Our news section dedicated to web filtering reports on instances in which a web filter can be used to protect organizations against online threats and the consequences of phishing campaigns. We also report on how filtering web access can protect the vulnerable against exposure to inappropriate online content – particularly minors viewing pornography.
Several of our news items will be of particular interest to MSPs and service providers who wish to add web filtering to their portfolio of products. With TitanHQ´s solutions, MSPs can incorporate white-labelled web filtering into an existing service package or market the solutions as stand-alone packages.
Cybercriminals have adopted a new tactic to deliver malware and conduct phishing attacks on unsuspecting internet users. They are hijacking inactive domains and using them to direct visitors to malicious websites in a form of malvertising.
Malvertising is the term given to the use of malicious code in seemingly legitimate adverts, which are often displayed on high-traffic websites. Website owners use third-party ad networks as a way to increase revenue from their websites. Most of these adverts are genuine and will direct users to a legitimate website, but cybercriminals often sneak malicious code into these adverts. Clicking the link will direct the user to a website hosting an exploit kit or phishing form. In some cases, ‘drive-by’ malware downloads occur without any user interaction, simply if the web content loads and the user has a vulnerable device.
The new tactic uses domains that have expired and are no longer active. These websites may still be listed in the search engine results for key search terms. When user conducts a search and clicks the link or uses a link in their bookmarks to a previously visited website, they will arrive at a landing page that explains that the website is no longer active. Oftentimes, that page will include a series of links that will direct the visitor to related websites.
What often happens is these expired domains are put up for sale. They can be attractive for purchasers as there may already be many links to the website, which is preferable to starting a brand-new website from scratch. These expired domains are then auctioned. Researchers at Kaspersky found that cybercriminals have taken advantage of these auction-listed websites and have added links that direct visitors to malicious websites.
When a visitor arrives on the site, instead of being directed to the auction stub, the stub is replaced with a link to a malicious website. The study uncovered around 1,000 domains that had been listed for sale on a popular auction site, which redirected visitors to more than 2,500 unwanted URLs. In the majority of those cases, the URLs were ad-related pages, but 11% of the URLs were malicious and were mostly being used to distribute the Shlayer Trojan via infected documents that the user is prompted to download. The Shlayer Trojan installs adware on the user’s device. Several of the sites hosted malicious code on the site rather than redirecting the visitor to a different website.
These domains were once legitimate websites, but are now being used for malicious purposes, which makes the threat hard to block. In some cases, the sites will display different content based on where the user is located and if they are using a VPN to access the internet. These websites change content frequently, but they are indexed and categorized and if determined to be malicious they are added to real time block lists (RBLs).
A web filtering solution such as WebTitan can provide protection against malvertising and redirects to malicious sites. If an attempt is made to send a user to a known malicious website, rather than being connected the user will be directed to a local block page, negating the threat. WebTitan can also be configured to block downloads of risky file types from these websites.
Many organizations have implemented firewalls to prevent direct attacks by hackers, use antivirus software to block malware, and use an anti-spam solution to block attacks via email, but there is a gap in their security protections and web-based threats are not effectively blocked. WebTitan allows organizations to plug that gap and control the websites that can be accessed by employees.
For further information on WebTitan and filtering the internet, give the TitanHQ team a call. WebTitan is available on a free trial to allow you to evaluate the solution and see for yourself how you can block attempts to visit malicious web content and NSFW sites.
If you have been following the security news, you will have seen that there has been a major increase in COVID-19 themed cyberattacks targeting remote workers. Cybercriminals are exploiting fear about the virus and the somewhat chaotic switch from mostly office-based workers to having virtually the entire workforce working remotely. Understandably given the speed at which businesses have had to adjust, vulnerabilities have been introduced.
The attack surface has increased considerably as a result of largely at-home workforces and cybercriminals have taken advantage. According to research conducted by Darktrace, in the United Kingdom, prior to the COVID-19 lockdown being imposed, around 12% of malicious email traffic was targeting home workers. The volume increased to around 60% after 6 weeks of lockdown, which clearly demonstrates the extent to which remote workers are being targeted.
The types of malicious emails being sent to remote workers have been incredibly diverse. Cybercriminals are using all manner of lures to get remote workers to click links and disclose their credentials or open malicious attachments and trigger malware downloads. Financial fraud has also increased with BEC gangs using the COVID-19 pandemic to fraudulently obtain funds from company accounts.
Early on in the pandemic when information about the virus was thin on the ground, emails were being sent offering important advice about preventing infection along with fake updates on cases. As the pandemic progressed and the effects started to be felt, cybercriminals started sending fake requests for donations to charities to help individuals adversely affected by COVID-19. As governments implemented furlough schemes and set up funds to help the employed and self-employed, campaigns were conducted that linked to websites that claimed to offer grants, allow workers to choose to be furloughed, or apply for financial support.
Attacks have targeted the tools that are being used by remote workers to connect to their offices and communicate with colleagues, with the likes of Zoom, Skype, GoToMeeting, and other corporate messaging systems being spoofed to infect users with malware. File sharing platforms have similarly been spoofed to get employees to disclose their credentials. Darktrace’s data shows there has been a massive increase in spoofing attacks during lockdown, increasing from around one fifth of attacks before lockdown to 60%.
It is not only cybercrime groups that are conducting attacks. State-sponsored hacking groups have similarly been taking advantage of the pandemic to steal sensitive data, including the latest COVID-19 research data on potential cures, vaccines, and treatments to further the response efforts in their own countries.
What is not always clear from the new reports is how the increase in cyberattacks targeting remote workers has translated into actual data breaches. Are these attacks succeeding or are companies managing to thwart the attacks and keep the hackers at bay?
There is a lag between intrusions being detected, breaches being confirmed, and announcements being made but it appears that many of these attacks are succeeding. In April, the International Association of IT Asset Managers issued a warning that while a rise in data breaches was to be expected as a result of the pandemic, the number of incidents was actually far higher than anticipated. It is also clear that ransomware attackers have stepped up their efforts to attack businesses. Even organizations on the frontline in the fight against COVID-19 have not been spared.
Threat actors have taken advantage of the opportunities offered by the pandemic. It is up to businesses to make sure their security measures are sufficient to thwart attacks. Combating cyberattacks on remote workers requires additional security measures to be implemented. One measure that is often overlooked but can greatly improve protection is DNS filtering.
A DNS filter provides protection against the web-based component of cyberattacks and is an important measure to implement to improve defenses against phishing and malware. Even with robust email security defenses in place, some messages will arrive in inboxes. A DNS filter provides an extra layer of protection by preventing users from visiting malicious websites linked in emails.
When a malicious link is clicked, a DNS query is made, and a DNS lookup is performed to find the IP address of the URL. DNS filtering ensures that the IP address is not returned if the URL is malicious. A DNS filter such as WebTitan also allows IT teams to block malware downloads, monitor internet activity, and carefully control the types of websites their remote users can access on corporate devices.
If you have not yet implemented a DNS filtering solution and would like more information on how it can protect against cyberattacks on remote workers, give the TitanHQ team a call today.
Cybersecurity for remote workers has never been so important. At-home employees are being targeted by hackers who see them as low hanging fruit and an easy entry point into corporate networks.
The threat faced by businesses that have rapidly shifted to a largely at-home workforce should not be underestimated. With everyone working in the office, within the protection of the corporate firewall, IT departments could keep hackers at bay. Any employees that were authorized to work from home could be provided with a laptop that had security protections appropriate for the increased level of risk.
Moving the entire workforce from the office to attics, basements, kitchens, and spare rooms in a very short space of time has meant corners have had to be cut. Many SMBs have had to adapt quickly and have not had enough time to provide additional training to their at-home employees. The laptop computers now being used by their employees have had to be provisioned quickly and they lack the protection required for at home working. Some businesses are even allowing personal computers to be used out of necessity. Cybercriminals have been rubbing their hands with glee at the new opportunities and the ease at which they can attack businesses.
Lockdowns are now being lifted and people are being encouraged to go back to work, but further spikes in cases are likely as a result and with social distancing in the office problematic for many businesses, many employees will still need to work from home. To reduce the risk of those employees falling for a phishing scam or inadvertently downloading malware or ransomware, additional cybersecurity measures should be implemented.
You will more than likely have an email security solution to block the most common attack vector, but additional layers of security will greatly improve your security posture, one of the most important of which is a web filtering solution. A web filter stops your employees from visiting malicious websites, such as those used for phishing or malware distribution. When an attempt is made to visit a malicious website – through a link in a phishing email, a web redirect, or general web browsing – rather than being allowed to visit the website, employees will be directed to a local block page that explains the site cannot be accessed as it violates your internet usage policies.
A web filter can also be used to stop employees from using their work laptop for personal use by blocking websites by category, and as a control against shadow IT to prevent unauthorized software downloads.
WebTitan Cloud will allow you to improve cybersecurity for remote workers without requiring any software downloads and can be set up and protecting your office staff and remote workers in a matter of minutes.
Join us for our Webinar on Improving Cybersecurity for Remote Workers
If you are reading this before Thursday May 21, 2020, then you can find out more about how WebTitan Cloud can protect your employees and corporate network from attack by joining us on for our webinar.
Title: Keeping your Remote Workers TWICE as secure with SpamTitan & WebTitan
Date: Thursday, May 21, 2020
Time: 11:00-11:30 CDT
If you missed the webinar, just give us a call and we will be happy to answer any questions you have, explain the benefits of WebTitan Cloud, arrange a product demonstration, and help get you filtering the internet and blocking web-based threats.
TitanHQ is hosting a webinar on Thursday May 21, 2020 and will be explaining how you can double protection for your remote workers and better protect them against phishing, malware, ransomware, and zero-day attacks. The webinar is ideal for current SpamTitan customers, prospective customers, Managed Service Providers and small- to medium-sized enterprises.
During the webinar you’ll find out why it is so important to protect against both the email- and web-based components of cyberattacks and you will discover more about an important layer that you can ad to your security defenses that will allow you to significantly reduce susceptibility to a cyber attack and data breach.
TitanHQ will explain how cybercriminals are exploiting the COVID-19 pandemic and are targeting remote workers. You will also discover more about the features and security layers of WebTitan Security and how this DNS-based web filtering solution allows you to manage user security at multiple locations.
Most cyberattacks have an email and web-based component – Find out how WebTitan serves as a vital layer of security to block phishing attacks, malware and ransomware downloads.
Learn why WebTitan is the leading web security option for the Managed Service Provider who service the SMB and SME market.
Join TitanHQ for the webinar, which will be attended by:
Derek Higgins, Engineering Manger TitanHQ
Eddie Monaghan, Channel Manager TitanHQ
Marc Ludden, Strategic Alliance Manager TitanHQ
Kevin Hall, Senior Systems Engineer at Datapac
Title: Keeping your Remote Workers TWICE as secure with SpamTitan & WebTitan
The COVID-19 pandemic has given cybercriminals a golden opportunity to make money. With the world focused on little else other than the response to the pandemic, and with people craving information about the virus, it is not surprising that standard phishing lures have been abandoned in favor of COVID-19 themed lures.
COVID-19 and coronavirus themed domains have been purchased in the tens of thousands and are being used for phishing, malware distribution, and a variety of scams such as obtaining donations to fake charities. Figures released by the Palo Alto Networks Unit 42 team for the period of February to March show there has been an average daily increase of new COVID-19 related domains of 656%, a 569% increase in the number of malicious COVID-19 domains, and a 788% increase in new high-risk domains.
Several domain registrars have started taking steps to combat coronavirus and COVID-19 related fraud and some, such as Namecheap, are now preventing the registration of new domains related to COVID-19. Domain registrars are flagging these new domains for investigation, but that is a manual review process that takes time. In the meantime, the domains are being set up and used for convincing scams.
One malicious campaign uncovered in the past few days uses COVID-19 themed domains to distribute the banking Trojan Grandoreiro. The websites are used to host videos that promise to provide important information about SARS-CoV-2 and COVID-19. When visitors click on the video, a file download is triggered and the user is required to run the installer to view the video content, but instead installs the banking Trojan. The banking Trojan has previously been delivered via spam email, but the threat group behind the malware have changed tactics in response to the pandemic and have changed to web-based delivery.
There have been many similar campaigns created using malicious COVID-19 domains to deliver a slew of malware variants such as keyloggers, information stealers, cryptocurrency miners, and other Trojans.
Lockdown has left people with a lot of time on their hands and outdoor activities have been swapped for more TV time. It is no surprise that movie piracy sites have seen a huge surge in traffic and malware distributors are taking advantage and are bundling malware with pirated video files and using fake movie torrents to deliver malware.
An investigation by Microsoft identified a campaign that uses a VBScript packaged into ZIP files that claim to be pirated movie files. The campaign was being conducted to deliver a coinminer that runs in the memory, with living-of-the-land binaries also used to download other malicious payloads.
These campaigns often have a phishing component, with emails sent to drive traffic to these malicious websites. An advanced spam filtering solution can help to block the email component of these campaigns, but businesses should also consider an additional layer to their security defenses to block the web-based component of these attacks and prevent their remote employees from visiting malicious COVID-19 domains. That protection can be provided by a DNS filtering solution such as WebTitan Cloud.
WebTitan Cloud filters out malicious websites at the DNS lookup stage of a web access request. When a user attempts to visit a website, instead of the standard DNS lookup to find the IP address of a website, the request is sent through WebTitan. If an attempt is made to visit a malicious domain, the request will be blocked and the user will be directed to a local block page. WebTitan can also be configured to block certain file downloads and filter the internet by category, such as blocking P2P file-sharing and torrents sites to provide additional protection against malware and the installation of shadow IT.
WebTitan Cloud can be quickly set up remotely by sysadmins to protect all workers on and off the network with no clients required, which makes it an ideal solution during the COVID-19 pandemic for protecting remote workers.
For further information on protecting your organization and remote employees from web-based attacks, to register for a free trial of WebTitan, and for details of pricing, give the TitanHQ team a call today.
There has been a massive rise in the number of telecommuting workers as a result of the 2019 Novel Coronavirus pandemic and cybercriminals are taking advantage. Phishing and malware attacks have soared in the past few weeks and home workers are being targeted.
Individuals who regularly worked from home before the COVID-19 crisis will be used to taking precautions when connecting to virtual environments set up by their employers, but huge numbers of employees are now logging in remotely for the very first time and may not be aware of the telecommuting cybersecurity risks. IT and IT security departments have also had to set up the workforce for home working in a hurry, and the sheer number of employees that have been forced into telecommuting means corners have had to be cut which has created opportunities for cybercriminals.
Even if the transition to having the entire workforce telecommuting has been expertly managed, risk will have increased considerably. Cybersecurity is far harder to manage when the entire workforce is outside the protection of the corporate firewall and with most workers telecommuting, the attack surface has grown considerably.
Telecommuting workers are seen as low hanging fruit and cybercriminals are taking advantage of the ease at which attacks can be conducted. Since January there has been a massive increase in phishing attacks, malware attacks, and attacks over the internet targeting remote workers.
NASA Sees “Exponential Increase” in Malware Attacks
On April 6, 2020, NASA sent a memo to all personnel warning of a massive increase in targeted attacks on the agency. NASA explained in the memo that the number of phishing attempts on NASA employees has doubled in the past few days and its systems designed to block employees from accessing malicious websites has gone into overdrive. The number of malicious websites that are now being blocked has also doubled, which strongly suggests employees are clicking on links in phishing emails and are being fooled by these scams. NASA also reports that there has been an “exponential increase in malware attacks on NASA systems.”
Attacks are being conducted by a diverse range of threat actors, from small players to prolific advanced persistent threat (APT) groups and nation-state sponsored hackers. NASA has warned its employees that those attackers are targeting NASA employees’ work and personal devices and that the attacks are likely to continue to increase throughout the Novel Coronavirus pandemic.
NASA is far from alone in experiencing a massive increase in attempted cyberattacks. Businesses of all sizes are now having to deal with unprecedented risks and are struggling to defend their networks from attack. They now have to defend a massively increased attack surface and the number of attacks has skyrocketed.
There are other factors that are making it difficult for employers. Employees crave information about the Novel Coronavirus and COVID-19 and cybercriminals are sending huge numbers of emails offering them just the information they seek. Huge numbers of websites are being set up that purport to offer advice on the Novel Coronavirus and COVID-19. Check Point has reported that more than 16,000 domains related to coronavirus or COVID-19 have been registered since January and those domains are 50% more likely to be malicious than other domains registered in the same period.
How to Protect Telecommuting Workers
There are three main ways that telecommuting workers are being attacked: Email, malicious websites, and the exploitation of vulnerabilities.
To prevent the latter, it is essential for software and operating systems to be kept up to date. This can be a challenge for IT departments at the best of times, but much harder when everyone is working remotely. Despite the difficulty, prompt patching is essential. Vulnerabilities in VPNs are being targeted by cybercriminals and offer an easy way to gain access to corporate networks. Employees should be told to make sure their VPN clients are running the latest software version and businesses should ensure their VPN infrastructure is kept up to date, even if it means some downtime while updates are applied.
TitanHQ Can Help You Strengthen Email and Web Security
Advanced email security defenses are now required to protect against phishing and email-based malware threats. Some of the COVID-19 phishing campaigns that are now being conducted include some of the most sophisticated phishing threats we have ever seen.
You should not rely on one form of email security, such as Microsoft’s Exchange Online Protection for Office 365 accounts. Layered defenses are essential. Office 365 email security can be significantly strengthened by layering SpamTitan on top of Microsoft’s EOP protections. SpamTitan does not replace Office 365 protections, it improves them.
SpamTitan is an advanced email security solution that incorporates powerful, real time updated AI-driven threat intelligence to block spam, phishing, malware, malicious links, and other email threats from incoming mail. SpamTitan sandboxing identifies threats that signature-based detection solutions miss and is effective at identifying and blocking zero-day malware threats.
Each day, the number of malicious websites related to COVID-19 grows. These websites are used to phish for sensitive information such as email and VPN credentials and for drive-by downloads of malware. To protect remote workers and prevent them from accessing these malicious websites, a web filtering solution is required.
WebTitan DNS Security offers protection against web-based threats and prevents employees from accessing known malicious websites. WebTitan DNS Security is seeing massively increased traffic demand for its scanning and web detection features, but the solution is cloud based and has been developed with scalability in mind. WebTitan DNS Security is blocking new threats as soon as they are identified to keep customers and their employees protected. The solution can be easily implemented to protect remote workers but inserting simple code into enterprise devices which points the DNS to WebTitan. That small change will ensure the internet is filtered for all employees, no matter where they are working.
TitanHQ is committed to providing safe and secure email and internet usage for our customers, partners and their users, now more than ever. Contact TitanHQ today for help improving security at your organization.
IT departments have been forced to address cybersecurity risks with remote workers in a hurry due to the 2019 Novel Coronavirus pandemic that has seen large sections of the workforce forced into working from home.
The International Workplace Group conducted a study in 2019 and found that 50% of employees spend at least half of the week working remotely, and 70% of workers spend at least one day each week working from home. The 2019 Novel Coronavirus pandemic has increased that percentage considerably. Many companies have all but closed down their offices and have told their employees they must work from home.
While this is an important strategy for ensuring the safety of the workforce, there are many cybersecurity risks with remote workers and IT departments will find it much harder to secure their systems, protect confidential data, and quickly respond to security incidents.
One of the biggest problems for IT departments is the speed at which changes had to be made to accommodate a massive increase in remote workers. There has been little time to prepare properly, provide training, and ensure the cybersecurity risks with remote workers are all addressed.
Cybercriminals are Targeting Remote Workers
The massive increase in remote workers due to the 2019 Novel Coronavirus pandemic has given cybercriminals easy targets to attack, and unsurprisingly remote workers are being targeted. Remote workers are seen as low hanging fruit and attacks are far easier than when workers are in the office.
Several phishing campaigns have been detected targeting home workers that attempt to obtain email and VPN credentials. These phishing attacks are likely to increase considerably over the coming weeks and months. Attacks on VPNs have also increased, with cybercriminals exploiting unpatched vulnerabilities to steal credentials and gain access to corporate networks.
Campaigns have been detected spoofing Zoom and other videoconferencing platforms. According to Check Point, there have been 1,700 new Zoom domains registered in 2020 and 25% of those have been registered in the past two weeks. Other videoconferencing and communication platforms are also being targeted.
Addressing Cybersecurity Risks with Remote Workers
The massive increase in the number of employees working from home has increased the attack surface dramatically. Laptops, smartphones, and tablets are remotely connecting to the network, often for the very first time. It is essential that al of those devices are secured and data is appropriately protected.
Any device allowed to connect to the network remotely must have the best security software installed to protect against malware. Devices must be running the latest versions of operating systems and patches need to be applied promptly. Some studies suggest that it takes companies around 3 months on average to patch vulnerabilities. For remote workers, patching needs to be accelerated considerably and, ideally, software and operating systems should be configured to update automatically. Computers used by remote workers must also have firewalls enabled.
Ensure Home Routers are Secured
With many countries in lockdown and people being told not to leave the house, one of the biggest problem areas with remote working has been solved. The use of unsecured pubic Wi-Fi networks. When remote workers connect to unsecured public Wi-Wi networks, it is easy for cybercriminals to intercept sensitive corporate data, steal login credentials, and install malware. The Novel Coronavirus pandemic has seen remote workers abandon coffee shops and public Wi-Fi access points and stay at home; however, home Wi-Fi networks may be just as vulnerable.
Home workers will connect to the internet through consumer-grade routers, which will be far less secure than the office. Home Wi-Fi is often poorly secured and many devices that connect to Wi-Fi will have scant security controls in place. Remote workers must ensure that their home Wi-Fi network is protected with a strong password and that routers have WPA2 enabled.
Ensure Remote Workers Use a VPN and Establish a Secure Connection
It is essential for remote workers to establish a secure connection when accessing work resources and the easiest way to do this is with a virtual private network (VPN). A VPN client should be installed on all devices that you allow to remotely connect to the network.
Several vulnerabilities have been found in VPNs over the past year, and even months after patches have been released by VPN solution providers that patches have yet to be applied. Patching VPNs can be difficult when they are in use 24/7, but prompt patching is essential. There has been an increase in cyberattacks exploiting vulnerabilities in VPNs in recent weeks. In addition to ensuring the latest version of VPN clients are used and VPN solutions are patched quickly, training must be provided to remote workers to ensure they know how to use VPNs.
Ensure Multifactor Authentication Is Enabled
Strong passwords must be set to prevent brute force password guessing attempts from succeeding, but passwords alone do not provide sufficient protection for remote workers. You must ensure that multifactor authentication is enabled for all cloud services and for email accounts. If credentials are compromised in a phishing attack, it will not be possible for the credentials to be used to access accounts and sensitive data without another factor also being provided, such as a one-time code sent to an employee’s cellphone.
Security Awareness Training for Remote Workers
IT staff will be well aware that even the best security defenses can be breached as a result of the actions of employees. Employees are the weakest link in the security chain, but through security awareness training risk can be significantly reduced. Most companies will provide security awareness training to staff as part of the onboarding process, and often refresher training sessions will be provided on an annual basis. Consider increasing training for remote workers and conducting training sessions far more frequently.
The purpose of cybersecurity awareness training is to teach employees the skills they will need to recognize and avoid threats and to change the mindset of workers and create a culture of cybersecurity. Best practices for cybersecurity must be taught to prevent employees from falling prey to cyberattacks when working remotely. Employees need to be made aware of the cybersecurity risks with remote workers, which may not have been covered in training sessions when employees were only working in the office. Training remote staff should now be a priority. It is important to step up training to help remote workers identify phishing emails, spoofing, impersonation attacks, and also to teach remote workers about good IT hygiene.
Protect Against Web-Based Attacks
The dangers that come from the internet should be covered in security awareness training, but not all web-based threats are easy for remote workers to identify. Malicious adverts can be found on all manner of websites that direct users to phishing sites and websites where drive by malware downloads occur. To address cybersecurity risks for remote workers when accessing the internet, a web filtering solution should be deployed.
Cloud-based web filters are the most practical choice as they are easy to deploy, require no software downloads, and do not need to be patched or updated as that is handled by the solution provider. DNS-based filters are the best choice as they will involve no latency, which can be a major issue when bandwidth will be limited in workers’ homes.
WebTitan prevents remote workers from visiting or being redirected to known malicious websites and allows IT teams to control the types of websites that can be accessed on work devices to further reduce risk. Since WebTitan integrates with Active Directory and LDAP, IT teams can monitor the internet activity of all employees and can configure the solution to block malicious file downloads and the downloading unauthorized programs onto work devices.
It is fair to say that more people are now working from home than ever before and the number is growing rapidly due to the coronavirus pandemic. Here we explore some of the key cybersecurity challenges for remote working and suggest ways that CIOs and IT managers can reduce risk, keep their networks secure, and protect their workers.
COVID-19 and Remote Working
Even in the absence of a pandemic, an increasing number of people are working from home for at least part of the week. One study conducted by the International Workplace Group in 2018 suggests 50% of employees spend at least two and a half days a week working from home and 70% spend at least one day a week working from home.
The coronavirus pandemic is rapidly changing that. Governments around the world are recommending people work from home if they possibly can and many want to do so to reduce the risk of contracting COVID-19. With the 2019 Novel Coronavirus pandemic likely to last for several months at the very least, that is unlikely to change any time soon. Businesses will come under increasing pressure to get their employees set up for working at home.
Cybersecurity Challenges for Remote Working
For many businesses, having to set up large number of employees to work from home in such a short space of time will have come as a major shock. Rather than being able to transition gradually, the quarantine measures and social distances demanded in response to the coronavirus pandemic has given businesses and their CIOs and IT teams little time to prepare and address the cybersecurity challenges for remote working.
Some employees will already be working from home some of the time, so they will be familiar with the steps they need to take to access work networks and applications securely from home, but for a great deal of workers this will be their first time. Those workers therefore need to be trained and made aware of the additional risks, they must learn how to access work systems remotely, and the steps they need to take to do so securely.
Measures need to be considered to reduce the harm that can be caused should devices be lost or stolen, as the risk of device theft increases considerably when IT equipment is taken out of the office. Even if workers are not venturing out of the house to coffee shops, home environments may not be as safe and secure as the office.
Cyberslacking is likely to increase considerably when workers are not being directly supervised due to working at home, so loss of productivity is a real issue. Productivity losses due to people working from home is a key business concern that should be addressed. Cyber risks also increase from internet access at home.
The risk of insider threats also increases with more remote workers. Steps should be taken to reduce the potential for fraud and data theft.
It is relatively easy for organizations to effectively manage risk when users are connected to internal networks when working in the office. Doing the same when most of the workforce is working remotely is a different matter entirely. As the attack surface increases, mitigating risks and protecting against cyberthreats becomes a major challenge.
There are also issues with authentication. A known individual may be attempting to connect to the network, but it becomes harder to determine is that person is who they claim to be. Authentication measures need to be stepped up a gear.
Many businesses will be faced with the problem of simply not having enough devices to allow workers to work remotely on company-issued devices, so the decision will need to be taken about whether to allow employees to use their personal devices. Personal devices are unlikely to have the same level of protection as company-owned devices and it is much harder to control what employees do on those devices and to protect against malware that could easily be transferred onto the work network.
There is also a greater risk of shadow IT when workers are home-based. The downloading of applications and use of non-authorized tools increases risk considerably. Vulnerabilities may be introduced that can easily be exploited by cybercriminals.
Then there is the problem of having so many people accessing work networks using VPNs. Systems may not be able to cope with the increased number, which means workers will not be able to connect and work from home. IT departments must ensure there is sufficient bandwidth and licenses for VPN solutions. Those VPNs also need to be updated and patched.
These are just some of the many cybersecurity challenges for home working. The list of security concerns is very long.
Cybercriminals are Taking Advantage of a Huge Opportunity
Cybercriminals are constantly changing tactics to attack businesses and the coronavirus pandemic offers them opportunities on a silver platter. It is unsurprising that they are taking advantage. In January, phishing campaigns were launched taking advantage of fear about coronavirus. Those campaigns have increased significantly as the COVID-19 crisis has deepened. Coronavirus and COVID-19 are being used as phishing lures and to COVID-themed emails are being used to distribute malware. Cyberattacks exploiting vulnerabilities in VPNs are also increasing.
As the COVID-19 crisis worsens and lockdowns are enforced, businesses will be forced to have more workers working from home and cyberattacks are likely to continue to increase. Since shutting down the business temporarily or indefinitely simply isn’t an option for most businesses, addressing the cybersecurity challenges for remote working will soon become critical.
Addressing the Cybersecurity Challenges for Home Working
Addressing the cybersecurity challenges for home workers is likely to be difficult. Listed below are some of the steps that should be taken to prepare.
When creating new accounts for home workers, ensure strong passwords are set and use the principle of least privilege to reduce risk.
Enable two-factor authentication.
Ensure workers can connect through VPNs and there are sufficient licenses and bandwidth.
Make sure VPN software is patched and the latest version is installed. Ensure procedures are in place to keep the software updated.
Consider disabling USB ports to prevent the use of portable storage devices. This will reduce the risk of malware infections and the risk of data theft.
Ensure portable devices are protected with encryption. Use software solutions that lock devices in the event of theft or allow devices to be remotely wiped.
Ensure you set up communications channels to allow remote workers to collaborate, such as teleconferencing, chat facilities, document sharing platforms, and SaaS applications. Make sure employees are aware of what can and cannot be shared via chat apps such as Slack and Google Chat.
Ensure staff are trained on new applications, the use of VPNs, and are aware of the additional risks from remote working. Train remote workers on how to identify phishing and other cybersecurity threats.
Ensure policies and procedures are set up for reporting threats to IT security teams. Instruct employees on the correct course of action if they believe they have fallen for a scam.
Implement a DNS filter to prevent employees from accessing high risk websites on corporate-issued devices and block downloads of risky file types.
Ensure email security controls are implemented to block phishing attacks and detect and quarantine malware threats.
How TitanHQ Can Help Protecting Remote Workers and Their Devices
TitanHQ has developed two cybersecurity solutions that can help businesses protect their remote workers and their networks from email and web-based threats. Being 100% cloud-based, these solutions are just as effective when employees are working remotely as they are for office workers.
SpamTitan Cloud is a powerful email security solution that protects against the full range of email threats. SpamTitan has advanced threat detection capabilities to detect known and zero-day phishing, spear phishing, malware, botnet, and ransomware threats and ensure the threats never reach inboxes. SpamTitan Cloud also scans outbound email to detect spamming and malware distribution, as well as improving protection against insider threats through tags for sensitive data.
WebTitan Cloud is a DNS filtering solution that provides protection from web-based attacks for user working on and off the network. Being cloud based, there is no need to backhaul traffic to the office to apply filtering controls. Since the filter is DNS-based, clean, filtered internet access is provided with no latency. Controls can easily be applied to restrict access to certain types of websites to prevent cyberslacking and block cybersecurity threats and malware downloads.
Both of these solutions are easy to implement, require no local clients, and can be set up to protect your employees in minutes. They are also available on a free trial if you want to evaluate the solutions before committing to a purchase.
For further information on SpamTitan Cloud Email Security and WebTitan Cloud DNS filtering and to discover how these solutions can help to protect your business and remote workers at this extremely challenging time, give the TitanHQ team a call today.
Many phishing campaigns have been detected that use the novel coronavirus as a lure and now a new ransomware variant called CoronaVirus has been detected and analyzed by MalwareHunterTeam. CoronaVirus ransomware is being distributed through a malicious website masquerading as software called WiseCleaner, a tool that can be used to clean up the registry and remove duplicate files and junk files from computers. WiseCleaner is legitimate software tool, but the website used in this campaign is fake.
It is currently unclear how traffic to the website is being generated. Campaigns such as this typically use malvertising for traffic – Malicious adverts on ad networks that direct users to malicious websites. These adverts are displayed on many legitimate websites that use third party ad networks to generate extra revenue.
If a website visitor tries to download WiseCleaner from the malicious website (The genuine website is wisecleaner.com), a file named WSHSetup.exe will be downloaded. Executing this file will download two malicious payloads: CoronaVirus ransomware and the Kpot Trojan. The Kpot Trojan is an information stealer that steals a variety of credentials, including Skype, Steam, Discord, VPN, email, and FTP passwords from a variety of different applications. The Kpot Trojan steals information such as banking credentials that have been saved in browsers and can also steal cryptowallets. The executable file also attempts to download other files, although currently only two files are downloaded. The intention may well be to download a cocktail of malware.
When CoronaVirus ransomware is downloaded and executed it encrypts a range of different file types. The encrypted files are renamed using the attacker’s email address, but the original file extension is retained. A ransom note is dropped in each folder where files are encrypted.
Interestingly, the ransom demand is very low. The attackers only charge 0.08 BTC – around $50 – for the keys to decrypt files. This suggests the ransomware component of the attack is not the main aim of the campaign which is to distribute the Kpot Trojan and potentially other malware payloads. CoronaVirus ransomware may just be a distraction.
There is currently no known decryptor for CoronaVirus ransomware and it is unclear whether the attackers can – or will – supply valid keys that allow encrypted files to be recovered.
Businesses can protect against attacks such as this by ensuring they backup all of their files regularly and store the backups offline. A web filtering solution should also be implemented to prevent malicious files from being downloaded. Web filters can be configured to prevent attempts by employees to visit malicious websites and also to block downloads of risky file types such as .exe files.
For more information on web filtering and to find out how TitanHQ’s web filtering solution, WebTitan, can help to protect your business from web-based cyberattacks, give the TitanHQ sales team a call today.
A campaign has been detected that uses alerts about out of date security certificates to fool unsuspecting web users into downloading malware. The warnings have been placed on several legitimate websites that have been compromised by cybercriminals.
When visitors arrive on the compromised websites they are presented with an error message that tells them the digital security certificate has expired and they need to download an updated one. Downloading and running the file results in malware being installed on the user’s device – The Mokes backdoor (aka Smoke Loader) and the Buerak malware downloader.
This tactic of malware distribution is nothing new. Cybercriminals have been using this method for years to fool users into downloading malware under the guide of a browser or Flash update, but this is the first time that expired website security certificate error messages have been used for malware distribution.
The NET::ERR_CERT_OUT_OF_DATE error message is delivered via an iframe that is overlaid over the website using a jquery.js script. The warning matches the size of the original page, so it is all the visitor sees when they land on the website. If they want to be able to view the content, they are told they should update their security certificate to allow the connection to the website to be made. The content of the message is loaded from a third-party web resource, but the URL displayed is of the legitimate website the user has navigated to.
It is not clear how the threat actors compromised the websites. Oftentimes websites are compromised using brute force tactics to guess weak passwords, or exploits are used for vulnerabilities that have not been patched. It is also unclear how people are being sent to the websites. Typically, traffic is sent to the compromised websites through phishing scams or malicious web adverts (malvertising), but visitors could simply navigate to the website through a Google search.
Since the warnings are appearing on legitimate websites, users may think the messages are genuine. One of the compromised websites is the official website of a zoo, another identified by Kaspersky Lab was for a legitimate auto parts dealer. The campaign has been active for at least two months.
Protecting against this method of malware distribution requires a combination of security solutions. Up-to-date anti-virus software is a must to ensure that any files downloaded to business computers are scanned for malware. A web filtering solution such as WebTitan will also provide protection by preventing users from visiting compromised websites that are being used to distribute malware and also blocking downloads of dangerous file types.
Contact TitanHQ today to find out more about web filtering and how you can protect your business from web-based attacks.
Today, February 11, is Safer Internet Day 2020 – A day where safe and positive use of digital technology is promoted around the world. Safer Internet Day started out as part of the EU SafeBorders project in 2004 but has grown into a global event with more than 150 countries participating and promoting safe use of the internet. The aim of Safer Internet Day is to help create a better and safer internet by empowering everyone to use technology responsibly, respectfully, critically, and creatively. This year’s theme is “A better internet: How to look after yourself and others.”
Everyone has a role to play in making the internet a more positive and safer environment, from seeking positive opportunities to create and connect with others, being kind and respectful to others online, and reporting illegal and inappropriate content.
Businesses that provide Wi-Fi access to their customers also have a responsibility to ensure their Wi-Fi hotspot is not abused and cannot be used to access harmful content, especially by minors. The easiest way to do that is by implementing a web filtering solution and today is the perfect day to get started.
The easiest-to-implement and most cost-effective web filtering solution is a DNS filter. A DNS filter allows content to be controlled at the DNS lookup stage of internet access, when the human-friendly domain name of a website is converted to an IP address that a computer uses to find the server hosting the website. This method of web filtering requires no hardware purchases or software downloads. You simply change your DNS record to point to your DNS filtering service provider. You then access a web-based interface and stipulate the categories of content your customers are not permitted to access. Getting started takes just a few minutes. Since all filtering takes place at the DNS level before any content is downloaded, this form of web filtering has almost zero latency, which means internet speeds are unaffected.
With WebTitan Cloud for Wi-Fi you can decide on the content that you don’t want people to access and can use the checkboxes in your user interface to block categories of web content with the click of a mouse. To make the internet family friendly, you can check the adult content checkbox to ensure pornographic material cannot be accessed through your Wi-Fi network. You can also block access to illegal websites to protect your business, such as torrents sites where copyright-infringing downloads of music, software, and films take place. Controls can also be applied to limit access to streaming websites to conserve bandwidth and make sure everyone can enjoy fast internet speeds.
WebTitan has categorized more than 500 million websites into 53 categories, including all of Alexa’s top million websites and web content in 200 languages. You can set internet content controls for different locations, different user groups, and you can manage multiple locations through a single portal.
Blacklists are a useful way to ensure unsuitable or illegal content cannot be accessed. One of the main blacklists is maintained by the Internet Watch Foundation and includes webpages and websites known to host child pornography and child abuse-related content.
Blacklists also protect Wi-Fi users from malicious content, such as phishing websites and sites hosting malware and ransomware, which can help you to protect your users and your company’s reputation.
WebTitan Cloud for Wi-Fi is ideally suited to all businesses that provide Wi-Fi access, such as:
Wireless Wi-Fi ISPs, MSPs and other Wi-Fi service providers
Cafes, coffee shops & restaurants
Retail outlets & shopping malls
Schools & universities
Health systems & hospitals
Rail & bus networks
This Safer Internet Day is the perfect time to implement a DNS filtering solution to make your Wi-Fi (or wired) network much safer for all users.
To find out more about WebTitan Cloud for Wi-Fi, WebTitan Cloud for wired networks, for a product demonstration, or to register for a free trial, contact TitanHQ today.
Spam email may be the most common method of distributing malware and phishing for sensitive information such as Office 365 credentials, but businesses also need to protect against web-based threats.
Malware and ransomware are often unwittingly downloaded from the internet by employees when browsing the internet. Hackers are constantly attacking legitimate websites and uploading malicious content, and malware-lacked files are often hosted on file sharing sites such as Dropbox and Google Drive.
Many owners of high traffic websites use third-party ad networks to bring in much needed extra revenue. Ad blocks are added to websites and the site owners earn money from the number of ad impressions or clicks. Cybercriminals often sneak malicious adverts onto these networks, and they are displayed on many high traffic websites. The malicious adverts link to websites hosting exploit kits that probe for exploitable vulnerabilities in browsers and plugins. If a vulnerability is found, it is exploited to silently download malware.
Phishing emails often have a web-based component. A hyperlink is supplied which links to a website hosting a phishing kit. An email security solution may fail to detect the hyperlink as malicious and will deliver the email. If an employee clicks the link, there may be no protection in place to prevent that site from being accessed and credentials being handed over.
There has also been an increase in malware downloads through social media websites in recent years. Research from Bromium in 2019 showed one in five companies had experienced a malware infection as a result of employees visiting social media websites and 12% of companies suffered a data breach as a result of the malware infection.
Over the summer last year, a multi-year social media campaign dubbed Operation Tripoli was uncovered. The social media malware campaign targeted users in Libya, but Facebook users in other companies were also infected with malware. Malicious code is also inserted into images which are shared on Facebook and Facebook Messenger. That code similarly downloads malware.
Businesses also face other problems from the use of social media sites by employees: A major loss in productivity. According to a Spiceworks survey, 28% of employees at large companies and 45% of employees at medium-sized companies spend four or more hours a week on personal internet usage such as visiting social media sites. The same study also revealed 38% of companies had experienced a security incident as a result of employees’ personal internet usage.
Fortunately, there is a solution that will block internet-based threats and also allow businesses to make significant productivity gains by curbing personal internet usage. Further, the solution is easy to implement, requires little maintenance, and is cost effective. That solution is WebTitan.
WebTitan is a DNS filtering solution ideally suited to SMBs and MSPs that serve the SMB market. WebTitan is a 100% cloud-based web filtering solution, so no software downloads are required and there are no hardware requirements. Simply point your DNS to WebTitan and you will be filtering the internet in minutes. You will block access to known malicious websites, be able to control what types of files can be downloaded from the internet, and you can block access to certain categories of website or filter at the web page level. Highly granular filtering means it is easy to selectively block content. WebTitan allows you to block access to social media sites or just Facebook Messenger if you wish. You can filter at the organization, user group, or individual user level and can set time-based controls.
A full suite of reports allows you to see exactly what types of sites are being accessed, who attempts to violate your policies, and you can also view internet usage in real-time.
WebTitan adds an extra layer to your security defenses that will protect you from the full range of web-based threats. By blocking phishing attacks and malware downloads and allowing you to make significant productivity gains the solution will more than pay for itself.
To find out more about web filtering with WebTitan, give the TitanHQ team a call today.
On January 1, 2020, the California Consumer Privacy Act (CCPA) took effect, giving state residents greater control over the use and sale of their personal data and introduced. In this post we explore the CCPA data security requirements for businesses and the consequences of failing to adequately protect consumer data.
What is the California Consumer Protection Act?
California already had some of the strictest privacy laws in the United States, but CCPA took consumer privacy a step further. CCPA has been likened to the EU’s General Data Protection Regulation (GDPR), as it gives California residents similar rights over the personal data collected and used by companies.
CCPA requires companies to inform California residents about the categories of data that are being collected, at or before the point of collection. There is a right to access all personal information held by a company and find out with whom personal data has been shared. Consumers have a right to opt out and prevent their personal data from being sold and can request that their personal data is deleted. Consumers also have a right to equal services and prices, and cannot be discriminated against, or denied goods or services or levels of services if they opt out of the sale of their personal data.
Who Must Comply with CCPA?
On January 1, 2020, CCPA applies to all companies that do business with California residents, regardless of where the company is based, if one of the following conditions is met:
The company generates revenues of at least $25 million each year; or
The company collects, purchases, sells, or shares the personal data of at least 50,000 people; or
The company generates at least 50% of its revenues from the sale of personal data
CCPA does not apply to insurance institutions, agents, and support organizations, which are covered by different state laws.
CCPA Data Security Requirements
CCPA does not specify what security measures need to be implemented to protect the personal data of California residents; however, businesses do have a duty to implement reasonable security measures based on the level of risk, in accordance with other state laws. Under CCPA, penalties can be applied for a “violation of the duty to implement and maintain reasonable security procedures and practices.”
Since legal action can be taken against companies over a breach of personal data, it is important for companies to ensure appropriate measures are taken to protect data and prevent data breaches.
CCPA does not specify what controls need to be implemented nor what constitutes “reasonable security procedures and practices.” A 2016 Data Breach Report released by the California Attorney General acts as a good guide. It includes a list of 20 controls that the Center for Internet Security says are requirements to protect against known cyberattack vectors. These should therefore serve as guide to the CCPA data security requirements. They are:
How TitanHQ Can Help You Comply with CCPA Data Security Requirements
Email is the most common attack vector used for phishing and malware distribution, so safeguards need to be implemented to keep email systems secure. Phishing attacks often have a web-based component where credentials are harvested, and many malware downloads occur via the internet. Internet controls are therefore also essential to protect against cyberattacks and data breaches. Due to the risk of attack via email and the web, email and browser protections are listed as the first of the foundational Center for Internet Security controls.
This is an area where TitanHQ can help. We have developed two powerful cloud-based security solutions that can help you meet CCPA data protection requirements.
SpamTitan Email Security is a powerful spam filtering solution that keeps inboxes free from email-based threats. SpamTitan incorporates multiple layers of anti-spam and anti-phishing controls, including Sender Policy Framework (SPF), DMARC, SURBL’s, RBL’s Bayesian analysis and more. SpamTitan uses twin antivirus engines to block known malware threats and sandboxing to protect against breaches and data loss from zero-day threats.
WebTitan is a cloud-based DNS filtering solution that protects against the internet component of phishing attacks and stops wired and wireless network users from accessing malicious websites. These solutions will help you meet your email and web security responsibilities and protect your organization from phishing attacks, malware and ransomware downloads. Together they will help you prevent costly data breaches and avoid the resultant CCPA fines.
Penalties for Noncompliance with CCPA
Each intentional violation carries a maximum penalty of $7,500 per record. Unintentional violations carry a penalty of $2,500 per record.
There is also a private cause of action in CCPA. In the event of a data breach, victims of the breach can sue for a CCPA violation. Statutory damages of between $100 and $750 by each California resident affected by the breach. Alternatively claims can be made for actual damages, whichever is greater, along with other relief determined by the courts. Class action lawsuits are also permitted under CCPA. The California Attorney General can also take legal action against the company rather than permitting civil suits to be filed.
TitanHQ and Pax8 have announced a new strategic partnership that will see TitanHQ’s cloud-based email security and DNS filtering solutions incorporated into the Pax8 ecosystem.
Pax8 simplifies the journey into the cloud through billing, provisioning, automation and industry-leading PSA integrations and is proven leader in cloud distribution. Pax8 has achieved position 60 in the 2019 Inc. 5000 list of the fastest growing companies and has been named CRN’s Coolest Cloud Vendor and Best in Show at the NextGen and Xchange conferences for two years in a row.
In order to have products added to the Pax8 marketplace, vendors must have developed exceptional channel friendly solutions. As the leading provider of cloud-based email and web security solutions for managed service providers (MSPs) serving the SMB marketplace, TitanHQ was an ideal fit.
Under the new partnership, Pax8 partners will have easy access to TitanHQ’s leading email security solution, SpamTitan Cloud, and can protect clients from web-based threats with WebTitan Cloud, TitanHQ’s DNS filtering solution.
These cloud-based AI-driven solutions help MSPs secure their own environments and protect their clients from malware, ransomware, botnets, viruses, and phishing and email impersonation attacks and avoid costly data breaches.
Both solutions have been developed with MSPs firmly in mind. The solutions are easy to integrate into an MSP’s security stack through TitanHQ’s APIs, there are multiple hosting options, the solutions can be supplied in white label form, and there are generous margins. Pax8 partners also benefit from a fully transparent pricing policy and industry leading technical support.
TitanHQ’s solutions have much loved by users and are consistently rated highly on business software review platforms, including G2 Crowd, Gartner Peer Insights, and Capterra.
“Our partners are excited about the addition of TitanHQ and the ability to protect their clients’ businesses by blocking malware, phishing, ransomware, and links to malicious websites from emails.” said Ryan Walsh, chief channel officer at Pax8.
You will no doubt have heard of a man in the middle (MiTM) attack. Here we define this attack method, explain how a MiTM attack occurs, and show you how to prevent a man in the middle attack and keep your devices and networks secure.
What is a Man in the Middle Attack?
Man in the middle attacks are commonly cited as a threat, but what exactly is a man in the middle attack? As the name suggests, this is a scenario where a person inserts him or herself between two communicating systems and intercepts conversations or data sent between the two. It is the computer equivalent on eavesdropping on a phone call where neither party is aware that their conversation is not private and confidential.
With a phone call, eavesdropping would allow an attacker to gather a host of sensitive information, which is divulged verbally between both parties. In this scenario, the attacker does not influence the conversation. He/she must wait until a valuable nugget of information is disclosed by either party.
A MiTM attack is concerned with intercepting data transferred between two parties. This could be data sent between a smartphone app and a server, between two parties on a messaging app such as WhatsApp, or an email conversation between two parties. It could also be communication between a user’s browser and a website.
In contrast to the telephone call scenario, which is passive, in a MiTM attack the attacker can influence what is being said. In fact, with a MiTM attack, the two people or systems communicating are not really communicating with each other. Each is communicating with the attacker.
Take email for example. Person A initiates an email conversation with Person B and requests a wire transfer to pay for services rendered. Person A supplies the bank details, and Person B agrees to the wire transfer. Various details are discussed, and the transfer is eventually made. There could be 10 or more messages sent by each party in the conversation. Each message between the two is altered by the attacker, crucially including the bank account details for the transfer. Neither party has been communicating with each other, yet both parties would be convinced they are.
Types of Man in the Middle Attack
The goal of a MiTM is to intercept information, usually for financial gain, but there are different ways that this can be achieved. Generally speaking, there are four main ways that a MiTM attack occurs: Packet sniffing, packet injection, session hijacking, and SSL stripping
Packet sniffing is one of the most common MiTM attack methods and is a type of eavesdropping or wiretapping, except it is not phone conversations that are obtained. It is packets of data sent between the two systems. Packet sniffing is much easier when sensitive data is not encrypted, such when information is disclosed between a browser and a HTTP website, rather than HTTPS where the connection is encrypted.
The above email example is a type of packet injection. Data is intercepted, but additional packets are introduced, or data packets are altered. For instance, malware could be introduced.
Session hijacking is where an attacker hijacks a session, such as a session between a browser and a banking website where the user has logged in. In this example, the attacker is the one in control of the session. SSL stripping is where a HTTPS session, which should be secure as the session is encrypted, is stripped of the encryption, turned from HTTPS to HTTP, and data is identified. This latter example is utilized by web filtering solutions that feature SSL inspection. It allows businesses to check for threats in encrypted traffic.
How to Prevent a Man in the Middle Attack
Fortunately, MiTM attacks can be difficult to perform, so the potential for an attack is limited, but there are skilled hackers who can – and do – perform these attacks and gain access to sensitive data and empty bank accounts. One of the most common examples is a coffee shop scenario where an attacker creates an evil twin hotspot. When a user connects to this evil twin – a Wi-Fi network set up to look like the genuine coffee shop Wi-Fi hotspot – all data sent between their browser and the website is intercepted.
There are several steps you can take to prevent a Man in the Middle Attack.
Never disclose sensitive data when connected to an untrusted public Wi-Fi network. Only ever connect via a VPN, and ideally wait until you are on a trusted Wi-Fi network to access online bank accounts.
Ensure the website is protected by an SSL certificate (starts with HTTPS). Bear in mind that hackers also use SSL certificates, so HTTPS does not mean a website is genuine.
Do not use hyperlinks included in emails, always visit the website directly by typing the correct URL into your browser or finding the correct URL through a Google search.
Do not install unauthorized software, apps from third-party app stores, and do not download and use pirated software.
Businesses should implement a DNS filtering solution to protect their workers and prevent them from visiting malicious websites.
Make sure your networks are secured and have appropriate security tools installed.
Disable insecure SSL/TLS protocols on your website (Only TLS 1.1 and TLS 1.2 should be enabled) and implement HSTS.
At face value, SpamTitan and VadeSecure may appear to be equivalent products. In this post we offer a comparison of SpamTitan and VadeSecure to help managed service providers (MSPs) differentiate between the two solutions.
SpamTitan and VadeSecure
SpamTitan and VadeSecure are two email security solutions that block productivity-draining spam emails, phishing emails, and malspam – spam emails that deliver malware or malware downloaders. These cloud-based solutions assess all incoming emails and determine whether they are genuine communications, unwanted spam, or malicious messages and deal with them accordingly to prevent employees from opening the messages.
TitanHQ is the leading provider of cloud-based email and web security solutions for MSPs that serve the SMB market and has been providing email security for MSPs for more than 2 decades. SpamTitan is TitanHQ’s email security offering, which has been developed for SMBs and MSPs that serve the SMB market.
VadeSecure is a French company that has developed an email security solution for the SMB market. As is the case with SpamTitan, VadeSecure offers protection from email-based threats and provides an important extra layer of security, especially for Office 365 environments. The company is now venturing into the MSP market and has recently raised an additional $79 million in venture capital to help it make inroads into the MSP market. However, at present, the solution is primarily geared toward SMBs rather than MSPs that serve them.
Enhanced Phishing Protection for Office 365 Accounts
Office 365 is the most widely used cloud service by user count and 2019 figures show that Office 365 cloud services are used by 1 in 5 corporate employees, with Office 365 email being the most common. With so many businesses using Office 365 for email, it should come as no surprise that Office 365 email accounts are being heavily targeted by hackers and scammers.
Microsoft does have measures in place to block spam and phishing emails, but the level of protection provided by Exchange Online Protection (EOP) is not sufficient for many businesses. A large percentage of phishing emails manage to sneak past Microsoft’s defenses. According to research from Avanan, 25% of phishing emails are delivered to Office 365 inboxes.
Consequently, additional protection is required, and many businesses choose to implement an anti-phishing solution provided by third parties such as SpamTitan and VadeSecure. MSPs also offer third party solutions to block phishing attacks on Office 365 accounts, not only to better protect their customers, but also to reduce the amount of time they spend mitigating phishing attacks that have not been blocked by EOP.
SpamTitan and VadeSecure have been developed to work on top of Office 365 and add an important extra layer of protection for Office 365 email.
Here we will concentrate on a comparison of SpamTitan and VadeSecure with a specific focus on the features and benefits for MSPs rather than SMBs.
Comparison of SpamTitan and VadeSecure for MSPs Serving the SMB Market
Since VadeSecure has historically focused on the Telco market, the email security solution lacks many features to make MSP’s lives easier and does not provide the level of control, flexibility, or the management tools and reports that MSPs seek. SpamTitan has been developed by MSPs for MSPs, so important features for MSPs have always been offered. We will cover these features below, but initially it is useful to include an infographic that summarizes some of the basic features of SpamTitan and VadeSecure for comparison purposes.
Basic Features of SpamTitan and VadeSecure
SpamTitan Features for MSPs Not Offered by VadeSecure
This comparison of SpamTitan and VadeSecure may seem a little one-sided, and that is because VadeSecure is very much focused on end users rather than MSPs. No doubt the solution will be updated to incorporate more MSP-friendly features over time as the company tries to move into the MSP market, but at present, the features below are provided by SpamTitan but are not offered by VadeSecure.
Configuration Flexibility and Customization Potential
One of the biggest bug bears with VadeSecure is the inability to configure the solution to suit the needs of MSPs. It is not possible to create custom rules for instance, and MSPs must therefore use the Exchange Admin functionality of Office 365.
With SpamTitan, MSPs can create rules based on their own requirements and the needs of each individual client, and those rules can be highly granular and can easily be applied to specific groups, users, and for specific domains. That level of granularity and the ease of customization allows MSPs to fine-tune filtering policies to maximize the detection of threats while minimizing false negatives. MSPs can easily select more permissible or more aggressive policies for each client, but with VadeSecure there is no option for customization for each customer.
SpamTitan includes a full multi-tenancy view of all customers, with multiple management roles. This allows MSPs to easily monitor their entire customer base and trial base, assess the health of the deployments, view activity volumes across all customers, and quickly identify issues that require attention. With VadeSecure, there is no possibility of integrating with PSAs and RMMs, and there is no customer-wide view of the entire system.
Highly Granular Reporting
MSPs can tell their clients how important it is to improve their security defenses, but they must also be able to demonstrate that the solutions are proving effective at blocking threats to ensure they can continue to provide those services and receive regular, repeating revenue.
With SpamTitan, MSPs have highly granular reports that give them full visibility into what is happening and a detailed view of system performance. Client reports can easily be generated to show them how effective the solution is and why it is important to keep it in place. Furthermore, this level of reporting – per domain, per group, and at the group domain level – gives MSPs the information they need to identify potential issues and obtain detailed information on spam emails. The solution also has the management capabilities to allow any issues to be quickly identified and corrected to ensure the solution remains effective over time. With VadeSecure, visibility and control options are lacking and there are no options for demonstrating how effective the solution is and to demonstrate that to clients.
High Margins and Significant Revenue Potential
As previously mentioned, the flexibility and scope for customization is a real benefit for MSPs as it allows them to add more value through superior management capabilities. That means MSPs can build solutions that really benefit their clients and it helps them become more of a strategic partner rather than an IT service provider. It is much harder for clients to change a strategic partner than switch IT service providers. VadeSecure lacks this customization which means it is not possible for MSPs to add value to generate reliable, recurring revenue.
Further, with VadeSecure you get one product, but TitanHQ offers a trio of solutions for MSPs to better protect their clients and add more recurring revenue streams. Through the TitanShield for Service Providers program, MSPs also have access to WebTitan DNS filtering and ArcTitan email archiving. This allows MSPs to maximize revenue from each client by cross-selling new services, while also offering a layered security package to protect clients from the full range of email- and web-based threats.
Fully Transparent Pricing
When it comes to pricing, VadeSecure (and many other email security solutions) lack transparency and the pricing model is complex and expensive. Several features are not included as standard with VadeSecure and come at an additional cost. This makes it hard to perform a SpamTitan and VadeSecure pricing comparison.
For instance, with VadeSecure the solution is priced per module, so the Greymail, Spam, and Virus Protection options are not provided as standard and have to be added onto the cost. Based on feedback we have received from MSPs the solution is expensive, which reduces MSP profits and makes the email security solution more difficult to sell to SMBs.
With VadeSecure, the total number of users is not aggregated, which shows a lack of experience of working with MSPs. An MSP with 100 x 10-seat licenses will have that pay at 10 seats each rather than 1,000 seats overall. As such, discounts will be far lower.
With SpamTitan there is just one price which includes all features, including sandboxing, full support, dual anti-virus protection, all security modules, and updates. Furthermore, the price is exceptionally competitive (less than $1 per user). The pricing model was created to incorporate the flexibility for dealing with fluctuating numbers of customers, which often happens when providing managed email services.
Effectiveness at Blocking Threats
Price, usability, and flexibility are all important for MSPs, but features and benefits are the icing on the cake. Email security solutions are used to protect against threats, so the effectiveness of a solution is critical. SpamTitan and VadeSecure are effective at blocking threats and will provide an important additional layer of security for Office 365 users, but feedback we have received from MSPs show there is a clear winner.
VadeSecure includes ‘time-of-click’ protection against embedded hyperlinks, which rewrites URLs and sends them to a scanner. However, MSPs have reported that it can take a long time for phishing emails to be detected, even after threats would be blocked by Chrome. That means that phishing emails are being delivered and there is a window during which a successful attack could occur. This URL click feature only appears to work in OWA or the Outlook client as it is an API integration with Office 365.
SpamTitan includes more advanced detection methods to ensure that malicious URLs are detected and phishing emails are filtered out. SpamTitan includes SURBL filtering and other malicious URL detection mechanisms that complement the default mechanisms in Office 365 such as Recipient Verification Protocols, Sender Policy Frameworks, and Content Filter Agents. This means end users are better protected and there is a much lower probability of a phishing email evading detection.
Dual anti-virus protection is also provided and SpamTitan features a sandbox where suspicious attachments can be safely analyzed for malicious actions. This provides superior protection against malware, ransomware, and zero-day threats that are not detected by the two AV engines.
Any business that processes card payments is a target for cybercriminals, but restaurants in particular are favored by hackers. Over the past few weeks, cybercriminals have stepped up their efforts to attack these businesses and several restaurant chains have had their systems compromised. In all cases, malware has been installed on point-of-sale systems that steals payment card information when diners pay for their meals.
Many of the attacks have hit restaurant chains in the Midwest and East, with credit card data from diners recently having been listed for sale on the underground marketplace, Joker’s Stash. A batch of approximately 4 million credit and debit cards is being offered for sale, which comes from malware attacks at Moe’s, McAlister’s Deli, Krystal, and Schlotzsky’s.
The cyberattack on Krystal was detected in November, with the other three chains, all owned by Focus Brands, attacked in August. In total, the above chains have more than 1,750 restaurants and almost half of those locations, mostly in Alabama, Florida, Georgia and North and South Carolina, were affected.
Catch Hospitality Group also announced in November that it had suffered a cyberattack which had seen malware installed on its point-of-sale system that scraped and exfiltrated payment card data as diners paid for their meals. The data breach affected customers of Catch NYC, Catch Roof, and Catch Steak restaurants. Fortunately, the devices used to process the majority of payments were unaffected. Malware was on the Catch NYC and Catch Roof devices between March 2019 and October 2019, with Catch Steak affected between September 2019 and October 2019.
Church’s Chicken restaurants were also attacked in a separate incident in October. The majority of its 1,000+ restaurants were not affected, but at least 160 restaurants in Alabama, Arkansas, Florida, Georgia, Illinois, Louisiana, Mississippi, Missouri, South Carolina, Tennessee and Texas had malware installed on their POS system.
Other restaurant chains that have been attacked in 2019 include Checker’s Drive-In, Cheddar’s Scratch Kitchen, Huddle House, Applebee’s, Chilli’s, and Earl Enterprises (Buca di Beppo, Chicken Guy, Tequila Taqueria, Mixology, Planet Hollywood). Malware n the systems of Earl Enterprises had been present for almost a year before it was detected.
How to Improve Restaurant Cybersecurity
Restaurants process many thousands of card transactions which makes them an attractive target for hackers. Restaurants often use out-of-date operating systems, have vulnerability-ridden legacy hardware, and their cybersecurity solutions often leave a lot to be desired. Consequently, cyberattacks on restaurants are relatively easy to perform, at least compared to many other types of businesses.
In order to infect the POS system, the attackers will need network access. That is most commonly gained via phishing emails, drive-by malware downloads, or by abusing remote access tools. Direct attacks are also possible using techniques such as SQL injection and weak passwords can be easily guessed using brute force tactics.
The malware that sits on systems and exfiltrates data tends to have a very small footprint and is often stealthy as it needs to be present for long periods of time to collect payment card data. That can make it hard to detect when it has been installed. The key to security is therefore improving defenses to make sure the malware is not installed in the first place, which means preventing the attackers from gaining access to the network.
Listed below are some easy-to-implement steps that will help restaurants improve their security posture and block attacks. The key is defense in depth through layered security.
Use an enterprise-grade firewall –Ensure an enterprise-grade firewall is purchased. A firewall will prevent unauthorized individuals from gaining access to your network resources.
Patch promptly and update all software and firmware – Ensure patches are applied promptly and software and firmware updates are implemented when they are released. That includes all systems and networked devices, not just your POS.
Upgrade hardware – When your hardware is approaching end of life it is time to upgrade. Unsupported hardware (and software) will no longer be updated and vulnerabilities will no longer be fixed.
Lockdown your POS: Use whitelisting or otherwise lock down POS systems to make it harder for malware to operate. Only allow trusted apps to run on your POS systems.
Install powerful antivirus software – Ensure all devices are protected by a powerful anti-virus solution and that it is set to update virus definitions automatically. Regularly scan the network for malware, especially your POS.
Implement an intrusion detection system – These systems monitor the network for unusual activity that could indicate a malware infection, attackers searching the network for the POS system, and unusual traffic that could indicate data exfiltration.
Change all default passwords and set strong passwords – To protect against brute force attacks, ensure strong passwords are set on all systems and all default passwords are changed. Also implement rate limiting to block attempts to access a system or device after a set number of failed password attempts.
Implement a powerful spam filtering solution – A powerful email security solution, such as SpamTitan, is required to prevent spam and malicious emails from being delivered to end users. Even if you have Office 365, you will need a third-party email security solution to block email-based threats.
Restrict Internet access with a DNS filter – A DNS filter such as WebTitan provides protection against drive-by malware downloads and web-based phishing attacks. WebTitan will block all known malicious websites and those with a low trust score. The solution can also be configured to prevent employees from accessing categories of websites where malware downloads are more likely.
Disable Remote Access if Possible – Disable Remote Desktop Protocol and all remote access tools. If remote access tools are required to allow essential maintenance work to be completed, ensure they can only used via a VPN and restrict the people who can use those tools.
Black Friday phishing scam are rife this year. With almost a week to go before the big discounts are offered by online retailers, scammers are stepping up their efforts to defraud consumers.
Spam email campaigns started well ahead of Black Friday this year and the scams have been plentiful and diverse. Black Friday phishing emails are being sent that link to newly created websites that have been set up with the sole purpose of defrauding consumers or spreading malware and ransomware. It may be a great time of year to pick up a bargain, but it is also the time of year to be scammed and be infected with malware.
A wide range of spam emails and scam websites have been detected over the past few weeks, all of which prey on shoppers keen to pick up a bargain. This year has seen the usual collection of almost too-good-to-be-true offers on top brands and the hottest products, free gift cards, money off coupons, and naturally there are plenty of prize draws.
Anyone heading online over the next few days to kick start their holiday shopping spree needs to beware. The scammers are ready and waiting to take advantage. With legitimate offers from retailers, speed is of the essence. There is a limited supply of products available at a discount and shoppers are well aware that they need to act fast to secure a bargain. The scammers are playing the same game and are offering limited time deals to get email recipients to act quickly without thinking, to avoid missing out on an exceptional deal.
This time of year always sees a major uptick in spam and scams, but this year has seen much more sophisticated scams conducted than in previous years. Not only are the scammers insisting on a quick response, several campaigns have been identified that get users to help snag more victims. In order to qualify for special offers or get more deals, the scammers require users to forward messages and share social media posts with their friends and contacts. This tactic is highly effective, as people are more likely to respond to a message or post from a friend.
So how active are the scammers in the run up to Black Friday and Cyber Monday? According to an analysis by Check Point, the number of e-commerce phishing URLs has increased by 233% in November. Those URLs are being sent out in mass spam campaigns to direct people fake e-commerce sites that impersonate big name brands. Those sites are virtual carbon copies of the legitimate sites, with the exception of the URL.
While consumers must be wary of Black Friday phishing scams and potential malware and ransomware downloads, businesses should also be on high alert. With genuine offers coming and going at great speed, employees are likely to be venturing online during working hours to bag a bargain. That could easily result in a costly malware or ransomware infection.
The scams are not limited to the run up to Black Friday. Cyber Monday scams can be expected and as holiday season fast approaches, cybercriminals remain highly active. It’s a time of year when it pays to increase your spam protections, monitor your reports more carefully, and alert your employees to the threats. A warning email to employees about the risks of holiday season phishing scams and malicious websites could well help to prevent a costly data breach or malware infection.
Its also a time of year when a web filtering solution can pay dividends. Web filters prevent employees from visiting websites hosting exploit kits, phishing kits, and other known malicious sites. They can also be configured to block downloads of malicious files. A web filter is an important extra layer to add to your phishing defenses and protect against web-based attacks.
If you have yet to implement a web filter, now is the ideal time. TitanHQ is offering a free trial of WebTitan to let you see just how effective it I at blocking web-based threats. What’s more, you can implement the solution in a matter of minutes and get near instant protection from web-based phishing attacks and holiday season malware infections.
According to research from Channel Futures, security is the fastest growing service for 73% of managed service providers (MSPs). If you have yet to start offering security services to your clients, you are missing out on a steady income stream that could really boost your profits. But where should you start? What services should you be offering? In this post we will be exploring the ideal security stack for MSPs and the essential services that should form the core of your security offering.
Why is Managed Security is so Important?
As an MSP, you should be aware of the importance of security. Companies are being targeted by cybercriminals and data breaches are occurring at an alarming rate. It is no longer a case of whether a business will be attacked, it is a case of when and how often.
Many SMBs do not have sufficiently skilled staff to handle IT and it is far easier, and often more cost effective, to outsource their IT to MSPs. The same is true for security, but even more so due to the difficulty finding sufficiently skilled cybersecurity staff. With so many positions available and a national shortage of cybersecurity staff, cybersecurity professionals can afford to pick and choose there they work. SMBs must ensure they are well protected against cyberattacks, so they look to MSPs to provide security-as-a-service either as a stop gap measure while they try to fill internal positions or so they can forget about security and let an MSP look after that side of the business.
If you are not providing security services to your clients, they will most likely search for another MSP that can protect their business from threats such as malware, ransomware, phishing, botnets, and prevent costly data breaches.
What do SMBs Want?
SMBs may be aware of the need for security, but they may not be so clued up about the solutions they need to protect them from cyber threats. You may need to explain to them exactly what they need and why. What is vital when explaining cybersecurity to SMBs is to emphasize the need for layered security. No single solution will provide protection against all threats and you will need to educate your clients about this.
Layered security is essential for protecting against ever increasing cybersecurity threats. No single solution will provide total protection. You need overlapping layers so that if one layer is bypassed, others are there to block the attack.
You should certainly be initiating conversations with your clients about security. Many SMBs only look for security services after they experience a costly data breach. By being proactive and approaching your clients and offering security services, you will not only have a much greater opportunity for increasing sales quickly, you will help them avoid a costly data breach and will not have to clear up the mess that such a breach causes.
What is the Ideal Security Stack for MSPs?
The best place to start is with a cybersecurity package that includes the core security services that all businesses need to protect them from a broad range of threats. Different packages can be offered based on the level of protection your clients need and their level of risk tolerance. Extra services can always be provided as add-ons.
There are four key security services you should be offering to your clients to give them enterprise-grade protection to secure their networks and protect against the main attack vectors. The ideal security stack for MSPs will differ from company to company, depending on the kind of clients that each MSP has. It may take some time to find the ideal security stack, but a good place to start is with core security services that every business will need.
Core Security Services for MSPs
Firewalls are essential for securing the network perimeter and separating trusted from untrusted networks. They will protect network resources and infrastructure against unauthorized access. It may even be necessary to implement multiple firewalls.
Email security is essential as this is the most common attack vector. Without email security, malware and phishing emails will hit inboxes and employees’ security awareness will be regularly put to the test. The threat of email attacks cannot be understated.
Email security must be explained to clients to ensure they understand its importance and why standard email security such as that provided by Microsoft through Office 365 simply doesn’t cut in anymore. Too many threats bypass Office 365 defenses. A study by Avanan showed that 25% of phishing emails bypass Office 365 security and are delivered to inboxes.
DNS filtering is also a requirement to protect against web-based attacks such as malvertising, drive-by downloads, and exploit kits. Even the best email security solutions will not block all phishing threats. DNS filtering provides an additional layer of security to protect against phishing attacks. While email was once the primary method of delivering malware, now malware is most commonly delivered via web-based attacks. The average business user now encounters three malicious links per day and 80% of malware is downloaded via the internet. Further, with more and more employees spending at least some of the week working remotely, protection is needed for public Wi-Fi hotspots. DNS filtering provides that protection when they are off the network.
Endpoint security solutions add another layer to the security stack. If any of the above solutions fail and malware is downloaded, endpoint security solutions will provide extra protection. This can include basic protection such as antivirus software or more advanced solutions such as intrusion detection systems.
When choosing solutions for your security stack, it is important to make sure they work seamlessly together. This can be difficult if you purchase security solutions from a lot of different vendors.
Additional Services to Add to your Security Stack.
The above security services should form the core of your security offering, but there are many additional services you can easily provide to ensure your clients are better protected. These can be offered as addons or as part of more comprehensive security packages.
Data loss protection
Email archiving and backup services
Vulnerability scanning and patch management
Security policy management
Security information and event management (SIEM)
Incident response and remediation
Security awareness training and phishing email simulations
How TitanHQ Can Help
TitanHQ is the global leader in cloud-based email and web security solutions for the MSP that services the SMB market. TitanHQ products are consistently rated highly by MSPs for the level of protection, ease of use, ease of admin, and the level of support provided.
The TitanHQ portfolio of cybersecurity products consists of three core solutions:
SpamTitan Email Security
WebTitan DNS Filtering
ArcTitan Email Archiving
Each of these solutions has a 100% cloud-based architecture and has been developed for MSPs to easily incorporate into their security stacks. TitanHQ offers seamless deployments and easy incorporation into MSP’s management portals via RESTful API.
The above solutions can be supplied with multiple hosting options. You can host with TitanHQ, on your existing infrastructure or in the cloud with AWS, Azure or any other system.
SMBs want to know they are protected, but many don’t care about what solutions are used. This gives you an opportunity to reinforce your brand. This is easily achieved with TitanHQ as the above solutions can be provided in white label form, ready for you to add your own branding. You can even customize the user interface and only include the features that you need to reduce complexity.
Need reports for your clients? No problem. TitanHQ has an extensive range of pre-configured reports that can be scheduled to ease your admin burden, including board-level reports with scope to create your own reports to meet you and your clients’ needs.
Other key features for MSPs include:
Automated policy management
Full visibility of usage
Flexible, affordable, and transparent pricing with monthly billing
Set and forget solutions to ease the admin burden
World-class customer support included with all solutions
Generous margins for MSPs
Excellent MSP program – TitanShield – with dedicated account managers, assigned sales engineers, scalable pre-sales and technical support, and sales and technical training
TitanHQ has made it as easy as possible for MSPs to start offering security services to their clients. These solutions will also help established security-as-a-service providers ease their management burden and improve their margins.
To find out more about the TitanShield program and for further information on any or all of TitanHQ’s security solutions for MSPs, get in touch with the channel team today. Product demonstrations can be arranged and free 14-day trials are available to allow you to see for yourself why TitanHQ is the leading provider of email and web security solutions for MSPs.
The Racoon Stealer is a relatively new form of malware that was first detected in April 2019. The malware is not sophisticated, it does not incorporate any never before seen features, in fact it is pretty unremarkable. The Racoon Stealer can take screenshots, harvest system information, monitor emails, and steal information from browsers, such as passwords, online banking credentials, and credit card numbers.
However, the malware is effective and very popular. In the past six months, the Racoon Stealer has been installed on hundreds of thousands of Windows devices and it is now one of the most talked about malware variants on underground forums.
What makes the Racoon Stealer stand out is a highly aggressive marketing campaign aimed at signing up as many affiliates as possible. Racoon is being marketed as malware-as-a-service on underground forums and affiliates can sign up to use the malware for a flat fee of $200 per month.
The information stealer can be used to steal a range of sensitive information such as passwords, credit card numbers, and cryptocurrencies. Under this distribution model, affiliates do not have to develop their own malware, and little skill is required to start conducting campaigns. The malware developers are also providing bulletproof hosting and are available to give affiliates support 24/7/365, and the package comes with an easy to use backend system.
While the cost is certainly high compared to other malware-as-a-service and ransomware-as-a-service offerings, affiliates are likely to make that back and much more from the information that they can steal. There is no shortage of takers.
How is the Racoon Stealer Being Distributed?
Affiliates are distributing the Racoon Stealer via phishing emails containing Office and PDF files that incorporate code that downloads the Racoon payload. The information stealer has been bundled with software on third-party websites, although a large percentage of the infections come from exploit kits.
The Racoon Stealer has been added to both the Fallout and Rig exploit kits which are loaded onto compromised websites and attacker-owned domains. Traffic is sent to those sites via malicious adverts on third party ad networks (malvertising).
When a user lands on a webpage hosting an exploit kit, their device is probed for vulnerabilities that can be exploited. If a vulnerability is found it is exploited and the Racoon Stealer is silently downloaded.
Once installed, Racoon connects to its C2 server and the resources required to start stealing information are obtained, that information can be sold on darknet marketplaces or used by affiliates to conduct their own attacks.
Given the huge potential for profit, it is no surprise that malware developers are now opting for this business model. The problem is likely to get a lot worse before it gets better and the threat from these malware-as-a-service offerings is significant.
How to Block the Racoon Stealer and Other Web and Email Threats
Fortunately, there are steps that businesses can take to improve their defenses against these MaaS campaigns.
Exploit kits usually incorporate exploits for a small number of known vulnerabilities rather than zero-day vulnerabilities for which no patches have been released. To block these exploit kit attacks, businesses need to apply patches and update software promptly.
It is not always possible for businesses to apply patches promptly as extensive testing may be necessary before the patches can be applied. Some devices may be skipped – accidentally or deliberately due to compatibility issues. Those devices will remain vulnerable to attack.
Patching is important, but it will not stop drive-by malware downloads from the internet that do not involve exploit kits. What is therefore required is a web security solution that can block access to malicious sites and prevent downloads of risky file types.
A DNS filtering solution such as WebTitan provides an additional layer of security to block these web-based threats. Through a combination of blacklists, content control, and scanning websites for malicious content, businesses can protect themselves against web-based attacks. A DNS filter will also prevent employees from visiting websites used for phishing.
Blocking attacks that take place via email requires strong email security defenses. An advanced spam filter such as SpamTitan can prevent malicious emails and attachments from reaching end users’ inboxes. SpamTitan scans all incoming emails for malware using two anti-virus engines but is also effective at blocking zero-day threats. SpamTitan includes a Bitdefender-powered sandbox, where suspicious attachments are subjected to in-depth analysis to identify any potentially malicious actions.
With these two solutions in place, businesses will be well protected from malware threats and phishing attacks and managed service providers can ensure their environment and those of their clients are kept malware free.
To find out more about these two powerful anti-malware solutions and to discover why TitanHQ is the global leader in cloud-based email and web security for the managed service provider serving the SMB market, give the TitanHQ team a call.
The event will be attended by thousands of IT professionals, business owners, and industry leaders who will be discussing the IT industry, recent advances in information technology, and the latest trends affecting MSPs. The conference provides an excellent opportunity for learning, networking, and collaboration and boasts an extensive program of interactive sessions, keynotes, and in-depth training sessions. The event also showcases the latest IT solutions and provides tips and tricks to ensure every ounce of value is squeezed from those tools.
This year’s event promises to be bigger and better than ever before, thanks to an all-star cast of thought leaders and industry professionals who will provide practical advice to help you improve every aspect of your business.
Connect IT Europe covers the entire Kaseya universe and the diverse ecosystem of solutions that serve IT professionals. The conference will help attendees find new revenue streams, increase their profit margins, and simplify IT management through educational presentations, workshops, roundtables, and interactive challenges.
As the leading provider of cloud-based email and web security solutions for MSPs serving the SMB market, TitanHQ is proud to be a Silver sponsor of the event. Attendees will have the opportunity to discover why TitanHQ is the leading provider of cloud-based email and web security solutions for MSPs servicing the SMB marketplace and the features and benefits of SpamTitan email security, WebTitan DNS filtering, and ArcTitan email archiving that make the solutions such a hit with MSPs and IT professionals.
The event will be attended by TitanHQ Strategic Alliance Manager Marc Ludden and Alliances/MSP Partner Manager Eddie Monaghan. Marc and Eddie will be explaining the recently launched TitanShield program for MSPs and how TitanHQ solutions can help MSPs improve efficiency, profitability, and security of their operations and enhance their customers’ security postures.
If you would like further information on TitanHQ products, feel free to reach out to Marc and Eddie ahead of the event:
Eddie Monaghan, MSP Alliance Manager, LinkedIn
Marc Ludden, MSP Alliance Manager, LinkedIn
TitanHQ is proud to be a platinum sponsor of DattCon19, Paris – The leading event for MSPs looking to keep up to date on the latest industry trends, learn best practices, form new and profitable partnerships, and obtain invaluable advice that will help them grow their business and become more successful.
The event gives the TitanHQ team an opportunity to meet with leading MSPs, MSSPs, and ISPs and explain why TitanHQ is the global leader in cloud-based email and web security solutions for the MSP that services the SMB market.
The team will be available to explain the benefits of the TitanShield MSP program and show just how easy it is to integrate TitanHQ products into your service stacks and start rolling out spam filtering, web filtering, and email archiving to your customers… and the best way to sell those services, reduce the time you spend on providing support, and improve the profitability of your business.
The event will be attended by Rocco Donnino, TitanHQ VP of Strategic Partnerships, Marc Ludden, TitanHQ Strategic Alliance Manager, and Eddie Monaghan. Alliances/MSP Partner Manager.
On Tuesday October 22 between 11:15am and 11:35am, Rocco Donnino will be explaining Email & Web Security for the SMB Market. Rocco will talk about the trends TitanHQ are seeing in the email and web security for SMB markets globally, drawing on the experience from working with over 2,200 MSP customers worldwide.
Marc Ludden and Eddie Monaghan will be on hand to meet with MSPs and ISPs to explain the benefits of joining the TitanShield MSP Program and how best to take advantage of TitanHQ’s proven technology and deliver our advanced network security solutions directly to their client base. The pair will be helping MSP partners push TitanHQ products downstream to their customers and grow their businesses.
The event will be attended by more than 1000 MSPs, ITSPs, and industry leaders. Over the three days of the conference, attendees will get to hear from the most successful MSPs and MSSPs and discover what they are doing differently and how they are driving growth.
The sessions, keynotes, and networking opportunities will help you get better at running your business with Datto Solutions and discover how the addition of key products such as SpamTitan email security, WebTitan DNS filtering, and ArcTitan email archiving can improve profitability and add greater value.
The keynotes will be bigger and better than ever before and will be taken by 80 of the best and brightest business tycoons, MSPs, and Datto executives, who will share valuable real-world insights and best practices.
The Peer Forums are more intimate small-group roundtable sessions that provide high-value networking on key topics. These sessions are driven by attendees who will share pain points, success stories, and best practices that have been proven to help MSPs grow their business. This year’s Peer Forums are on the following topics:
Service Delivery: Driving Efficiency & Automation
Selling Networking as a Managed Service
Women in Tech
French Language Peer Forum: Business Strategy
Service Delivery: Service Desk & Professional Services
M&A: How Do I Acquire or Be Acquired?
Security: Securing Your MSP First
German Language Peer Forum: Business Strategy
Service Delivery: Client Engagement & vCIO
Add to that the networking opportunities and the stunning location and you have an invaluable event that is not to be missed.
DattoCon19 Paris will be taking place on October 21st, 22nd and 23rd at the Palais des congrès de Paris, 2 Place de la Porte Maillot, 75017 Paris, France.
Malvertising is the term given to the abuse of ad networks to serve malicious adverts on legitimate websites that scam visitors by displaying popup ads or direct them to malicious websites hosting phishing forms or exploit code to silently deliver malware. Many website owners place third-party advertising blocks on their websites to increase revenue. While the ad networks have controls in place to prevent abuse, cybercriminals often succeed in bypassing those security measures.
One cybercriminal group has been particularly active over the past year and has been conducting attacks on a massive scale. Researchers at Confiant have been tracking the activity of the group – known as eGobbler – and report that the group delivered fake adverts on 500 million user sessions in Europe and the United States in the past week alone. The campaigns are on a truly massive scale. One of the latest campaigns, conducted between August 1 and September 23 involved around 1.16 billion ad impressions.
Typically, the criminals behind these campaigns target mobile users as the security protections on their devices are nowhere near as robust as on desktop computers; however, this campaign has targeted desktop users on Windows, Linux, and macOS.
Several content delivery networks have been used to serve the malicious adverts, which redirect users to websites that exploit two browser vulnerabilities to deliver their malicious payloads. The first is a bug in the Chrome browser – CVE-2019-5840 – which was patched by Google in June. The second is a zero-day vulnerability in WebKit, the browser engine used by old Chrome versions and the Safari web browser. The bug has already been patched for Safari, but currently Google has not patched Chrome. Since the latest browser engine used by Chrome is based on WebKit, later versions are also affected.
While sandboxing features protect advertising iframes, the zero-day vulnerability has allowed the group to break out of the iframes and display malicious code to visitors and perform redirects.
This cybercriminal group is atypical of most groups that use malvertising to deliver malware. The group is highly skilled and capable of finding bugs in the source code of browsers and conducts campaigns on a massive scale. The group poses a significant threat to internet users although there are steps that can be taken to reduce the likelihood of an attack.
Personal users can harden their defenses by using ad-blockers and ensuring they keep their browsers updated. Businesses similarly need to ensure browsers are updated and block these malicious adverts using a web filtering solution.
In addition to blocking malicious adverts, a web filter can be configured to block the download of malicious files and prevent employees from visiting phishing websites and other malicious websites. A web filter can also be used by businesses to enforce acceptable internet usage policies.
TitanHQ has developed a powerful DNS-based web filtering solution for SMBs and MSPs – WebTitan – that provides protection against malvertising and other types of web-based attacks. The solution is easy to use and can be implemented in just a few minutes. No technical skill is required.
Considering the level of protection provided by WebTitan, you are likely to be surprised at how little the solution costs. To find out more, to arrange a product demonstration, or to set up free trial of the full solution, give the TitanHQ sales team a call.
In Idaho, library content filtering is now mandatory. H.B.194, which was signed into law in April, requires llibraries in Idaho to implement a content filtering system by July 2020 that is capable of preventing minors from accessing objectionable content. Not only does that content filtering system need to prevent library computers from being used to access undesirable content, the content filter must also cover library WiFi networks.
The law change was introduced in to prevent children from accessing pornography on library computers, which various studies have shown can cause considerable harm. Without filters in place, children could access adult content or inadvertently see adult content on other users’ screens. There have been many reports in the media and on internet forums of library patrons catching glimpses of pornography being accessed in plain sight of others.
Some library directors and library boards are unhappy with the law change for two main reasons. The first concerns a potential violation of First Amendments rights. The American Civil Liberties Union has voiced its concerns, stating “Ultimately, blocking software prevents users from accessing a wide range of valuable information, including such topics as art, literature, women’s health, politics, religion and free speech, which is in direct violation of our First Amendment rights.”
The view that filtering means other content will also be blocked is outdated. While the overblocking of internet content was once a concern, modern internet content filters for libraries are much more advanced and allow highly granular control of internet content. Modern filters are also much better at categorizing content than they once were. Further, easy-to-use interfaces reduce the potential for user error setting the content controls.
The filters also prevent malware downloads and block access to phishing forms, which further enhances protection for users and protects library networks from malware and ransomware attacks.
The other main issue is one of cost. While libraries can obtain discounts under the e-rate program if they implement content filters to comply with the the Children’s Internet Protection Act (CIPA), Idaho libraries otherwise have to cover the cost of the filtering controls themselves. No additional money has been made available.
Implementing Library Content Filtering for WiFi Networks is Easy
Little guidance has been provided on how libraries should implement the filters and there is confusion over how the filters can be applied to wired and WiFi networks.
Traditional filters require an appliance to be purchased which is costly. The appliance sits between the user and the internet and all traffic passes through that device and content controls are applied. This is problematic, especially when library devices are supplied for use off-site as all traffic must be hauled back to the appliance and then back to the device, which can result in significant latency (slow internet speeds).
A more cost-effective and trouble-free solution is a DNS-based filter. DNS-based filters apply filtering controls at the DNS level. No appliance needs to be purchased – which means a significant cost saving – and there is no latency. All the filtering takes place on the service provider’s server, not locally on an appliance device.
This system also allows filtering to take place on WiFi networks. Any device that connects to the WiFi network will only be able to access the filtered Internet service. Blocks can also be placed on anonymizer services to prevent filtering controls from being bypassed and DNS filtering can also be used to protect mobile devices, even those used off site.
TitanHQ’s content filtering solution for libraries – WebTitan Cloud and WebTitan Cloud for WiFi – not only incorporate highly granular controls to prevent overblocking of internet content, the solution requires no technical skill to operate, no hardware purchases are required, and no software downloads are necessary. WebTitan Cloud and WebTitan Cloud for WiFi are also low-cost content filtering solutions for libraries. Typical licensing costs are less than $1 per user per month.
If you are struggling to find a content filtering solution for your library, give the TitanHQ team a call. You will be able to have your questions answered about how to implement the solution, you can schedule a product demonstration to see how easy the solution is to operate, and can also take advantage of a free trial to see for yourself how precise the filtering controls are.
Due to the high cost per user, many SMBs and managed service providers (MSPs) are looking for an OpenDNS alternative that provides the same or better protection at a much lower cost. At TitanHQ, we have the solution. We offer an advanced cloud-based web filtering solution that provides excellent protection from online threats with highly granular filtering controls for precision control over the types of web content that can be accessed by end users.
In this post we will explain why so many SMBs and MSPs have signed up for our OpenDNS alternative, and why WebTitan Cloud is, in general terms, a direct swap out for OpenDNS. However, first, lets consider one of the most important reasons for seeking an OpenDNS alternative. Cost.
OpenDNS Cost Per User
Cisco’s OpenDNS (Cisco Umbrella) is a popular choice with enterprises, SMBs, and MSPs for good reason. It is an accomplished web filtering solution but that comes at a price. At the time of writing, the OpenDNS cost per user is $2.20 per month (based on 100 users). While that is a small price to pay for the level of protection that a web filter provides and the potential for productivity increases through careful content control, the cost adds up. For 100 users, that’s $220 per month and $2,640 per year.
WebTitan costs $0.90 per user, per month. That’s just $90 per month and only $1,080 per year. That provides a saving of $1,560 per year based on a 1-year subscription and the cost can be lowered further with a 3-year subscription.
Such a major cost saving makes WebTitan Cloud a very attractive proposition, but price isn’t everything and lowest cost choices are not always the best. In this case however, it is possible to save a small fortune without compromising security and control, while improving usability.
A Direct Swap Out for OpenDNS That Will Save a Small Fortune
OpenDNS Cisco Umbrella and WebTitan are best-of-breed DNS-based web filtering solutions that combine advanced protection against malware, phishing, and other web-based threats. They also offer precision control for restricting access to certain types of online material.
Both solutions have been designed with the same core principles and both can be used to block downloads of file types commonly associated with malware and ransomware, such as .exe, .js, .scr, and other executable file types.
To protect against phishing, both solutions support the use of blacklists – Lists of websites and IPs that have previously been identified as malicious or have a low trust score. These phishing web pages are often visited by end users after clicking embedded hyperlinks in emails. Both web filters therefore serve as an important additional layer of protection against phishing.
Both solutions allow filtering controls to be set for different users, at the individual, user group, department, or organization level via category-based filters, which makes it easy to quickly apply and enforce your acceptable Internet usage policies.
Both solutions offer a high level of protection, but for many SMBs and MSPs, the price of WebTitan is the deal clincher. However, there are several other benefits of WebTitan Cloud over OpenDNS.
WebTitan Cloud Advantages
Some of the key advantages of WebTitan Cloud over OpenDNS are detailed below.
Certain types of businesses, such as MSPs, will be reluctant to direct users to an external cloud service. To meet the needs of those businesses, TitanHQ offers different hosting options. Typically, WebTitan is hosted within TitanHQ’s own environment, but it is also possible for the solution to be hosted locally to give users greater control and privacy.
The WebTitan pricing model is perfectly transparent and all features are included in the price, including customer support at no additional cost. TitanHQ can also offer flexible licensing and can negotiate commercial arrangements that suit both parties. OpenDNS Cisco Umbrella has a multi-tiered pricing system with some of the advanced features only available as an add-on which further increases the cost.
World Class Support
All WebTitan Cloud users benefit from industry leading, world class support, including scalable pre-sales and technical support and sales & technical training. Support is provided for all users at no additional cost. Support is also provided to customers taking advantage of the free trial.
There will be times when organization-wide or individual filtering controls need to be bypassed. Rather than changing a policy for a particular user and then having to revert back to the original policy, TitanHQ developed bypass codes called cloud keys. These cloud keys can be used to temporarily bypass filtering policies. They can be set to expire after a certain time period or after a certain number of uses.
An Ideal OpenDNS Alternative for Managed Service Providers
The biggest exodus from OpenDNS to WebTitan is MSPs. As mentioned in the previous section, the ability to host WebTitan locally is a major benefit for many MSPs who prefer to host their solutions in their own private clouds.
As an additional benefit, WebTitan Cloud can be supplied in full white-label form and is completely rebrandable. The solution allows customized block pages to be created – these pages are displayed when a user attempts to visit a webpage that contravenes company policies. The UI can also be rebranded and customized to include corporate branding. OpenDNS does not offer MSPs a white-label solution and cannot be rebranded.
TitanHQ also ensures WebTitan Cloud fits seamlessly into MSPs service stacks through the use of APIs and RMM integrations. The multi-tenant dashboard allows MSPs to keep clients separated and apply controls on an individual client basis and also to manage client settings in bulk.
The low price of the solution allows MSPs to add web filtering to their existing security packages to better protect their customers while saving themselves a great deal of support time. TitanHQ also offers monthly billing and high margins for MSPs. With WebTitan it really is possible to make 100 points.
How Does WebTitan and OpenDNS Compare?
One of the best ways to find out about how the two different solutions compare is to use independent review sites such as G2 Crowd. The site includes more than 650,000 reviews from verified users. Those users consistently rate WebTitan Cloud higher than alternative web filtering solutions and across the 6 rating areas, WebTitan Cloud achieves higher ratings than OpenDNS.
Speak to TitanHQ About Changing from OpenDNS to WebTitan
If you are looking for an OpenDNS alternative and would like further information about WebTitan Cloud, would like to book a product demonstration to see WebTitan Cloud in action, or are interested in signing up for a free trial of the full solution, contact the TitanHQ team today and our friendly sales staff will be happy to help.
Exploit kit activity may be at a fraction of the level of 2016 when peak activity was reached, but the threat has not gone away. In fact, the mid-year cybersecurity roundup from Trend Micro shows exploit kit activity is now triple the level of mid-2018. Websites hosting exploit kits still pose a significant threat to businesses.
Exploit kits are toolkits that contain exploits for vulnerabilities in popular software applications, such as Internet Explorer and Adobe Flash Player. When a user lands on a web page that hosts an exploit kit, it will scan the user’s browser for vulnerabilities. If an exploitable flaw is identified, malware is automatically downloaded and executed on the user’s device. In many cases, the downloading of a Trojan, ransomware, or other form of malware is not identified by the user.
Traffic is sent to exploit kits through malvertising – malicious advert – on high traffic websites. User’s can be directed to malicious websites through phishing emails, and it is also common for hackers to hijack high traffic websites and use them to host their exploit kit. That means users could visit a malicious website just through general web browsing.
There are several exploit kits currently in use such as Magnitude, Underminer, Fallout, Green Flash/Sundown, Rig, GrandSoft, and Lord. These exploit kits are pushing cryptocurrency miners and botnet loaders, although ransomware and banking Trojans are the most common payloads.
Many of the exploits used by these toolkits are for old vulnerabilities, but since businesses are often slow to apply patches, they still pose a major threat. Exploit kits such as GrandSoft and Rig are regularly updated and now host exploits for much more recently disclosed vulnerabilities.
One of the most recently identified campaigns has seen the threat actors behind Nemty ransomware team up with the operators of RIG to push their ransomware on businesses still using old, vulnerable versions of Internet Explorer.
A new exploit kit named Lord is being used to infect users with Eris ransomware. In this case, traffic is being directed to the exploit kit through malvertising on the PopCash ad network. The EK primarily uses exploits for flaws in Adobe Flash Player such as CVE-2018-15982.
Protecting against exploit kits is straightforward on paper. Businesses need to ensure that vulnerabilities are identified and patched promptly. If there are no vulnerabilities to exploit, no malware can be downloaded. Unfortunately, in practice things are not quite so simple. Many businesses are slow to patch or fail to apply patches on all devices in use.
Anti-spam software can help to reduce risk by blocking phishing emails containing links to exploit kits, but most of the traffic comes from search engines and malvertising, which anti-spam software will do nothing to block. To improve your defenses against exploit kits, drive-by downloads, and phishing websites, one of the best cybersecurity solutions to deploy is a DNS filtering solution.
A DNS filter allows businesses to carefully control the websites that employees can access when connected to the business’s wired and wireless networks. Controls can be set to block different types of web content such as gambling, gaming, and adult websites but crucially, the DNS filter also blocks all known malicious websites. DNS filters use blacklists of known malicious websites such as those hosting exploit kits or phishing forms. If a web site or web page is included in the blacklist, it will automatically be blocked. Websites are also scanned in real time to identify malicious content.
Since all filtering takes place at the DNS level, access to malicious or undesirable content is blocked without any content being downloaded. Setting up the solution is also quick and easy, as it only requires a change to the DNS record to point it to the service provider. No hardware is required and there is no need to download any software.
If you want to improve your defenses against malware, ransomware, botnets, and phishing and are not yet controlling the web content that your employees can access, contact TitanHQ today and ask about WebTitan. Alternatively, sign up for a free trial of the solution by clicking the image below.
The year 2018 saw a reduction in ransomware attacks on businesses as cybercriminals opted for alternative means to make money. Major ransomware attacks were still occurring, just at a slightly lower rate than in 2017.
Some reports were released that suggested ransomware was no longer such a massive threat as it was in 2016 and 2017, but the number of reported attacks in 2019 have shown that is definitely not the case. Any business that has not implemented defenses to protect against ransomware attacks could well be the next victim and have to pay millions to recover from an attack.
Make no mistake. Ransomware is one of the most dangerous threats faced by businesses. If ransomware is installed on the network, all files, including backups, could be encrypted. That could prove catastrophic, as one small Michigan medical practice discovered.
The two-doctor practice in Battle Creek, MI suffered an attack that resulted in the encryption of all patient data. A ransom demand was issued by the attackers, but as there was no guarantee that files could be recovered after the ransom was paid, the decision was taken not to pay up. The hackers then deleted all the encrypted files. Faced with having to rebuild the practice from scratch, the doctors decided to call it quits and took early retirement.
Ransomware attacks on healthcare providers are now being reported at an alarming rate and government entities, cities, and municipalities are being extensively targeted. The city of Baltimore suffered a major attack in May involving a ransomware variant called RobbinHood. The attack brought down the city’s servers and systems, causing major disruption across the city. A ransom of $6 million was paid for the keys to regain access to the encrypted files.
Two small cities in Florida also suffered major attacks. Lake City was forced to pay a ransom of $460,000 and Riviera Beach paid a ransom of $600,000, while Jackson County in Georgia paid $400,000 after its court system was attacked.
As the year has progressed, the attacks have increased. A report from Malwarebytes indicates there was a 195% increase in ransomware attacks in Q1, 2019. Figures from Kaspersky Lab show ransomware attacks almost doubled in Q2, 2019, with 46% more attacks reported than the corresponding period in 2018.
The increase in attacks means businesses need to be prepared and have the necessary security tools in place to make it difficult for the attacks to succeed.
There is no one cybersecurity solution that can be implemented to eliminate the threat of attack, as hackers are using a variety of methods to gain access to networks and download their malicious payloads. Layered defenses are key to repelling an attack.
Email is the primary method of delivering ransomware. All it takes if for a malicious email to arrive in an inbox and for an employee to be fooled into opening a malicious attachment or clicking on a hyperlink for ransomware to be installed. An advanced email filtering solution such as SpamTitan Cloud is therefore needed to block malicious emails and ensure they do not reach employees’ inboxes.
SpamTItan includes Domain-based Message Authentication, Reporting, and Conformance (DMARC) to block email impersonation attacks and a sandbox where suspicious attachments can be executed in safety and studied for malicious activity. Sandboxing is essential as it allows zero-day ransomware threats to be identified and blocked.
Not all attacks occur via email. Attacks over the Internet are also common. A web filtering solution should therefore be implemented to block these web-based attacks. A web filter will prevent employees from accessing known malicious sites where ransomware is automatically downloaded. With these two technical measures in place, businesses will be well protected from attacks. Along with security awareness training for staff and the adoption of good data backup practices, businesses can mount a strong defense against ransomware attacks.
A new phishing campaign has been detected that uses Google Drive links to avoid detection by Office 365 Exchange Online Protection and ensure messages are delivered to inboxes.
The emails, reported through Cofense Intelligence, impersonated the CEO of the company who was attempting to share an important document. The document had been shared via Google Drive and came with the message, “Important message from – CEO.”
Google Drive allows files and collaboration requests to be easily sent to other individuals. The account holder chooses who to share a file with and the system generates an email alert containing a link to the shared file.
In this case, the name of the CEO was correct, but the email address used was different to the format used by the company. While this is a clear sign that the emails are not what they seem, some employees would likely be fooled by the message.
Importantly, the messages are not detected as malicious by EOP and are delivered to inboxes. A scan of the message would reveal nothing untoward, as the embedded URL is a legitimate shared link to a genuine cloud service operated by Google.
The shared document itself is not malicious, but it does link to another Google Docs document and a phishing URL. Any anti-phishing solution that only assesses the embedded hyperlink in the email to determine whether it is malicious would allow the email to be delivered. Only a deeper inspection would reveal the true nature of the URL.
If the link is visited by an end user, a fake login window is presented. If login credentials are entered, they are captured and stored on the attacker’s server.
This campaign highlights the importance of multi-layered anti-phishing defenses and the risks of relying on EOP to provide protection against phishing attacks.
An advanced spam filtering solution should be implemented on top of Office 365 to provide greater protection from phishing and other email-based attacks. This will ensure more sophisticated phishing attacks are blocked.
If a malicious message is delivered and a link is clicked, the connection to the malicious webpage could be blocked using a web filtering solution.
WebTitan is a DNS-based content filtering solution that serves as an additional layer in organization’s anti-phishing defenses. Should an attempt be made by an employee to visit a malicious website or suspicious domain, the attempt would be blocked before any content is downloaded. WebTitan assesses each website when the DNS query is made. Malicious websites and those that violate an organization’s content control policies are blocked.
To find out more about how a DNS filter can improve your defenses against phishing attacks and malware downloads, contact TitanHQ today.
Malware creators are constantly developing new techniques to circumvent traditional anti-virus defenses and ensure their malicious code can run undetected on a targeted machine.
Zero-day malware variants, those which have never been seen before, are not picked up by signature-based AV solutions. However, the malware will need to communicate with its owner, so the source code will contain URLs and IPs for that purpose. These URLs can be detected when scanning files. If the URLS are detected and they are known to be malicious, the file will be deemed to be malicious and will be quarantined.
To ensure this does not happen, malware developers use a variety of techniques to hide the URLs and IPs in the source code. This is often achieved by converting the IP address into a decimal value, which is stored as XML content. When in decimal format, even a malicious URL would not be detected as such by most antivirus software. When the IP address is needed by the malware, it can be converted back to its original form and then reconverted to digital when no longer required.
Similarly, a URL – or part of a URL – could be encoded in its hexadecimal equivalent. That URL would be unlikely to be detected as malicious yet can be read by a browser. AV software would likely detect the file example.com/maliciousfile.exe as malicious in nature and would block it accordingly. In hexadecimal, that translates to:
That address would not be recognizable as malicious and would likely go undetected during a scan by an AV solution. The use of both obfuscation techniques together is not unusual, to make it even harder for AV solutions to detect malicious URLs and IPs.
While these techniques can be used to fool endpoint AV solutions, connections to those malicious servers can be blocked using a DNS-based content filter such as WebTitan.
It doesn’t matter how the URL or IP address is masked. Before a connection can be made, it is necessary to make a DNS query, and the collection must be permitted by the DNS-based filter. If the URL is malicious, the DNS filter will block the attempt to connect before any content is downloaded.
WebTitan works in conjunction with a real time database of millions of malicious URLS and uses a real-time classification system to assign websites to one of 53 categories. Those categories can be allowed or blocked with the click of a mouse. In addition to blocking access to malicious content, the category-based controls can be used to prevent employees from accessing content that could cause offense or lower productivity.
To find out more about how WebTitan can benefit your organization and improve your security posture, contact the TitanHQ team today.
OneStopIT, one of the leading Managed Service Providers (MSPs) in the UK, has partnered with TitanHQ and will be incorporating TitanHQ cloud-based email and web security solutions into its service stack to better protect its customer base.
Businesses in the UK are increasingly being targeted by cybercriminals. A variety of tactics are used to obtain company funds, sensitive data, and company secrets. Attacks may be diverse, but they typically start with a phishing email and/or visit to a malicious website.
Cyberattacks are now being reported at record levels and business leaders are understandably worried. To better protect their networks and data, many turn to MSPs such as OneStopIT for help protecting their networks and data.
“The proliferation of phishing threats across Office 365 is a real problem for SME’s in the UK and we’re partnering with a key vendor in this space to protect our customers and also give them the OneStopIT premium service they are used to,” said Ally Hollins-Kirk, CEO of OneStopIT.
TitanHQ has developed powerful email and web security solutions for the SMB marketplace that have been developed to be easily delivered via MSPs. SpamTitan is a cloud-based anti-spam and anti-phishing solution that incorporates DMARC authentication and a sandboxing feature to protect against email impersonation, phishing, and email-based malware attacks. WebTitan is a DNS-based web filtering solution for content control and protection from web-based threats. The solution is backed up by a threat intelligence database of 650 million people. TitanHQ’s email archiving service, ArcTitan, allows MSPs to offer a secure, email archiving service to help businesses meet their compliance obligations.
Under the new partnership agreement, OneStopIT will be offering its customers advanced email security and anti-phishing protection, DNS-based web filtering, and an email archiving service powered by TitanHQ technology.
“TitanHQ is pleased to add our advanced threat protection layer for email and web security to the OneStopIT security stack,” said Rocco Donnino, President of Strategic Alliances, TitanHQ. “OneStopIT has excelled in the areas of customer service and security, our partnership further cements this commitment.”
There has been a spate of ransomware attacks on cities and government agencies in recent months and the healthcare industry sees more than its fair share of attacks, but they are not the only industries being targeted.
Schools, colleges, and universities are prime targets for hackers and ransomware attacks are common. One recent attack stands out due to its scale and the massive ransom demand that was issued. The attackers demanded $2 million (170 BTC) for the keys to unlock the encryption.
Monroe College in New York City was attacked at 6:45am on Wednesday, July 10, 2019. The ransomware quickly spread throughout the network, shutting down the computer systems at its campuses in Manhattan, New Rochelle and St. Lucia and taking down the college website.
The college has switched to pen and paper and is finding workarounds to ensure students taking online courses receive their assignments. No mention has been made about whether files will be recovered from backups or if the ransom will need to be paid.
This is one of many recent ransomware attacks in the United States. Ransomware may have fallen out of favor with cybercriminals in 2018, but it now appears to be back in vogue and attacks are rising sharply. So too have the ransom demands.
$2 million is particularly high, but there have been several recent attacks involving ransom demands for hundreds of thousands of dollars. In several cases, the ransom has been paid.
Riviera Beach City in Florida was attacked and was forced to pay a $600,000 ransom to regain access to its files and bring its computer systems back online. Lake City in Florida also paid a sizeable ransom – $500,000. Jackson County was also attacked and paid a $400,000 ransom.
There have been several cases where ransoms have not been paid. The City of Atlanta was attacked and around $51,000 in Bitcoin was demanded. Atlanta refused to pay. Its cleanup bill has already reached $3 million. With such high costs it is clear to see why many choose to pay up.
In all of the above cases, the cost of implementing cybersecurity solutions to protect against the main attack vectors would have cost a tiny fraction of the cost of the ransom payment or the mitigation costs after an attack.
For less than $2 per employee, you can ensure that the email network is secured and you are well protected against web-based attacks. To find out more, call TitanHQ today.
Sodinokibi and Buran ransomware are being pushed via the RIG exploit kit and now another exploit kit has joined the ranks, although its payload is currently banking Trojans.
Exploit kits are utility programs on websites that conduct automated attacks on visitors. When a visitor lands on a page hosting the exploit kit, the user’s browser and browser-based applications are probed to determine whether vulnerabilities exist.
Exploit kits contain exploits for several vulnerabilities, only one of which is required to silently download and execute a malicious payload on a visitor’s device. Traffic to these malicious pages is generated through malvertising/malicious redirects. The exploit kit code is also commonly added to compromised high-traffic websites.
Exploit kits were once the malware delivery mechanism of choice, but they fell out following a law enforcement crackdown. The threat from exploit kits has never disappeared, but activity has been at a much-reduced level. In recent months however, exploit activity has been at an elevated level.
The new exploit kit is called Spelevo and its purpose is to deliver two banking Trojans – Dridex and IceD – via a business to business website. The exploit kit was discovered by a security researcher named Kafeine in March 2019.
The exploit kit currently hosts multiple exploits for Adobe Flash and one for Internet Explorer. A user visiting a web page hosting the Spelevo exploit kit would unlikely tell that anything untoward was occurring. A tab would be opened to the gate and the browser would appear to go through a series of redirects before landing on Google.com. The entire process from the user landing on a page hosting the exploit kit, to a vulnerably being identified, exploited, and the user redirected to Google.com takes just a few seconds.
The exploit kit could be hosted on an attacker-owned domain, but it is easy to add the exploit kit to any website. All that is required is the addition of four lines of code once a website has been compromised.
Exploit kits are an efficient, automated way of delivering a malware payload, but they are reliant on users that have not patched their browsers and plugins. If browsers and plugins are kept up to date, there are no vulnerabilities to exploit.
The Spelevo exploit kit appears to be used in a campaign targeting businesses. IT teams often struggle to keep on top of patching and have poor visibility into the devices that connect to the network. As a result, it is easy for devices to be missed and remain unpatched. If one device is compromised, an attacker can use a variety of tools to spread laterally and infect other devices and servers.
The primary defense against exploit kits is patching, but additional protections are required. To protect against attacks while patching takes place, to prevent attacks from succeeding using zero-day exploits, and to stop users from visiting websites hosting exploit kits, a web filter is required.
WebTitan is a DNS filter that provides real-time, automated threat detection and blocking and protects against exploit kits and web-based phishing attacks. The WebTitan database contains three million malicious URLs that are blocked to protect end users. More than 300,000 malware and ransomware websites are blocked every day.
If you want to improve protection against web-based threats, exercise control over the content that your employees can access, and gain visibility into what your employees are doing online, WebTitan Cloud is the answer and it can be set up in minutes.
As one ransomware-as-a-service operation shuts down, another is vying to take its place. Sodinokibi ransomware attacks are increasing and affiliates are trying to carve out their own niche in the ransomware-as-a-service operation.
Developing ransomware and staying one step ahead of security researchers is important, but what made the GandCrab operation so successful were the affiliates conducting the campaigns that generated the ransom payments. The GandCrab developers have now shut down their operation and that has left many affiliates looking for an alternative ransomware variant to push.
Sodinokibi ransomware could well fill the gap. Like GandCrab, the developers are offering their creation under the ransomware-as-a-service model. They already have a network of affiliates conducting campaigns, and attacks are on the increase.
As is the case with most ransomware-as-a-service operations, spam email is one of the most common methods of ransomware delivery. One Sodinokibi ransomware campaign has been detected that uses spoofed Booking.com notifications to lure recipients into opening a Word document and enabling macros. Doing so triggers the download and execution of the Sodinokibi payload.
Download websites are also being targeted. Access is gained the websites and legitimate software installers are replaced with ransomware installers. Managed Service Providers (MSPs) have also been targeted. The MSP attacks have exploited vulnerabilities in RDP to gain access to MSP management consoles.
Two cases have been reported where an MSP was compromised and malicious software was pushed to its clients through the client management console. In one case, the Webroot Management Console and the Kaseya VSA console in the other.
Recently, another attack method has been detected. Sodinokibi ransomware is being distributed through the RIG exploit kit. Malvertising campaigns are directing traffic to domains hosting RIG, which is loaded with exploits for several vulnerabilities.
With so many affiliates pushing Sodinokibi ransomware and the wide range of tactics being used, no single cybersecurity solution will provide full protection against attacks. The key to preventing attacks is defense in depth.
TitanHQ can help SMBs and MSPs secure the email and web channels and block the main attack vectors. Along with security awareness training and good cybersecurity best practices, it is possible to mount a formidable defense against ransomware, malware, and phishing attacks.
The excitement is building as DattoCon19 draws ever closer. Starting on June 17, 2019 in San Diego and running for three days, DattoCon19 is an unmissable event for managed service providers (MSPs).
At the conference, attendees benefit from practical advice and best practices to grow their businesses, increase sales, and boost monthly recurring revenue (MRR). A huge range of vendors will be on hand to offer information on exciting products and attendees will have the opportunity to learn strategies to increase business impact growth, boost profitability, and broaden their service stacks.
Sessions will be taken by industry experts and leading MSPs who will share tips and tricks to take back home and apply at the office. On average, attendees at DattoCon achieve 41% sales growth year-over-year as a result of attending the conference.
TitanHQ is sponsoring DattoCon19 and is excited about having the opportunity to meet new MSPs and help them grow their businesses. As a Datto Select Vendor, TitanHQ offers MSPs three cloud-based solutions that can be easily integrated into existing MSPs service stacks: Anti-phishing and anti-spam protection, DNS-based web filtering, and email archiving. All three solutions are available through the TitanShield program for MSPs.
MSPs can meet the TitanHQ team at booth 23 at DattoCon19 to find out more about the TitanShield program and the exciting opportunities for MSPs that work with TitanHQ. TitanHQ will be on hand to help MSPs that support Office 365 to improve protection against phishing attacks and malware. MSPs can also find out more about the TitanHQ threat intelligence that protects Datto DNA and D200 boxes, and how TitanHQ’s DNS filter is a direct swap out for Cisco Umbrella and the cost advantages of doing so.
TitanHQ Executive Vice President-Strategic Alliances, Rocco Donnino, is one of the panel members for the Datto Select Avendors event on Monday. The event brings together experts from different fields to help come up with solutions for some of the major problems faced by MSPs in today’s marketplace.
TitanHQ at DattoCon19
TitanHQ will be at booth 23
Special Show Pricing available
Daily TitanHQ vintage Irish whiskey raffle
TitanHQ and BVOIP are sponsoring a GasLamp District Takeover Party on Monday 6/17 and Wed, 6/19.
DattoCon19 will be taking place in San Diego, California on June 17-19, 2019. If you are not yet registered for the event you can do so here
The leading review website, G2, has published its 2019 Best Software Companies in EMEA list. This is the first time that the company has produced the list, which ranks the best software companies doing business in EMEA based on the feedback provided by users of those products.
G2 is one of the most well-respected business software review websites. Software solutions may appear to tick all the right boxes, but in practice the solutions can be time consuming and difficult to use and fail to live up to expectations. Since the G2 reviews are from registered users of the products, businesses can not only rely on the reviews but can also use them to make smarter buying decisions.
To compile the list, G2 compiled the reviews of over 66,000 users in the software category. More than 900 companies were represented, but only those that performed best in the reviews have made the cut in their respective categories.
TitanHQ has been awarded top spot in the list of the best software companies of 2019 in EMEA.
TitanHQ has developed powerful cybersecurity solutions to meet the needs of businesses and MSPs, but the solutions have also been developed to be easy to use. The solutions are versatile, flexible,and scalable, and can be managed via an intuitive web-based management console with a full reporting suite. A full range of APIs are supplied to allow the solutions to be integrated into existing management software and industry-leading customer support ensures that help is always available to resolve any customer issues.
“TitanHQ is delighted to have been included in the 2019 Best Software Companies in EMEA list. The inclusion shows the value our customers place on the uncompromised security and real-time threat detection we provide,” said Ronan Kavanagh, CEO, TitanHQ. “The overwhelmingly positive feedback from on G2 Crowd is indicative of our commitment to ensuring the highest levels of customer success.”
“With 750,000+ user reviews, 80,000+ products and 1,600+ tech and service categories on G2, TitanHQ’s recognition on the prestigious Best Software Companies in EMEA list is an exceptional achievement: One that can only be earned through the endorsement of its users,” said CEO Godard Abel.
TitanHQ, the leading provider of cloud security solutions for SMBs, has announced a new partner program has been launched to support Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), Cloud Distributors, Wi-Fi Providers, OEM Partners and Technology Alliance Partners..
TitanHQ started its journey in 1999. Initially, the company provided anti-spam solutions to local businesses in Ireland. Over the next two decades, the company expanded its range of products to include DNS filtering and email archiving solutions and is now a leading global player of cloud-based cybersecurity solutions.
While TitanHQ initially focused on meeting the needs of the SMB market, its products have been developed to meet the needs of MSPs. For instance, TitanHQ solutions are available with a range of hosting options, including the ability to host the solution within the MSPs own environment, and they can be provided in white-label form ready to take MSP’s branding.
TitanHQ’s cloud-based solutions have been developed to be easy to implement, use, and manage and are already a firm favorite with MSPs.
To make TitanHQ cloud security solutions even more attractive for MSPs, the existing partner program has been significantly enhanced and relaunched as TitanShield.
The TItanShield Partner Program makes it even easier to offer TitanHQ cloud security products to clients. Partners benefit from access to engineers, a highly capable support team that understands the needs of MSPs, and a dedicated account manager.
Partners have access to APIs to allow them to easily sell, onboard, manage and deliver advanced network security solutions directly to their client base from within their own user interfaces. In addition, partners receive free access to sales and technical resources, deal registration and lead generation resources, and benefit from flexible, volume-based monthly pricing models and profitable margins.
Under the new, enhanced partner program, customers are separated into their specific areas of expertise to ensure that each can be provided with focused information for the markets and customers they serve.
“Our program takes a unique and strategic approach for our partners and can be customized to fit all business models,” said Rocco Donnino, Executive VP of Strategic Alliances at TitanHQ.
If you want to become a highly valued member of the TitanHQ TitanShield Partner Program, enrollment is now open. Call TitanHQ today or email email@example.com for further information.
In our previous post we explained why managed service providers (MSPs) should be offering a web filtering service to their customers and the benefits that can be gained by customers and MSPs alike. In this post we explain what makes WebTitan Cloud the go-to web filtering solution for MSPs and why so many MSPs have chosen TitanHQ as their web filtering partner.
Why WebTitan Cloud is the Best Web Filter for MSPs
One problem MSPs face before they can start offering a web filtering service to their clients is how to incorporate the solution into their service stacks and their existing cloud offerings. While there are many providers of web filtering services, not all solutions have been developed with MSPs in mind. TitanHQ differs in that respect.
TitanHQ’s web filtering solution, WebTitan Cloud, has been developed specifically to meet the needs of MSPs and make it as easy as possible for the solution to be added to their existing cloud offerings. WebTitan Cloud seamlessly integrates within existing workflows regardless of whether MSPs self-host, use AWS, Azure, or other cloud platforms.
How Does WebTitan Cloud Integrate into MSPs Management Systems?
To make integration as easy as possible, TitanHQ uses RESTful API, which allows fast and risk-free integration into MSPs management systems. WebTitan Cloud uses the OAuth 1.0 protocol for authentication and has a full set of keys and secrets in the WebTitan Cloud user interface (UI). Once an MSP has signed up, no further registration or authentication is necessary. The API client provides the appropriate oauth_signature to authorize requests to protected resources.
Overly complex user interfaces are a problem with many cloud-based solutions. With WebTitan Cloud, the UI is made as clean and easy to use as possible. MSPs can remove all elements from the UI that are not required to keep the UI clean and simple. WebTitan Cloud can also be integrated into MSP cloud interfaces to create a better user experience and greater consistency for customers.
Having information at your fingertips is important when customers send in requests or when reports are required on web use and blocking. WebTitan Cloud allows MSPs to create and integrate a full suite of high-level system and customer reports into their own management consoles.
Onboarding new customers is also a quick and simple process, which can be integrated into current MSP on-boarding processes. New customer accounts can easily be created (or deleted) from within an MSP’s own UI, in addition to performing updates and listing all current customer accounts.
MSPs can connect to WebTitan Cloud to manage their customers settings, including locations, whitelists, and blacklists. Customers that would prefer to manage their own settings can perform a limited number of operations themselves using APIs. Since WebTitan Cloud is available in a full white label, customers who do access their own settings can be given a UI with MSP branding rather than TitanHQ’s to maintain consistency and help reinforce the MSPs brand.
TitanHQ also operates an extremely competitive pricing strategy with generous margins for MSPs and aligned monthly billing cycles through the TitanShield MSP Program.
If you have yet to start offering web filtering to your clients as part of your service stack or if you are unhappy with your current provider’s product, contact TitanHQ today and as about becoming a member of the TitanShield MSP Program. Product demonstrations can also be scheduled on request.
A web filtering service allows Managed Service Providers (MSPs) to better protect their clients from accidental malware downloads and phishing attacks while improving their bottom lines. Further, by preventing phishing attacks and malware infections, they can reduce the amount of time they spend fighting fires. For busy MSPs, the latter will be especially beneficial.
Why is Web Filtering Important?
There are several reasons why MSP clients will benefit from a web filtering service. First and foremost, a web filter will help to prevent their customers’ employees from visiting phishing websites and malicious URLs. Most phishing attacks start with a phishing email, so a powerful spam filtering solution is essential. While commercial spam filters such as SpamTitan will block more than 99% of spam and phishing emails, additional protections are required to protect against the 1% that bypass spam defenses.
Naturally end user security awareness training will help in this regard, but as the 2018 Verizon Data Breach Investigations Report shows, 30% of delivered phishing messages are opened by end users and 12% of those users also click on malicious links in the messages.
A web filter is an additional layer of anti-phishing and anti-malware defenses that kicks in when malicious links are clicked and when end users attempt to visit other malicious sites while browsing the Internet. With a web filter in place, when an employee attempts to access a malicious web page, that attempt will be blocked before any content is downloaded. Instead of displaying the web page, a block page will be displayed.
Web filters also allow companies to carefully control the types of content their employees can access. This allows them to enforce acceptable internet usage policies with ease. Employers can prevent their employees from accessing NSFW content such as pornography, illegal content and, if tighter controls are required to improve productivity, other categories of web content such as dating sites, social media networks, gambling sites, and gaming sites.
With a web filter in place, security and productivity can both be quickly improved and the gains in both of those areas is likely to more than pay for the cost of the web filtering package provided by their MSP.
Cloud Based Web Filtering Solutions for MSPs
Convincing customers to implement a web filtering solution should be straightforward given the number of phishing attacks that are now being conducted and the cost of mitigating phishing attacks and malware infections. The cost of web filtering is tiny by comparison.
For MSPs, cloud-based filtering solutions are the natural choice. They can be implemented in minutes once a customer request has been received, no hardware is required, there is no software to install, and patching is handled by the service provider. All that is required from the MSP is a brief set up and configuration for each customer and ongoing management and reporting.
However, not all cloud-based web filtering solutions make set up, management and reporting simple. WebTitan Cloud differs in this respect. Not only does the solution offer excellent protection, the solution has been developed specifically with MSPs in mind. The ease of integration into MSP’s back-end systems and management has made WebTitan Cloud the go-to web filtering solution for MSPs.
In our next post we will explain how WebTitan Cloud differs from other web filtering solutions, why it is the easiest solution for MSPs to integrate into their existing cloud offerings, and how TitanHQ makes getting started, provisioning new customers, and managing customer accounts a quick and easy process requiring the minimal management overhead.
TitanHQ has released WebTitan Cloud version 4.12. The new version of the award-winning 100% cloud-based web filtering solution incorporates new features at tweaks to improve the user experience and make the solution an even more attractive option for managed service providers (MSPs).
One of the most exciting new features that will benefit businesses and MSPs alike is the ability to implement location-based filtering controls, naturally accompanied by granular, location-based reports.
It was already possible to implement organization-wide filtering controls and set different policies for departments, user groups, roles, and individuals in an organization. The new feature increases the flexibility of the solution with location-based controls. The new feature will be of great benefit to businesses operating across multiple locations, where content control requirements may need to be different for satellite offices. MSPs will be able to offer location-based controls to clients and better manage web filtering for customers with a presence in multiple countries. The location controls can be applied to control content whether users are on or off the network.
As with user and role-based content controls, when a user attempts to access a web page that contravenes the policy that they have been assigned, the content will be blocked and no web page content will be downloaded – in contrast to many appliance-based web filtering solutions. The user will be presented with a customizable block screen that can incorporate the company or MSP’s branding.
There will be occasions when an individual or group needs to bypass policy controls. With WebTitan, this can easily be achieved using cloud keys rather than making changes to policies. The cloud key can be used to bypass the block pages and access content that would normally be blocked by location, company, or other policies.
To make management as easy as possible, all policies and locations are managed through a single user interface. MSPs can manage all locations and customer accounts through a single pane of glass, which improves visibility into all customers’ accounts and locations.
Also of interest to MSPs will be WebTitan’s enhanced search functionality. While it was possible to run reports to obtain information about a specific customer and their traffic, a search filter has now been added to the history page. This allows administrators to search by location name with autocomplete. When a customer account is selected, admins can get second-by-second information about all traffic within that location without having to run a location report.
MSPs already have a multi-tenant, highly scalable, brandable, and easy to use web filtering solution with multiple hosting options that can be offered to customers at an attractive price point, which is why the solution has proven so popular with the MSP market. It is hoped that the new additional features will make the solution even more useful for MSPs to allow them to better serve their SMB clients while making web filtering for SMBs even more straightforward.
For many people, Game of Thrones Season 8 is the TV highlight of the past 12 months, but not all fans of the series are keen to pay for the channel to watch the latest installments of this hugely popular series.
Some fans are turning to P2P file sharing sites to download the latest episodes, but hackers are ready and waiting. Many illegal video files of Game of Thrones episodes have been embedded with malware, most commonly adware and Trojans.
Research from Kaspersky Lab revealed Trojans to be the most common form of malware to be embedded in rogue video files. A third of all fake TV show downloads that have been impregnated with malware include a Trojan.
When one of these infected files is opened after it has been downloaded, the Trojan is launched and silently runs in the background on the infected device.
Many of the Trojans embedded into video files are brand new. These zero-day malware variants are not detected by traditional AV solutions as their signatures are not present in malware definition lists. That means malware infections are likely to go undetected. When signatures are updated, the malware may continue to run until a full system scan is completed. Either way, during the time that the malware is active it could be collecting a range of sensitive data including usernames and passwords.
Malware can also be installed that gives the attacker access to an infected device and the ability to run commands, change programs, download further malware variants, and add the infected device to a botnet.
File sharing websites offer an easy way of distributing malware. Users of the platforms voluntarily download the files onto their computers. However, only a small percentage of internet users visit P2P file sharing sites. Hackers therefore have turned to other methods to get users to execute their infected video files.
Prior to the release date of Game of Thrones Season 8, offers of free access to the TV show were being distributed via email. Campaigns were also detected offering episodes in advance of the release date to tempt GOT fans into installing malicious software or visiting malicious websites.
It is no surprise that fake Game of Thrones video files have been embedded with malware, given the huge popularity of the show. However, Game of Thrones fans are not the only people targeted using this tactic of malware distribution. In the past few months, malware has been detected in fake videos files claiming to be the latest episodes of the Walking Dead, Suits, and the Vikings to name but a few.
Some people feel the risk of a malware infection from downloading pirated video files to be low, or they do not even consider the risks. That is bad news for businesses. When employees ignore the risks and download illegal files at work, they risk infecting their network with malware.
The easiest solution to prevent illegal downloads at work and the visiting of other malicious websites is to use a web filtering solution. A web filter – WebTitan for instance – can be configured to prevent users from accessing file sharing and torrents websites. WebTitan uses a continuous stream of ActiveWeb URLs from over 550 million end users, which provides important threat intelligence to TitanHQ’s machine learning technology. This allows new, malicious URLs to be identified, and users are then prevented from visiting those malicious URLs.
Blocking email attacks is simple with SpamTitan. SpamTitan blocks 99.97% of spam emails to prevent malicious messages from reaching end users, including messages offering free access to Game of Thrones and other TV shows. In addition to dual AV engines to protect against known malware, SpamTitan also now has a sandboxing feature. Suspicious attachments can be safely executed and analyzed in the sandbox to identify potentially malicious actions. The sandboxing feature provides superior protection against zero-day malware which AV software does not block.
With both of these solutions in place, businesses will be well protected against malware, ransomware, botnets, viruses, and phishing attacks.
Each solution is available with a range of different deployment options to suit the needs of all businesses. For a product demonstration and further information, contact the TitanHQ team today.