Our news section dedicated to web filtering reports on instances in which a web filter can be used to protect organizations against online threats and the consequences of phishing campaigns. We also report on how filtering web access can protect the vulnerable against exposure to inappropriate online content – particularly minors viewing pornography.
Several of our news items will be of particular interest to MSPs and service providers who wish to add web filtering to their portfolio of products. With TitanHQ´s solutions, MSPs can incorporate white-labelled web filtering into an existing service package or market the solutions as stand-alone packages.
On January 1, 2020, the California Consumer Privacy Act (CCPA) took effect, giving state residents greater control over the use and sale of their personal data and introduced. In this post we explore the CCPA data security requirements for businesses and the consequences of failing to adequately protect consumer data.
What is the California Consumer Protection Act?
California already had some of the strictest privacy laws in the United States, but CCPA took consumer privacy a step further. CCPA has been likened to the EU’s General Data Protection Regulation (GDPR), as it gives California residents similar rights over the personal data collected and used by companies.
CCPA requires companies to inform California residents about the categories of data that are being collected, at or before the point of collection. There is a right to access all personal information held by a company and find out with whom personal data has been shared. Consumers have a right to opt out and prevent their personal data from being sold and can request that their personal data is deleted. Consumers also have a right to equal services and prices, and cannot be discriminated against, or denied goods or services or levels of services if they opt out of the sale of their personal data.
Who Must Comply with CCPA?
On January 1, 2020, CCPA applies to all companies that do business with California residents, regardless of where the company is based, if one of the following conditions is met:
The company generates revenues of at least $25 million each year; or
The company collects, purchases, sells, or shares the personal data of at least 50,000 people; or
The company generates at least 50% of its revenues from the sale of personal data
CCPA does not apply to insurance institutions, agents, and support organizations, which are covered by different state laws.
CCPA Data Security Requirements
CCPA does not specify what security measures need to be implemented to protect the personal data of California residents; however, businesses do have a duty to implement reasonable security measures based on the level of risk, in accordance with other state laws. Under CCPA, penalties can be applied for a “violation of the duty to implement and maintain reasonable security procedures and practices.”
Since legal action can be taken against companies over a breach of personal data, it is important for companies to ensure appropriate measures are taken to protect data and prevent data breaches.
CCPA does not specify what controls need to be implemented nor what constitutes “reasonable security procedures and practices.” A 2016 Data Breach Report released by the California Attorney General acts as a good guide. It includes a list of 20 controls that the Center for Internet Security says are requirements to protect against known cyberattack vectors. These should therefore serve as guide to the CCPA data security requirements. They are:
How TitanHQ Can Help You Comply with CCPA Data Security Requirements
Email is the most common attack vector used for phishing and malware distribution, so safeguards need to be implemented to keep email systems secure. Phishing attacks often have a web-based component where credentials are harvested, and many malware downloads occur via the internet. Internet controls are therefore also essential to protect against cyberattacks and data breaches. Due to the risk of attack via email and the web, email and browser protections are listed as the first of the foundational Center for Internet Security controls.
This is an area where TitanHQ can help. We have developed two powerful cloud-based security solutions that can help you meet CCPA data protection requirements.
SpamTitan Email Security is a powerful spam filtering solution that keeps inboxes free from email-based threats. SpamTitan incorporates multiple layers of anti-spam and anti-phishing controls, including Sender Policy Framework (SPF), DMARC, SURBL’s, RBL’s Bayesian analysis and more. SpamTitan uses twin antivirus engines to block known malware threats and sandboxing to protect against breaches and data loss from zero-day threats.
WebTitan is a cloud-based DNS filtering solution that protects against the internet component of phishing attacks and stops wired and wireless network users from accessing malicious websites. These solutions will help you meet your email and web security responsibilities and protect your organization from phishing attacks, malware and ransomware downloads. Together they will help you prevent costly data breaches and avoid the resultant CCPA fines.
Penalties for Noncompliance with CCPA
Each intentional violation carries a maximum penalty of $7,500 per record. Unintentional violations carry a penalty of $2,500 per record.
There is also a private cause of action in CCPA. In the event of a data breach, victims of the breach can sue for a CCPA violation. Statutory damages of between $100 and $750 by each California resident affected by the breach. Alternatively claims can be made for actual damages, whichever is greater, along with other relief determined by the courts. Class action lawsuits are also permitted under CCPA. The California Attorney General can also take legal action against the company rather than permitting civil suits to be filed.
TitanHQ and Pax8 have announced a new strategic partnership that will see TitanHQ’s cloud-based email security and DNS filtering solutions incorporated into the Pax8 ecosystem.
Pax8 simplifies the journey into the cloud through billing, provisioning, automation and industry-leading PSA integrations and is proven leader in cloud distribution. Pax8 has achieved position 60 in the 2019 Inc. 5000 list of the fastest growing companies and has been named CRN’s Coolest Cloud Vendor and Best in Show at the NextGen and Xchange conferences for two years in a row.
In order to have products added to the Pax8 marketplace, vendors must have developed exceptional channel friendly solutions. As the leading provider of cloud-based email and web security solutions for managed service providers (MSPs) serving the SMB marketplace, TitanHQ was an ideal fit.
Under the new partnership, Pax8 partners will have easy access to TitanHQ’s leading email security solution, SpamTitan Cloud, and can protect clients from web-based threats with WebTitan Cloud, TitanHQ’s DNS filtering solution.
These cloud-based AI-driven solutions help MSPs secure their own environments and protect their clients from malware, ransomware, botnets, viruses, and phishing and email impersonation attacks and avoid costly data breaches.
Both solutions have been developed with MSPs firmly in mind. The solutions are easy to integrate into an MSP’s security stack through TitanHQ’s APIs, there are multiple hosting options, the solutions can be supplied in white label form, and there are generous margins. Pax8 partners also benefit from a fully transparent pricing policy and industry leading technical support.
TitanHQ’s solutions have much loved by users and are consistently rated highly on business software review platforms, including G2 Crowd, Gartner Peer Insights, and Capterra.
“Our partners are excited about the addition of TitanHQ and the ability to protect their clients’ businesses by blocking malware, phishing, ransomware, and links to malicious websites from emails.” said Ryan Walsh, chief channel officer at Pax8.
You will no doubt have heard of a man in the middle (MiTM) attack. Here we define this attack method, explain how a MiTM attack occurs, and show you how to prevent a man in the middle attack and keep your devices and networks secure.
What is a Man in the Middle Attack?
Man in the middle attacks are commonly cited as a threat, but what exactly is a man in the middle attack? As the name suggests, this is a scenario where a person inserts him or herself between two communicating systems and intercepts conversations or data sent between the two. It is the computer equivalent on eavesdropping on a phone call where neither party is aware that their conversation is not private and confidential.
With a phone call, eavesdropping would allow an attacker to gather a host of sensitive information, which is divulged verbally between both parties. In this scenario, the attacker does not influence the conversation. He/she must wait until a valuable nugget of information is disclosed by either party.
A MiTM attack is concerned with intercepting data transferred between two parties. This could be data sent between a smartphone app and a server, between two parties on a messaging app such as WhatsApp, or an email conversation between two parties. It could also be communication between a user’s browser and a website.
In contrast to the telephone call scenario, which is passive, in a MiTM attack the attacker can influence what is being said. In fact, with a MiTM attack, the two people or systems communicating are not really communicating with each other. Each is communicating with the attacker.
Take email for example. Person A initiates an email conversation with Person B and requests a wire transfer to pay for services rendered. Person A supplies the bank details, and Person B agrees to the wire transfer. Various details are discussed, and the transfer is eventually made. There could be 10 or more messages sent by each party in the conversation. Each message between the two is altered by the attacker, crucially including the bank account details for the transfer. Neither party has been communicating with each other, yet both parties would be convinced they are.
Types of Man in the Middle Attack
The goal of a MiTM is to intercept information, usually for financial gain, but there are different ways that this can be achieved. Generally speaking, there are four main ways that a MiTM attack occurs: Packet sniffing, packet injection, session hijacking, and SSL stripping
Packet sniffing is one of the most common MiTM attack methods and is a type of eavesdropping or wiretapping, except it is not phone conversations that are obtained. It is packets of data sent between the two systems. Packet sniffing is much easier when sensitive data is not encrypted, such when information is disclosed between a browser and a HTTP website, rather than HTTPS where the connection is encrypted.
The above email example is a type of packet injection. Data is intercepted, but additional packets are introduced, or data packets are altered. For instance, malware could be introduced.
Session hijacking is where an attacker hijacks a session, such as a session between a browser and a banking website where the user has logged in. In this example, the attacker is the one in control of the session. SSL stripping is where a HTTPS session, which should be secure as the session is encrypted, is stripped of the encryption, turned from HTTPS to HTTP, and data is identified. This latter example is utilized by web filtering solutions that feature SSL inspection. It allows businesses to check for threats in encrypted traffic.
How to Prevent a Man in the Middle Attack
Fortunately, MiTM attacks can be difficult to perform, so the potential for an attack is limited, but there are skilled hackers who can – and do – perform these attacks and gain access to sensitive data and empty bank accounts. One of the most common examples is a coffee shop scenario where an attacker creates an evil twin hotspot. When a user connects to this evil twin – a Wi-Fi network set up to look like the genuine coffee shop Wi-Fi hotspot – all data sent between their browser and the website is intercepted.
There are several steps you can take to prevent a Man in the Middle Attack.
Never disclose sensitive data when connected to an untrusted public Wi-Fi network. Only ever connect via a VPN, and ideally wait until you are on a trusted Wi-Fi network to access online bank accounts.
Ensure the website is protected by an SSL certificate (starts with HTTPS). Bear in mind that hackers also use SSL certificates, so HTTPS does not mean a website is genuine.
Do not use hyperlinks included in emails, always visit the website directly by typing the correct URL into your browser or finding the correct URL through a Google search.
Do not install unauthorized software, apps from third-party app stores, and do not download and use pirated software.
Businesses should implement a DNS filtering solution to protect their workers and prevent them from visiting malicious websites.
Make sure your networks are secured and have appropriate security tools installed.
Disable insecure SSL/TLS protocols on your website (Only TLS 1.1 and TLS 1.2 should be enabled) and implement HSTS.
At face value, SpamTitan and VadeSecure may appear to be equivalent products. In this post we offer a comparison of SpamTitan and VadeSecure to help managed service providers (MSPs) differentiate between the two solutions.
SpamTitan and VadeSecure
SpamTitan and VadeSecure are two email security solutions that block productivity-draining spam emails, phishing emails, and malspam – spam emails that deliver malware or malware downloaders. These cloud-based solutions assess all incoming emails and determine whether they are genuine communications, unwanted spam, or malicious messages and deal with them accordingly to prevent employees from opening the messages.
TitanHQ is the leading provider of cloud-based email and web security solutions for MSPs that serve the SMB market and has been providing email security for MSPs for more than 2 decades. SpamTitan is TitanHQ’s email security offering, which has been developed for SMBs and MSPs that serve the SMB market.
VadeSecure is a French company that has developed an email security solution for the SMB market. As is the case with SpamTitan, VadeSecure offers protection from email-based threats and provides an important extra layer of security, especially for Office 365 environments. The company is now venturing into the MSP market and has recently raised an additional $79 million in venture capital to help it make inroads into the MSP market. However, at present, the solution is primarily geared toward SMBs rather than MSPs that serve them.
Enhanced Phishing Protection for Office 365 Accounts
Office 365 is the most widely used cloud service by user count and 2019 figures show that Office 365 cloud services are used by 1 in 5 corporate employees, with Office 365 email being the most common. With so many businesses using Office 365 for email, it should come as no surprise that Office 365 email accounts are being heavily targeted by hackers and scammers.
Microsoft does have measures in place to block spam and phishing emails, but the level of protection provided by Exchange Online Protection (EOP) is not sufficient for many businesses. A large percentage of phishing emails manage to sneak past Microsoft’s defenses. According to research from Avanan, 25% of phishing emails are delivered to Office 365 inboxes.
Consequently, additional protection is required, and many businesses choose to implement an anti-phishing solution provided by third parties such as SpamTitan and VadeSecure. MSPs also offer third party solutions to block phishing attacks on Office 365 accounts, not only to better protect their customers, but also to reduce the amount of time they spend mitigating phishing attacks that have not been blocked by EOP.
SpamTitan and VadeSecure have been developed to work on top of Office 365 and add an important extra layer of protection for Office 365 email.
Here we will concentrate on a comparison of SpamTitan and VadeSecure with a specific focus on the features and benefits for MSPs rather than SMBs.
Comparison of SpamTitan and VadeSecure for MSPs Serving the SMB Market
Since VadeSecure has historically focused on the Telco market, the email security solution lacks many features to make MSP’s lives easier and does not provide the level of control, flexibility, or the management tools and reports that MSPs seek. SpamTitan has been developed by MSPs for MSPs, so important features for MSPs have always been offered. We will cover these features below, but initially it is useful to include an infographic that summarizes some of the basic features of SpamTitan and VadeSecure for comparison purposes.
Basic Features of SpamTitan and VadeSecure
SpamTitan Features for MSPs Not Offered by VadeSecure
This comparison of SpamTitan and VadeSecure may seem a little one-sided, and that is because VadeSecure is very much focused on end users rather than MSPs. No doubt the solution will be updated to incorporate more MSP-friendly features over time as the company tries to move into the MSP market, but at present, the features below are provided by SpamTitan but are not offered by VadeSecure.
Configuration Flexibility and Customization Potential
One of the biggest bug bears with VadeSecure is the inability to configure the solution to suit the needs of MSPs. It is not possible to create custom rules for instance, and MSPs must therefore use the Exchange Admin functionality of Office 365.
With SpamTitan, MSPs can create rules based on their own requirements and the needs of each individual client, and those rules can be highly granular and can easily be applied to specific groups, users, and for specific domains. That level of granularity and the ease of customization allows MSPs to fine-tune filtering policies to maximize the detection of threats while minimizing false negatives. MSPs can easily select more permissible or more aggressive policies for each client, but with VadeSecure there is no option for customization for each customer.
SpamTitan includes a full multi-tenancy view of all customers, with multiple management roles. This allows MSPs to easily monitor their entire customer base and trial base, assess the health of the deployments, view activity volumes across all customers, and quickly identify issues that require attention. With VadeSecure, there is no possibility of integrating with PSAs and RMMs, and there is no customer-wide view of the entire system.
Highly Granular Reporting
MSPs can tell their clients how important it is to improve their security defenses, but they must also be able to demonstrate that the solutions are proving effective at blocking threats to ensure they can continue to provide those services and receive regular, repeating revenue.
With SpamTitan, MSPs have highly granular reports that give them full visibility into what is happening and a detailed view of system performance. Client reports can easily be generated to show them how effective the solution is and why it is important to keep it in place. Furthermore, this level of reporting – per domain, per group, and at the group domain level – gives MSPs the information they need to identify potential issues and obtain detailed information on spam emails. The solution also has the management capabilities to allow any issues to be quickly identified and corrected to ensure the solution remains effective over time. With VadeSecure, visibility and control options are lacking and there are no options for demonstrating how effective the solution is and to demonstrate that to clients.
High Margins and Significant Revenue Potential
As previously mentioned, the flexibility and scope for customization is a real benefit for MSPs as it allows them to add more value through superior management capabilities. That means MSPs can build solutions that really benefit their clients and it helps them become more of a strategic partner rather than an IT service provider. It is much harder for clients to change a strategic partner than switch IT service providers. VadeSecure lacks this customization which means it is not possible for MSPs to add value to generate reliable, recurring revenue.
Further, with VadeSecure you get one product, but TitanHQ offers a trio of solutions for MSPs to better protect their clients and add more recurring revenue streams. Through the TitanShield for Service Providers program, MSPs also have access to WebTitan DNS filtering and ArcTitan email archiving. This allows MSPs to maximize revenue from each client by cross-selling new services, while also offering a layered security package to protect clients from the full range of email- and web-based threats.
Fully Transparent Pricing
When it comes to pricing, VadeSecure (and many other email security solutions) lack transparency and the pricing model is complex and expensive. Several features are not included as standard with VadeSecure and come at an additional cost. This makes it hard to perform a SpamTitan and VadeSecure pricing comparison.
For instance, with VadeSecure the solution is priced per module, so the Greymail, Spam, and Virus Protection options are not provided as standard and have to be added onto the cost. Based on feedback we have received from MSPs the solution is expensive, which reduces MSP profits and makes the email security solution more difficult to sell to SMBs.
With VadeSecure, the total number of users is not aggregated, which shows a lack of experience of working with MSPs. An MSP with 100 x 10-seat licenses will have that pay at 10 seats each rather than 1,000 seats overall. As such, discounts will be far lower.
With SpamTitan there is just one price which includes all features, including sandboxing, full support, dual anti-virus protection, all security modules, and updates. Furthermore, the price is exceptionally competitive (less than $1 per user). The pricing model was created to incorporate the flexibility for dealing with fluctuating numbers of customers, which often happens when providing managed email services.
Effectiveness at Blocking Threats
Price, usability, and flexibility are all important for MSPs, but features and benefits are the icing on the cake. Email security solutions are used to protect against threats, so the effectiveness of a solution is critical. SpamTitan and VadeSecure are effective at blocking threats and will provide an important additional layer of security for Office 365 users, but feedback we have received from MSPs show there is a clear winner.
VadeSecure includes ‘time-of-click’ protection against embedded hyperlinks, which rewrites URLs and sends them to a scanner. However, MSPs have reported that it can take a long time for phishing emails to be detected, even after threats would be blocked by Chrome. That means that phishing emails are being delivered and there is a window during which a successful attack could occur. This URL click feature only appears to work in OWA or the Outlook client as it is an API integration with Office 365.
SpamTitan includes more advanced detection methods to ensure that malicious URLs are detected and phishing emails are filtered out. SpamTitan includes SURBL filtering and other malicious URL detection mechanisms that complement the default mechanisms in Office 365 such as Recipient Verification Protocols, Sender Policy Frameworks, and Content Filter Agents. This means end users are better protected and there is a much lower probability of a phishing email evading detection.
Dual anti-virus protection is also provided and SpamTitan features a sandbox where suspicious attachments can be safely analyzed for malicious actions. This provides superior protection against malware, ransomware, and zero-day threats that are not detected by the two AV engines.
Any business that processes card payments is a target for cybercriminals, but restaurants in particular are favored by hackers. Over the past few weeks, cybercriminals have stepped up their efforts to attack these businesses and several restaurant chains have had their systems compromised. In all cases, malware has been installed on point-of-sale systems that steals payment card information when diners pay for their meals.
Many of the attacks have hit restaurant chains in the Midwest and East, with credit card data from diners recently having been listed for sale on the underground marketplace, Joker’s Stash. A batch of approximately 4 million credit and debit cards is being offered for sale, which comes from malware attacks at Moe’s, McAlister’s Deli, Krystal, and Schlotzsky’s.
The cyberattack on Krystal was detected in November, with the other three chains, all owned by Focus Brands, attacked in August. In total, the above chains have more than 1,750 restaurants and almost half of those locations, mostly in Alabama, Florida, Georgia and North and South Carolina, were affected.
Catch Hospitality Group also announced in November that it had suffered a cyberattack which had seen malware installed on its point-of-sale system that scraped and exfiltrated payment card data as diners paid for their meals. The data breach affected customers of Catch NYC, Catch Roof, and Catch Steak restaurants. Fortunately, the devices used to process the majority of payments were unaffected. Malware was on the Catch NYC and Catch Roof devices between March 2019 and October 2019, with Catch Steak affected between September 2019 and October 2019.
Church’s Chicken restaurants were also attacked in a separate incident in October. The majority of its 1,000+ restaurants were not affected, but at least 160 restaurants in Alabama, Arkansas, Florida, Georgia, Illinois, Louisiana, Mississippi, Missouri, South Carolina, Tennessee and Texas had malware installed on their POS system.
Other restaurant chains that have been attacked in 2019 include Checker’s Drive-In, Cheddar’s Scratch Kitchen, Huddle House, Applebee’s, Chilli’s, and Earl Enterprises (Buca di Beppo, Chicken Guy, Tequila Taqueria, Mixology, Planet Hollywood). Malware n the systems of Earl Enterprises had been present for almost a year before it was detected.
How to Improve Restaurant Cybersecurity
Restaurants process many thousands of card transactions which makes them an attractive target for hackers. Restaurants often use out-of-date operating systems, have vulnerability-ridden legacy hardware, and their cybersecurity solutions often leave a lot to be desired. Consequently, cyberattacks on restaurants are relatively easy to perform, at least compared to many other types of businesses.
In order to infect the POS system, the attackers will need network access. That is most commonly gained via phishing emails, drive-by malware downloads, or by abusing remote access tools. Direct attacks are also possible using techniques such as SQL injection and weak passwords can be easily guessed using brute force tactics.
The malware that sits on systems and exfiltrates data tends to have a very small footprint and is often stealthy as it needs to be present for long periods of time to collect payment card data. That can make it hard to detect when it has been installed. The key to security is therefore improving defenses to make sure the malware is not installed in the first place, which means preventing the attackers from gaining access to the network.
Listed below are some easy-to-implement steps that will help restaurants improve their security posture and block attacks. The key is defense in depth through layered security.
Use an enterprise-grade firewall –Ensure an enterprise-grade firewall is purchased. A firewall will prevent unauthorized individuals from gaining access to your network resources.
Patch promptly and update all software and firmware – Ensure patches are applied promptly and software and firmware updates are implemented when they are released. That includes all systems and networked devices, not just your POS.
Upgrade hardware – When your hardware is approaching end of life it is time to upgrade. Unsupported hardware (and software) will no longer be updated and vulnerabilities will no longer be fixed.
Lockdown your POS: Use whitelisting or otherwise lock down POS systems to make it harder for malware to operate. Only allow trusted apps to run on your POS systems.
Install powerful antivirus software – Ensure all devices are protected by a powerful anti-virus solution and that it is set to update virus definitions automatically. Regularly scan the network for malware, especially your POS.
Implement an intrusion detection system – These systems monitor the network for unusual activity that could indicate a malware infection, attackers searching the network for the POS system, and unusual traffic that could indicate data exfiltration.
Change all default passwords and set strong passwords – To protect against brute force attacks, ensure strong passwords are set on all systems and all default passwords are changed. Also implement rate limiting to block attempts to access a system or device after a set number of failed password attempts.
Implement a powerful spam filtering solution – A powerful email security solution, such as SpamTitan, is required to prevent spam and malicious emails from being delivered to end users. Even if you have Office 365, you will need a third-party email security solution to block email-based threats.
Restrict Internet access with a DNS filter – A DNS filter such as WebTitan provides protection against drive-by malware downloads and web-based phishing attacks. WebTitan will block all known malicious websites and those with a low trust score. The solution can also be configured to prevent employees from accessing categories of websites where malware downloads are more likely.
Disable Remote Access if Possible – Disable Remote Desktop Protocol and all remote access tools. If remote access tools are required to allow essential maintenance work to be completed, ensure they can only used via a VPN and restrict the people who can use those tools.
Black Friday phishing scam are rife this year. With almost a week to go before the big discounts are offered by online retailers, scammers are stepping up their efforts to defraud consumers.
Spam email campaigns started well ahead of Black Friday this year and the scams have been plentiful and diverse. Black Friday phishing emails are being sent that link to newly created websites that have been set up with the sole purpose of defrauding consumers or spreading malware and ransomware. It may be a great time of year to pick up a bargain, but it is also the time of year to be scammed and be infected with malware.
A wide range of spam emails and scam websites have been detected over the past few weeks, all of which prey on shoppers keen to pick up a bargain. This year has seen the usual collection of almost too-good-to-be-true offers on top brands and the hottest products, free gift cards, money off coupons, and naturally there are plenty of prize draws.
Anyone heading online over the next few days to kick start their holiday shopping spree needs to beware. The scammers are ready and waiting to take advantage. With legitimate offers from retailers, speed is of the essence. There is a limited supply of products available at a discount and shoppers are well aware that they need to act fast to secure a bargain. The scammers are playing the same game and are offering limited time deals to get email recipients to act quickly without thinking, to avoid missing out on an exceptional deal.
This time of year always sees a major uptick in spam and scams, but this year has seen much more sophisticated scams conducted than in previous years. Not only are the scammers insisting on a quick response, several campaigns have been identified that get users to help snag more victims. In order to qualify for special offers or get more deals, the scammers require users to forward messages and share social media posts with their friends and contacts. This tactic is highly effective, as people are more likely to respond to a message or post from a friend.
So how active are the scammers in the run up to Black Friday and Cyber Monday? According to an analysis by Check Point, the number of e-commerce phishing URLs has increased by 233% in November. Those URLs are being sent out in mass spam campaigns to direct people fake e-commerce sites that impersonate big name brands. Those sites are virtual carbon copies of the legitimate sites, with the exception of the URL.
While consumers must be wary of Black Friday phishing scams and potential malware and ransomware downloads, businesses should also be on high alert. With genuine offers coming and going at great speed, employees are likely to be venturing online during working hours to bag a bargain. That could easily result in a costly malware or ransomware infection.
The scams are not limited to the run up to Black Friday. Cyber Monday scams can be expected and as holiday season fast approaches, cybercriminals remain highly active. It’s a time of year when it pays to increase your spam protections, monitor your reports more carefully, and alert your employees to the threats. A warning email to employees about the risks of holiday season phishing scams and malicious websites could well help to prevent a costly data breach or malware infection.
Its also a time of year when a web filtering solution can pay dividends. Web filters prevent employees from visiting websites hosting exploit kits, phishing kits, and other known malicious sites. They can also be configured to block downloads of malicious files. A web filter is an important extra layer to add to your phishing defenses and protect against web-based attacks.
If you have yet to implement a web filter, now is the ideal time. TitanHQ is offering a free trial of WebTitan to let you see just how effective it I at blocking web-based threats. What’s more, you can implement the solution in a matter of minutes and get near instant protection from web-based phishing attacks and holiday season malware infections.
According to research from Channel Futures, security is the fastest growing service for 73% of managed service providers (MSPs). If you have yet to start offering security services to your clients, you are missing out on a steady income stream that could really boost your profits. But where should you start? What services should you be offering? In this post we will be exploring the ideal security stack for MSPs and the essential services that should form the core of your security offering.
Why is Managed Security is so Important?
As an MSP, you should be aware of the importance of security. Companies are being targeted by cybercriminals and data breaches are occurring at an alarming rate. It is no longer a case of whether a business will be attacked, it is a case of when and how often.
Many SMBs do not have sufficiently skilled staff to handle IT and it is far easier, and often more cost effective, to outsource their IT to MSPs. The same is true for security, but even more so due to the difficulty finding sufficiently skilled cybersecurity staff. With so many positions available and a national shortage of cybersecurity staff, cybersecurity professionals can afford to pick and choose there they work. SMBs must ensure they are well protected against cyberattacks, so they look to MSPs to provide security-as-a-service either as a stop gap measure while they try to fill internal positions or so they can forget about security and let an MSP look after that side of the business.
If you are not providing security services to your clients, they will most likely search for another MSP that can protect their business from threats such as malware, ransomware, phishing, botnets, and prevent costly data breaches.
What do SMBs Want?
SMBs may be aware of the need for security, but they may not be so clued up about the solutions they need to protect them from cyber threats. You may need to explain to them exactly what they need and why. What is vital when explaining cybersecurity to SMBs is to emphasize the need for layered security. No single solution will provide protection against all threats and you will need to educate your clients about this.
Layered security is essential for protecting against ever increasing cybersecurity threats. No single solution will provide total protection. You need overlapping layers so that if one layer is bypassed, others are there to block the attack.
You should certainly be initiating conversations with your clients about security. Many SMBs only look for security services after they experience a costly data breach. By being proactive and approaching your clients and offering security services, you will not only have a much greater opportunity for increasing sales quickly, you will help them avoid a costly data breach and will not have to clear up the mess that such a breach causes.
What is the Ideal Security Stack for MSPs?
The best place to start is with a cybersecurity package that includes the core security services that all businesses need to protect them from a broad range of threats. Different packages can be offered based on the level of protection your clients need and their level of risk tolerance. Extra services can always be provided as add-ons.
There are four key security services you should be offering to your clients to give them enterprise-grade protection to secure their networks and protect against the main attack vectors. The ideal security stack for MSPs will differ from company to company, depending on the kind of clients that each MSP has. It may take some time to find the ideal security stack, but a good place to start is with core security services that every business will need.
Core Security Services for MSPs
Firewalls are essential for securing the network perimeter and separating trusted from untrusted networks. They will protect network resources and infrastructure against unauthorized access. It may even be necessary to implement multiple firewalls.
Email security is essential as this is the most common attack vector. Without email security, malware and phishing emails will hit inboxes and employees’ security awareness will be regularly put to the test. The threat of email attacks cannot be understated.
Email security must be explained to clients to ensure they understand its importance and why standard email security such as that provided by Microsoft through Office 365 simply doesn’t cut in anymore. Too many threats bypass Office 365 defenses. A study by Avanan showed that 25% of phishing emails bypass Office 365 security and are delivered to inboxes.
DNS filtering is also a requirement to protect against web-based attacks such as malvertising, drive-by downloads, and exploit kits. Even the best email security solutions will not block all phishing threats. DNS filtering provides an additional layer of security to protect against phishing attacks. While email was once the primary method of delivering malware, now malware is most commonly delivered via web-based attacks. The average business user now encounters three malicious links per day and 80% of malware is downloaded via the internet. Further, with more and more employees spending at least some of the week working remotely, protection is needed for public Wi-Fi hotspots. DNS filtering provides that protection when they are off the network.
Endpoint security solutions add another layer to the security stack. If any of the above solutions fail and malware is downloaded, endpoint security solutions will provide extra protection. This can include basic protection such as antivirus software or more advanced solutions such as intrusion detection systems.
When choosing solutions for your security stack, it is important to make sure they work seamlessly together. This can be difficult if you purchase security solutions from a lot of different vendors.
Additional Services to Add to your Security Stack.
The above security services should form the core of your security offering, but there are many additional services you can easily provide to ensure your clients are better protected. These can be offered as addons or as part of more comprehensive security packages.
Data loss protection
Email archiving and backup services
Vulnerability scanning and patch management
Security policy management
Security information and event management (SIEM)
Incident response and remediation
Security awareness training and phishing email simulations
How TitanHQ Can Help
TitanHQ is the global leader in cloud-based email and web security solutions for the MSP that services the SMB market. TitanHQ products are consistently rated highly by MSPs for the level of protection, ease of use, ease of admin, and the level of support provided.
The TitanHQ portfolio of cybersecurity products consists of three core solutions:
SpamTitan Email Security
WebTitan DNS Filtering
ArcTitan Email Archiving
Each of these solutions has a 100% cloud-based architecture and has been developed for MSPs to easily incorporate into their security stacks. TitanHQ offers seamless deployments and easy incorporation into MSP’s management portals via RESTful API.
The above solutions can be supplied with multiple hosting options. You can host with TitanHQ, on your existing infrastructure or in the cloud with AWS, Azure or any other system.
SMBs want to know they are protected, but many don’t care about what solutions are used. This gives you an opportunity to reinforce your brand. This is easily achieved with TitanHQ as the above solutions can be provided in white label form, ready for you to add your own branding. You can even customize the user interface and only include the features that you need to reduce complexity.
Need reports for your clients? No problem. TitanHQ has an extensive range of pre-configured reports that can be scheduled to ease your admin burden, including board-level reports with scope to create your own reports to meet you and your clients’ needs.
Other key features for MSPs include:
Automated policy management
Full visibility of usage
Flexible, affordable, and transparent pricing with monthly billing
Set and forget solutions to ease the admin burden
World-class customer support included with all solutions
Generous margins for MSPs
Excellent MSP program – TitanShield – with dedicated account managers, assigned sales engineers, scalable pre-sales and technical support, and sales and technical training
TitanHQ has made it as easy as possible for MSPs to start offering security services to their clients. These solutions will also help established security-as-a-service providers ease their management burden and improve their margins.
To find out more about the TitanShield program and for further information on any or all of TitanHQ’s security solutions for MSPs, get in touch with the channel team today. Product demonstrations can be arranged and free 14-day trials are available to allow you to see for yourself why TitanHQ is the leading provider of email and web security solutions for MSPs.
The Racoon Stealer is a relatively new form of malware that was first detected in April 2019. The malware is not sophisticated, it does not incorporate any never before seen features, in fact it is pretty unremarkable. The Racoon Stealer can take screenshots, harvest system information, monitor emails, and steal information from browsers, such as passwords, online banking credentials, and credit card numbers.
However, the malware is effective and very popular. In the past six months, the Racoon Stealer has been installed on hundreds of thousands of Windows devices and it is now one of the most talked about malware variants on underground forums.
What makes the Racoon Stealer stand out is a highly aggressive marketing campaign aimed at signing up as many affiliates as possible. Racoon is being marketed as malware-as-a-service on underground forums and affiliates can sign up to use the malware for a flat fee of $200 per month.
The information stealer can be used to steal a range of sensitive information such as passwords, credit card numbers, and cryptocurrencies. Under this distribution model, affiliates do not have to develop their own malware, and little skill is required to start conducting campaigns. The malware developers are also providing bulletproof hosting and are available to give affiliates support 24/7/365, and the package comes with an easy to use backend system.
While the cost is certainly high compared to other malware-as-a-service and ransomware-as-a-service offerings, affiliates are likely to make that back and much more from the information that they can steal. There is no shortage of takers.
How is the Racoon Stealer Being Distributed?
Affiliates are distributing the Racoon Stealer via phishing emails containing Office and PDF files that incorporate code that downloads the Racoon payload. The information stealer has been bundled with software on third-party websites, although a large percentage of the infections come from exploit kits.
The Racoon Stealer has been added to both the Fallout and Rig exploit kits which are loaded onto compromised websites and attacker-owned domains. Traffic is sent to those sites via malicious adverts on third party ad networks (malvertising).
When a user lands on a webpage hosting an exploit kit, their device is probed for vulnerabilities that can be exploited. If a vulnerability is found it is exploited and the Racoon Stealer is silently downloaded.
Once installed, Racoon connects to its C2 server and the resources required to start stealing information are obtained, that information can be sold on darknet marketplaces or used by affiliates to conduct their own attacks.
Given the huge potential for profit, it is no surprise that malware developers are now opting for this business model. The problem is likely to get a lot worse before it gets better and the threat from these malware-as-a-service offerings is significant.
How to Block the Racoon Stealer and Other Web and Email Threats
Fortunately, there are steps that businesses can take to improve their defenses against these MaaS campaigns.
Exploit kits usually incorporate exploits for a small number of known vulnerabilities rather than zero-day vulnerabilities for which no patches have been released. To block these exploit kit attacks, businesses need to apply patches and update software promptly.
It is not always possible for businesses to apply patches promptly as extensive testing may be necessary before the patches can be applied. Some devices may be skipped – accidentally or deliberately due to compatibility issues. Those devices will remain vulnerable to attack.
Patching is important, but it will not stop drive-by malware downloads from the internet that do not involve exploit kits. What is therefore required is a web security solution that can block access to malicious sites and prevent downloads of risky file types.
A DNS filtering solution such as WebTitan provides an additional layer of security to block these web-based threats. Through a combination of blacklists, content control, and scanning websites for malicious content, businesses can protect themselves against web-based attacks. A DNS filter will also prevent employees from visiting websites used for phishing.
Blocking attacks that take place via email requires strong email security defenses. An advanced spam filter such as SpamTitan can prevent malicious emails and attachments from reaching end users’ inboxes. SpamTitan scans all incoming emails for malware using two anti-virus engines but is also effective at blocking zero-day threats. SpamTitan includes a Bitdefender-powered sandbox, where suspicious attachments are subjected to in-depth analysis to identify any potentially malicious actions.
With these two solutions in place, businesses will be well protected from malware threats and phishing attacks and managed service providers can ensure their environment and those of their clients are kept malware free.
To find out more about these two powerful anti-malware solutions and to discover why TitanHQ is the global leader in cloud-based email and web security for the managed service provider serving the SMB market, give the TitanHQ team a call.
The event will be attended by thousands of IT professionals, business owners, and industry leaders who will be discussing the IT industry, recent advances in information technology, and the latest trends affecting MSPs. The conference provides an excellent opportunity for learning, networking, and collaboration and boasts an extensive program of interactive sessions, keynotes, and in-depth training sessions. The event also showcases the latest IT solutions and provides tips and tricks to ensure every ounce of value is squeezed from those tools.
This year’s event promises to be bigger and better than ever before, thanks to an all-star cast of thought leaders and industry professionals who will provide practical advice to help you improve every aspect of your business.
Connect IT Europe covers the entire Kaseya universe and the diverse ecosystem of solutions that serve IT professionals. The conference will help attendees find new revenue streams, increase their profit margins, and simplify IT management through educational presentations, workshops, roundtables, and interactive challenges.
As the leading provider of cloud-based email and web security solutions for MSPs serving the SMB market, TitanHQ is proud to be a Silver sponsor of the event. Attendees will have the opportunity to discover why TitanHQ is the leading provider of cloud-based email and web security solutions for MSPs servicing the SMB marketplace and the features and benefits of SpamTitan email security, WebTitan DNS filtering, and ArcTitan email archiving that make the solutions such a hit with MSPs and IT professionals.
The event will be attended by TitanHQ Strategic Alliance Manager Marc Ludden and Alliances/MSP Partner Manager Eddie Monaghan. Marc and Eddie will be explaining the recently launched TitanShield program for MSPs and how TitanHQ solutions can help MSPs improve efficiency, profitability, and security of their operations and enhance their customers’ security postures.
If you would like further information on TitanHQ products, feel free to reach out to Marc and Eddie ahead of the event:
Eddie Monaghan, MSP Alliance Manager, LinkedIn
Marc Ludden, MSP Alliance Manager, LinkedIn
TitanHQ is proud to be a platinum sponsor of DattCon19, Paris – The leading event for MSPs looking to keep up to date on the latest industry trends, learn best practices, form new and profitable partnerships, and obtain invaluable advice that will help them grow their business and become more successful.
The event gives the TitanHQ team an opportunity to meet with leading MSPs, MSSPs, and ISPs and explain why TitanHQ is the global leader in cloud-based email and web security solutions for the MSP that services the SMB market.
The team will be available to explain the benefits of the TitanShield MSP program and show just how easy it is to integrate TitanHQ products into your service stacks and start rolling out spam filtering, web filtering, and email archiving to your customers… and the best way to sell those services, reduce the time you spend on providing support, and improve the profitability of your business.
The event will be attended by Rocco Donnino, TitanHQ VP of Strategic Partnerships, Marc Ludden, TitanHQ Strategic Alliance Manager, and Eddie Monaghan. Alliances/MSP Partner Manager.
On Tuesday October 22 between 11:15am and 11:35am, Rocco Donnino will be explaining Email & Web Security for the SMB Market. Rocco will talk about the trends TitanHQ are seeing in the email and web security for SMB markets globally, drawing on the experience from working with over 2,200 MSP customers worldwide.
Marc Ludden and Eddie Monaghan will be on hand to meet with MSPs and ISPs to explain the benefits of joining the TitanShield MSP Program and how best to take advantage of TitanHQ’s proven technology and deliver our advanced network security solutions directly to their client base. The pair will be helping MSP partners push TitanHQ products downstream to their customers and grow their businesses.
The event will be attended by more than 1000 MSPs, ITSPs, and industry leaders. Over the three days of the conference, attendees will get to hear from the most successful MSPs and MSSPs and discover what they are doing differently and how they are driving growth.
The sessions, keynotes, and networking opportunities will help you get better at running your business with Datto Solutions and discover how the addition of key products such as SpamTitan email security, WebTitan DNS filtering, and ArcTitan email archiving can improve profitability and add greater value.
The keynotes will be bigger and better than ever before and will be taken by 80 of the best and brightest business tycoons, MSPs, and Datto executives, who will share valuable real-world insights and best practices.
The Peer Forums are more intimate small-group roundtable sessions that provide high-value networking on key topics. These sessions are driven by attendees who will share pain points, success stories, and best practices that have been proven to help MSPs grow their business. This year’s Peer Forums are on the following topics:
Service Delivery: Driving Efficiency & Automation
Selling Networking as a Managed Service
Women in Tech
French Language Peer Forum: Business Strategy
Service Delivery: Service Desk & Professional Services
M&A: How Do I Acquire or Be Acquired?
Security: Securing Your MSP First
German Language Peer Forum: Business Strategy
Service Delivery: Client Engagement & vCIO
Add to that the networking opportunities and the stunning location and you have an invaluable event that is not to be missed.
DattoCon19 Paris will be taking place on October 21st, 22nd and 23rd at the Palais des congrès de Paris, 2 Place de la Porte Maillot, 75017 Paris, France.
Malvertising is the term given to the abuse of ad networks to serve malicious adverts on legitimate websites that scam visitors by displaying popup ads or direct them to malicious websites hosting phishing forms or exploit code to silently deliver malware. Many website owners place third-party advertising blocks on their websites to increase revenue. While the ad networks have controls in place to prevent abuse, cybercriminals often succeed in bypassing those security measures.
One cybercriminal group has been particularly active over the past year and has been conducting attacks on a massive scale. Researchers at Confiant have been tracking the activity of the group – known as eGobbler – and report that the group delivered fake adverts on 500 million user sessions in Europe and the United States in the past week alone. The campaigns are on a truly massive scale. One of the latest campaigns, conducted between August 1 and September 23 involved around 1.16 billion ad impressions.
Typically, the criminals behind these campaigns target mobile users as the security protections on their devices are nowhere near as robust as on desktop computers; however, this campaign has targeted desktop users on Windows, Linux, and macOS.
Several content delivery networks have been used to serve the malicious adverts, which redirect users to websites that exploit two browser vulnerabilities to deliver their malicious payloads. The first is a bug in the Chrome browser – CVE-2019-5840 – which was patched by Google in June. The second is a zero-day vulnerability in WebKit, the browser engine used by old Chrome versions and the Safari web browser. The bug has already been patched for Safari, but currently Google has not patched Chrome. Since the latest browser engine used by Chrome is based on WebKit, later versions are also affected.
While sandboxing features protect advertising iframes, the zero-day vulnerability has allowed the group to break out of the iframes and display malicious code to visitors and perform redirects.
This cybercriminal group is atypical of most groups that use malvertising to deliver malware. The group is highly skilled and capable of finding bugs in the source code of browsers and conducts campaigns on a massive scale. The group poses a significant threat to internet users although there are steps that can be taken to reduce the likelihood of an attack.
Personal users can harden their defenses by using ad-blockers and ensuring they keep their browsers updated. Businesses similarly need to ensure browsers are updated and block these malicious adverts using a web filtering solution.
In addition to blocking malicious adverts, a web filter can be configured to block the download of malicious files and prevent employees from visiting phishing websites and other malicious websites. A web filter can also be used by businesses to enforce acceptable internet usage policies.
TitanHQ has developed a powerful DNS-based web filtering solution for SMBs and MSPs – WebTitan – that provides protection against malvertising and other types of web-based attacks. The solution is easy to use and can be implemented in just a few minutes. No technical skill is required.
Considering the level of protection provided by WebTitan, you are likely to be surprised at how little the solution costs. To find out more, to arrange a product demonstration, or to set up free trial of the full solution, give the TitanHQ sales team a call.
In Idaho, library content filtering is now mandatory. H.B.194, which was signed into law in April, requires llibraries in Idaho to implement a content filtering system by July 2020 that is capable of preventing minors from accessing objectionable content. Not only does that content filtering system need to prevent library computers from being used to access undesirable content, the content filter must also cover library WiFi networks.
The law change was introduced in to prevent children from accessing pornography on library computers, which various studies have shown can cause considerable harm. Without filters in place, children could access adult content or inadvertently see adult content on other users’ screens. There have been many reports in the media and on internet forums of library patrons catching glimpses of pornography being accessed in plain sight of others.
Some library directors and library boards are unhappy with the law change for two main reasons. The first concerns a potential violation of First Amendments rights. The American Civil Liberties Union has voiced its concerns, stating “Ultimately, blocking software prevents users from accessing a wide range of valuable information, including such topics as art, literature, women’s health, politics, religion and free speech, which is in direct violation of our First Amendment rights.”
The view that filtering means other content will also be blocked is outdated. While the overblocking of internet content was once a concern, modern internet content filters for libraries are much more advanced and allow highly granular control of internet content. Modern filters are also much better at categorizing content than they once were. Further, easy-to-use interfaces reduce the potential for user error setting the content controls.
The filters also prevent malware downloads and block access to phishing forms, which further enhances protection for users and protects library networks from malware and ransomware attacks.
The other main issue is one of cost. While libraries can obtain discounts under the e-rate program if they implement content filters to comply with the the Children’s Internet Protection Act (CIPA), Idaho libraries otherwise have to cover the cost of the filtering controls themselves. No additional money has been made available.
Implementing Library Content Filtering for WiFi Networks is Easy
Little guidance has been provided on how libraries should implement the filters and there is confusion over how the filters can be applied to wired and WiFi networks.
Traditional filters require an appliance to be purchased which is costly. The appliance sits between the user and the internet and all traffic passes through that device and content controls are applied. This is problematic, especially when library devices are supplied for use off-site as all traffic must be hauled back to the appliance and then back to the device, which can result in significant latency (slow internet speeds).
A more cost-effective and trouble-free solution is a DNS-based filter. DNS-based filters apply filtering controls at the DNS level. No appliance needs to be purchased – which means a significant cost saving – and there is no latency. All the filtering takes place on the service provider’s server, not locally on an appliance device.
This system also allows filtering to take place on WiFi networks. Any device that connects to the WiFi network will only be able to access the filtered Internet service. Blocks can also be placed on anonymizer services to prevent filtering controls from being bypassed and DNS filtering can also be used to protect mobile devices, even those used off site.
TitanHQ’s content filtering solution for libraries – WebTitan Cloud and WebTitan Cloud for WiFi – not only incorporate highly granular controls to prevent overblocking of internet content, the solution requires no technical skill to operate, no hardware purchases are required, and no software downloads are necessary. WebTitan Cloud and WebTitan Cloud for WiFi are also low-cost content filtering solutions for libraries. Typical licensing costs are less than $1 per user per month.
If you are struggling to find a content filtering solution for your library, give the TitanHQ team a call. You will be able to have your questions answered about how to implement the solution, you can schedule a product demonstration to see how easy the solution is to operate, and can also take advantage of a free trial to see for yourself how precise the filtering controls are.
Due to the high cost per user, many SMBs and managed service providers (MSPs) are looking for an OpenDNS alternative that provides the same or better protection at a much lower cost. At TitanHQ, we have the solution. We offer an advanced cloud-based web filtering solution that provides excellent protection from online threats with highly granular filtering controls for precision control over the types of web content that can be accessed by end users.
In this post we will explain why so many SMBs and MSPs have signed up for our OpenDNS alternative, and why WebTitan Cloud is, in general terms, a direct swap out for OpenDNS. However, first, lets consider one of the most important reasons for seeking an OpenDNS alternative. Cost.
OpenDNS Cost Per User
Cisco’s OpenDNS (Cisco Umbrella) is a popular choice with enterprises, SMBs, and MSPs for good reason. It is an accomplished web filtering solution but that comes at a price. At the time of writing, the OpenDNS cost per user is $2.20 per month (based on 100 users). While that is a small price to pay for the level of protection that a web filter provides and the potential for productivity increases through careful content control, the cost adds up. For 100 users, that’s $220 per month and $2,640 per year.
WebTitan costs $0.90 per user, per month. That’s just $90 per month and only $1,080 per year. That provides a saving of $1,560 per year based on a 1-year subscription and the cost can be lowered further with a 3-year subscription.
Such a major cost saving makes WebTitan Cloud a very attractive proposition, but price isn’t everything and lowest cost choices are not always the best. In this case however, it is possible to save a small fortune without compromising security and control, while improving usability.
A Direct Swap Out for OpenDNS That Will Save a Small Fortune
OpenDNS Cisco Umbrella and WebTitan are best-of-breed DNS-based web filtering solutions that combine advanced protection against malware, phishing, and other web-based threats. They also offer precision control for restricting access to certain types of online material.
Both solutions have been designed with the same core principles and both can be used to block downloads of file types commonly associated with malware and ransomware, such as .exe, .js, .scr, and other executable file types.
To protect against phishing, both solutions support the use of blacklists – Lists of websites and IPs that have previously been identified as malicious or have a low trust score. These phishing web pages are often visited by end users after clicking embedded hyperlinks in emails. Both web filters therefore serve as an important additional layer of protection against phishing.
Both solutions allow filtering controls to be set for different users, at the individual, user group, department, or organization level via category-based filters, which makes it easy to quickly apply and enforce your acceptable Internet usage policies.
Both solutions offer a high level of protection, but for many SMBs and MSPs, the price of WebTitan is the deal clincher. However, there are several other benefits of WebTitan Cloud over OpenDNS.
WebTitan Cloud Advantages
Some of the key advantages of WebTitan Cloud over OpenDNS are detailed below.
Certain types of businesses, such as MSPs, will be reluctant to direct users to an external cloud service. To meet the needs of those businesses, TitanHQ offers different hosting options. Typically, WebTitan is hosted within TitanHQ’s own environment, but it is also possible for the solution to be hosted locally to give users greater control and privacy.
The WebTitan pricing model is perfectly transparent and all features are included in the price, including customer support at no additional cost. TitanHQ can also offer flexible licensing and can negotiate commercial arrangements that suit both parties. OpenDNS Cisco Umbrella has a multi-tiered pricing system with some of the advanced features only available as an add-on which further increases the cost.
World Class Support
All WebTitan Cloud users benefit from industry leading, world class support, including scalable pre-sales and technical support and sales & technical training. Support is provided for all users at no additional cost. Support is also provided to customers taking advantage of the free trial.
There will be times when organization-wide or individual filtering controls need to be bypassed. Rather than changing a policy for a particular user and then having to revert back to the original policy, TitanHQ developed bypass codes called cloud keys. These cloud keys can be used to temporarily bypass filtering policies. They can be set to expire after a certain time period or after a certain number of uses.
An Ideal OpenDNS Alternative for Managed Service Providers
The biggest exodus from OpenDNS to WebTitan is MSPs. As mentioned in the previous section, the ability to host WebTitan locally is a major benefit for many MSPs who prefer to host their solutions in their own private clouds.
As an additional benefit, WebTitan Cloud can be supplied in full white-label form and is completely rebrandable. The solution allows customized block pages to be created – these pages are displayed when a user attempts to visit a webpage that contravenes company policies. The UI can also be rebranded and customized to include corporate branding. OpenDNS does not offer MSPs a white-label solution and cannot be rebranded.
TitanHQ also ensures WebTitan Cloud fits seamlessly into MSPs service stacks through the use of APIs and RMM integrations. The multi-tenant dashboard allows MSPs to keep clients separated and apply controls on an individual client basis and also to manage client settings in bulk.
The low price of the solution allows MSPs to add web filtering to their existing security packages to better protect their customers while saving themselves a great deal of support time. TitanHQ also offers monthly billing and high margins for MSPs. With WebTitan it really is possible to make 100 points.
How Does WebTitan and OpenDNS Compare?
One of the best ways to find out about how the two different solutions compare is to use independent review sites such as G2 Crowd. The site includes more than 650,000 reviews from verified users. Those users consistently rate WebTitan Cloud higher than alternative web filtering solutions and across the 6 rating areas, WebTitan Cloud achieves higher ratings than OpenDNS.
Speak to TitanHQ About Changing from OpenDNS to WebTitan
If you are looking for an OpenDNS alternative and would like further information about WebTitan Cloud, would like to book a product demonstration to see WebTitan Cloud in action, or are interested in signing up for a free trial of the full solution, contact the TitanHQ team today and our friendly sales staff will be happy to help.
Exploit kit activity may be at a fraction of the level of 2016 when peak activity was reached, but the threat has not gone away. In fact, the mid-year cybersecurity roundup from Trend Micro shows exploit kit activity is now triple the level of mid-2018. Websites hosting exploit kits still pose a significant threat to businesses.
Exploit kits are toolkits that contain exploits for vulnerabilities in popular software applications, such as Internet Explorer and Adobe Flash Player. When a user lands on a web page that hosts an exploit kit, it will scan the user’s browser for vulnerabilities. If an exploitable flaw is identified, malware is automatically downloaded and executed on the user’s device. In many cases, the downloading of a Trojan, ransomware, or other form of malware is not identified by the user.
Traffic is sent to exploit kits through malvertising – malicious advert – on high traffic websites. User’s can be directed to malicious websites through phishing emails, and it is also common for hackers to hijack high traffic websites and use them to host their exploit kit. That means users could visit a malicious website just through general web browsing.
There are several exploit kits currently in use such as Magnitude, Underminer, Fallout, Green Flash/Sundown, Rig, GrandSoft, and Lord. These exploit kits are pushing cryptocurrency miners and botnet loaders, although ransomware and banking Trojans are the most common payloads.
Many of the exploits used by these toolkits are for old vulnerabilities, but since businesses are often slow to apply patches, they still pose a major threat. Exploit kits such as GrandSoft and Rig are regularly updated and now host exploits for much more recently disclosed vulnerabilities.
One of the most recently identified campaigns has seen the threat actors behind Nemty ransomware team up with the operators of RIG to push their ransomware on businesses still using old, vulnerable versions of Internet Explorer.
A new exploit kit named Lord is being used to infect users with Eris ransomware. In this case, traffic is being directed to the exploit kit through malvertising on the PopCash ad network. The EK primarily uses exploits for flaws in Adobe Flash Player such as CVE-2018-15982.
Protecting against exploit kits is straightforward on paper. Businesses need to ensure that vulnerabilities are identified and patched promptly. If there are no vulnerabilities to exploit, no malware can be downloaded. Unfortunately, in practice things are not quite so simple. Many businesses are slow to patch or fail to apply patches on all devices in use.
Anti-spam software can help to reduce risk by blocking phishing emails containing links to exploit kits, but most of the traffic comes from search engines and malvertising, which anti-spam software will do nothing to block. To improve your defenses against exploit kits, drive-by downloads, and phishing websites, one of the best cybersecurity solutions to deploy is a DNS filtering solution.
A DNS filter allows businesses to carefully control the websites that employees can access when connected to the business’s wired and wireless networks. Controls can be set to block different types of web content such as gambling, gaming, and adult websites but crucially, the DNS filter also blocks all known malicious websites. DNS filters use blacklists of known malicious websites such as those hosting exploit kits or phishing forms. If a web site or web page is included in the blacklist, it will automatically be blocked. Websites are also scanned in real time to identify malicious content.
Since all filtering takes place at the DNS level, access to malicious or undesirable content is blocked without any content being downloaded. Setting up the solution is also quick and easy, as it only requires a change to the DNS record to point it to the service provider. No hardware is required and there is no need to download any software.
If you want to improve your defenses against malware, ransomware, botnets, and phishing and are not yet controlling the web content that your employees can access, contact TitanHQ today and ask about WebTitan. Alternatively, sign up for a free trial of the solution by clicking the image below.
The year 2018 saw a reduction in ransomware attacks on businesses as cybercriminals opted for alternative means to make money. Major ransomware attacks were still occurring, just at a slightly lower rate than in 2017.
Some reports were released that suggested ransomware was no longer such a massive threat as it was in 2016 and 2017, but the number of reported attacks in 2019 have shown that is definitely not the case. Any business that has not implemented defenses to protect against ransomware attacks could well be the next victim and have to pay millions to recover from an attack.
Make no mistake. Ransomware is one of the most dangerous threats faced by businesses. If ransomware is installed on the network, all files, including backups, could be encrypted. That could prove catastrophic, as one small Michigan medical practice discovered.
The two-doctor practice in Battle Creek, MI suffered an attack that resulted in the encryption of all patient data. A ransom demand was issued by the attackers, but as there was no guarantee that files could be recovered after the ransom was paid, the decision was taken not to pay up. The hackers then deleted all the encrypted files. Faced with having to rebuild the practice from scratch, the doctors decided to call it quits and took early retirement.
Ransomware attacks on healthcare providers are now being reported at an alarming rate and government entities, cities, and municipalities are being extensively targeted. The city of Baltimore suffered a major attack in May involving a ransomware variant called RobbinHood. The attack brought down the city’s servers and systems, causing major disruption across the city. A ransom of $6 million was paid for the keys to regain access to the encrypted files.
Two small cities in Florida also suffered major attacks. Lake City was forced to pay a ransom of $460,000 and Riviera Beach paid a ransom of $600,000, while Jackson County in Georgia paid $400,000 after its court system was attacked.
As the year has progressed, the attacks have increased. A report from Malwarebytes indicates there was a 195% increase in ransomware attacks in Q1, 2019. Figures from Kaspersky Lab show ransomware attacks almost doubled in Q2, 2019, with 46% more attacks reported than the corresponding period in 2018.
The increase in attacks means businesses need to be prepared and have the necessary security tools in place to make it difficult for the attacks to succeed.
There is no one cybersecurity solution that can be implemented to eliminate the threat of attack, as hackers are using a variety of methods to gain access to networks and download their malicious payloads. Layered defenses are key to repelling an attack.
Email is the primary method of delivering ransomware. All it takes if for a malicious email to arrive in an inbox and for an employee to be fooled into opening a malicious attachment or clicking on a hyperlink for ransomware to be installed. An advanced email filtering solution such as SpamTitan Cloud is therefore needed to block malicious emails and ensure they do not reach employees’ inboxes.
SpamTItan includes Domain-based Message Authentication, Reporting, and Conformance (DMARC) to block email impersonation attacks and a sandbox where suspicious attachments can be executed in safety and studied for malicious activity. Sandboxing is essential as it allows zero-day ransomware threats to be identified and blocked.
Not all attacks occur via email. Attacks over the Internet are also common. A web filtering solution should therefore be implemented to block these web-based attacks. A web filter will prevent employees from accessing known malicious sites where ransomware is automatically downloaded. With these two technical measures in place, businesses will be well protected from attacks. Along with security awareness training for staff and the adoption of good data backup practices, businesses can mount a strong defense against ransomware attacks.
A new phishing campaign has been detected that uses Google Drive links to avoid detection by Office 365 Exchange Online Protection and ensure messages are delivered to inboxes.
The emails, reported through Cofense Intelligence, impersonated the CEO of the company who was attempting to share an important document. The document had been shared via Google Drive and came with the message, “Important message from – CEO.”
Google Drive allows files and collaboration requests to be easily sent to other individuals. The account holder chooses who to share a file with and the system generates an email alert containing a link to the shared file.
In this case, the name of the CEO was correct, but the email address used was different to the format used by the company. While this is a clear sign that the emails are not what they seem, some employees would likely be fooled by the message.
Importantly, the messages are not detected as malicious by EOP and are delivered to inboxes. A scan of the message would reveal nothing untoward, as the embedded URL is a legitimate shared link to a genuine cloud service operated by Google.
The shared document itself is not malicious, but it does link to another Google Docs document and a phishing URL. Any anti-phishing solution that only assesses the embedded hyperlink in the email to determine whether it is malicious would allow the email to be delivered. Only a deeper inspection would reveal the true nature of the URL.
If the link is visited by an end user, a fake login window is presented. If login credentials are entered, they are captured and stored on the attacker’s server.
This campaign highlights the importance of multi-layered anti-phishing defenses and the risks of relying on EOP to provide protection against phishing attacks.
An advanced spam filtering solution should be implemented on top of Office 365 to provide greater protection from phishing and other email-based attacks. This will ensure more sophisticated phishing attacks are blocked.
If a malicious message is delivered and a link is clicked, the connection to the malicious webpage could be blocked using a web filtering solution.
WebTitan is a DNS-based content filtering solution that serves as an additional layer in organization’s anti-phishing defenses. Should an attempt be made by an employee to visit a malicious website or suspicious domain, the attempt would be blocked before any content is downloaded. WebTitan assesses each website when the DNS query is made. Malicious websites and those that violate an organization’s content control policies are blocked.
To find out more about how a DNS filter can improve your defenses against phishing attacks and malware downloads, contact TitanHQ today.
Malware creators are constantly developing new techniques to circumvent traditional anti-virus defenses and ensure their malicious code can run undetected on a targeted machine.
Zero-day malware variants, those which have never been seen before, are not picked up by signature-based AV solutions. However, the malware will need to communicate with its owner, so the source code will contain URLs and IPs for that purpose. These URLs can be detected when scanning files. If the URLS are detected and they are known to be malicious, the file will be deemed to be malicious and will be quarantined.
To ensure this does not happen, malware developers use a variety of techniques to hide the URLs and IPs in the source code. This is often achieved by converting the IP address into a decimal value, which is stored as XML content. When in decimal format, even a malicious URL would not be detected as such by most antivirus software. When the IP address is needed by the malware, it can be converted back to its original form and then reconverted to digital when no longer required.
Similarly, a URL – or part of a URL – could be encoded in its hexadecimal equivalent. That URL would be unlikely to be detected as malicious yet can be read by a browser. AV software would likely detect the file example.com/maliciousfile.exe as malicious in nature and would block it accordingly. In hexadecimal, that translates to:
That address would not be recognizable as malicious and would likely go undetected during a scan by an AV solution. The use of both obfuscation techniques together is not unusual, to make it even harder for AV solutions to detect malicious URLs and IPs.
While these techniques can be used to fool endpoint AV solutions, connections to those malicious servers can be blocked using a DNS-based content filter such as WebTitan.
It doesn’t matter how the URL or IP address is masked. Before a connection can be made, it is necessary to make a DNS query, and the collection must be permitted by the DNS-based filter. If the URL is malicious, the DNS filter will block the attempt to connect before any content is downloaded.
WebTitan works in conjunction with a real time database of millions of malicious URLS and uses a real-time classification system to assign websites to one of 53 categories. Those categories can be allowed or blocked with the click of a mouse. In addition to blocking access to malicious content, the category-based controls can be used to prevent employees from accessing content that could cause offense or lower productivity.
To find out more about how WebTitan can benefit your organization and improve your security posture, contact the TitanHQ team today.
OneStopIT, one of the leading Managed Service Providers (MSPs) in the UK, has partnered with TitanHQ and will be incorporating TitanHQ cloud-based email and web security solutions into its service stack to better protect its customer base.
Businesses in the UK are increasingly being targeted by cybercriminals. A variety of tactics are used to obtain company funds, sensitive data, and company secrets. Attacks may be diverse, but they typically start with a phishing email and/or visit to a malicious website.
Cyberattacks are now being reported at record levels and business leaders are understandably worried. To better protect their networks and data, many turn to MSPs such as OneStopIT for help protecting their networks and data.
“The proliferation of phishing threats across Office 365 is a real problem for SME’s in the UK and we’re partnering with a key vendor in this space to protect our customers and also give them the OneStopIT premium service they are used to,” said Ally Hollins-Kirk, CEO of OneStopIT.
TitanHQ has developed powerful email and web security solutions for the SMB marketplace that have been developed to be easily delivered via MSPs. SpamTitan is a cloud-based anti-spam and anti-phishing solution that incorporates DMARC authentication and a sandboxing feature to protect against email impersonation, phishing, and email-based malware attacks. WebTitan is a DNS-based web filtering solution for content control and protection from web-based threats. The solution is backed up by a threat intelligence database of 650 million people. TitanHQ’s email archiving service, ArcTitan, allows MSPs to offer a secure, email archiving service to help businesses meet their compliance obligations.
Under the new partnership agreement, OneStopIT will be offering its customers advanced email security and anti-phishing protection, DNS-based web filtering, and an email archiving service powered by TitanHQ technology.
“TitanHQ is pleased to add our advanced threat protection layer for email and web security to the OneStopIT security stack,” said Rocco Donnino, President of Strategic Alliances, TitanHQ. “OneStopIT has excelled in the areas of customer service and security, our partnership further cements this commitment.”
There has been a spate of ransomware attacks on cities and government agencies in recent months and the healthcare industry sees more than its fair share of attacks, but they are not the only industries being targeted.
Schools, colleges, and universities are prime targets for hackers and ransomware attacks are common. One recent attack stands out due to its scale and the massive ransom demand that was issued. The attackers demanded $2 million (170 BTC) for the keys to unlock the encryption.
Monroe College in New York City was attacked at 6:45am on Wednesday, July 10, 2019. The ransomware quickly spread throughout the network, shutting down the computer systems at its campuses in Manhattan, New Rochelle and St. Lucia and taking down the college website.
The college has switched to pen and paper and is finding workarounds to ensure students taking online courses receive their assignments. No mention has been made about whether files will be recovered from backups or if the ransom will need to be paid.
This is one of many recent ransomware attacks in the United States. Ransomware may have fallen out of favor with cybercriminals in 2018, but it now appears to be back in vogue and attacks are rising sharply. So too have the ransom demands.
$2 million is particularly high, but there have been several recent attacks involving ransom demands for hundreds of thousands of dollars. In several cases, the ransom has been paid.
Riviera Beach City in Florida was attacked and was forced to pay a $600,000 ransom to regain access to its files and bring its computer systems back online. Lake City in Florida also paid a sizeable ransom – $500,000. Jackson County was also attacked and paid a $400,000 ransom.
There have been several cases where ransoms have not been paid. The City of Atlanta was attacked and around $51,000 in Bitcoin was demanded. Atlanta refused to pay. Its cleanup bill has already reached $3 million. With such high costs it is clear to see why many choose to pay up.
In all of the above cases, the cost of implementing cybersecurity solutions to protect against the main attack vectors would have cost a tiny fraction of the cost of the ransom payment or the mitigation costs after an attack.
For less than $2 per employee, you can ensure that the email network is secured and you are well protected against web-based attacks. To find out more, call TitanHQ today.
Sodinokibi and Buran ransomware are being pushed via the RIG exploit kit and now another exploit kit has joined the ranks, although its payload is currently banking Trojans.
Exploit kits are utility programs on websites that conduct automated attacks on visitors. When a visitor lands on a page hosting the exploit kit, the user’s browser and browser-based applications are probed to determine whether vulnerabilities exist.
Exploit kits contain exploits for several vulnerabilities, only one of which is required to silently download and execute a malicious payload on a visitor’s device. Traffic to these malicious pages is generated through malvertising/malicious redirects. The exploit kit code is also commonly added to compromised high-traffic websites.
Exploit kits were once the malware delivery mechanism of choice, but they fell out following a law enforcement crackdown. The threat from exploit kits has never disappeared, but activity has been at a much-reduced level. In recent months however, exploit activity has been at an elevated level.
The new exploit kit is called Spelevo and its purpose is to deliver two banking Trojans – Dridex and IceD – via a business to business website. The exploit kit was discovered by a security researcher named Kafeine in March 2019.
The exploit kit currently hosts multiple exploits for Adobe Flash and one for Internet Explorer. A user visiting a web page hosting the Spelevo exploit kit would unlikely tell that anything untoward was occurring. A tab would be opened to the gate and the browser would appear to go through a series of redirects before landing on Google.com. The entire process from the user landing on a page hosting the exploit kit, to a vulnerably being identified, exploited, and the user redirected to Google.com takes just a few seconds.
The exploit kit could be hosted on an attacker-owned domain, but it is easy to add the exploit kit to any website. All that is required is the addition of four lines of code once a website has been compromised.
Exploit kits are an efficient, automated way of delivering a malware payload, but they are reliant on users that have not patched their browsers and plugins. If browsers and plugins are kept up to date, there are no vulnerabilities to exploit.
The Spelevo exploit kit appears to be used in a campaign targeting businesses. IT teams often struggle to keep on top of patching and have poor visibility into the devices that connect to the network. As a result, it is easy for devices to be missed and remain unpatched. If one device is compromised, an attacker can use a variety of tools to spread laterally and infect other devices and servers.
The primary defense against exploit kits is patching, but additional protections are required. To protect against attacks while patching takes place, to prevent attacks from succeeding using zero-day exploits, and to stop users from visiting websites hosting exploit kits, a web filter is required.
WebTitan is a DNS filter that provides real-time, automated threat detection and blocking and protects against exploit kits and web-based phishing attacks. The WebTitan database contains three million malicious URLs that are blocked to protect end users. More than 300,000 malware and ransomware websites are blocked every day.
If you want to improve protection against web-based threats, exercise control over the content that your employees can access, and gain visibility into what your employees are doing online, WebTitan Cloud is the answer and it can be set up in minutes.
As one ransomware-as-a-service operation shuts down, another is vying to take its place. Sodinokibi ransomware attacks are increasing and affiliates are trying to carve out their own niche in the ransomware-as-a-service operation.
Developing ransomware and staying one step ahead of security researchers is important, but what made the GandCrab operation so successful were the affiliates conducting the campaigns that generated the ransom payments. The GandCrab developers have now shut down their operation and that has left many affiliates looking for an alternative ransomware variant to push.
Sodinokibi ransomware could well fill the gap. Like GandCrab, the developers are offering their creation under the ransomware-as-a-service model. They already have a network of affiliates conducting campaigns, and attacks are on the increase.
As is the case with most ransomware-as-a-service operations, spam email is one of the most common methods of ransomware delivery. One Sodinokibi ransomware campaign has been detected that uses spoofed Booking.com notifications to lure recipients into opening a Word document and enabling macros. Doing so triggers the download and execution of the Sodinokibi payload.
Download websites are also being targeted. Access is gained the websites and legitimate software installers are replaced with ransomware installers. Managed Service Providers (MSPs) have also been targeted. The MSP attacks have exploited vulnerabilities in RDP to gain access to MSP management consoles.
Two cases have been reported where an MSP was compromised and malicious software was pushed to its clients through the client management console. In one case, the Webroot Management Console and the Kaseya VSA console in the other.
Recently, another attack method has been detected. Sodinokibi ransomware is being distributed through the RIG exploit kit. Malvertising campaigns are directing traffic to domains hosting RIG, which is loaded with exploits for several vulnerabilities.
With so many affiliates pushing Sodinokibi ransomware and the wide range of tactics being used, no single cybersecurity solution will provide full protection against attacks. The key to preventing attacks is defense in depth.
TitanHQ can help SMBs and MSPs secure the email and web channels and block the main attack vectors. Along with security awareness training and good cybersecurity best practices, it is possible to mount a formidable defense against ransomware, malware, and phishing attacks.
The excitement is building as DattoCon19 draws ever closer. Starting on June 17, 2019 in San Diego and running for three days, DattoCon19 is an unmissable event for managed service providers (MSPs).
At the conference, attendees benefit from practical advice and best practices to grow their businesses, increase sales, and boost monthly recurring revenue (MRR). A huge range of vendors will be on hand to offer information on exciting products and attendees will have the opportunity to learn strategies to increase business impact growth, boost profitability, and broaden their service stacks.
Sessions will be taken by industry experts and leading MSPs who will share tips and tricks to take back home and apply at the office. On average, attendees at DattoCon achieve 41% sales growth year-over-year as a result of attending the conference.
TitanHQ is sponsoring DattoCon19 and is excited about having the opportunity to meet new MSPs and help them grow their businesses. As a Datto Select Vendor, TitanHQ offers MSPs three cloud-based solutions that can be easily integrated into existing MSPs service stacks: Anti-phishing and anti-spam protection, DNS-based web filtering, and email archiving. All three solutions are available through the TitanShield program for MSPs.
MSPs can meet the TitanHQ team at booth 23 at DattoCon19 to find out more about the TitanShield program and the exciting opportunities for MSPs that work with TitanHQ. TitanHQ will be on hand to help MSPs that support Office 365 to improve protection against phishing attacks and malware. MSPs can also find out more about the TitanHQ threat intelligence that protects Datto DNA and D200 boxes, and how TitanHQ’s DNS filter is a direct swap out for Cisco Umbrella and the cost advantages of doing so.
TitanHQ Executive Vice President-Strategic Alliances, Rocco Donnino, is one of the panel members for the Datto Select Avendors event on Monday. The event brings together experts from different fields to help come up with solutions for some of the major problems faced by MSPs in today’s marketplace.
TitanHQ at DattoCon19
TitanHQ will be at booth 23
Special Show Pricing available
Daily TitanHQ vintage Irish whiskey raffle
TitanHQ and BVOIP are sponsoring a GasLamp District Takeover Party on Monday 6/17 and Wed, 6/19.
DattoCon19 will be taking place in San Diego, California on June 17-19, 2019. If you are not yet registered for the event you can do so here
The leading review website, G2, has published its 2019 Best Software Companies in EMEA list. This is the first time that the company has produced the list, which ranks the best software companies doing business in EMEA based on the feedback provided by users of those products.
G2 is one of the most well-respected business software review websites. Software solutions may appear to tick all the right boxes, but in practice the solutions can be time consuming and difficult to use and fail to live up to expectations. Since the G2 reviews are from registered users of the products, businesses can not only rely on the reviews but can also use them to make smarter buying decisions.
To compile the list, G2 compiled the reviews of over 66,000 users in the software category. More than 900 companies were represented, but only those that performed best in the reviews have made the cut in their respective categories.
TitanHQ has been awarded top spot in the list of the best software companies of 2019 in EMEA.
TitanHQ has developed powerful cybersecurity solutions to meet the needs of businesses and MSPs, but the solutions have also been developed to be easy to use. The solutions are versatile, flexible,and scalable, and can be managed via an intuitive web-based management console with a full reporting suite. A full range of APIs are supplied to allow the solutions to be integrated into existing management software and industry-leading customer support ensures that help is always available to resolve any customer issues.
“TitanHQ is delighted to have been included in the 2019 Best Software Companies in EMEA list. The inclusion shows the value our customers place on the uncompromised security and real-time threat detection we provide,” said Ronan Kavanagh, CEO, TitanHQ. “The overwhelmingly positive feedback from on G2 Crowd is indicative of our commitment to ensuring the highest levels of customer success.”
“With 750,000+ user reviews, 80,000+ products and 1,600+ tech and service categories on G2, TitanHQ’s recognition on the prestigious Best Software Companies in EMEA list is an exceptional achievement: One that can only be earned through the endorsement of its users,” said CEO Godard Abel.
TitanHQ, the leading provider of cloud security solutions for SMBs, has announced a new partner program has been launched to support Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), Cloud Distributors, Wi-Fi Providers, OEM Partners and Technology Alliance Partners..
TitanHQ started its journey in 1999. Initially, the company provided anti-spam solutions to local businesses in Ireland. Over the next two decades, the company expanded its range of products to include DNS filtering and email archiving solutions and is now a leading global player of cloud-based cybersecurity solutions.
While TitanHQ initially focused on meeting the needs of the SMB market, its products have been developed to meet the needs of MSPs. For instance, TitanHQ solutions are available with a range of hosting options, including the ability to host the solution within the MSPs own environment, and they can be provided in white-label form ready to take MSP’s branding.
TitanHQ’s cloud-based solutions have been developed to be easy to implement, use, and manage and are already a firm favorite with MSPs.
To make TitanHQ cloud security solutions even more attractive for MSPs, the existing partner program has been significantly enhanced and relaunched as TitanShield.
The TItanShield Partner Program makes it even easier to offer TitanHQ cloud security products to clients. Partners benefit from access to engineers, a highly capable support team that understands the needs of MSPs, and a dedicated account manager.
Partners have access to APIs to allow them to easily sell, onboard, manage and deliver advanced network security solutions directly to their client base from within their own user interfaces. In addition, partners receive free access to sales and technical resources, deal registration and lead generation resources, and benefit from flexible, volume-based monthly pricing models and profitable margins.
Under the new, enhanced partner program, customers are separated into their specific areas of expertise to ensure that each can be provided with focused information for the markets and customers they serve.
“Our program takes a unique and strategic approach for our partners and can be customized to fit all business models,” said Rocco Donnino, Executive VP of Strategic Alliances at TitanHQ.
If you want to become a highly valued member of the TitanHQ TitanShield Partner Program, enrollment is now open. Call TitanHQ today or email firstname.lastname@example.org for further information.
In our previous post we explained why managed service providers (MSPs) should be offering a web filtering service to their customers and the benefits that can be gained by customers and MSPs alike. In this post we explain what makes WebTitan Cloud the go-to web filtering solution for MSPs and why so many MSPs have chosen TitanHQ as their web filtering partner.
Why WebTitan Cloud is the Best Web Filter for MSPs
One problem MSPs face before they can start offering a web filtering service to their clients is how to incorporate the solution into their service stacks and their existing cloud offerings. While there are many providers of web filtering services, not all solutions have been developed with MSPs in mind. TitanHQ differs in that respect.
TitanHQ’s web filtering solution, WebTitan Cloud, has been developed specifically to meet the needs of MSPs and make it as easy as possible for the solution to be added to their existing cloud offerings. WebTitan Cloud seamlessly integrates within existing workflows regardless of whether MSPs self-host, use AWS, Azure, or other cloud platforms.
How Does WebTitan Cloud Integrate into MSPs Management Systems?
To make integration as easy as possible, TitanHQ uses RESTful API, which allows fast and risk-free integration into MSPs management systems. WebTitan Cloud uses the OAuth 1.0 protocol for authentication and has a full set of keys and secrets in the WebTitan Cloud user interface (UI). Once an MSP has signed up, no further registration or authentication is necessary. The API client provides the appropriate oauth_signature to authorize requests to protected resources.
Overly complex user interfaces are a problem with many cloud-based solutions. With WebTitan Cloud, the UI is made as clean and easy to use as possible. MSPs can remove all elements from the UI that are not required to keep the UI clean and simple. WebTitan Cloud can also be integrated into MSP cloud interfaces to create a better user experience and greater consistency for customers.
Having information at your fingertips is important when customers send in requests or when reports are required on web use and blocking. WebTitan Cloud allows MSPs to create and integrate a full suite of high-level system and customer reports into their own management consoles.
Onboarding new customers is also a quick and simple process, which can be integrated into current MSP on-boarding processes. New customer accounts can easily be created (or deleted) from within an MSP’s own UI, in addition to performing updates and listing all current customer accounts.
MSPs can connect to WebTitan Cloud to manage their customers settings, including locations, whitelists, and blacklists. Customers that would prefer to manage their own settings can perform a limited number of operations themselves using APIs. Since WebTitan Cloud is available in a full white label, customers who do access their own settings can be given a UI with MSP branding rather than TitanHQ’s to maintain consistency and help reinforce the MSPs brand.
TitanHQ also operates an extremely competitive pricing strategy with generous margins for MSPs and aligned monthly billing cycles through the TitanShield MSP Program.
If you have yet to start offering web filtering to your clients as part of your service stack or if you are unhappy with your current provider’s product, contact TitanHQ today and as about becoming a member of the TitanShield MSP Program. Product demonstrations can also be scheduled on request.
A web filtering service allows Managed Service Providers (MSPs) to better protect their clients from accidental malware downloads and phishing attacks while improving their bottom lines. Further, by preventing phishing attacks and malware infections, they can reduce the amount of time they spend fighting fires. For busy MSPs, the latter will be especially beneficial.
Why is Web Filtering Important?
There are several reasons why MSP clients will benefit from a web filtering service. First and foremost, a web filter will help to prevent their customers’ employees from visiting phishing websites and malicious URLs. Most phishing attacks start with a phishing email, so a powerful spam filtering solution is essential. While commercial spam filters such as SpamTitan will block more than 99% of spam and phishing emails, additional protections are required to protect against the 1% that bypass spam defenses.
Naturally end user security awareness training will help in this regard, but as the 2018 Verizon Data Breach Investigations Report shows, 30% of delivered phishing messages are opened by end users and 12% of those users also click on malicious links in the messages.
A web filter is an additional layer of anti-phishing and anti-malware defenses that kicks in when malicious links are clicked and when end users attempt to visit other malicious sites while browsing the Internet. With a web filter in place, when an employee attempts to access a malicious web page, that attempt will be blocked before any content is downloaded. Instead of displaying the web page, a block page will be displayed.
Web filters also allow companies to carefully control the types of content their employees can access. This allows them to enforce acceptable internet usage policies with ease. Employers can prevent their employees from accessing NSFW content such as pornography, illegal content and, if tighter controls are required to improve productivity, other categories of web content such as dating sites, social media networks, gambling sites, and gaming sites.
With a web filter in place, security and productivity can both be quickly improved and the gains in both of those areas is likely to more than pay for the cost of the web filtering package provided by their MSP.
Cloud Based Web Filtering Solutions for MSPs
Convincing customers to implement a web filtering solution should be straightforward given the number of phishing attacks that are now being conducted and the cost of mitigating phishing attacks and malware infections. The cost of web filtering is tiny by comparison.
For MSPs, cloud-based filtering solutions are the natural choice. They can be implemented in minutes once a customer request has been received, no hardware is required, there is no software to install, and patching is handled by the service provider. All that is required from the MSP is a brief set up and configuration for each customer and ongoing management and reporting.
However, not all cloud-based web filtering solutions make set up, management and reporting simple. WebTitan Cloud differs in this respect. Not only does the solution offer excellent protection, the solution has been developed specifically with MSPs in mind. The ease of integration into MSP’s back-end systems and management has made WebTitan Cloud the go-to web filtering solution for MSPs.
In our next post we will explain how WebTitan Cloud differs from other web filtering solutions, why it is the easiest solution for MSPs to integrate into their existing cloud offerings, and how TitanHQ makes getting started, provisioning new customers, and managing customer accounts a quick and easy process requiring the minimal management overhead.
TitanHQ has released WebTitan Cloud version 4.12. The new version of the award-winning 100% cloud-based web filtering solution incorporates new features at tweaks to improve the user experience and make the solution an even more attractive option for managed service providers (MSPs).
One of the most exciting new features that will benefit businesses and MSPs alike is the ability to implement location-based filtering controls, naturally accompanied by granular, location-based reports.
It was already possible to implement organization-wide filtering controls and set different policies for departments, user groups, roles, and individuals in an organization. The new feature increases the flexibility of the solution with location-based controls. The new feature will be of great benefit to businesses operating across multiple locations, where content control requirements may need to be different for satellite offices. MSPs will be able to offer location-based controls to clients and better manage web filtering for customers with a presence in multiple countries. The location controls can be applied to control content whether users are on or off the network.
As with user and role-based content controls, when a user attempts to access a web page that contravenes the policy that they have been assigned, the content will be blocked and no web page content will be downloaded – in contrast to many appliance-based web filtering solutions. The user will be presented with a customizable block screen that can incorporate the company or MSP’s branding.
There will be occasions when an individual or group needs to bypass policy controls. With WebTitan, this can easily be achieved using cloud keys rather than making changes to policies. The cloud key can be used to bypass the block pages and access content that would normally be blocked by location, company, or other policies.
To make management as easy as possible, all policies and locations are managed through a single user interface. MSPs can manage all locations and customer accounts through a single pane of glass, which improves visibility into all customers’ accounts and locations.
Also of interest to MSPs will be WebTitan’s enhanced search functionality. While it was possible to run reports to obtain information about a specific customer and their traffic, a search filter has now been added to the history page. This allows administrators to search by location name with autocomplete. When a customer account is selected, admins can get second-by-second information about all traffic within that location without having to run a location report.
MSPs already have a multi-tenant, highly scalable, brandable, and easy to use web filtering solution with multiple hosting options that can be offered to customers at an attractive price point, which is why the solution has proven so popular with the MSP market. It is hoped that the new additional features will make the solution even more useful for MSPs to allow them to better serve their SMB clients while making web filtering for SMBs even more straightforward.
For many people, Game of Thrones Season 8 is the TV highlight of the past 12 months, but not all fans of the series are keen to pay for the channel to watch the latest installments of this hugely popular series.
Some fans are turning to P2P file sharing sites to download the latest episodes, but hackers are ready and waiting. Many illegal video files of Game of Thrones episodes have been embedded with malware, most commonly adware and Trojans.
Research from Kaspersky Lab revealed Trojans to be the most common form of malware to be embedded in rogue video files. A third of all fake TV show downloads that have been impregnated with malware include a Trojan.
When one of these infected files is opened after it has been downloaded, the Trojan is launched and silently runs in the background on the infected device.
Many of the Trojans embedded into video files are brand new. These zero-day malware variants are not detected by traditional AV solutions as their signatures are not present in malware definition lists. That means malware infections are likely to go undetected. When signatures are updated, the malware may continue to run until a full system scan is completed. Either way, during the time that the malware is active it could be collecting a range of sensitive data including usernames and passwords.
Malware can also be installed that gives the attacker access to an infected device and the ability to run commands, change programs, download further malware variants, and add the infected device to a botnet.
File sharing websites offer an easy way of distributing malware. Users of the platforms voluntarily download the files onto their computers. However, only a small percentage of internet users visit P2P file sharing sites. Hackers therefore have turned to other methods to get users to execute their infected video files.
Prior to the release date of Game of Thrones Season 8, offers of free access to the TV show were being distributed via email. Campaigns were also detected offering episodes in advance of the release date to tempt GOT fans into installing malicious software or visiting malicious websites.
It is no surprise that fake Game of Thrones video files have been embedded with malware, given the huge popularity of the show. However, Game of Thrones fans are not the only people targeted using this tactic of malware distribution. In the past few months, malware has been detected in fake videos files claiming to be the latest episodes of the Walking Dead, Suits, and the Vikings to name but a few.
Some people feel the risk of a malware infection from downloading pirated video files to be low, or they do not even consider the risks. That is bad news for businesses. When employees ignore the risks and download illegal files at work, they risk infecting their network with malware.
The easiest solution to prevent illegal downloads at work and the visiting of other malicious websites is to use a web filtering solution. A web filter – WebTitan for instance – can be configured to prevent users from accessing file sharing and torrents websites. WebTitan uses a continuous stream of ActiveWeb URLs from over 550 million end users, which provides important threat intelligence to TitanHQ’s machine learning technology. This allows new, malicious URLs to be identified, and users are then prevented from visiting those malicious URLs.
Blocking email attacks is simple with SpamTitan. SpamTitan blocks 99.97% of spam emails to prevent malicious messages from reaching end users, including messages offering free access to Game of Thrones and other TV shows. In addition to dual AV engines to protect against known malware, SpamTitan also now has a sandboxing feature. Suspicious attachments can be safely executed and analyzed in the sandbox to identify potentially malicious actions. The sandboxing feature provides superior protection against zero-day malware which AV software does not block.
With both of these solutions in place, businesses will be well protected against malware, ransomware, botnets, viruses, and phishing attacks.
Each solution is available with a range of different deployment options to suit the needs of all businesses. For a product demonstration and further information, contact the TitanHQ team today.
Supply chain attacks allow cybercriminals to attack businesses through weak links in the supply network. Smaller companies are attacked, which gives hackers access to larger and better secured businesses: Businesses that would be harder to attack directly.
This attack method was used to spread NotPetya malware in Ukraine. A software supply company was breached which allowed the malware to be spread to the software supplier’s clients. The massive data breach at Target in 2014 was made possible by first attacking an HVAC system provider. The attack allowed hackers to install malware on the Target’s POS system and obtain the credit card numbers of millions of its customers. According to Symantec, supply chain attacks doubled in 2018.
There are many different types of supply chain attacks, but all serve a similar purpose. By attacking one company it is then possible to attack a bigger fish, or in the case of attacks on cloud service providers and managed service providers, a single attack will give a hacker access to the networks of all MSP clients.
Large businesses often have the budgets to hire their own IT and security staff and can implement robust defenses to prevent attacks. Smaller businesses often struggle to recruit security professionals as they are in high demand. With the shortage of skilled cybersecurity staff and an inability to pay the large salaries that skilled cybersecurity professionals demand, SMBs often turn to MSPs to provide those services.
In order to be able to provide those services, managed service providers are given remote access to their client’s networks. Many of the tasks that need to be performed by MSPs require administrative privileges. Managed service providers also hold login credentials to their clients’ routers and cloud accounts. All of those credentials are extremely valuable to hackers.
Given the typical number of clients each MSP has, a successful attack on an MSP could prove very profitable for a hacker. It is therefore no surprise that there has been an increase in cyberattacks on MSPs and CSPs.
While MSPs are usually good at securing their clients’ networks and ensuring they are well protected, they also need to ensure their own house is in order. Patches must be applied promptly, vulnerabilities must be addressed, and security solutions must be put in place to protect MSPs systems.
MSP staff should be security aware, but when they are busy resolving their clients’ problems, mistakes can easily be made such as responding to a well-crafted spear phishing email. All it takes is for one MSP employee to respond to such an email for a hacker to gain a foothold in the network.
Naturally, security awareness training should be provided to all MSP employees and security solutions need to be deployed to protect against email and web-based attacks.
This is an area where TitanHQ can help. TitanHQ’s anti-spam solution, SpamTitan, offers advanced protection against phishing and spear phishing attacks. A recent update has also seen DMARC email authentication and sandboxing features added to better protect users from phishing and malware attacks.
TitanHQ’s DNS-based content filtering solution further enhances protection against phishing attacks and prevents MSP employees from visiting malicious websites. Being DNS-based, malicious websites are blocked before any content can be downloaded.
In addition to helping MSPs protect their own networks, both solutions are ideal for MSPs to offer to their SMB clients and have been developed to perfectly meet the requirements of MSPs.
If you are an MSP and you have yet to implement a web filter or you are looking for an advanced spam filtering solution for you or your clients, give the MSP team at TitanHQ a call today to find out more about both solutions and how they can protect your business and better protect your clients.
The poor state of cybersecurity in K-12 schools is making it too easy for criminals to conduct cyberattacks. As 2018 figures show, attacks are coming thick and fast. Action is needed to shore up security and keep cybercriminals at bay.
2018 Cyberattacks on K-12 Schools
Education has long been one of industries most commonly targeted by cybercriminals and 2018 was no exception. Last year there were several major cyberattacks on K12 schools that resulted in data theft and huge financial losses.
The 2018 State of K-12 Cybersecurity report from the K12 Cybersecurity Resource Center revealed 122 cyberattacks on K-12 schools were reported in 2018. 119 public K-12 education agencies in 38 states reported attacks. 60% of those cyberattacks resulted in the personal data of students being compromised.
North Dakota schools were hit particularly hard. In February 2018, one third of schools in the state experienced malware attacks. In many cases, the malware infections were the result of staff and students clicking on links in emails, visiting malicious websites, or opening malware-laced email attachments.
The 2019 State of Malware report from Malwarebytes reveals that in 2018, education was the number one industry targeted with Trojans and was second for ransomware attacks. Business email compromise scams are also common and many K12 school districts suffered W-2 phishing attacks and were fooled into sending scammers copies of employees’ tax information.
There have also been several successful email scams that have resulted in staff being fooled into making fraudulent transfers of school funds to criminals’ accounts. A school district in Texas was scammed out of $2 million in construction funds as a result of a phishing attack that fooled a staff member into making payments to fraudulent accounts. The high number of these types of scams prompted the FBI to issue a warning to schools in September 2018 about phishing scams that attempt to steal employees’ credentials.
K-12 schools are an attractive target for cybercriminals because attacks are relatively easy and the potential rewards are high. Student information sells for big bucks on the black market. Personal information along with Social Security numbers can be used for identity theft. It typically takes longer for identity theft to be detected with minors. If student data are stolen, thieves can rack up huge debts in students’ names over the course of several years before fraud is detected.
The State of Cybersecurity in K-12 Schools
Even though the risk of cyberattacks is high, many school leaders fail to appreciate the seriousness of the problem and how even simple changes to improve cybersecurity in K-12 schools can prevent most cyberattacks.
A Consortium for School Networking/Education Week Research Center survey in late 2017 showed that only 48% of school leaders considered the threat from phishing to be significant or very significant, with the numbers falling to under 30% for malware and ransomware attacks. Only 15% of K-12 schools have implemented a cybersecurity plan, just 29% have purchased cybersecurity products and services, and 31% had not provided end-user training.
The high value of student data, the opportunity to conduct multiple types of fraud, and poor cybersecurity defenses is a winning combination for cybercriminals. Unfortunately, there is no single solution that can be implemented to improve cybersecurity and prevent costly cyberattacks and data breaches. What is needed is an effective cybersecurity plan, policies and procedures, training, and technology.
How to Improve Cybersecurity in K-12 Schools
School budgets are usually stretched so it can be difficult to find the funds to improve cybersecurity in K-12 schools. It is therefore important to choose cybersecurity solutions wisely and select products that provide protection against the most common methods used by cybercriminals to attack schools.
Many of the attacks start with a single phishing email. It is therefore critical for K12 schools to improve email security, and for that, an advanced spam filtering solution is essential. SpamTitan blocks more than 99.9% of spam and phishing emails and is an ideal, low-cost, easy-to-implement spam filtering solution for K12 schools.
A web filtering solution is also an important cybersecurity measure. In addition to blocking students’ access to obscene content, as required for CIPA compliance, web filters can prevent users from visiting phishing websites and will block ransomware and malware downloads. The cost of a web filter can be partially offset by discounts obtained through the E-rate program.
End user training is also important. K12 schools need to include cybersecurity awareness training as part of their staff development program. Rather than providing a one-off or annual training session, training needs to be conducted regularly to keep staff up to speed on the latest threats.
Doing nothing to improve cybersecurity in K-12 schools is now simply not an option. If costly cyberattacks are to be avoided, is not improved, cybersecurity in K-12 schools must be improved.
If you want to find out more about email and web security and just how affordable these solutions can be for schools, contact the TitanHQ team today.
Businesses that want to start content filtering have a choice: A DNS filter or appliance, but which is best? In this post we explain the benefits of DNS filtering over on-premise solutions.
Traditionally, businesses that wanted to restrict Internet access and block web-based threats would purchase a physical appliance through which all internet traffic would flow. The appliance would be installed on-premise and controls would be applied to cover anyone connected to the network. The appliance would prevent employees and guest users from accessing certain types of web content, block malicious traffic, and ensure malware is not downloaded onto endpoints.
Today, businesses have a choice. They can purchase a physical appliance or they can install a virtual appliance. A virtual appliance performs the same functions as a physical appliance, but it is software-based solution that is installed on existing hardware. This means it is not necessary to purchase any hardware and businesses can save money. In this article we will treat physical and virtual appliances as one.
Another alternative is a DNS filter. A DNS filter requires no hardware purchases or software downloads. The filter works at the DNS level and all filtering takes place in the cloud.
Both types of content filtering solutions allow businesses to prevent users from accessing malicious websites when connected to the network and restrict the types of content that can be accessed.
DNS Filter or Appliance?
If you are unsure whether to opt for a DNS filter or appliance, consider the following benefits of DNS filtering over appliances.
No costly appliance to purchase and quick and easy filtering
Appliances can be costly and they need to be ordered, delivered, and installed. That means the IT team will need to be on site to complete the install. The hardware will also need to be maintained. With a DNS filter deployment is quick and easy. Simply point the DNS to the service provider and you can be up and running in minutes.
Avoid scalability issues
An appliance can be used for a limited number of users. If the business grows or if more devices need to connect the internet, it may be necessary to upgrade the appliance or buy multiple appliances. Similarly, if the number of users falls, you will be left with an expensive appliance that is surplus to requirements. With a DNS filter, you just pay for the number of users and can scale up and down as necessary.
Appliances require content to be downloaded
With an appliance the filtering takes place on the appliance itself, which means any malicious content must be accessed and downloaded before it is blocked. A connection must be made to a malicious site before any filtering takes place, however briefly. Further, since content is downloaded, that has an impact on bandwidth. With a DNS filter, the filtering takes place at the DNS level before a connection to a site is established which means threats are eliminated before any malicious code reaches the perimeter. A DNS filter can also block command and control center callbacks and data exfiltration attempts and protects all ports and protocols, not just port 53.
DNS filters inspect SSL traffic using the service providers resources
Most websites are now SSL enabled, which means web traffic must be decrypted, inspected, then re-encrypted. That requires a lot of processing power which can have a negative impact on end users. During heavy usage, slow downs are inevitable and CPU usage can be intensive. With a cloud-based DNS filter, the service provider performs the processing and, regardless of traffic volume, the user experience is the same.
DNS Filters make it easy to filter at multiple locations
If you buy an appliance, protecting remote workers and satellite offices is a problem. You need to backhaul traffic to the location where the appliance is located, so regional offices and remote workers will have slower internet speeds. With a DNS filter, it is possible to filter in multiple locations and to protect remote workers no matter where they are located, without the need to backhaul traffic. That means no latency.
DNS filters allow managed service providers to offer filtering to their clients
A DNS filter makes it easy for managed service providers to add content filtering to their service stacks. There is no need for an appliance to be sent to a client and installed by MSP staff. A cloud-based DNS filter is a turnkey solution that can easily be set up and managed remotely. All clients can be managed through a single pane of glass, making monitoring and management simple with little time investment required.
In short, for the majority of businesses considering a DNS filter or appliance, a DNS filter wins hands down. It is quick, easy, simple, efficient, and is the most cost-effective way of content filtering and blocking web-based threats.
Further, you can try DNS filtering before committing to a purchase. With TitanHQ’s WebTitan Cloud, you can have a two-week trial of the full product to evaluate it in your own environment.
To register for a trial, for a product demonstration, and to have any questions answered, contact the TitanHQ team today.
The threat of malware downloads from visiting adult websites has long been thought to be a major risk; however, not all studies on the subject have demonstrated that the risk is any higher than visiting other types of websites. The owners of adult websites, as legitimate business owners, have a vested interest in keeping their sites malware free.
However, new research from Kaspersky suggests the threat of malware downloads from visiting adult websites is real, and adult-themed phishing attacks increased in 2018.
Is There a High Risk of Malware Downloads from Visiting Adult Websites?
According to its latest report, there is a real risk of malware downloads from visiting adult websites. Naturally for consumers who visits adult websites, the risk is theirs to take. For businesses however, risks taken by employees can prove incredibly costly.
One of the major stories to be covered in the media on this theme in 2018 involved a government employee with a prolific thirst for such content. He was discovered to have accessed more than 9,000 adult websites and had inadvertently downloaded malware onto his work computer and the network. After visiting so many sites, that is perhaps understandable, but there have been many such malware downloads from far less prolific surfing of adult sites.
Kaspersky Lab’s research indicates that most malware downloads from malicious websites involves malware disguised as videos. Oftentimes, users are required to download a supposedly benign but malicious file in order to access the video.
Cybercriminals are also using black-hat techniques to poison the search results and get malicious sites appearing high up in the listings. The top 20% of porn-related search terms accounted for 80% of malware disguised as porn. Kaspersky’s tracking indicated 87,227 users had downloaded malware-disguised as porn and 8% of those did so via their work network.
The use of these porn tags is also common to get users to download non-malware threats such as adware and downloaders, although the latter are often capable of downloading much more malicious files. While the number of these attacks decreased by 36% year-over-year, attacking people searching for adult content is still common.
The most common threats associated with adult content were Trojan downloaders (45%) and Trojans (20%), followed by adware (9%) and worms (8%).
Adult-Themed Phishing Attacks Increased by 1,000% in Q4, 2018
While it was previously uncommon for phishing scams to use porn as a lure, that changed in 2018. It is still common for cybercriminals to use impersonate or create fake hookup sites to lure people into divulging credentials but there was also a 1,000% increase in phishing attacks using websites that masquerade as porn websites. Most commonly these were spoofed versions of the top 10 adult sites on the web. The rise in these types of phishing scams could be indicative of a trend that will grow in 2019.
The research shows that malware downloads from visiting adult websites is still a risk and the threat from adult-themed phishing attacks has grown at an alarming rate. Businesses should take note and take steps to limit risk.
The easiest way to do that is with a DNS web filter – A solution that allows businesses to carefully control the web content that can be accessed on work devices and via their wireless networks. With a DNS web filtering solution in place, businesses can block access to adult websites, commonly spoofed hookup and dating sites, and web-based phishing threats.
Not only will a DNS web filter provide protection against phishing, ransomware, and malware downloads, by blocking access to these adult sites, legal liability can be reduced and staff issues can be avoided.
If you have yet to start filtering the internet and preventing your users from accessing adult websites, other NSFW web content, and sites that are a drain on productivity, TitanHQ can help.
For a very low cost, businesses can protect all users of their wired and wireless networks and block a wide range of web-based threats. MSPs can also start providing filtered internet service to better protect their clients.
For further information, contact TitanHQ today and ask about WebTitan Cloud and WebTitan Cloud for WiFi – TitanHQ’s award winning web filtering solution for businesses.
TitanHQ has launched a busy campaign of MSP roadshows and conferences with two Valentine’s Day events in London and Tampa, Florida.
Over the coming five months, the TitanHQ team will be attending 15 events in Ireland, the Netherlands, the UK, and the USA, and will be meeting with managed service providers (MSPs), Wi-Fi providers, ISPs, and technology partners to introduce and explain about TitanHQ’s award-winning suite of email security, web filtering, and email archiving solutions.
The 2019 roadshow campaign started in London where Alliance Manager Eddie Monaghan met with current and prospective MSP partners at the IT Nation Q1 EMEA Meeting. Eddie will be at the event all week and will be discussing TitanHQ’s MSP solutions and finding out more about what is happening in the MSP world. TitanHQ has learned a great deal since joining the IT Nation community two years ago and has really enjoyed the experience thus far.
TitanHQ Alliance Manager, Eddie Monaghan
On the other side of the Atlantic, Alliance Manager Patrick Regan has been meeting with MSPs from Florida and beyond at the TitanHQ-sponsored Datto Roadshow in Tampa. Since joining the Datto community as a strategic partner, TitanHQ has worked closely with Datto MSP partners helping them to integrate email security, DNS filtering, and email archiving into their product offerings and providing tips and tricks to help them to get the most out of the products.
TitanHQ has been increasing its technology partners over the past year and is now working closely with industry giants Comcast, BitDefender, Microsoft, Kaseya, and ViaSat and is a proud member of IT Nation (HTG Peer Groups), Datto Roadshows, COMPTIA, and ASCII.
From humble beginnings as an indigenous Irish company providing anti-spam appliances to the local market, over the following 20 years TitanHQ has developed an innovative range of cloud-based solutions and has matured into a global provider of network security solutions for enterprises, SMBs, and MSPs. TitanHQs award-winning cybersecurity solutions are now offered by a network of more than 1,500 MSP partners and have been adopted by several thousand businesses in 200 countries around the globe.
The TitanHQ product suite has been developed to meet the exacting needs of MSP partners and are delivered via the TitanShield Program. The products help MSPs to protect themselves and their clients, while saving valuable time and effort by blocking threats at source before they can cause any harm.
TitanHQ’s spam filtering solution – SpamTitan – and web filtering solution – WebTitan – help MSPs keep their clients protected from malware, ransomware, viruses, botnets, phishing attacks and other email and web-based threats.
The cloud-based solutions are easy for MSPs to slip into their service stacks to build a high-margin security practice offering clients world-class network security services.
If you are already a TitanHQ TitanShield partner or want to find out more about the MSP program and TitanHQ products, be sure to attend one of the upcoming events and come and meet the TitanHQ team.
We look forward to meeting you at one of the upcoming roadshow events in 2019.
Web filtering at multiple locations can be a headache but it is a necessity. Human error can easily result in an email account breach, malware download, or ransomware attack. Every employee is a potential security risk, so it is important for controls to be implemented to reduce the risk of mistakes leading to a costly security incident.
One of the main ways that data breaches occur is through phishing. The web pages used in phishing attacks host phishing kits that collect login credentials and send them to the scammers. The web pages usually contain identical copies of the login boxes used by the likes of Microsoft Office 365, Google, and Facebook. The web pages are incredibly realistic and can be difficult for employees to identify as malicious.
Hyperlinks in emails also direct employees to websites containing exploit kits which probe for vulnerabilities and silently download malware. A user could visit a website for a couple of seconds, yet still trigger a malware download. Even general web surfing can see users redirected to malicious websites.
The solution is to implement a web filter. A web filter allows businesses to control the web content that users can visit, and it also blocks access to malicious web sites.
Web Filtering at Multiple Locations
While a web filter is easy to implement on premises, protecting mobile workers and multiple offices can be more of a challenge. Traditionally, web filters were physical appliances through which all Internet traffic flowed. Rules were applied to the appliance to control what sites can be visited by employees.
One of the main disadvantages when web filtering multiple locations, is a separate appliance needs to be used at each location. Not only is this costly, installing and maintaining the appliance requires technicians to be available on site. For many businesses running multiple offices, IT is managed remotely. IT staff are not available at each site. An appliance-based filter at each site is far from ideal.
An alternative is to backhaul Internet traffic to the corporate office, but this has a major impact on Internet speed. The latency issued can cause major problems for remote offices so this option is also not ideal.
The best solution is a cloud-based DNS web filter. A DNS web filter can be applied, configured and maintained remotely without the need for site visits or on-site support staff. No hardware is required and no software needs to be downloaded. All that is required is for a change be made to internal DNS servers or DNS settings.
Not only does this approach eliminate the need for any costly hardware purchases, with a cloud-based DNS filter there is no latency. The DNS-filter can be applied for all locations and managed through a single web-based interface. Controls can also be applied for different locations via an AD/LDAP client.
A cloud-based DNS filter is ideal for web filtering multiple locations, but what about protecting employees on the move? When employees travel for business, their mobile devices similarly need to be protected. A DNS filter can protect those employees online no matter where they access the Internet without the need to backhaul traffic.
Cloud-based DNS web filters are also the ideal solution for managed service providers (MSPs) who want to offer web filtering to their clients. The filters are highly scalable, and they offer multitenant management for MSPs and allow all clients settings to be configured and managed through a single pane of glass. Separate polices can be applied for each clients and reports can be easily generated. There is no need for any site visits, no need for patching, and web filtering can be offered no matter where the client is based.
WebTitan Cloud – Web Filtering Multiple Locations Made Simple
TitanHQ is a leading provider of DNS-based web filtering for businesses. WebTitan Cloud is an enterprise-class DNS-based web filtering solution that makes web filtering multiple locations effortless. The solution takes minutes to implement and requires no training to use. All web filtering controls can be applied remotely via an intuitive user interface.
If you run a business in multiple geographical locations, want to protect remote workers, or if you are a managed service provider that wants to add web filtering to your service stack, contact TitanHQ for further information on WebTitan Cloud.
Anatova ransomware is a new cryptoransomware variant that appears to have been released on January 1, 2019. It is stealthy, can infect network shares, has already been used in attacks in many countries around the world. It could well prove to become a major ransomware threat in 2019.
Ransomware has somewhat fallen out of favor with cybercriminals as cryptocurrency mining malware offers greater potential for profit. The development of new ransomware variants has slowed, but new variants are still emerging and the threat from ransomware is not going away any time soon. Ransomware attacks are still profitable for cybercriminals and as long as that remains the case the attacks will continue.
Anatova ransomware was identified and named by security researchers at McAfee. The name was taken from the name on the ransomware note. The previously unknown ransomware variant has been used in at least 10 countries, with over 100 Anatova ransomware attacks identified in the United States, more than 65 in Belgium, and over 40 in France and Germany.
Not only does the ransomware variant employ a range of techniques to avoid detection, infection can cause major damage and widespread file encryption. Further, the modular design allows the developers to easily add new functionality in the future.
Most of the strings in Anatova ransomware have been encrypted and different keys are required to decrypt them. Those keys have been embedded in the executable. 90% of calls are dynamic and use non-suspicious Windows APIs and standard C-programming language.
Once downloaded and executed, the ransomware performs a check of the name of the logged in user against a list of encrypted names and will exit if there is a match. Names that prompt an exit include tester, lab, malware, and analyst. These names are commonly used on virtual machines and sandboxes. A check will also be performed to determine the country in which the device is located. The ransomware will exit if the device is in any CIS country, Egypt, Syria, Morocco, Iraq, or India.
Anatova ransomware scans for files smaller than 1MB and checks for network shares, although care is taken not to disrupt the operating system during this process and raise a flag before files are encrypted. Once files have been identified, the encryption routine starts. The ransomware uses its own key, so each victim requires a separate key to unlock the encryption.
Once the encryption process has run, the ransom note is dropped on the desktop, the memory is cleaned, and volume shadow copies are overwritten 10 times to ensure files cannot be recovered from local backup files.
The ransom demand is relatively high – Around $700 (10 DASH) per infected machine. Since multiple devices can be infected with a single installation, the total ransom demand could well be considerable.
What is not 100% certain is how the ransomware is being distributed. McAfee detected one sample on a P2P file sharing network which masquerades as a free software program complete with game/application icon to encourage users to download and run the installer. Other attack vectors may also be used. Based on the current distribution vector, a web filter will offer protection against attacks if P2P file sharing/torrents sites are blocked.
The researchers believe Anatova ransomware has been created by highly skilled malware authors who are currently distributing a prototype of the ransomware. More widespread attacks are to be expected once this testing phase has been completed.
Hackers are increasingly targeting small businesses. These 10 cybersecurity tips for small businesses can be implemented to improve security, prevent successful cyberattacks, and avoid costly data breaches.
Many small business owners misguidedly think that their company is too small to be a target for hackers but cyberattacks on small businesses are common and they are increasing. A successful attack on a Fortune 500 company is likely to be far more profitable for the hacker, but also much harder. Small businesses are relatively easy targets and attacks can be highly profitable.
Small business owners cannot afford to take cybersecurity lightly. A successful cyberattack could prove catastrophic. With this in mind, we have compiled 10 cybersecurity tips for small businesses that can easily be implemented to improve security.
Top Cybersecurity Tips for Small Businesses
Implement a Robust Firewall
A firewall is a cybersecurity solution that sits between a small business network and the outside world and prevents unauthorized individuals from gaining access to the network and stored data. Not all firewalls are created equal. Extra investment in a next generation firewall is money well spent. Don’t forget to also protect remote workers. Ensure that they are also protected by a firewall.
Create and Enforce Password Policies
You should implement password policies that require all users to set strong, secure passwords. A strong, unique password should be used for all systems. Passwords should include capitals, lower-case letters, a number, and a special character, and should be at least 10 digits long. Teach employees how to create secure passwords and enforce your password policies. Consider using a password manager so passwords do not need to be remembered. Consult NIST for the latest password guidance.
Security Awareness Training
Make sure you provide the workforce with regular security awareness training. This is the only way that you can create a culture of cybersecurity. Be sure to cover the security basics, safe Internet use, how to handle sensitive data, creation of passwords, and mobile device security. You should provide training to help employees avoid phishing attacks and consider phishing simulation exercises to test the effectiveness of your training program.
Multi-factor authentication involves the use of a password and at least one other method of authentication. If login credentials are compromised, an additional factor is required to gain access to an account or the network such as an SMS message to a user’s smartphone.
It is essential to have a good backup policy. In the event of disaster, such as a ransomware attack, you need to be able to recover critical data. Backups must also be tested to make sure files can be recovered. Don’t wait until disaster strikes to test whether data can be recovered. A good strategy is the 3-2-1 approach. Three backup copies, on two different types of media, with one copy stored securely offsite.
Software and Firmware Updates
Vulnerabilities are regularly found in computer software. Patches are released to correct those vulnerabilities, including those that are being actively exploited. Make sure patches are applied promptly, software is kept 100% up to date, and the most up to date firmware has been installed. Implement automatic updates where possible and create a schedule for updates if they need to be performed manually.
It is a standard best practice to segment networks and split them into subnetworks. Not only will this improve security it can also improve performance. By preventing access between segments, if one part of the network is compromised, an attacker will not have access to all systems and data. Also make sure you limit access to sensitive data and restrict the use of admin credentials. Apply the rule of least privilege. Do not give employees access to data, networks, and software that they do not need for day to day work duties.
Implement a Spam Filter
Arguably the biggest cyber threat that small businesses face is phishing. A single phishing email could allow an attacker to bypass your perimeter defenses and obtain login credentials or install malware. An advanced spam filter will allow you to improve productivity by blocking non-malicious spam emails and prevent phishing emails from being delivered to inboxes.
Secure Wi-Fi Networks
If you have a wireless network in your workplace it needs to be protected. Ensure that it is secured, data are encrypted, and that it is hidden and does not broadcast its SSID. Use WPA2 for encryption (or WPA3 if possible). Change default passwords and ensure your wireless router cannot be accessed from outside the network.
Consider Implementing a Web Filter
A web filter provides protection against web-based attacks by preventing employees from visiting phishing websites and sites that host malware. A DNS-based web filter can protect wired and wireless networks and even remote workers. It will block malware downloads and prevent users from accessing dangerous websites and those that serve no work purpose thus improving productivity.
The news headlines frequently warn businesses of the need to improve cybersecurity protections to thwart hackers, but not all threats come from outside the company. There are various types of insider threats that need to be managed and mitigated, yet these are all too often overlooked or insufficient controls are put in place to reduce the risk of a deliberate or accidental breach.
What are Insider Threats?
An insider threat is one that comes from within the company, typically an employee who accidentally or deliberately takes an action that causes harm or loss to the company.
Hackers attack companies to gain access to their networks to spy on companies, obtain secrets, steal data or sabotage systems. Breaking through perimeter defenses can be time consuming and difficult but if an insider wants to steal data or sabotage a system, it is far easier as they already have network access.
Not all insider threats involve intentional malicious actions by employees. An employee can also act in a way that negatively affects their company without intending to cause any harm.
This could be intentionally violating company policies in a non-malicious manner. An example would be the installation of software to save the employee time or to allow them to work more efficiently. Installing unauthorized software carries a risk of a malware or spyware infection. An employee could violate company policies which could lead to an accidental data breach. Then there is human error, such as sending an email containing sensitive information to the wrong person. Such actions could prove costly.
Businesses need to protect against all insider threats if they are to avoid costly data breaches. A great many data breaches result from too little focus on cybersecurity defenses to block the threat from within.
Malicious Acts by Employees
Anyone that has access to sensitive company data could potentially abuse their access rights to view or steal data. There is no particular profile of a malicious insider. Everyone could decide one day to steal information or sabotage systems, but you can protect against malicious insiders and manage the risk.
Cover insider threats in security awareness training and encourage employees to be vigilant and report suspicious activity. Provide them with an easy way to report their concerns.
Implement tools that monitor for anomalous behavior
Implement controls to prevent the use of portable storage devices such as thumb drives
Implement tools that prevent employees from downloading and running certain files types – Executable files for instance.
Apply the rule of least privilege – Don’t let employees access data/systems that they do not need to access to complete their day to day work duties
Accidents Will Happen…
The insider threats that can be the hardest to defend against are mistakes by employees. These types of insider threats include responding to a phishing email and disclosing login credentials, sending sensitive data to the wrong email recipient, accidentally visiting malicious websites, and inadvertently downloading malware. These threats need to be managed and mitigated through policies and procedures, training, and software solutions.
…But You Can Minimize Risk!
Phishing is arguably the biggest threat. Hackers know all too well that people make mistakes and can easily be fooled. Priority number one should be blocking phishing emails and making sure they are not delivered. For that you need an advanced spam filter. The more phishing emails that are blocked, the lower the risk of a click.
Security awareness training is also essential. When a phishing email lands in an inbox, employees need to have the skills to recognize it as such. Provide training and make the training interesting to engage employees. Interactive training courses can help in that respect. Make sure you test your employees’ knowledge afterwards with phishing email simulations. They will let you know who has taken the training on board and who needs further training.
Training needs to cover all security threats, not just phishing. Teach employees security best practices, including checking badges before allowing someone into the building, password security, keeping credentials private, and safe use of WiFi.
Another important technical control to implement is a web filter. A web filter allows businesses to control what employees can do online. They block access to phishing websites, block drive-by malware downloads, and prevent employees from visiting questionable websites that carry a high risk of malware infections or malvertising redirects: Adult sites and torrents/P2P file sharing sites for instance. Some web filters will also keep employees safe and secure when working remotely.
The important thing for businesses is not to leave things to chance or to assume they are too small to worry about insider threats and data breaches. Every business is at risk, regardless of size.
For further information on software solutions that can protect against data security threats give the TitanHQ team a call.
A malvertising campaign has been detected that delivers two forms of malware: The new, previously unknown Vidar information stealer and subsequently, the latest version of GandCrab ransomware.
The packaging of multiple malware variants is nothing new of course, but it has become increasingly common for ransomware to be paired with information stealers. RAA ransomware has been paired with the Pony stealer, njRAT and Lime ransomware were used together, and Reveton ransomware is used in conjunction with password stealers.
These double-whammy attacks help threat actors increase profits. Not everyone pays a ransom, so infecting them with an information stealer can make all infections profitable. In many cases, information can be obtained and sold on or misused and a ransom payment can also be obtained.
The latest campaign uses the Vidar information stealer to steal sensitive information from a victim’s device. The Vidar information stealer is used to obtain system information, documents, browser histories, cookies, and coins from cryptocurrency wallets. Vidar can also obtain data from 2FA software, intercept text messages, take screenshots, and steal passwords and credit/debit card information stored in browsers. The information is then packaged into a zip file and sent back to the attackers’ C2 server.
The Vidar information stealer is customizable and allows threat actors to specify the types of data they are interested in. It can be purchased on darknet sites for around $700 and is supplied with an easy to use interface that allows the attacker to keep track of victims, identify those of most interest, find out the types of data extracted, and send further commands.
Vidar also acts as a malware dropper and has been used to deliver GandCrab ransomware v5.04 – The latest version of the ransomware for which no free decryptor exists.
While many ransomware variants are delivered via spam email or are installed after access to systems is gained using brute force tactics on RDP, this campaign delivers the malicious payload through malvertising that directs traffic to a websites hosting the Fallout or GrandSoft exploit kits. Those EKs exploits unpatched vulnerabilities in Internet Explorer and Flash Player. The campaign targets users of P2P file sharing sites and streaming sites that attract large amounts of traffic.
Infection with the Vidar information stealer may go undetected. New malware variants such as this may be installed before AV software malware signatures are updated, by which time highly sensitive information may have been stolen, sold on, and misused. If GandCrab ransomware executes, files will be permanently encrypted unless a ransom is paid or files can be recovered from backups.
Businesses can protect against attacks such as these by ensuring that all operating systems and software are promptly patched. Drive-by downloads will not occur if the exploits for vulnerabilities used by the exploit kit are not present.
An additional, important protection is a web filter. Web filters prevent users from visiting websites known to host exploit kits and also sites that commonly host malicious adverts – torrents sites for instance. By carefully controlling the sites that employees can access, businesses can add an extra layer of protection while avoiding legal liability from illegal file downloads and improving productivity by blocking access to non-work-related websites.
For further information on web filters for businesses and MSPs, contact the TitanHQ team today.
The U.S. government has issued a warning following a spate of MSP cyberattacks by nation-state sponsored hackers.
Homeland Security Warns of Targeted MSP Cyberattacks
Managed service providers (MSPs), cloud service providers (CSPs), and managed security service providers (MSSPs) have been warned about an increase in malicious cyber activity and targeted attacks on IT service providers. Nation-state sponsored hackers are targeting IT service providers in an attempt to gain access to their networks, and ultimately, those of their clients.
It is not difficult to see why MSPs, CSPs, and MSSPs are such an attractive target. These IT service providers usually have administrator access to their clients’ networks or certainly elevated privileges that could allow an attacker to gain access to servers, security appliances, and databases of multiple clients.
The threat of attack is theoretical. There has been an increase in MSP cyberattacks in recent months, so much so that the U.S. Department of Homeland Security (DHS) has issued a warning to all IT service providers specifically due to an increase in attacks on IT service providers by Chinese government-backed hackers.
The DHS Cybersecurity and Infrastructure Security Agency (CISA) has issued cybersecurity guidance for IT service providers on steps that need to be taken to improve security, detect attacks quickly, and prevent threat actors from gaining access to their clients’ networks. Since companies that use IT service providers have also been warned of the risk of attack through their IT companies, MSPs, MSSPs and CSPs are likely to be contacted by clients wanting reassurances.
IT service providers should therefore be proactive and n ensure that CISA guidance is being followed to better protect themselves and their clients.
Feds Launch Campaign to Raise Awareness of Cyber Risks
CISA is not the only government agency to issue a warning in the past few days. The Trump administration has launched a new campaign to raise awareness of cyber risks in all industry sectors. The “Know the Risk, Raise your Shield campaign is being spearheaded by the National Counterintelligence and Security Center (NCSC) at the Office of the Director of National Intelligence. The campaign has been launched in response to increased cyberattacks from state sponsored hackers in Russia, China, Iran, and North Korea and independent hackers.
The aim of the campaign is to ensure that cybersecurity best practices are being followed to make it much harder for the attackers to succeed. The NCSC is aware that improved cybersecurity comes at a cost, but explains that investment in cybersecurity defenses is money very well spent and reminds businesses that an ounce of security equates to a pound of protection.
How Can Businesses and MSPs Improve Their Defenses?
With MSP cyberattacks on the increase it is essential that defenses are improved. While there are many ways that MSPs and businesses can be attacked, one of easiest ways is phishing. Phishing targets a weak link in security defenses: Employees. If a phishing email is delivered to an inbox and an employee responds, credentials will be obtained by the attacker that gives them a foothold to launch further attacks on other employees and MSP clients.
It is therefore important to improve awareness of the risks and train employees how to recognize email threats and how to react. It is also important to ensure that technical spam defenses are implemented to make sure phishing threats are blocked on the server and are not delivered to end users’ inboxes or local spam folders. SpamTitan is an ideal solution for MSPs to implement to block these phishing attacks on their employees and their clients.
A DNS based web filter should also be implemented to ensure that should a malicious email make it past the spam defenses, employees are prevented from visiting malicious websites. A DNS-based web filter blocks attempts to access malicious sites during the DNS lookup process and adds an extra layer of security against phishing.
For further information on spam filtering and web filtering for businesses and MSPs, speak to the TitanHQ team today.
Other important steps to take to improve security include:
Use of strong password policies
Applying the principle of least privilege
Ensuring network and host-based monitoring systems are implemented and logs are regularly checked for signs of malicious activity
Performing regular vulnerability scans to identify security weaknesses before they are exploited.
New figures released by anti-virus firms McAfee and Symantec have shown the extent to which hackers are using cryptocurrency mining malware in attacks on consumers and businesses.
Cryptocurrency mining malware hijacks system resources and uses the processing power of infected computers to mine cryptocurrencies – Validating transactions so they can be added to the blockchain public ledger. This is achieved by solving difficult computational problems. The first person to solve the problem is rewarded with a small payment.
For cryptocurrency mining to be profitable, a lot of processing power is required. Using one computer for mining cryptocurrency will generate a few cents to a few dollars a day; however, hackers who infect thousands of computers and use them for cryptocurrency mining can generate significant profits for little work.
The use of cryptocurrency mining malware has increased considerably since Q4, 2017 when the value of Bitcoin and other cryptocurrencies started to soar. The popularity of cryptocurrency mining malware has continued to grow steadily in 2018. Figures from McAfee suggest cryptocurrency mining malware has grown by 4,000% in 2018.
McAfee identified 500,000 new coin mining malware in the final quarter of 2017. In the final quarter of 2018, the figure had increased to 4 million. Figures from Symantec similarly show the scale of the problem. In July 2018, Symantec blocked 5 million cryptojacking events. In December, the firm blocked 8 million.
There are many different ways of infecting end users. Hackers are exploiting unpatched vulnerabilities to silently download the malware. They package coin mining malware with legitimate software, such as the open-source media player Kodi, and upload the software to unofficial repositories.
One of the easiest and most common ways of installing the malware is through email. Spam emails are sent containing a hyperlink which directs users to a website where the malware is silently downloaded. Links are similarly distributed through messaging platforms such as Slack, Discord, and Telegram. One campaign using these messaging platforms included links to a site that offered software that claimed to fix coin mining malware infections. Running the fake software installer executed code on the computer which silently downloaded the malware payload.
Unlike ransomware, which causes immediate disruption, the presence of cryptocurrency mining malware may not be noticed for some time. Computers infected with coin mining malware will slow down considerably. There will be increased energy usage, batteries on portable devices will be quickly drained, and some devices may overheat. Permanent damage to computers is a possibility.
The slowdown of computers can have a major impact for businesses and can result in a significant drop in productivity if large numbers of devices are infected. Businesses that have transitioned to cloud computing that are charged for CPU usage can see their cloud bills soar.
Anti-virus software can detect known coin mining malware, but new malware variants will be unlikely to be detected. With so many new malware variants now being released, AV software alone will not be effective. It is therefore important to block the malware at source. Spam filters, such as SpamTitan, will help to prevent malicious emails from reaching end users’ inboxes. Web filters, such as WebTitan, prevent users from accessing infected websites, unofficial software repositories, and websites with coin-mining code installed that uses CPU power through browser sessions.