stay agile, competitive, and innovative in a digital world, especially when cyber threat actors are actively targeting businesses. Small- and medium-sized businesses are facing a multitude of threats, many of which target employees – a weak link in the security chain.

Cyberattacks can cause significant financial losses and irreparable damage to a business’s hard-earned reputation. While security solutions can be implemented to block those threats, cyber actors target a weak point in security – employees.

In addition to technical defenses, businesses need to create a human firewall through security awareness training. Digital security needs to be front and center of a business’s continued innovation, but it can be difficult to develop and maintain a cyber-savvy workforce, especially considering the rapidly changing threat landscape.

To help businesses succeed. TitanHQ, in partnership with the Oxford Cyber Academy, will be hosting a webinar to discuss employee cyber risks in growing organizations, and how to balance safety and agility.

During the webinar, attendees will be provided with valuable information on:

  • The rapidly changing threat landscape
  • What needs to be protected
  • The consequences of failing to protect digital assets and systems
  • How to balance technology and human cyber risks
  • How to improve employee security awareness and change employee behavior
  • A solution that makes it easy to provide intuitive, easy-to-understand, personalized, and targeted training that delivers it where it’s needed the most.

Join TitanHQ on June 7th where Nick Wilding, Neil Sinclair, Cyber Programme Lead, UK Police Crime Prevention Initiatives, and Richard Knowlton, Director of Security Studies at the Oxford Cyber Academy will discuss:

If you can’t make the event, register anyway and you will receive the webinar to watch on-demand at any time.

Register for the Webinar Today

Should You Punish Employees for Failing Phishing Simulations?

Many organizations punish employees who make cybersecurity mistakes and fail phishing simulations but punishing employees for failing phishing simulations is often not effective and can have unintended negative consequences.

Actions taken by companies when employees fail phishing simulations

Studies suggest that around 40% of companies punish employees for failing phishing simulations and for making other security mistakes. The actions taken can range in severity from naming and shaming employees, removing access privileges, losing other privileges and benefits, locking computers or blocking email until training has been completed, and disciplinary action, such as verbal and written warnings, and termination.

There naturally needs to be consequences if employees fail phishing simulations or make security mistakes, as if there are none, there will be no incentive for change. However, there are risks with using the stick rather than the carrot. Punishing employees for non-malicious security failures and failed phishing simulations often does not work.

Do you really want to create a culture of fear?

If you want to create a security culture in your organization you need to motivate your employees to become security titans, and that is unlikely to happen if the motivation comes from the threat of being fired if a mistake is made. Employees can become stressed and anxious if they are scared of severe punishments for security failures, especially if they have already failed a phishing simulation. That is unlikely to be beneficial for the company and could lead to the creation of a hostile work environment and loss of productivity. It could also serve to demonize the security team which is never a good thing.

If employees are scared about making mistakes, they may not report them when they happen

When employees make a mistake, such as clicking a link in a real phishing email or installing malware, and recognize the mistake, it is essential that they report it. Prompt action by the security team can be the difference between neutralizing the threat before any harm is caused and suffering an incredibly costly ransomware attack or data breach. If employees are worried about losing their jobs for making a mistake or suffering other serious consequences, they may avoid reporting the error.

Businesses need to be careful with punishing employees for non-malicious actions or security failures and should ensure that they make it clear to employees that the failure to report a known security mistake is a serious issue that could result in termination and will have far more serious consequences than the actual error.

Security awareness training should not be viewed as a punishment

If employees make security mistakes or fail phishing simulations it can be due to many reasons. The training provided has clearly not been effective has not been effective with certain employees and this could be due to the training material or the different needs of employees – It may not be a case of employees not paying attention or sloppy working practices.

When security mistakes are made or phishing simulations are failed, there is clearly a need for further training, but it is important that security awareness training is not seen as a punishment. It should be a positive experience and be explained that it is part of an ongoing educational process.

Consider real-time security awareness training

You should be providing security awareness training during the onboarding process, and annual training sessions are important, but if you want to create a security culture you need to go further. Cybersecurity newsletters, reminders, and additional training can be useful if they are not provided too regularly. Daily emails will be ignored, whereas monthly, bimonthly, or quarterly updates are more likely to be read and assimilated.

One of the best approaches to training is to provide basic training to everyone and then to provide behavior-driven, real-time security awareness training. When an employee makes a mistake, falls for a phishing simulation, or is discovered to have engaged in a risky behavior, an alert can be triggered and immediate training can be provided. This is bite-sized training that is relevant and specific to an action that was taken, that explains how the mistake was made, why it is a problem, and how it could have been avoided. Mistakes serve as educational triggers and can be turned into teachable moments and training provided in this way is likely to be much more effective than making an employee go through the same standard training program again.

The SafeTitan security awareness and phishing simulation platform

SafeTitan is the only behavior-driven security awareness platform that delivers training in real-time, allowing businesses to mitigate the growing problem of social engineering and advanced phishing attacks. The platform includes an extensive library of training courses, videos, and quizzes that businesses can use for greater general and custom training campaigns, and provides gamified, interactive, and enjoyable security awareness training sessions with short and efficient testing.

Training can be automatically generated in response to specific employee behaviors to ensure errors and risky behaviors are immediately tackled. The platform also includes fully automated simulated phishing attacks, using regularly updated phishing templates to match current attack trends. The training and simulations have been shown to reduce susceptibility to phishing by up to 92%. Users also benefit from enterprise-level reporting in an easily digestible format that demonstrates the ROI.

Contact TitanHQ today for more information and to sign up for a free trial of SafeTitan.

Five Expert Insights Best-Of Awards for TitanHQ Solutions

Expert Insights has announced its Spring 2022 Best-Of awards and TitanHQ has been given awards in 5 categories, including best-in-class awards for SpamTitan Email Security, WebTitan DNS Filter, ArcTitan Email Archiving, and SafeTitan Security Awareness training.

Expert Insights is an online publication that receives more than 80,000 visitors a month. Business owners and Information Technology professionals rely on the website which provides insights into the best business software solutions, along with blog posts, buyers’ guides, technical product reviews and analyses, interviews with industry experts, and reviews of software solutions by users of those solutions, who give accurate advice on their experiences and how the products perform in practice.

The Best-Of Awards recognize vendors and products that excel in their respective categories and help businesses achieve their goals. “Each of the services recognized in our awards are providing in many cases an essential service to their users, driving business growth, securing users in a challenging cybersecurity marketplace, and massively improving business efficiency,” Joel Witts, Expert Insights’ Content Director.

Each category includes a maximum of 11 products that have been analyzed by Expert Insights’ editorial and technical teams in the UK and US and have achieved excellent ratings from genuine users of the solutions. “These awards recognize the continued excellence of the providers in these categories,” said Witts.

At the Expert Insights Spring 2022 awards, TitanHQ was ranked the number 1 solution in the Best Email Security Gateway category for SpamTitan Email Security, ArcTitan Email Archiving was ranked number 1 in the Email Archiving for Business category, WebTitan DNS Filter ranked second in the Web Security category, and SafeTitan Security Awareness Training was ranked in the top 10 in two categories, Security Awareness Training and Phishing Simulation.

“The recent pandemic and the growth of remote working initiatives have further highlighted the need for multiple layers of cybersecurity and our award-winning solutions form key pillars in this security strategy,” said TitanHQ CEO Ronan Kavanagh. “We will continue to innovate and provide solutions that MSPs can use to deliver a consistent, secure and reliable experience to their customers.”

To Defend Against Advanced Phishing Attacks You Need to Develop a Human Firewall

Businesses need to invest in an advanced email security solution to block email-based cyberattacks and nuisance emails. SpamTitan, for instance, will block 99.99% of spam emails and 100% of known malware. SpamTitan includes advanced threat protection mechanisms and machine learning technology that can predict new attacks, along with sandboxing to identify zero-day malware threats.

The problem for businesses is that even with cutting-edge email security, some threats will bypass email defenses and will land in inboxes where they can be opened by employees. All it takes is for a single email to be opened by a single employee to give an attacker the foothold in the network that is needed to launch a devastating ransomware attack.

Technical defenses against phishing such as spam filters and web filters are important for cybersecurity, and alongside robust backup procedures, prompt patching, good password policies, and a next-generation firewall, your business will be well defended, but it is important not to neglect your human defenses, especially considering that 85% of cyberattacks involve human error.

Security awareness training for the workforce has always been important, but with cyberattacks on businesses now occurring at record rates, it is now a critical security measure. Security awareness training aims to teach the workforce the skills they need to be able to recognize and avoid security threats. Training should cover cybersecurity best practices such as setting strong passwords, never writing passwords down, and never accessing the network on a public Wi-Fi network without using a VPN, and other important security best practices.

The importance of training on how to identify phishing emails cannot be overstated. 9 out of 10 successful cyberattacks start with a phishing email. Phishing is concerned with tricking employees into disclosing their credentials or opening a malicious file that triggers a malware download. Attacks may also impersonate trusted individuals to trick employees into emailing sensitive data. Some phishing emails are easy to identify due to spelling mistakes, grammatical errors, and too-good-to-be-true offers, but many attacks are not so obvious. Employees need to be taught how to identify these emails, what to look for, and to be cautious when opening any email.

Spear phishing emails can be very convincing. They can be personalized, highly targeted, include the correct branding and logos, have spoofed sender names, and make perfectly plausible requests. Social engineering techniques are used to get the recipient to take the requested action and to do so without thinking, such as enabling content when opening an email attachment. Untrained employees cannot be expected to know about these cyberattacks and scams, and that enabling content in a document or spreadsheet will allow macros to run, which will silently download malware.

Security awareness training is important for everyone in the organization, from the CEO down. In fact, the CEO and other executives are the real prizes in phishing attacks as they have credentials that provide more extensive access to networks and sensitive data, so they need to also receive security awareness training. Providing regular security awareness training to the workforce is important, but so is testing the effectiveness of the training. Phishing simulations should be conducted to see if the workforce has taken the training on board. Simulation exercises provide immediate feedback on how the workforce will respond when a real threat is encountered. If the simulation is failed, employees will need to be given further training.

TitanHQ has developed SafeTitan to help businesses with their security awareness training. The platform provides real-time security awareness training to develop a human firewall to complement your technical cybersecurity defenses. The SafeTitan platform also allows businesses to run phishing simulations to see how effective the training has been and how employees will respond to social engineering and advanced phishing attacks when they are encountered.

For further information, get in touch with TitanHQ and take the most important step toward creating your human firewall.

2021 Ransomware Trends and Steps to Take to Improve Your Defenses Against Attacks

Information about the 2021 ransomware trends identified by U.S. and European cybersecurity agencies and simple steps you can take to improve your security posture and prevent ransomware attacks.

2021 Ransomware Trends

Cybersecurity agencies identified several 2021 ransomware trends that look set to continue throughout 2022. There was an increase in ransomware attacks in 2021 with education and government the most commonly targeted sectors. The pandemic and lockdowns meant businesses needed to switch to remote working and security teams struggled to defend their networks. Ransomware gangs were quick to exploit vulnerabilities to gain access to networks, steal sensitive data, and encrypt files to extort money from businesses.

2021 also saw an increase in sophisticated ransomware attacks on critical infrastructure. Cybersecurity authorities in the United States said cyber threat actors had conducted attacks on 14 of the 16 critical infrastructure sectors, with the UK’s National Cyber Security Centre reporting an increase in attacks on businesses, charities, legal firms, healthcare, and local government.

While initially, several ransomware threat actors were focused on big game hunting – attacking large, high-value organizations that provide critical services such as Colonial Pipeline, Kaseya, and JBS Foods – the attacks prompted the raising of the status of ransomware attacks to the level of terrorism, and the increased scrutiny on ransomware gangs saw ransomware attack trends change, with the focus shifting to mid-sized organizations.

Double extortion tactics have been the norm for the past two years, where attackers exfiltrate data prior to file encryption and then demand payment for the decryption keys and to prevent the publication of stolen data. A new trend of triple extortion in 2021 saw ransomware gangs also threaten to inform the victim’s partners, shareholders and suppliers about the attack. It is also now common for ransomware gangs to work with their rivals and share sensitive data. There have been multiple cases where ransomware gangs have shared information with other gangs to allow them to conduct follow-on attacks.

2021 saw an increase in attacks on the supply chain. By compromising the supply chain, ransomware gangs are able to conduct attacks on multiple targets. There was also an increase in attacks targeting managed service providers, where MSP access to customer networks is exploited to deploy ransomware on multiple targets. Russian ransomware gangs have been increasingly targeting cloud infrastructure, accounts, application programming interfaces, and data backup systems, which has allowed them to steal large quantities of cloud-stored data and prevent access to essential cloud resources.

Diverse tactics were used in 2021 to gain access to victim networks, including quickly developing exploits for known vulnerabilities, conducting brute force attacks on Remote Desktop Protocol, and using stolen credentials. These tactics have proven effective, helped by the increase in remote working and remote schooling due to the pandemic.

Improve Your Defenses Against Ransomware Attacks

To defend against ransomware attacks, it is important to prevent attackers from using these tactics. The number of reported vulnerabilities increased in 2021 and security teams struggled to keep up with routine patching. Security teams need to prioritize patching and concentrate on patching the vulnerabilities that are known to have been exploited, such as those published in the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities Catalog, and critical vulnerabilities where there is a high change of exploitation.

To combat brute force attacks, it is important to ensure all default passwords are changed and strong passwords are set for all accounts. Consider using a password management solution to make this easier. Multifactor authentication should be set up for as many services as possible, especially for access to critical systems, VPNs, and privileged accounts. RDP, other remote access solutions, and risky services should be closely monitored and ports and protocols that are not being used should be disabled.

It is also vital to take steps to prevent phishing attacks. Phishing is commonly used to gain access to credentials to gain a foothold in networks, or for phishing emails to be used to deliver malware. An advanced email security solution should be implemented to detect and block as many phishing threats as possible to prevent then from being delivered to employee inboxes. A web filtering solution can improve defenses by blocking access to the websites linked in phishing emails and to prevent the downloading of malware from the Internet. Security awareness training for the workforce is also important. Training should raise awareness of the risks of visiting suspicious websites, clicking on suspicious links, and opening suspicious attachments.

TitanHQ can help with all of these anti-phishing defenses through SpamTitan Email Security, the WebTitan DNS-based Web Filter, and SafeTitan Security Awareness Training. To find out more about these solutions for SMBs, enterprises, Internet Service Providers, and Managed Service Providers, give the TitanHQ team a call.

TitanHQ Adds Security Awareness Training with Acquisition of Cyber Risk Aware

TitanHQ, the leading cybersecurity SaaS business, today announced its acquisition of Cyber Risk Aware. Established in 2016, Cyber Risk Aware is a global leader in security awareness and mitigation of human cyber risk, assisting companies to help their staff protect the company network.

Cyber Risk Aware delivers real-time cyber security awareness training to staff in response to actual staff network behavior. This intuitive and real-time security awareness training reduces the likelihood users will be impacted by the latest threats such as ransomware, BEC attacks, and data breaches, whilst also enabling organizations to meet compliance obligations.  Leading global businesses that trust Cyber Risk Aware include Standard Charter, Glen Dimplex, and Invesco.

TitanHQ has been providing email and web security solutions to businesses, enterprises, and managed service providers for more than two decades and now provides a range of security solutions to more than 8,500 businesses globally, including more than 2,500 managed service providers.

The acquisition will further bolster TitanHQ’s already extensive security offering. The combination of intelligent security awareness training with phishing simulation and TitanHQ’s advanced email protection, DNS security, email archiving, and email encryption solutions to create a powerful, multi-layered cybersecurity platform that secures end users from compromise. This is the go-to cybersecurity platform for IT Managed Service Providers and internal IT teams.

“This is a fantastic addition to the TitanHQ team and solution portfolio. It allows us to add a human protection layer to our MSP Security platform, with a fantastic feature-rich solution as demonstrated by the high caliber customers using it. Stephen and his team have built a great company over the years, and we are delighted to have them join the exciting TitanHQ journey.” said TitanHQ CEO Ronan Kavanagh.

The solution is available to both new and existing customers and MSP partners at TitanHQ.com and is now branded as SafeTitan, Security Awareness Training. Cyber Risk Aware existing clients are unaffected and will benefit from improvements in the platform in terms of phishing sims content and an exciting, innovative product roadmap.

Stephen Burke, CEO of Cyber Risk Aware, commented: “I am incredibly proud that Cyber Risk Aware has been acquired by TitanHQ, cybersecurity business that I have greatly admired for a long time. Today’s announcement is fantastic news for both our clients and partners. We will jointly bring together a platform of innovative security solutions that address the #1 threat vector used by bad actors that cause 99% of security breaches, “End User Compromise”. When I first started Cyber Risk Aware, my aim was to be the global security awareness leader in delivering the right message, to the right user at the right time. Now as part of TitanHQ, I am more excited than ever about the unique value proposition we bring to market”.

For more information on TitanHQ’s new Security Awareness Solution, visit https://www.webtitan.com/safetitan/