Web Filtering

Our news section dedicated to web filtering reports on instances in which a web filter can be used to protect organizations against online threats and the consequences of phishing campaigns. We also report on how filtering web access can protect the vulnerable against exposure to inappropriate online content – particularly minors viewing pornography.

Several of our news items will be of particular interest to MSPs and service providers who wish to add web filtering to their portfolio of products. With TitanHQ´s solutions, MSPs can incorporate white-labelled web filtering into an existing service package or market the solutions as stand-alone packages.

Default ISP Web Filtering Controls Required, Says House of Lords Report on Internet Safety for Children

A House of Lords report on Internet safety for children calls for ISP web filtering controls to be applied as standard.

The UK government is keen for Internet service providers to apply web filtering controls to make it harder for children to access inappropriate website content such as pornography. In 2013, the UK government called on ISPs to implement web filters as standard. Four of the leading ISPs in the UK – Sky, Talk Talk, BT and Virgin Media – responded and have offered filtering controls to their customers.

However, not all ISPs in the United Kingdom provide this level of content control and the House of Lords report suggest that many ISP web filtering controls do not go far enough to ensure children are protected. The report explains that the ‘big four’ ISPs only cover 90% of all Internet users, leaving 10% of users without any form of Internet filtering service.

It is also pointed out in the report that only Sky has opted for a default-on web filter to prevent adult content from being accessed by minors. If new customers want to access adult content they must request that the filter be taken off. The other ISPs have made the service available but do not provide a filtered Internet service that is turned on by default.

The new report calls for ISP web filtering controls to be improved and for ISPs “to implement minimum standards of child-friendly design, filtering, privacy, data collection, and report and response mechanisms for complaints.” The House of Lords report also calls for ISP web filtering controls to be put on all accounts by default, requiring users to specifically request it be turned off if required. Further, the report says the default standard of Internet control should offer the strictest privacy protections for users.

Not everyone agrees with this level of control. The Internet Service Provider Association (ISPA) says that such a move is ‘disproportionate,’ and while the association is committed to keeping children safe when online, mandating ISP web filtering controls is not the way forward. For instance, if an ISP makes it clear that it offers an unfiltered service, that should be permitted. Chairman of the ISPA, James Blessing, believes the best way forward is “a joint approach based on education, raising awareness and technical tools.”

While parents will be well aware of the risks their children face when they go online, the House of Lords report does not believe Internet safety education should be left to parents. addition to making it harder for children to access inappropriate website content, the report calls for mandatory lessons in schools on safe use of the Internet, covering risks, acceptable behavior and online responsibilities.

Health Center Malware Potentially Exfiltrated Patient Data for a Year

A health center malware infection has potentially resulted in 2,500 patients’ protected health information (PHI) being sent to unknown individuals over a period of almost a year. Lane Community College health clinic in Eugene, OR, discovered the malware during routine maintenance last month.

Further investigation determined that the malware had been installed on the computer in March 2016. The malware remained active until last month when it was discovered and removed. The malware was identified as Backdoor:Win32/Vawtrak – a Trojan backdoor that enables attackers to steal login information and take full control of an infected PC.

While data access was possible, Lane Community College health clinic uncovered no evidence to suggest patient data had been stolen, although the possibility that PHI was accessed and stolen could not be ruled out. A spokesperson for the clinic said an analysis of 20 other computers used by the clinic uncovered no further malware infections. In this case, the infection was limited as the computer was not connected to other computers on the network.

The only data exposed were those stored on the machine itself. The information potentially exposed included patients’ names, addresses, phone numbers, dates of birth and medical diagnoses.

A health center malware infection can prove costly to resolve. In this case, the infection was limited to one machine, although once access has been gained and malware installed, hackers can often move laterally within a network and spread infections to other machines. Once data have been exfiltrated and there is no further need for access, hackers commonly install ransomware to extort money from their victims.

The exposure or theft of patient data can often lead to lawsuits from patients. While many of those lawsuits ultimately fail, defending a lawsuit can be costly. Healthcare data breaches that result in more than 500 records being exposed are also investigated by the Department of Health and Human Services’ Office for Civil Rights to determine whether the breaches were caused as a result of HIPAA violations. Should HIPAA Rules be found to have been breached, covered entities may have to cover heavy fines.

Health center malware attacks are commonplace due to the value of healthcare data on the black market. Healthcare providers should therefore implement a range of defenses to protect against malware infections.

Malware is commonly inadvertently installed by end users via spam email or redirects to malicious websites. Both of these attack vectors can be blocked with low cost solutions. Backdoor:Win32/Vawtrak – also known as Trojan-PSW.Win32.Tepfer.uipc – is recognized by Kaspersky Lab – one of the dual AV engines used by the SpamTitan spam filtering solution. SpamTitan blocks 100% of known malware and blocks 99.97% of spam emails to keep end users and computers protected.

To protect against Web-borne attacks and to prevent malicious software downloads, WebTitan can be deployed. Web-Titan is a powerful DNS-based web filtering solution that can be used to block a wide range of web-borne threats to keep healthcare networks malware free.

Both solutions are available on a free 30-day trial to allow healthcare providers to experience the benefits first hand before committing to a purchase.

To find out more about TitanHQ’s cybersecurity solutions for healthcare organizations or to sign up for a free trial, give the sales team a call today.

MajikPOS Malware Used in Targeted Attacks on PoS Systems of U.S. Businesses

A new form of PoS malware – called MajikPOS malware – has recently been discovered by security researchers at Trend Micro. The new malware has been used in targeted attacks on businesses in the United States, Canada, and Australia.

The researchers first identified MajikPOS malware in late January, by which time the malware had been used in numerous attacks on retailers. Further investigation revealed attacks had been conducted as early as August 2016.

MajikPOS malware has a modular design and has been written in .NET, a common software framework used for PoS malware. The design of MajikPOS malware supports a number of features that can be used to gather information on networks and identify PoS systems and other computers that handle financial data.

The attackers are infecting computers by exploiting weak credentials. Brute force attacks are conducted on open Virtual Network Computing (VNC) and Remote Desktop Protocol (RDP) ports. A variety of techniques are used to install the MajikPOS malware and evade detection, in some causes leveraging RATs that have previously been installed on retailers’ systems. The malware includes a RAM scraping component to identify credit card data and uses an encrypted channel to communicate with its C&C and exfiltrate data undetected.

MajikPOS malware is being used by a well-organized cybercriminal organization and credit card details are being stolen on a grand scale. The stolen information is then sold on darknet ‘dump shops’. The stolen credit card numbers, which the researchers estimate to number at least 23,400, are being sold individually for between $9 and $39. The gang also sells the credit card numbers in batches of 25, 50, or 100. The majority of credit cards belong to individuals in the United States or Canada.

POS Malware Infections Can be Devastating

A number of different attack vectors can be used to install PoS malware. Malware can be installed as a result of employees falling for spear phishing emails. Cybercriminals commonly gain a foothold in retailers’ networks as a result of employees divulging login credentials when they respond to phishing emails.

While exploit kit activity has fallen in recent months, the threat has not disappeared and malvertising campaigns and malicious links sent via emails are still used in targeted attacks on U.S retailers.

Brute force attacks are also common, highlighting how important it is to change default credentials and set strong passwords.

POS malware infections can prove incredibly costly for retailers. Just ask Home Depot. A PoS malware infection has cost the retailer more than $179 million to resolve, with the cost of the security breach continuing to rise. That figure does not include the loss of business as a result of the breach. Consumers have opted to shop elsewhere in their droves following the 2014 PoS malware attack.

This latest threat should serve as a warning for all retailers. Security vulnerabilities can – and are – exploited by cybercriminals. If inadequate protections are put in place to keep consumers’ data secure, it will only be a matter of time before systems are attacked.

PetrWrap Ransomware: An Old Threat Has Been Hijacked by a Rival Gang

There is a new ransomware threat that businesses should be aware of, but PetrWrap ransomware is not exactly anything new. It is actually a form of ransomware that was first discovered in May last year. PetrWarp ransomware is, to all intents and purposes, almost exactly the same as the third incarnation of Petya ransomware. There is one key difference though. PetrWrap ransomware has been hijacked by a criminal gang and its decryption keys have been changed.

The criminal organization behind PetrWrap ransomware have taken Petya ransomware, for which there is no free decryptor, and have exploited a vulnerability that has allowed them to steal it and use it for their own gain. The attackers have simply added an additional module to the ransomware that modifies it on the fly. After all, why bother going to all the trouble of developing your own ransomware variant when a perfectly good one already exists!

Petya ransomware is being offered to spammers and scammers under an affiliate model. The ransomware authors are loaning the ransomware to others and take a percentage of the profits gained from ransoms that are paid. This is a common tactic to increase overall profits, just as retailers pay affiliate marketers to sell their products for a commission. In the case of ransomware-as-a-service, this allows the authors to infect more computers by letting others do the hard work of infecting computers.

Yet the gang behind PetrWrap has chosen not to give up a percentage of the profits. They are keeping all of the ransom payments for themselves. The module modifies and repurposes the malware code meaning even the Petya ransomware authors are unable to decrypt PetrWrap ransomware infections.

Kaspersky Lab research Anton Ivenov says “We are now seeing that threat actors are starting to devour each other and from our perspective, this is a sign of growing competition between ransomware gangs.” He pointed out the significance of this, saying “the more time criminal actors spend on fighting and fooling each other, the less organized they will be, and the less effective their malicious campaigns will be.”

Petya – and PetrWrap ransomware – is not a typical ransomware variant in that no files are encrypted. While Locky, CryptXXX, and Samsa search for a wide range of file types and encrypt them to prevent users from accessing their data, Petya uses a different approach. Petya modifies the master boot record that launches the operating system. The ransomware then encrypts the master file table. This prevents an infected computer from being able to locate files stored on the hard drive and stops the operating system from running. Essentially, the entire computer is taken out of action. The effect however is the same. Users are prevented from accessing their data unless a ransom is paid. Petya and PetrWrap ransomware can spread laterally and infect all endpoint computers and servers on the network. Rapid detection of an infection is therefore critical to limit the harm caused.

WiFi Filtering for Cities Used to Improve Free WiFi Network in Cape Town

Cape Town’s Century City has implemented a free WiFi network for residents, although to make the network more secure and prevent bandwidth abuse, WiFi filtering for cities has been adopted.

The new service – called Let’s Connect – is provided by the telecoms company that operates the fiber-optic broadband network for the Cape Town suburb – Century City Connect – in partnership with ISP Comtel Communications.

The new WiFi network currently comprises 86 WiFi access points within the Cape Town suburb, although there are plans to increase the range of the free WiFi zone to include an extra 100 access points. At present, the WiFi network is supported by a 200 Mbps fiber-optic line which will provide users with 10Mbps speeds for uploads and downloads. Users will be required to register for the service, after which they will be limited to four hours of free WiFi access per day.

Providing a free WiFi network offers residents a host of benefits, but ensuring upload and download speeds are reasonable requires additional technology. If WiFi filtering for cities was not used, there would be considerable potential for the service to be abused by some users. At times of heavy usage, bandwidth will naturally be squeezed, but to limit this as far as is possible, it was necessary for WiFi filtering for cities to be deployed. The web filtering technology place certain limits on user activities.

The WiFi filtering solution used to control internet access is not overly restrictive. Torrent downloads have been blocked, not only because they are used or illegal file sharing, but the downloading of massive files by multiple users has potential to slow Internet speeds across Century City.

In practice, simply blocking torrent sites may not be sufficient to stop bandwidth crushing downloads. It would be possible for users to circumvent the controls. For more comprehensive blocking, the ISP has used DNS-based WiFi filtering, content filtering, and firewalls. Multiple levels of filtering controls makes it much harder for individuals to gain access to torrent sites and upload and download content.

Torrent sites are not the only drain of bandwidth. Software updates likewise suck up bandwidth. Many users have their devices set to update software only when connected to a WiFi network. Connecting to the city WiFi network could see thousands of devices updating software at the same time, further squeezing bandwidth. To reduce the impact, Century City has rate limiting in place. Updates will still be possible, but at a level that will not have a major negative impact on available bandwidth.

As with many locations around the world that use WiFi filtering for cities, Century City will also be using the technology to block adult content. This control works at the domain-level and is based on blacklists. The filters used at Century City also block botnet activity, prevent users from downloading malware and ransomware, and block phishing websites to keep users protected online.

While users will only be permitted four hours of free usage, limits will not be placed on certain categories of website. Educational sites and job websites will be accessible 24/7, even if the 4-hour quota has been used up. A number of other websites will also be whitelisted to ensure constant access is possible.

The project shows how WiFi filtering for cities can be used to ensure the maximum number of users can get the benefits of city-wide free WiFi networks, and how the Internet can be carefully filtered to keep users protected.

2016: The Year of Ransomware

In all likelihood, 2016 will be forever remembered as The Year of Ransomware, in the same way that 2014 was the year of the healthcare data breach.

2016 Will be Remembered as The Year of Ransomware

Ransomware first appeared in the late 1980’s, although at the time, cybercriminals did not fully embrace it. Instead, they favored viruses, worms, and other forms of malware. That’s not to say that ransomware was not used, only that there were more lucrative ways for cybercriminals to make money.

That all started to change in 2015, when the popularity of cryptomalware was fully realized. By 2016, many actors had got in on the act and the number of ransomware variants started to soar, as did attacks on healthcare providers, educational institutions, government departments, businesses, and even law enforcement agencies. In 2016, it appeared that no one was immune to attack. Many organizations were simply not prepared to deal with the threat.

Early in the year it became clear that healthcare organizations were starting to be targeted for the first time. In February, one of the most notable ransomware attacks of the year occurred. Hollywood Presbyterian Medical Center in Hollywood, CA., was attacked and its computers were taken out of action for well over a week while the medical center grappled with the infection. The decision was taken to pay the ransom demand of $17,000 to obtain the key to decrypt its data.

Not long afterwards, MedStar Health suffered a massive infection involving many of the computers used by the hospital system. In that case, the $19,000 ransom was not paid. Instead, encrypted data were recovered from backups, although the disruption caused was considerable. 10 hospitals and more than 250 outpatient centers had their computers shut down as a result of the infection and many operations and appointments had to be cancelled.

In the first quarter of 2016 alone, the FBI reported that more than $206 million in ransom payments had been made by companies and organizations in the United States. To put that figure in perspective, just $24 million had been paid in the whole of 2015 – That represents a 771% increase in ransom payments and only three months had passed. The year of ransomware had barely even begun!

Biggest Ransomware Threats in 2016

TeslaCrypt was one of the biggest ransomware threats at the start of the year, although the emergence of Locky ransomware in February saw it become an even bigger threat. It soon became the ransomware variant of choice. Locky was used in attacks in 114 countries around the world last year, and cybercriminals continue to tweak it and release new variants. Locky has yet to be cracked by security researchers. Then came Cerber, CryptXXX, Petya (which was defeated in April), and Dogspectus for smartphones, to name just a few.

By the summer, The Guardian newspaper reported that 40% of UK businesses had been attacked with ransomware, although the majority of ransomware attacks were concentrated in the United States. By the autumn, more than 200 ransomware families had been discovered, each containing many variants.

Reports of attacks continued to flood in over the course of the year, with ransomware arguably the biggest cybersecurity threat seen in recent years.

2016 was certainly The Year of Ransomware, but 2017 doesn’t look like it will get any easier for security professionals. In fact, 2017 is likely to be even worse. Some experts have predicted that ransomware revenues will reach $5 billion in 2017.

You can find out more interesting – and horrifying – ransomware statistics by clicking the image below to view the TitanHQ ransomware infographic. The ransomware infographic also includes information on the protections that should be put in place to prevent ransomware attacks and the encryption of sensitive data.

 

The Year of Ransomware

Should Malware Protection at the ISP Level be Increased?

Consumers and businesses need to take steps to protect their computers from malware infections, but should there be more malware protection at the ISP level?

Businesses and personal computer users are being infected with malware at an alarming rate, yet those infections often go unnoticed. All too often malware is silently downloaded onto computers as a result of visiting a malicious website.

Websites containing exploit kits probe for vulnerabilities in browsers and plugins. If a vulnerability is discovered it is exploited and malware is downloaded. Malware can also easily be installed as a result of receiving a spam email – if a link is clicked that directs the email recipient to a malicious website or if an infected email attachment is opened.

Cybercriminals have got much better at silently installing malware. The techniques now being used see attackers install malware without triggering any alerts from anti-virus software. In the case of exploit kits, zero-day vulnerabilities are often exploited before anti-virus vendors have discovered the flaws.

While malware infections may not be detected by end users or system administrators, that does not necessarily mean that those infections are not detected. Internet Service Providers – ISPs – are in a good position to identify malware infections from Internet traffic and an increasing number are now scanning for potential malware infections.

ISPs are able to detect computers that are being used for malicious activities such as denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks, and doing so is a relatively easy process.

Malware Protection at the ISP Level

Malware protection at the ISP level involves implementing controls to prevent malware infections and notifying consumers when malicious activity is detected.

ISPs can easily check for potential malicious activity on IP addresses, although blocking those IP addresses is not the answer. While some computers are undoubtedly knowingly used for malicious purposes, in many cases the users of the computers are unaware that their device has been compromised.

ISPs can however alert individuals to a potential malware infection when suspicious activity is identified. Warning emails can be sent to end users to advise them that their computer is potentially infected with malware. Those individuals can be sent a standard email template that contains instructions on how to check for a malware infection.

An increasing number of ISPs are now performing these checks and are notifying their customers of suspicious activity. Many ISPs in Europe provide this cybersecurity checking service and Level 3 Communications is one such ISP that is taking the lead.

The ISP is assessing Internet traffic and is identifying potentially malicious activity associated with certain IP addresses. So far, the ISP has created a database containing around 178 million IP addresses that are likely being used for malicious activity. Many of those IP addresses are static and are part of a botnet. Level3 Communications has estimated that around 60% of those IP addresses have been added to a botnet and 22% of the suspicious IP addresses are believed to be used to send out phishing email campaigns.

The content of Internet traffic is not investigated, although the ISP has been able to determine the IP addresses being used and those which are being sent messages and Internet traffic. While the IP addresses are known, the individuals that use those IP addresses are not. In order to notify individuals of potential infections, Level3 Communications is working with hosting providers. Once the individuals are identified they are contacted and advised of a potential malware infection.

The war on cybercrime requires a collaborative effort between law enforcement, governments, ISPs, and consumers. Only when all of those parties are involved will it be possible to curb cybercrime. Consumers can take steps to prevent infection, as can businesses, but when those measures are bypassed, ISPs can play their part.

If all ISPs were to conduct these checks and send out alerts, malware infections could be tackled and life would be made much harder for cybercriminals.

ISP Web Filtering for WiFi Networks – Protecting Consumers from Malware Infections

Notifying consumers about malware infections is one thing that should be considered, but malware protection at the ISP level should be implemented to prevent consumers and businesses from being infected in the first place.

ISPs can implement web filtering controls to block the accessing of illegal website content such as child pornography. The same technology can also be used to block websites known to contain malware. Broadband providers can implement these controls to protect consumers, and providers of public Internet can use web filtering for WiFi networks.

WiFi filters have already been implemented on the London Underground to prevent users from accessing pornography. Those controls can be extended to block websites known to be malicious. In the UK, Sky WiFi networks use filtering controls to block certain malicious and inappropriate website content from being accessed to better protect consumers. Effective malware protection at the ISP level not only keeps consumers protected, it is also a great selling point in a highly competitive market.

If you are an ISP and are not yet using filtering controls to protect your customers, speak to TitanHQ today and find out more about malware protection at the ISP level and how low-cost web filtering controls can be implemented to keep customers better protected.

Library WiFi Filtering Bill Signed Off by Utah Senators

In Utah, lawmakers are attempting in make it harder for pornography to be accessed, especially in libraries. A new bill has been introduced that would make it compulsory for library WiFi filtering to be implemented to block patrons from accessing pornography. That bill has now been signed off by a group of Utah senators, bringing the compulsory use of library WiFi filtering closer to being written into the state legislature.

Last year, Sen. Todd Weiler, R-Woods Cross, was heavily involved in a campaign to raise awareness of the problems related to the accessing of hardcore pornography, with the senator claiming the use of pornography had now become “a public health crisis.”

Sen. Weiler, was not alone in his thinking. Many people supported the campaign and agreed that pornography was particularly damaging for minors, that its use threatened marriages and was contributing to the rise in sexual violence.

Library WiFi filtering is a contentious issue. While many libraries across the United States have implemented a WiFi filter to block pornography and other harmful images to protect minors and obtain government grants and discounts, many librarians are opposed to library WiFi filtering.

Libraries are places of learning where individuals can come to gain access to all types of information. The use of Internet filtering in libraries is seen as excessively curbing civil liberties and undermining freedom of speech. Public opinion is similarly divided, although many individuals would not want to catch a glimpse of hardcore pornography on another patron’s computer, and even less so their children.

In Utah, the majority of libraries have already implemented library WiFi filtering software. Weiler says that there are more than 100 public libraries in the state and that the larger libraries are already filtering out pornography. However, he pointed out that there are a dozen or so smaller library branches that have yet to implement Internet filtering on WiFi networks.

In the case of small libraries, there may not be sufficient funds available for WiFi filtering solutions to be purchased, even if by implementing those solutions savings could be made through the eRate program. Sen. Weiler appreciates that the cost of implementing a software solution may be prohibitively expensive for smaller libraries, which is why he is requesting $50,000 from the state budget to be made available to smaller libraries via a grant program. Those grants could then be used to pay for Internet filtering solutions for libraries in the state that have yet to purchase a filtering solution.

Now that the bill has been signed off, it will go before the senate for debate, although there is a high probability that the bill will be written into state law. Support for Sen. Weiler’s anti-pornography campaign last year was strong and many members of the chamber and house of representatives backed Sen. Weiler’s campaign last year. The campaign also received public backing from the governor of Utah.

Cybersecurity Solutions for Managed Service Providers Key to Business Growth

There are many cybersecurity solutions for managed service providers to add to their service stacks and offer to clients. However, the failure to offer a comprehensive range of cybersecurity solutions can prove costly. There is considerable demand for managed services, and the failure to provide them could see clients effectively handed to competitors.

Furthermore, there is now increased competition. Managed service providers have offered preventative cybersecurity solutions to their clients for many years, but competition in this sphere is increasing.

IT companies that have previously relied on fixing computer problems or providing data breach investigative services as their core business have realized there is big money to be made from providing cybersecurity services to prevent problems. An increasing number of IT companies are now capitalizing on high profile data breaches and demand for preventative solutions from SMBs and are now providing these services.

In order to capitalize on the opportunity for sales and to make sure clients do not start looking elsewhere, managed service providers need to make sure that they offer a full suite of cybersecurity solutions. Solutions that will keep their clients protected from the barrage of cybersecurity attacks that are now occurring.

Fortunately, the move away from hardware-based solutions to cloud-based services is making it easier for managed services providers. Cloud-based solutions are not only cheaper for clients, they are easier for MSPs to deliver and manage. While providing solutions that prevent cyberattacks may have been impractical and provided little return for the effort, that is no longer the case.

There are many potential cybersecurity solutions for managed service providers, although one area in particular where MSPs can take advantage is to offer solutions to prevent phishing attacks. Phishing – obtaining sensitive information from employees – is one of the main ways that cybercriminals gain access to networks and sensitive data.

Companies are spending big on network security to prevent direct attacks, yet cybercriminals know all too well that even multi-million-dollar security defenses can be breached. The easiest way to gain network access is to be provided with it by employees.

It is much easier to fool an employee into downloading malware, ransomware, or revealing their email or login credentials that it is to find security vulnerabilities or use brute force tactics. All it takes is for a phishing email to reach the inbox of an employee.

Anti-phishing training companies, which provide security awareness training for employees and teach them how to identify phishing emails, know all too well that training alone is ineffective. Some employees are poor at putting training into practice.

Even if security awareness training is provided, employees will still open email attachments from strangers and click on links sent to them in emails. Furthermore, cybercriminals are getting better at crafting emails to get links clicked and malware-ridden attachments opened.

We have already seen this year (and last tax season) how effective phishing emails can be. At least 145 companies in the United States (that we know about) emailed W-2 Forms of employees to scammers via email last year. This year looks like it will be even worse.

A high percentage of malware infections occur as a result of spam emails with infection either through email attachments (downloaders) or links to malicious sites where malware is silently downloaded. The same is true of many ransomware infections.

Given the high risk of a phishing attack occurring or information-stealing malware and ransomware being installed, organizations are happy to pay for managed solutions that can block phishing emails, prevent malware-infecting emails from being delivered, and stop employees from visiting malicious links.

MSPs can take advantage by providing these services. Since cloud-based solutions are available that offer the required level of protection, adding these solutions to an MSPs service stack is a no brainer. Cloud-based solutions to protect against phishing, malware, and ransomware infections require no hardware, no site visits, and require little management overhead.

TitanHQ can provide cloud-based solutions ideal for inclusion in MSPs service stacks. TitanHQ’s email and web protection solutions – SpamTitan and WebTitan – are effective at blocking a wide range of email and web-borne threats.

SpamTitan blocks over 99.97% of spam email, has a low false positive rate and blocks 100% of known malware. Inboxes are kept spam and malware free, and an anti-phishing component prevents phishing emails from being delivered to end users.

WebTitan offers excellent protection from web-borne threats, protecting employees and networks from drive-by malware and ransomware downloads and blocking links to malicious websites.

Furthermore, these solutions can be run in a public/private cloud, can be provided in white-label format ready for MSP’s branding, have low management overhead and include generous margins for MSPs.

If you are an MSP and are looking to increase the range of cybersecurity services you can offer to clients, give TitanHQ a call today and find out more about the our cybersecurity solutions for managed service providers.

With our cybersecurity solutions for managed service providers, you can improve your cybersecurity portfolio, provide better value to your clients and boost your bottom line.

Phishing Attacks on Law Firms Are Soaring

The past few months have seen an increase in phishing attacks on law firms. Cybercriminals are attacking law firms to gain access to the highly confidential data held by attorneys and solicitors. Healthcare industry attacks are often conducted to obtain sensitive patient data that can be used for identity theft and tax fraud. Phishing attacks on law firms on the other hand are conducted to steal data for insider trading. Data are also stolen to allow cybercriminals to blackmail law firms.

Law firms are threatened with reputation-killing publication of highly sensitive client data if sizeable payments are not made. Since law firms hold secret documents, including potentially damaging information on their clients, it is not only the law firm that can be blackmailed. Clients are also contacted and threatened. The profits that can be made from insider trading are enormous. The data held by law firms is incredibly valuable. It is therefore no surprise that phishing attacks on law firms are increasing. Cybercriminals see law firms as perfect targets.

Last year, more than 50 law firms were targeted by Russian hackers using a spear phishing campaign. The aim of that attack was to gather information that could be used for insider trading. The group, called Oleras, attacked some of the best-known law firms operating in the United States, including Cravath Swaine & Moor LLP and Gotshal and Manges LLP.

However, while those attacks were damaging, they arguably caused less harm than the Panama Papers Breach – The largest law firm data breach of the year. That attack resulted in an astonishing 2.6 Terabytes of data being stolen by the attackers – Documents that revealed highly sensitive banking activities of criminals, politicians, athletes and businessmen and women. More than 214,000 companies had data revealed as a result of that law firm data breach.

While law firms must ensure that firewalls are in place along with a host of other cybersecurity protections to prevent their systems from being hacked, all too often data breaches start with phishing attacks on law firms. A simple email containing a link to a website is sent to attorneys’ and solicitors’ inboxes. The links are clicked and users are fooled into revealing login credentials to networks and email accounts. The credentials are captured and used to gain access to sensitive data.

Website filtering for law firms is now as essential a protection as the use of antivirus software. Antivirus software may be able to detect attempted malware installations – although it is becoming less effective in that regard – although it will do little to prevent phishing attacks.

A web filter protects law firms by preventing users from visiting malicious links in emails. A website filtering solution also prevents end users from downloading malware, or accessing websites known to carry a high risk of infection with ransomware or malware. A web filter also prevents law firm staff from accidentally visiting phishing websites when browsing the Internet. Along with a robust spam filtering solution to prevent phishing emails from being delivered, law firms can make their networks and email accounts much more secure.

Further information on recent phishing attacks on law firms, along with steps that can be taken to prevent security breaches, can be found by clicking the image below. Clicking the image will direct you to a useful phishing infographic on this website.

 

Phishing Attacks on Law Firms

Restaurant Malware Attack Results in Theft of More Than 355,000 Credit and Debit Cards

A restaurant malware attack has resulted in the theft of the credit and debit card numbers of more than 355,000 customers, according to Krebs on Security. A breach was suspected to have occurred when credit unions and banks started to notice a flurry of fraudulent purchases. The breach was traced to the fast food restaurant chain Arbys.

While there have been numerous instances of credit card fraud reported in the past few days, the Arbys data breach was first identified in January. Industry partners contacted Arbys regarding a potential breach of credit/debit card numbers. At that point, the incident was only thought to have affected a handful of its restaurants.

The malware infection was soon uncovered and the FBI was notified, although the agency requested that Arby’s did not go public so as not to impede the criminal investigation. However, a statement has recently been released confirming that Arby’s is investigating a breach of its payment card systems.

Upon discovery of the breach, Arby’s retained the services of cybersecurity firm Mandiant to conduct a forensic analysis. The Mandiant investigation is continuing, although rapid action was taken to contain the incident and remove the malware from Arby’s payment card systems. The investigation revealed that the incident only impacted certain corporate-owned stores. None of the franchised stores were infected with malware. Arbys has more than 3,300 stores across the United States, more than 1,000 of which are corporate-owned.

PSCU, an organization serving credit unions, was the first to identify a potential breach after receiving a list of 355,000 stolen credit card/debit card numbers from its member banks. It is currently unclear when the restaurant malware attack first occurred, although the malware is currently thought to have been actively stealing data from October 25, 2016 until January 19, 2017, when the malware was identified and removed.

This is of course not the first restaurant malware attack to have been reported in recent months. The restaurant chain Wendys suffered a similar malware attack last year. That incident also resulted in the theft of hundreds of thousands of payment card details before the malware was discovered and removed. Similar payment card system malware infections were also discovered by Target and Home Depot and resulted in huge numbers of card details being stolen.

Details of how the malware was installed have not been released, although malware is typically installed when employees respond to spear phishing campaigns. Malware is also commonly installed as a result of employees clicking on malicious links contained in spam emails or being redirected to malicious sites by malvertising. In some cases, malware is installed by hackers who take advantage of unaddressed security vulnerabilities.

Once malware has been installed it can be difficult to identify, even when anti-virus and anti-malware solutions are in use. As was the case with the latest restaurant malware attack, data theft was only identified when cybercriminals started using the stolen payment card information to make fraudulent purchases.

Protecting against malware attacks requires multi-layered cybersecurity defenses. Good patch management policies are also essential to ensure that any security vulnerabilities are remediated promptly. Anti-spam and anti-phishing solutions can greatly reduce the volume of messages that make it through to employees’ inboxes, while malicious links and redirects can be blocked with a web filtering solution. A little training also goes a long way. All staff members with computer access should receive anti-phishing training and should be instructed on security best practices.

Regular scans should be performed on all systems to search for malware that may have evaded anti-virus and anti-malware solutions. Since a restaurant malware attack will target payment card systems, those should be frequently scanned for malware. Rapid detection of malware will greatly reduce the damage caused.

Hotel Malware Attacks on the Rise: 12 U.S InterContinental Hotels Affected

Hotel malware attacks have been hitting the headlines in the past two years as cybercriminals target hotels looking for payment card information. Now, InterContinental Hotels Group Plc has announced that a malware infection has potentially resulted in the theft of customers’ payment card details from 12 of its hotels in the United States. The hotel malware attacks affected guests at InterContinental Hotels as well as Crowne Plaza and Holiday Inn hotels.

The data breach affected the payment systems used by the hotel chain’s restaurants and bars, but did not extend to the front desk system used to process guests.

Malware was installed on the hotels’ servers which searched for and obtained customer track data from credit and debit card transactions. Customers’ card data – including names, card numbers, expiry dates and verification codes – were intercepted and potentially stolen using the malware. The malware was discovered in late December when the hotel chain hired a cybersecurity firm to investigate a potential data breach following an unusual level of fraud affecting the hotel chain’s customers. That investigation revealed malware had been installed as early as August 1, 2016 which remained active until December 15, 2016.

InterContinental has not disclosed whether the malware passed on any payment card information to the attackers nor how many customers had been impacted by the incident, only that servers at 12 of the chain’s hotels had been affected. Investigations into the security breach are continuing and the investigation has now been extended to other hotels owned by InterContinental in the Americas.

Hotels are commonly targeted by cybercriminals seeking payment card information. Last summer, InterContinental’s Kimpton Hotels & Restaurants were attacked with malware and similar incidents were reported last year by Marriot International’s Starwood Hotels as well as the Hyatt, Westin, and Sheraton hotel chains. Hotel malware attacks were reported by the Hilton chain and Trump Hotels in 2015.

Cybercriminals are most interested in POS systems used by hotels. Malware is installed that is capable of capturing payment card information and those data are then transferred to the attackers. All too often, malware is installed and stays active for months before it is detected. During that time, tens of thousands of hotel guests can be impacted and have fraudulent charges applied to their accounts.

While hotel customers are often covered by their card providers’ insurance policy, the fallout from these incidents can be considerable. When guests suffer credit card and debit card fraud as a result of visiting a particular hotel, they may take their business elsewhere.

Malware can be installed by cybercriminals via a number of different attack vectors. Direct attacks take advantage of security flaws in software and hardware. Last year, Cylance’s Sophisticated Penetration Exploitation and Research Team (SPEAR) identified a zero-day vulnerability in ANTLabs InnGate routers, which are used by many of the top hotel chains to provide Internet access for guests. The flaw could be exploited to gain access to guest’s smartphones, laptops, and tablets, or potentially be used to install malware that targets POS systems on hotel servers.

According to SPEAR, the flaw was being actively exploited and 277 hotels had been targeted across 29 countries, including more than 100 hotels in the United States. Eight out of the world’s top ten hotel chains were found to have systems vulnerable to this type of attack. A patch was promptly issued to correct the flaw and hotels were able to plug the security hole.

It may not be possible to prevent attacks that exploit zero-day vulnerabilities; however, there are steps that can be taken to reduce hotel malware attacks. Malware is often downloaded as a result of employees’ or guests’ actions. Malware may be deliberately installed, although all too often downloads occur silently as a result of employees and guests visiting malicious websites.

Blocking access to these websites will protect both the hotel and its guests from web-borne malware and ransomware attacks. If a web filter – such as WebTitan – is installed, all websites known to house malware will be blocked.

Any individual who attempts to connect to one of those websites, or is redirected to one of those sites via a malicious email link or malvertising, will be protected. WebTitan can also be configured to prevent individuals from downloading files known to carry a high risk of being malicious – JavaScript files and executables for instance.

If you run a hotel or hotel chain, a web filter is an additional layer of security that should be seriously considered. A web filter will help to reduce the risk of malware and ransomware infections and keep hotel networks safe and secure for all users.

Hotel Ransomware Attack Affects Key Card and Reservation System

A hotel ransomware attack in Austria hit the headlines in the past couple of days. The cyberattack affected the Romantik Seehotel Jägerwirt. The hotel’s computer system was infiltrated by the attacker who installed ransomware. A range of files were encrypted, which prevented the hotel from being able to check-in new guests and issue new key cards for hotel doors.

Hotel Ransomware Attack Hampers Guest Check-ins

Early reports of the hotel ransomware attack suggested hotel guests were locked out of their rooms or, in some cases, locked in their rooms. The latter is not possible as even when electronic key cards are used, locks can be opened manually from the inside. Guests who had been issued with key cards prior to the attack were also able to use their cards to get in their rooms, according to a statement issued by the hotel’s manager.

However, the cyberattack still caused considerable disruption at the 111-year old hotel. According to local news sources, the attack affected the hotel’s key card system, reservation system, and its cash desk.

Since files were encrypted that were necessary to program new key cards, any guest that had not been checked in before the cyberattack occurred experienced considerable delays. The issue was only resolved when the hotel paid the ransom demand of 1500 Euros – approximately £1,300/$1,600. Systems remained out of action for 24 hours as a result of the attack.

This was not the only attack affecting the hotel. A second attack reportedly occurred, although the hotel was able to thwart that attempt by taking its systems offline. Repeat attacks are unfortunately common. If one ransomware attack results in the payment of a ransom, other attacks may also occur as the attackers attempt to extort even more money from their victim. Backdoors are often installed during initial attacks to enable access to continue after payment has been made.

Not being able to check-in new guests for a period of 24 hours can make a serious dent in profits, not only from guests being forced to seek alternative accommodation, but also from the damage to a hotel’s reputation. Such an attack can keep future guests away.

In this case, in addition to paying the ransom demand, the manager of the Romantik Seehotel Jägerwirt confirmed that the hotel will be going old school in the impending future. Rather than continue to use an electronic key card system, the hotel will revert to using standard keys for hotel room doors. Another hotel ransomware attack would therefore not prevent guests from checking in.

Hotels Must be Prepared for Cybersecurity Incidents

This is not the first hotel ransomware attack to have occurred in 2017 and it certainly will not be the last. Hotels are attractive targets for cybercriminals because hotels cannot afford to have critical systems offline for lengthy periods of time due to the disruption they cause. Cybercriminals know that ransom demands are likely to be paid.

In this case, no lasting harm was caused, although that does not mean future attacks will be limited to reservation systems and cash desk operations. Elevator systems may be targeted or other systems that have potential to compromise the health and safety of guests.

Hotels therefore need to make sure that not only are defenses augmented to prevent ransomware attacks, but a data breach response plan is in place to ensure that in the event of a cybersecurity incident, rapid action can be taken to limit the harm caused.

Malware and Phishing Attacks on Healthcare Organizations are the New Norm

Malware and phishing attacks on healthcare organizations are all but guaranteed. In fact, they are almost as certain as death and taxes. Healthcare organizations hold huge volumes of data on patients and more types of data than virtually any other industry.

Healthcare providers store personal information and Social Security numbers, which are needed for identity theft and tax fraud. Insurance information that can be used for health insurance fraud; Medicare/Medicaid numbers and health information that can be used for medical fraud. Bank account information and credit card numbers are also often stored. For cybercriminals, breaching a healthcare organization’s defenses means a big payday.

Further, health data does not expire like credit card numbers. Social Security numbers never change. It is therefore no surprise that malware and phishing attacks on healthcare organizations are on the rise.

As if there was not enough incentive to attack healthcare organizations, the healthcare industry has underinvested in cybersecurity defenses, lagging behind other industries when it comes to implementing the latest technologies to thwart cybercriminals. Healthcare networks are also highly complex and difficult to protect. They also contain many outdated software and operating systems. Many healthcare organizations still run medical devices on the unsupported Windows XP OS, which contains many vulnerabilities.

The Health Insurance Portability and Accountability Act (HIPAA) has helped to bring cybersecurity standards up to an acceptable level. HIPAA compliance has made it harder for cybercriminals, although far from impossible. With the healthcare industry, firmly in cybercriminals’ crosshairs, healthcare organizations need to look beyond meeting the minimum standards for data security to avoid a HIPAA fine and ensure that defenses are improved further still.

One of the biggest problems comes from cyberattacks on healthcare employees. Even advanced firewalls can be easily avoided if employees can be fooled into clicking on a malicious link or opening an infected email attachment. Phishing attacks on healthcare organizations are the most common way that cybercriminals gain access to healthcare networks. Most cyberattacks start with a spear phishing email.

In addition to perimeter defenses, it is essential for healthcare organizations to employ technologies to block phishing attacks. Advanced spam filters will prevent the vast majority of phishing emails from being delivered, while web filtering solutions will block phishing attacks on healthcare organizations by preventing malicious links from being clicked and malicious websites from being accessed.

A web filter can also be configured to block downloads of file types commonly associated with malware: SCR, VB, and JavaScript files for instance. A web filter is also an excellent defense against drive-by malware downloads, social media phishing links, and malvertising.

Fortunately, with appropriate defenses in place, cyberattacks can be prevented and the confidentiality, integrity, and availability of ePHI can be preserved.

For further information on the major healthcare cyberattacks of 2016, the key threats to healthcare organizations, and the impact of data breaches, click the image below to view our healthcare hacking infographic.

 

Phishing Attacks on Healthcare Organizations

US Ransomware Attacks Quadrupled in 2016

According to a new report from data breach insurance provider Beazley, US ransomware attacks on enterprises quadrupled in 2016. There is no sign that these attacks will slow, in fact they are likely to continue to increase in 2017. Beazley predicts that US ransomware attacks will double in 2017.

Half of US Ransomware Attacks Affected Healthcare Organizations

The sophisticated nature of the latest ransomware variants, the broad range of vectors used to install malicious code, and poor user awareness of the ransomware threat are making it harder for organizations to prevent the attacks.

For its latest report, Beazley analyzed almost 2,000 data breaches experienced by its clients. That analysis revealed not only that US ransomware attacks had increased, but also malware infections and accidental disclosures of data. While ransomware is clearly a major threat to enterprises, Beazley warned that unintended disclosures of data by employees is actually a far more dangerous threat. Accidental data breaches increased by a third in 2016.

US ransomware attacks and malware incidents increased in the education sector, which registered a 10% rise year on year. 45% of data breaches experienced by educational institutions were the result of hacking or malware and 40% of data breaches suffered by companies in the financial services. However, it was the healthcare industry that experienced the most ransomware attacks. Nearly half of 2016 US ransomware attacks affected healthcare organizations.

The report provides some insight into when organizations are most at risk. US ransomware attacks spiked at the end of financial quarters and also during busy online shopping periods. It is at these times of year when employees most commonly let their guard down. Attackers also step up their efforts at these times. Beazley also points out that ransomware attacks are more likely to occur during IT system freezes.

Ransomware Attacks on Police Departments Have Increased

Even Police departments are not immune to ransomware attacks. Over the past two years there have been numerous ransomware attacks on police departments in the United States. In January, last year, the Midlothian Police Department in Chicago was attacked with ransomware and paid a $500 ransom to regain access to its files.

The Dickson County Sheriff’s Office in Tennessee paid $572 to unlock a ransomware infection last year, and the Tewksbury police department in Massachusetts similarly paid for a key to decrypt its files. In 2015, five police departments in Maine (Lincoln, Wiscasset, Boothbay Harbor, Waldboro and Damariscotta) were attacked with ransomware and in December 2016, the Cockrell Hill Police Department in Texas experienced a ransomware infection. The attack resulted in video evidence dating back to 2009 being encrypted. However, since much of that information was stored in backup files, the Cockrell Hill Police Department avoided paying the ransom.

Defending Against Ransomware

Unfortunately, there is no silver bullet to protect organizations from ransomware attacks. Ransomware defenses should consist of a host of technologies to prevent ransomware from being downloaded or installed, but also to ensure that infections are rapidly detected when they do occur.

Ransomware prevention requires technologies to be employed to block the main attack vectors. Email remains one of the most common mediums used by cybercriminals and hackers. An advanced spam filtering solution should therefore be used to prevent malicious emails from being delivered to end users. However, not all malicious attachments can be blocked. It is therefore essential to not only provide employees with security awareness training, but also to conduct dummy ransomware and phishing exercises to ensure training has been effective.

Many US ransomware attacks in 2016 occurred as a result of employees visiting – or being redirected to – malicious websites containing exploit kits. Drive-by ransomware downloads are possible if browsers and plugins are left unpatched. Organizations should ensure that patch management policies are put in place to ensure that all systems and software are patched promptly when updates are released.

Given the broad range of web-based threats, it is now becoming increasingly important for enterprises to implement a web filtering solution. A web filter can be configured to prevent employees from visiting malicious websites and to block malvertising-related web redirects. Web filters can also be configured to prevent employees from downloading malicious files and engaging in risky online behavior.

The outlook for 2017 may be bleak, but it is possible to prevent ransomware and malware attacks. However, the failure to take adequate preventative steps to mitigate risk is likely to prove costly.

Should First Amendment Rights Include Viewing Pornography in Libraries?

The use of web filters in libraries has been in the headlines on many occasions in recent months. There has been much debate over the extent to which libraries should allow patrons to exercise their First Amendment freedoms and whether Internet access should be controlled.

Many libraries in the United States choose not to implement web filters to control the content that can be accessed on their computers, instead they tackle the problem of inappropriate website access by posting acceptable usage guidelines on walls next to computers.

However, patrons of libraries can have very different views of what constitutes acceptable use. Many users of library computers take advantage of the lack of Internet policing and use the computers to view hardcore pornography.

While this is every American’s right under the First Amendment, it can potentially cause distress to other users of libraries. Libraries are visited by people of all ages including children. It is therefore possible that children may accidentally view highly inappropriate material on other users’ screens.

Libraries that apply for government discounts under the e-rate program are required to comply with the Children’s Internet Protection Act (CIPA). The legislation, which went into effect on April 20, 2001, requires schools and libraries to implement controls to restrict Internet access and prevent the viewing of obscene images, child pornography, and other imagery that is harmful to minors. However, it is only mandatory for libraries to comply with CIPA regulations if they choose to take advantage of e-rate discounts. Many libraries do not.

A recent article in DNA Info has highlighted the extent to which library computers are used to access pornography. One patron recently reported an incident that occurred when she visited Harold Washington Library in Chicago to complete forms on a library computer. She claimed that the person on the computer next to her was viewing hardcore pornography and was taking photographs of the screen using his mobile phone camera.

That individual was viewing material of very explicit nature and the screen was in full view of other users of the library. When the woman mentioned what was going on to a security guard, she was told that there was nothing that could be done. The library had chosen to honor patrons First Amendment Rights, even though those rights were in conflict with public decency. A reporter spoke to one librarian who said “Up here in this branch there’s porn 24/7.”

Most libraries in Chicago do not use web filters to limit access to obscene material, although that is not the case in all libraries in the United States. The reverse is true in libraries in Wisconsin for example.

The American Library Association does not recommend the use of web filters in libraries and instead believes the issue of inappropriate website usage should be tackled in other ways, such as to “remind people to behave well in public.”

The debate over First Amendment rights and the blocking of pornography in libraries is likely to continue for many years to come. However, institutions that are commonly frequented by individuals under the age of 18, who are not permitted by law to view pornography, efforts should be made to protect them from harm.  If technical measures such as web filters are not used to block pornography in libraries, at the very least libraries should use privacy screens to limit the potential for minors to view other users’ screens.

Do you believe patrons of libraries should be allowed to view any and all website content? Should First Amendment rights extent to the viewing of pornography in libraries?

Two U.S. States Propose Stricter Internet Censorship Laws

Internet censorship laws in two U.S. states may be augmented, forcing Internet service providers and device manufacturers to implement technology that blocks obscene material from being viewed on Internet-connected devices.

North Dakota has recently joined South Carolina in proposing stricter Internet censorship laws to restrict state residents’ access to pornography. There is growing support for stricter Internet censorship laws in both states to block pornography and websites that promote prostitution, and it is believed that stricter Internet censorship laws will help reduce human trafficking in the states.

The new Internet censorship laws would not prevent state residents from accessing pornography on their laptops, computers and smartphones, as the technology would only be required on new devices sold in the two states. Any new device purchased would be required to have “digital blocking capability” to prevent obscene material from being accessed. Should the new Internet censorship laws be passed, state residents would be required to pay $20 to have the Internet filter removed.

The proposed law in North Dakota – Bill 1185 – classifies Internet Service Provider’s routers and all laptops, computers, smartphones, and gaming devices that connect to the Internet as “pornographic vending machines” and the proposed law change would treat those devices as such. The bill would also require device manufacturers to block ‘prostitution hubs’ and websites that facilitate human trafficking. If passed, the ban on the sale of non-filtered Internet devices would be effective from August 1, 2017.

Lifting of the block would only be possible if a request to remove the Internet filter was made in writing, the individual’s age was verified in a face to face encounter, and if a $20 fee was paid. Individual wishing to lift the block would also be required to receive a written warning about the dangers of removing the Internet filter.

The fees generated by the state would be directed to help offset the harmful social effects of obscene website content, such as funding the housing, legal and employment costs of victims of child exploitation and human trafficking. Fees would be collected at point of sale.

Device manufacturers would have a duty to maintain their Internet filter to ensure that it continues to remain fully functional, but also to implement policies and procedures to unblock non-obscene website content that has accidentally been blocked by filtering software. A system would also be required to allow requests to be made to block content that has somehow bypassed the Internet filtering controls. Requests submitted would need to be processed in a reasonable time frame. Failure to process the requests promptly would see the company liable to pay a $500 fine per website/webpage.

State Representative Bill Chumley (R‑Spartanburg) introduced similar updates in South Carolina last month, proposing changes to the state’s Human Trafficking Prevention Act. Both states will now subject the proposed bills to review by their respective House Judiciary Committees.

Why a Restaurant WiFi Filtering Service is Now Essential

A restaurant WiFi filtering service can help to keep customers safe when they use the Internet by blocking access to websites known to contain malware. A restaurant WiFi filtering service will also ensure that patrons can only view website content that is suitable for families.

WiFi networks are often abused and used by some individuals to view pornography or other material that has no place in a restaurant. If one diner chooses to view such material on a personal device while in a restaurant, other diners may catch glimpses of the screen – That hardly makes for a pleasant dining experience.

However, there is another important reason why a restaurant WiFi filtering service should be used. Diners can be protected from a range of web-borne threats while using free wi-Fi networks, but also the computer systems of the restaurant.

Each year, many restaurants discover that their computers and networks have been infected with malware. Malware infections are often random; however, restaurants are now being targeted by cybercriminals.  If a hacker can gain access to a restaurant’s computer network and succeeds in loading malware onto its POS system, every customer who pays for a meal with their debit or credit card could have their credentials sent to the hacker.

Restaurants, especially restaurant chains, are targeted for this very reason. One infected POS system will give a cybercriminal a steady source of credit card numbers. Each year, there are many examples of restaurants that have been attacked in this manner. One of the latest restaurant chains to be attacked was Popeye’s Louisiana Kitchen – A multinational chain of fried chicken and fast food restaurants.

Popeyes recently discovered a cyberattack that resulted in malware being installed on its systems. The attack started on or around May 5, 2016 and continued undiscovered until August 18, 2016. During that time, certain customers who paid for their meals on their credit and debit cards had their card numbers stolen by the malware and passed on to the attackers.

Popeyes only discovered the cyberattack when it received notification from its credit card processor of suspicious activity on customers’ accounts. CCC Restaurant Enterprises, which operates Popeyes, retained a forensic expert to analyze its systems for signs of its systems having been compromised. That analysis revealed a malware infection. The information stealing malware was passing credentials to the attacker and those details were being used to defraud customers. Ten restaurants in the chain were known to have been affected. Those restaurants were located in Georgia, North Carolina, and Texas. The malware infection has now been removed and customers are no longer at risk, although the cyberattack undoubtedly caused reputation damage for the chain.

Malware can be installed via a number of different vectors. Vulnerabilities can be exploited in servers and software. It is therefore essential to ensure that all software is patched and kept up to date. Attacks can occur via email, with malicious links and attachments sent to employees. A spam filter can block those emails and prevent infection. Attacks can also take place over the Internet. The number of malicious websites now produced every day has reached record levels and the threat level is critical.

A restaurant WiFi filtering service will not protect against every possible type of attack but it does offer excellent protection against web-borne threats. A web filtering service can also prevent users from visiting malicious links sent in spam and phishing emails, blocking users’ attempts to click the links. A restaurant WiFi filtering service will also ensure family-friendly Internet access is provided to customers. Something that is increasingly important for parents when choosing a restaurant.

To find out more about how a restaurant WiFi filtering service can be implemented, the wide range of benefits that such a service offers, and for details of how you can trial the WebTitan restaurant WiFI filtering service for 30 days without charge, contact the TitanHQ team today.

Advantages and Disadvantages of Internet Filtering in Libraries

There are advantages and disadvantages of Internet filtering in libraries. Even though there are some potential drawbacks to filtering the Internet, an increasing number of libraries in the United States are now opting to use a web filtering solution.

What are the Advantages and Disadvantages of Internet Filtering in Libraries?

Controlling the types of content that can be accessed via library computers has sparked many debates. The American Library Association (ALA) for instance does not recommend Internet filtering. The problem, according to ALA, is that blocking Internet content in libraries “compromises First Amendment freedoms and the core values of librarianship.”

While it is true that libraries are institutions for learning, restricting access to certain types of website content is particularly important to ensure that children are protected. Unrestricted access to the Internet means minors could all too easily view imagery that could cause harm: Pornography for instance.

The ALA says it is better to tackle the problem of inappropriate Internet access with educational programs rather than restricting access. While the ALA understands that children should be protected from obscene and other potentially harmful website content, teaching children how to use the Internet correctly – and how to search for information – is viewed as a reasonable measure to limit harm.

However, for adults, training is likely to prove less effective. If an adult wishes to access illegal or inappropriate website content, acceptable usage policies and educational programs may not prove effective. Children may also choose to ignore library rules and access inappropriate content.

While many Americans have welcomed the use of Internet filtering in libraries to restrict access to obscene or illegal material, there has been concern raised about how the use of Internet filters could potentially limit access to ideas and valuable information. The main disadvantage of controlling Internet access in libraries is not the restriction of access to certain types of web content that have little to no educational value, but the overblocking of website content.

Some Internet filtering solutions lack granular controls which make it easy for libraries to inadvertently restrict access to valuable material. One example would be blocking of sexual content. Blocking sexual content would prevent pornography from being viewed, but potentially also valuable information on sex education: Sexually transmitted diseases or information on LGBT issues for instance. However, with the right solution, it is possible to carefully control Internet content without accidentally blocking valuable educational material.

Internet Content Filtering Helps Libraries Meet Digital Inclusion Goals

The debate over the advantages and disadvantages of Internet filtering in libraries is likely to go on for some time to come, although for many libraries the decision is now becoming less about First Amendment freedoms and more about money.

Libraries face considerable financial pressures, which can be eased with state and federal grants. The Children’s Internet Protection Act requires libraries to implement an Internet filter to block obscene images, child pornography, and other imagery that could be harmful to minors. Compliance is not mandatory, although it is a prerequisite for obtaining certain grants and discounts under the E-rate program.

Library Services and Technology Act grants are available, although while money can be received, unless an Internet content filter is in place, those funds cannot be used for Internet technology, which can limit the ability of libraries to meet their digital inclusion goals and better serve local communities.

The ALA will not – at the present time at least – recommend the use of Internet filtering in libraries, although the organization does concede that some libraries rely on federal or state funding in order to provide patrons with computers and Internet access.

The message to these institutions is to choose a solution which will “mitigate the negative effects of filtering to the greatest extent possible.”

Libraries can implement an internet content filtering solution to block the minimum level of content in order to comply with state and federal regulations. Policies can be implemented to allow content to be unblocked, if it has been inadvertently blocked by a content filtering solution.

It is then possible to receive funding that will allow them to better serve their communities and meet digital inclusion goals, while ensuring that children – and to a lesser extent adults – are appropriately protected.

Why WebTitan is an Ideal Internet Filtering Solution for Libraries

With WebTitan, libraries can control Internet access to meet CIPA requirements and qualify for discounts and grants, while mitigating the negative effects of Internet control. WebTitan features highly granular controls allowing librarians to precisely control the types of web content that can be accessed by patrons. Since the administration control panel is intuitive and easy to use, requests to unblock specific webpages can be easily processed by library staff, without the need for any technical skill.

To find out more about using WebTitan in libraries contact TitanHQ today. You will also receive full assistance setting up WebTitan for a free 30-day trial and can discover for yourself how easy it is to meet CIPA requirements without overblocking website content.

59% of Companies Increased Cybersecurity Spending in 2016

Cybersecurity spending in 2016 was increased by 59% of businesses according to PwC. Cybersecurity is now increasingly being viewed as essential for business growth, not just an IT cost.

As more companies digitize their data and take advantage of the many benefits of the cloud, the threat of cyberattacks becomes more severe. The past 12 months have already seen a major increase in successful cyberattacks and organizations around the world have responded by increasing their cybersecurity spending.

The increased threat of phishing attacks, ransomware and malware infections, data theft and sabotage has been a wake up call for many organizations; unfortunately, it is often only when an attack takes place that that wake up call occurs. However, forward-thinking companies are not waiting for attacks, and are increasing spending on cybersecurity and are already reaping the benefits. They experience fewer attacks, client and customer confidence increases, and they gain a significant competitive advantage.

The annual Global State of Information Security Report from Pricewaterhouse Coopers (PwC) shows that companies are realizing the benefits of improving cybersecurity defenses. More than 10,000 individuals from 133 companies took part in the survey that provided data for the report. 59% of respondents said that their company increased cybersecurity spending in 2016. Technical solutions are being implemented, although investment in people has also increased.

Cybercriminals are bypassing complex, multi-layered cybersecurity defences by targeting employees. Organizations have responded by increasing privacy training. 56% of respondents say all employees are now provided with privacy training, and with good reason.

According to the report, 43% of companies have reported phishing attacks in the past 12 months, with this cybersecurity vector the most commonly cited method of attack. The seriousness of the threat was highlighted by anti-phishing training company PhishMe. The company’s Enterprise Phishing Susceptibility and Resiliency Report showed 90% of cyberattacks start with a spear phishing email. Given how effective training can be at reducing the risk from phishing, increasing spending on staff training is money well spent.

The same is true for technical cybersecurity solutions that reduce phishing risk. Two of the most important solutions are antispam and web filtering solutions, with each tackling the problem from a different angle. Antispam solutions are employed to prevent phishing emails from reaching employees’ inboxes, while web filtering solutions are being used to block access to phishing websites. Along with training, companies can effectively neutralize the threat.

Many companies lack the staff and resources to develop their own cybersecurity solutions; however, the range of managed security services now available is helping them to ensure that their networks, data, and systems are adequately protected. According to the PwC report, 62% of companies are now using managed security services to meet their cybersecurity and privacy needs. By using partners to assist with the challenge of securing their systems, organizations are able to use limited resources to better effect and concentrate those resources on other areas critical to business processes.

There has been a change to how organizations are view cybersecurity over the past few years. Rather than seeing cybersecurity as simply a cost that must be absorbed, it is now increasingly viewed important for business growth. According to PwC US and Global Leader of Cybersecurity and Privacy David Burg, “To remain competitive, organizations today must make a budgetary commitment to the integration of cybersecurity with digitization from the outset.” Burg also points out, “The fusion of advanced technologies with cloud architectures can empower organizations to quickly identify and respond to threats, better understand customers and the business ecosystem, and ultimately reduce costs.”