Web Filtering

Our news section dedicated to web filtering reports on instances in which a web filter can be used to protect organizations against online threats and the consequences of phishing campaigns. We also report on how filtering web access can protect the vulnerable against exposure to inappropriate online content – particularly minors viewing pornography.

Several of our news items will be of particular interest to MSPs and service providers who wish to add web filtering to their portfolio of products. With TitanHQ´s solutions, MSPs can incorporate white-labelled web filtering into an existing service package or market the solutions as stand-alone packages.

Effectiveness of Parental Controls at Preventing Pornography Access by Teens

A recent study in the United Kingdom conducted by researchers at the Oxford Internet Institute at the University of Oxford on the effectiveness of parental controls suggests that they may not be as effective as was thought at preventing minors from accessing online pornography.

While the study certainly adds to the body of evidence on the effectiveness of parental controls, such as those provided by Internet Service Providers, care should be taken interpreting the findings, especially comparing ISP parental controls with commercial web filtering solutions for schools.

The researchers suggest that their study “Delivered conclusive evidence that filters were not effective for protecting young people from online sexual material,” and such bold claims have naturally been reported in the media as ‘Internet controls not being effective’.

However, the study only assessed whether minors had encountered a single image of nudity or of a sexual nature. No internet filtering solution can be expected to block every single sexual image. The goal of parental controls is not to ensure that pornographic content cannot ever be accessed, only that the chance of it being accessed is reduced to a very low level.

Further, while controls can be put in place to block direct accessing of pornography, parental control filers can easily be bypassed through the use of VPNs and anonymizer services. If a minor wishes to gain access to pornography, it is easy to do so via an anonymizer service. Parental control filters put in place by Internet Service Providers do not block access to anonymizer services.

Search for “free anonymizer” in Google, access the site, and enter the URL of an adult site on a home network with parental controls in place, and you will discover exactly how easy it is to access adult content. Even easier, search for “bypass parental controls” and you will get a long list of options.

Commercial filters, such as those offered to schools and businesses, allow adult content to be blocked but also the use of anonymizer services to prevent filtering controls from being bypassed, providing greater protection – which is necessary in places of business and in schools. If an anonymizer is used and a commercial web filter is in place that blocks anonymizers, access will be denied, and the attempt will be recorded.

What is particularly worrying, is the suggestion that the findings of this study on the effectiveness of parental controls should be applied to schools. The researchers suggest in the paper “Our findings raise the question of whether mandatory state-funded Internet filtering in schools should still be regarded as a cost-effective intervention,” instead, the use of age verification tools or simply boosting educational strategies to support responsible online behavior should be explored.

Commercial web filtering solutions and parental controls solutions are not the same, and it is worth considering the following scenario. If a parent was to discover their child had viewed pornography at school and no filtering controls were in place to prevent access, would that parent agree with the school’s decision not to block pornography because a filter could potentially be bypassed? Or would a parent prefer a filter be put in place to make it harder for such content to be viewed?

The researchers do point out that more research is required to solidify the findings, specifically “to test Internet filtering in an experimental setting, done in accordance to Open Science principles.”

One thing is for certain, the use of web filters and parental controls to protect minors is certainly likely to continue to involve considerable discussion and the solution to the problem of minors accessing online material of a sexual nature is likely to involve a combination of technological controls, monitoring of internet access, and educational efforts.

The Importance of Web Filtering for Businesses

The importance of web filtering for businesses cannot be understated. Businesses can install a range of perimeter defenses, but if controls are not implemented to restrict the activities of employees, malware can easily be downloaded onto work devices. The cost of mitigating malware infections can be considerable. The NotPetya malware attacks last year cost Maersk around $300 million. The Ponemon Institute annual cost of a data breach study suggests the average cost of a data breach is now $3.6 million for large businesses.

There is no single software solution that can provide total protection for businesses. A range of security solutions are required to reduce risk to an acceptable level, and web filters are one such control that should now be used by all businesses.

A new campaign has been detected this week that demonstrates the importance of web filtering for businesses, highlighting one of the methods used to install malicious software on corporate devices. In this case, the aim of the campaign is to install adware, unwanted browser extensions, and PuPs, although this tactic is often used to install much more malicious software.

The individuals behind this campaign are using autogenerated content to create large quantities of websites that incorporate commonly used keywords related to popular celebrities and adult industry actors. The aim of the campaign is to get these webpages indexed by the search engines and appearing in the organic search engine listings.  Individuals who search for these keywords are likely to be presented with these webpages.

Upon opening these webpages, a popup is launched that advises the user that their computer lacks the codecs and software necessary to play the video. To get the videos to play, they need to install a media player. If the end user chooses to install the media player, rather than the media player being installed, a bundle of other programs is downloaded and installed on their device. The campaign also directs users to webpages where they are encouraged to install browser extensions.

If an employee is actively searching for inappropriate website content, it is easy to see how that individual would proceed with a download, and in doing so, install any number of potentially malicious programs.

This is not a hypothetical situation – many employees do just that. A recent survey conducted by Spiceworks delved into the reasons why companies are increasingly using web filters. The primary reason was to prevent the installation of malware. Further, when asked about whether employees had caused problems by accessing inappropriate website content, 38% of respondents said they had experienced a data breach in the past 12 months as a result of employees visiting websites that were not necessary for work.

The survey also revealed the extent that employees are using the Internet for personal reasons. Out of the companies that had not implemented a web filter, it was estimated that 58% of employees were wasting more than 4 hours a week on personal internet use, while 26% of employees were wasting 7 or more hours on non-work-related websites. That adds up to 26 days a year lost by each of those employees.

A web filter can allow a company to improve the productivity of the workforce. Employees will always slack off from time to time, but web filters can help to reduce the number of lost hours. The survey showed that the percentages fell to 43% spending more than 4 hours a week on non-work-related sites and 18% spending more than 7 hours a week slacking off online when a web filter was deployed – a significant reduction in lost hours.  Further, blocking social media websites saw the figure fall to 30% of employees wasting more than 4 hours a week on personal internet use.

Another important benefit of web filtering is to prevent the accessing of illegal website content. Companies can be legally liable for illegal activities by their employees, such as the downloading of copyright protected material through peer-to-peer file sharing networks. The survey revealed two thirds of companies were using their web filter to avoid legal liability and 84% were using a web filter to stop illegal activity online. Data leakage is also a serious concern. 57% of companies use web filters to prevent data leakage and hacking.

If you want to improve your security posture, reduce the potential for productivity losses, and reduce legal liability, a web filter and at least some form of content control is essential.

If you have yet to implement a web filter, are unhappy with your current provider, or would like further information on the importance of web filtering for businesses, call the TitanHQ team today for further information. A free trial is also available for WebTitan, the leading web filtering solution for businesses, to allow you to find out first hand the benefits that content control offers.

How Can You Prevent a Computer from Becoming Part of a Botnet?

What is a Botnet? How are they used? What harm can be caused, and how can you prevent a computer from becoming part of a botnet? These and other questions answered.

What is a Botnet?

A botnet is simply a collection of computers and other Internet-connected devices that are controlled by a threat actor. Usually that control is achieved via a malware installation, with the malware communicating with the threat actor’s command and control server.

Once malware has been installed on one device, potentially it can propagate to other devices on the same network, creating a mini-army of slave devices under the threat actor’s control. Any computer with the malware installed is part of the botnet and can be used on its own or collectively with other compromised devices for malicious purposes.

What are Botnets Used For?

Botnets are often used to conduct Distributed Denial of Service (DDoS) attacks, with the devices in the botnet used to access a particular service simultaneously and flooding it with traffic making that service temporarily unavailable. The Mirai botnet, which mostly consists of vulnerable IoT devices, was used to take down large sections of the Internet, including some of the most popular websites such as Twitter and Netflix. DDoS attacks are now being conducted that exceed 1 terabits per second, largely due to sheer number of devices that are part of the botnet.

One of the biggest botnets ever assembled was made possible with Zeus malware, a banking Trojan that was particularly difficult to detect. In the United States, an estimated 3.6 million computers had been infected with the malware, making Zeus one of the biggest botnets ever created.

In addition to DDoS attacks, botnets are also used to send huge quantities of spam and phishing emails. The Necurs botnet is the world’s largest spamming botnet, delivering 60% of all spam emails. The Gamut spam botnet delivers around 37% of spam botnet traffic. These two spamming botnets are primarily used to send malicious messages containing email attachments with malicious macros that download malware such as the Dridex banking Trojan, and the ransomware variants Locky, Globelmposter, and Scarab.

Recently, the rise in the value of cryptocurrencies has made it highly profitable to use the processing power of botnets to mine cryptocurrency. When processing power is used for cryptocurrency mining, the performance of the computers will reduce significantly.

How Are Botnets Created?

Botnets can be created through several different methods. In the case of IoT devices, attackers often take advantage of weak passwords and default credentials that have not been changed. Since IoT devices are less likely to be updated automatically with the latest software and firmware, it is easier to exploit flaws to gain access to the devices. IoT Devices also rarely have antivirus controls, making infection easier and detection of malware much harder.

Computers are most commonly recruited into botnets through malware sent via spam email campaigns – such as those sent out by the spamming botnets. Malware is delivered via infected email attachments or links to malicious websites where malicious code is hosted. Messages can be sent via social media networks and chat apps, which also direct users to malicious websites where malware is downloaded.

Drive-by downloads are also common – Malware is downloaded by exploiting vulnerabilities in browsers, add-ons or browser plug-ins, often through exploit kits loaded on compromised websites.

Prevent a Computer from Becoming Part of a Botnet

It is much easier to prevent a computer from becoming part of a botnet than identifying a malware infection and eradicating it once it has been installed. To prevent a computer from becoming part of a botnet, it is necessary to use technological controls and adopt security best practices.

Businesses need to ensure all staff are trained to be more security aware and are told about the risks of opening email attachments or clicking links in emails from unknown senders. They should also be told not to automatically trust messages from contacts as their email accounts could have been compromised. Employees should be taught security best practices and risky behavior, such as connecting to public WiFi networks without using a VPN, should be eradicated.

All software must be kept up to date with patches applied promptly. This will reduce the risk of vulnerabilities being exploited to deliver malware. Antivirus software should be installed and configured to update automatically, and regular AV scans should be performed.

Firewalls should be used to implemented to prevent unauthorized network access and allow security teams to monitor internet traffic.

Spam filtering solutions should be implemented to block the majority of malicious messages from being delivered to end users’ inboxes. The more messages that are blocked, the less chance there is of an employee responding to a phishing email and inadvertently installing malware.

One way to prevent a computer from becoming part of a botnet that is often forgotten, is the use of a web filtering solution. A web filter, such as WebTitan, will prevent malware and ransomware downloads and block access to malicious websites sent via email or through web browsing.

Implement these controls and it will make it much harder for your organization’s computers to be infected with malware and added to a botnet.

Acumera Integrates WebTitan Web Filtering into Their Service Stack

Austin, Texas-based managed services provider Acumera has successfully integrated the WebTitan web filtering solution into their service offerings and are now providing advanced web filtering to their clients.

Acumera provides managed security services to a wide range of companies throughout the United States across hundreds of thousands of locations, including healthcare providers, automated parking garages and some of the best-known retailers in the country such as 7-Eleven, Circle K, Subway, Pluckers, Benetton, and Valero service stations.

Many of the companies that have chosen Acumera to provide fully managed security services operate in hundreds or thousands of locations – 7-Eleven has more than 7,700 stores in the United States. Acumera secures payment systems and provides network security, connectivity, and visibility services across these widely distributed networks.

Acumera’s expertise in securing large highly distributed networks ensures its customers have the peace of mind that their networks and systems are fully secured, while avoiding the security headaches that many highly distributed companies face. Acumera’s customers certainly get an excellent return on their investment and tremendous value for money.

The Acumera Team with TitanHQ Alliances Director Mr. Eddie Monaghan in Austin, Texas.

Now, following the integration of WebTitan, Acumera’s customers can now benefit from advanced malware and ransomware protection both on and off corporate networks. WebTitan provides excellent protection from a wide range of web-based threats and allows companies to carefully control the websites that their employees can access. Highly granular controls ensure accurate content control without overblocking.

WebTitan Cloud is an easy to use, multi-tenant solution that MSPs can quickly set up and configure. There is no need for any hardware purchases, software installations of site visits. The 100% cloud-based solution can integrate seamlessly with existing client packages to increase revenue and attract more business.

The solution can be hosted on TitanHQ’s servers or within MSPs own environments, with a full white label version ready to take MSPs own branding.

Thanks to the WebTitan Application Programming Interface (API), managed services providers can easily incorporate WebTitan into their service offerings and provide DNS filtering to their customers.

If you are a managed service provider and you are interested in adding DNS filtering to your service stack and would like to become a TitanHQ Alliance partner, contact the TitanHQ team today for more information.

WebTitan Incorporated into Datto’s Network Security Solutions

TitanHQ has announced as part of its strategic alliance with networking and security solution provider Datto, WebTitan Cloud and WebTitan Cloud for Wi-Fi have been incorporated into the Datto networking range and are immediately available to MSPs.

Datto is the leading provider of enterprise-level technology to small to medium sized businesses through its MSP partners. Datto offers data backup and disaster recovery solutions, cloud-to-cloud data protection services, managed networking services, professional services automation, and remote monitoring and management tools.

The addition of WebTitan to its range of security and networking solutions means its MSP partners can now offer their clients another level of security to protect them from malware and ransomware downloads and phishing attacks.

WebTitan is a 100% cloud-based DNS web filtering solution developed with MSPs in mind. In addition to allowing businesses to carefully control the types of websites their employees can access through corporate wired and wireless networks, the solution provides excellent protection against phishing attacks and web-based threats.

With phishing now the number one threat faced by SMBs and a proliferation of ransomware attacks, businesses are turning to their MSPs to provide security solutions to counter the threat.

Businesses that implement the solution are given real-time protection against malicious URLs and IPs, and employees are prevented from accessing malicious websites through general web browsing and via malicious URLs sent in phishing emails.

“We are delighted that Datto has chosen TitanHQ as a partner in web security. By integrating TitanHQ’s secure content and web filtering service, we are well positioned to offer Datto MSPs a best of breed solution for their small to mid-size customers,” said TitanHQ CEO, Ronan Kavanagh.

“We pride ourselves in equipping our community of Managed Service Provider partners with the right products and tools to allow each and every customer to succeed,” said John Tippett, VP, Datto Networking. “With that in mind, I’m delighted to welcome TitanHQ as a security partner and look forward to growing our partnership.”  

At the upcoming TitanHQ-sponsored DattoCon 2018 conference in Austin, TX – the largest MSP event in the United States – MSPs will be able to see WebTitan in action. TitanHQ’s full team will be in attendance, including Ronan Kavanagh – TitanHQ’s CEO, Conor Madden – Sales Director, Dryden Geary – Marketing Manager, and Eddie Monaghan – Alliance Manager.

MSPs can visit the TitanHQ team at booth #66 in the exhibition hall for a demonstration of WebTitan, SpamTitan – TitanHQ’s award -winning spam filtering solution – and ArcTitan, TitanHQ’s email archiving solution. All three solutions are MSP friendly and are easily added to MSP’s service stacks.

DattoCon 2018 runs all week from June 18, 2018. The TitanHQ team will be present all week and meetings can be arranged in advance by contacting TitanHQ ahead of the conference.

TitanHQ Integrates WebTitan into Kaseya’s IT Complete Platform

TitanHQ has announced its 100% cloud-based web filtering platform, WebTitan, has been fully integrated into the Kaseya IT Complete Platform.

The IT Complete platform helps MSPs deliver invaluable cybersecurity and IT services to their clients quickly and efficiently. By using the platform, MSPs can save valuable time, allowing them to concentrate on IT projects strategic to their business.

The addition of a web filtering solution to the IT Complete platform allows MSPs to provide a more comprehensive range of cybersecurity solutions to their clients to help protect against a wide range of web-based threats.  The web filtering solution joins cybersecurity solutions developed by Bitdefender, Cisco, and Dell and is now available to all MSPs who use Kaseya VSA.

WebTitan is a powerful DNS-based web filtering solution ideally suited to MSPs. The solution provides proven protection against malware and ransomware downloads, and complements existing anti-virus, email filtering, data backup solutions, and firewalls.

Being 100% cloud-based it is easy to deploy without the need for any hardware purchases, software installations, or site visits. With the new integration, WebTitan can be accessed directly through Kaseya VSA, and can be deployed and configured in minutes, providing near instant protection against web-based threats.

The integration of WebTitan into the Kaseya IT Complete platform is particularly timely, as some of the world’s leading MSPs will be attending the Kaseya Connect conference in Las Vegas, NV this week.

“Kaseya is a partner we have admired for a long time and I’m delighted to announce this integration. With over 10 million endpoints under their management it represents a massive opportunity for our business,” said Ronan Kavanagh, CEO of TitanHQ. “We look forward to working with Kaseya’s MSP partners and adding our personal touch and renowned focus on great customer support.”

The massive increase in cyberattacks on businesses in recent years has made cybersecurity a key area of growth for MSPs. Companies need to implement layered defenses to protect an ever-increasing attack surface and turn to MSPs to help them secure their networks.

“Security is a critical service that all MSPs must deliver,” said Frank Tisellano, Jr., vice president product management and design. “Adding WebTitan to our open ecosystem of partner solutions means our customers now have even greater access to best of breed technologies to meet the needs of their business. With growing concerns over malware, ransomware and phishing as key threats to MSP customers, WebTitan adds a highly effective layer of protection.”

How Does WebTitan Work?

TitanHQ’s WebTitan is a powerful web filtering solution that helps businesses control the web content that can be accessed by its employees, but how does WebTitan work and how can the solution improve an organization’s security posture?

Why Are Web Filters Necessary?

Many businesses choose to implement a web filtering solution to prevent employees from accessing inappropriate web content such as pornography or to stop work computers from being used to download illegal content such as pirated films, music, and TV shows. A category-based web filter allows businesses to block certain types of web content with ease, such as adult material and P2P file sharing websites.

While content filters can achieve those aims, perhaps a more important function of web filters is to block web-based threats such as malware and phishing websites. Many businesses choose to deploy WebTitan to block these threats, but how does WebTitan work?

How Does WebTitan Work?

WebTitan Cloud is a 100% cloud-based web filtering solution that serves as a semi-permeable membrane between an organisation’s users and the Internet. When an end user attempts to access a particular URL that does not violate an organization’s acceptable Internet use policy, the request is honoured. Since there is no latency, the speed at which the website is loaded is the same as if no filtering mechanism is in place.

Unknown to the user, when an attempt is made to access a webpage, the DNS request is sent to WebTitan Cloud which determines whether the request should be allowed or denied.

If the user attempts to access a gambling website and the gambling category has been blocked through WebTitan Cloud, the user will be advised that their request has been denied and access to the site will be prevented. But how does WebTitan work as far as malicious websites are concerned? How are malicious URLs identified and blocked?

How Does WebTitan Block Access to Malicious Websites?

How does WebTitan determine which URLs are benign and which ones are malicious, and how are those checks performed in real-time?

To block malicious sites, WebTitan uses a crowd-sourced approach and obtains a constant stream of URLs for analysis. These ActiveWeb URLs come from websites actively visited by a global network of customers through high traffic markets such as subscriber analytics, networks security, IOT, and ad tech.

This traffic is used to train WebTitan’s human-supervised Machine Learning Systems to detect, monitor, and categorize threats. Using in house and third-party tools, WebTitan performs link, content, static, heuristic, and behavioural anomaly analyses to categorize threats. When threats are detected, the WebTitan team profiles, tests and validates those threats. Once threats have been validated, they are blocked with false positives used to train the system to improve future accuracy.

In contrast to many DNS-based systems, which only work at the domain level, WebTitan works at the path level and is capable of blocking individual webpages rather than entire domains. The majority of malicious URLs in the WebTitan database are marked as malicious at the path level – 99.7% of IP-based URLs and 88.35% of non-IP-based URLs.

WebTitan performs checks of websites that have previously been marked as malicious to determine whether they still contain malware or other threats. The WebTitan Malicious Detection Solution revisits up to 300,000 sites to check whether they are still infected or have been cleaned, and the database is updated accordingly. Sites previously marked as malicious can be accessed once they have been determined to be safe.

What Web-Based Threats Does WebTitan Block?

There are ten main web-based threats that WebTitan protects against:

  • Malware distribution points
  • Ad fraud
  • Botnets
  • Spyware and questionable software
  • Phishing and other fraudulent sites
  • Command and Control (C2) servers
  • Malware call-home addresses
  • Compromised sites and links to malware
  • Spam URLs
  • Cryptocurrency mining

With WebTitan, businesses not only have highly granular control over the types of sites that can be visited by their employees, a wide range of malicious sites are also blocked, preventing malware and ransomware infections, data theft, data exfiltration and fraud.

You can view further information about WebTitan on this link. (PDF)

Most Common Wireless Network Attacks

The most common wireless network attacks are easy to pull off and can be highly profitable for criminals. It is therefore no surprise that wireless network attacks have increased significantly in the past couple of years.

Wi-Fi is Ubiquitous, Yet Many Businesses Neglect Security

Wi-Fi access used to be something you had to pay for, but now free WiFi is something that is taken for granted. Visitors to a hotel, coffee shop, bar, retail outlet, or restaurant now expect WiFi to be provided. The decision to use a particular establishment is often influenced by whether free WiFi is available, but increasingly the quality of the connection.

The quality of the WiFi on offer is not only about bandwidth. The massive rise in cyberattacks via public WiFi networks has seen consumers choose establishments based on the security of the WiFi access points. Parents often choose to visit establishments that offer controls over the types of content that can be accessed.

If you run a business and are providing WiFi or have yet to provide that service and are considering adding a WiFi hotspot to attract more customers, be sure to consider the security of your network. The past couple of years have seen many major attacks on WiFi networks. Some of the most common wireless network attacks are detailed below.

What are the Most Common Wireless Network Attacks?

Some of the most common wireless network attacks are opportunistic in nature. Businesses that fail to secure their WiFi networks leave the door wide open to amateur scammers and hackers who are all too happy to take advantage of poor security to steal credentials from users and spread malware. Unsecured WiFi networks are also targeted by sophisticated cybercriminals and organized crime groups.

Tel Aviv Free WiFi Network Hacked

One notable example of how easy it can be for a hacker to take over a WiFi network comes from Tel Aviv. Tel Aviv offers a city-wide free WiFi network, which incorporates basic security controls to keep users secure. However, it did not prove to be as secure as city officials thought.

While commuting home, Tel Aviv resident Amihai Neiderman noticed a new WiFi access point had appeared. The FREE_TLV access point was provided by the city and Neiderman decided to test its security controls. After determining the IP address through which WiFi clients accessed the Internet, he disconnected, scanned the router, and discovered the web-based login interface was run through HTTPS port 443.

While he found no major vulnerabilities, after extensive analysis he identified a buffer overflow vulnerability which he successfully exploited to take full control of the router. By doing so, if he was so inclined, he could have intercepted the traffic from tens of thousands of users.

Toasters Used to Hack Unsecured WiFi Networks

Perhaps not one of the most common WiFi network attacks, but notable none the less due to the rise in use of IoT devices. IoT capability has been incorporated into all manner of devices from toasters to washing machines. However, these devices can be vulnerable to supply chain attacks – Where hardware is altered which allows the devices to be used to attack WiFi networks. In 2016, Russian officials discovered chips imported from China had been altered and were being used to spread malware that could eavesdrop on unsecured WiFi networks from a range of 200 meters. They were used to infect those networks with malware that could steal information.

Interception of Unencrypted Traffic

Research by Kaspersky Lab in 2016 showed more than a quarter of public Wi-Fi hotspots set up in malls were insecure and lacked basic security controls. A quarter did not encrypt traffic at all, while research conducted by Skycure showed that five of the busiest 10 malls in the USA had risky WiFi networks. One mall in Las Vegas was discovered to be operating 14 risky WiFi access points. Hackers can use sniffers to monitor traffic on unencrypted WiFi networks.

Fake WiFi Access Points

Visitors to hotels, coffee shops and malls often connect to the free WiFi on offer, but various studies have shown that care is not always taken to connect to the official WiFi network. Criminals can easily set up fake WiFi access points, often using the name of the establishment. By connecting to the fake networks, users can still access the Internet, yet everything they do online is being monitored by cybercriminals. These man-in-the-middle attacks allow criminals to steal banking credentials, credit card numbers, and login information.

How is this done? The attacker simply creates a hotspot on a smartphone and pairs it with a tablet or laptop. The hacker can then sit in the coffee shop drinking a latte while monitoring the traffic of everyone that connects. One study indicated more than a third of WiFi hotspot users take no precautions when accessing WiFi hotspots and frequently connect to unsecured networks.

WiFi Networks Used to Gain Access to Business Data

Creating a WiFi network for guests is simple. Ensuring it is secure and cannot be used for attacks on the business network requires more thought and effort. Any business that allows customers to make purchases using credit and debit cards is a major target for hackers. The past few years have seen many major attacks that have resulted in malware being installed on POS systems. These are now some of the most common wireless network attacks.

How Can Businesses Prevent the Most Common Wireless Network Attacks?

How can businesses protect against some of the most common wireless network attacks? While it is difficult to prevent the creation of fake WiFi hotspots, there are steps that can be taken to prevent many common wireless network attacks.

Isolate the Guest Network

If your business network is not isolated from your guest WiFi network, it could be used to gain access to business data and could place your POS at risk of compromise. Use a router that offers multiple SSIDs – most modern routers have that functionality. These routers often have a guest SSID option or separate guest portal. Make sure it is activated when it is deployed. Alternatively, your wireless router may have a wireless isolation feature which will prevent WiFi users from accessing your internal network and other client devices. If you require multiple access points throughout your establishment, you are likely to need a VLAN or EoIP tunnel configuration – A more complicated setup that will require you to seek professional advice on security.

Create a Secure SSID

Your router will have a default SSID name, but this should be changed to personalize it to your business. If you make it easily identifiable, it will reduce the potential for rogue access points to be confused with your own.  Ensure that you enforce WPA2 encryption with a shared key and post that information for your customers along with your SSID.

Restrict WiFi Access

If your wireless router or access point is too powerful, it could be accessed from outside your premises. Choose a router that allows you to alter the strength of your signal and you can ensure only your customers will use your connection. Also ensure that your WiFi access point is only available during business hours. If your access points are left unsupervised, it increases the risk of attack.

Secure Your Infrastructure

Administrator access can be abused, so ensure that your login name and your passwords are secure. If the default credentials are not changed, it will only be a matter of time before they are abused. Change the username from ‘admin’ or any other default username. Set a strong password that includes upper and lower-case letters, at least one number, and a special character. The password must be at least 8 characters although more is better.  Alternatively use a 14-character+ passphrase.

Use Web Filtering

A web filtering solution is an essential protection for all WiFi networks. Web filters will prevent users from visiting websites and webpages that are known to have been compromised or have been confirmed as malicious. This will protect your customers from web-based threats as well as help to keep your network secure. A web filter will also allow you to prevent your network from being used to download or view unacceptable content such as pornography and lets you control bandwidth usage to ensure all customers can enjoy decent Internet speeds.

TitanHQ offers a scalable, easy to deploy, granular web filter for WiFi networks. WebTitan Cloud for WiFi requires no hardware purchases and no software downloads, and being 100% cloud-based, can be managed and monitored from any location.

New Bill Calls for Mandatory Web Filtering in Rhode Island

Lawmakers are considering a new bill that calls for mandatory web filtering in Rhode Island. More than a dozen U.S states are considering similar laws which make it necessary for the manufacturers or distributors of Internet enabled devices to use web filters to block access to adult content by default.

In other states the bill goes under the banner of the Human Trafficking Prevention Act. The aim of the legislation is to reduce the availability of online pornography, which is often claimed to represent ‘a public health crisis’ in the United States.

The purpose of the bill – sponsored by Senators Frank Ciccone (D-Providence) and Hannah Gallo (D-Cranston) – is not to make it illegal to view online pornography but to make state residents pay a fee if they want to view such material on their laptops, computers, and smartphones.

Bill Proposes Web Filtering in Rhode Island on All Internet-Enabled Devices

As in other states, the wording of the legislation means that web filtering in Rhode Island would be mandatory on all Internet-enabled devices, not only smartphones, laptops and desktops. This would require web filtering controls to also cover IoT devices and routers, which would be applied at the ISP level.

If the bill is passed, web filtering in Rhode Island would cover online pornography and any shows, motion pictures, performances, or images that “taken as a whole, lack serious literary, artistic, political, or scientific value.” The web filter would also need to block access to websites or hubs that facilitates human trafficking and prostitution and ensure child pornography and revenge porn cannot be accessed.

The move would certainly make it harder for minors to access adult content since in order to remove the filtering controls the device owner would be required to prove they are over 18 years of age. Any device sold in the state would need to be supplied with a warning about the removal of the filtering mechanism and the repercussions of doing so.

Any individual who wishes to remove the filtering would be allowed to do so by paying a one-off fee of $20. The fee would be added to a fund that supports the victims of human trafficking.

Any such technological control is unlikely to be 100% accurate, so a mechanism must be introduced that ensures requests can be submitted to add websites and webpages to the filter when obscene content has escaped the filtering controls. Conversely, when content is blocked that is not sexual in nature or is not patently offensive, a request can be submitted to add the page to a whitelist of allowable websites or have the site recategorized. Such requests would need to be processed no later than 5 days after the request has been submitted.

The failure to act on such requests would be punishable with a financial penalty of up to $500 per piece of content that was reported but not blocked. In its current form the bill does not call for similar fines to be imposed when requests are submitted to unblock legitimate content that has been inadvertently blocked by the filtering controls.

Common Web Filtering Myths Busted

If you have yet to implement a web filtering solution to control the content that your employees can access at work, you are taking an unnecessary risk that could result in a costly malware infection, ransomware being installed on your network, or a lawsuit that could have been prevented by implementing basic web filtering controls. Many SMBs have considered implementing a web filter yet have not chosen a solution due to the cost, the belief that a web filter will cause more problems than it solves, or simply because they do not think it offers enough benefits. In this post we explain some of the common misconceptions about web filtering and attempt to debunk some common web filtering myths.

Common Web Filtering Myths

Antivirus Solutions Provide Adequate Protection from Web-Based Malware Attacks

Antivirus software is a must, although products that use signature-based detection methods are not as reliable as they once were. While antivirus companies are still quick to identity new malware variants, the speed at which new variants are being released makes it much harder to keep up. Further, not all malware is written to the hard drive. Fileless malware remains in the memory and cannot easily be detected by AV software. Antivirus software is still important, but you now need a host of other solutions to mount a reasonable defense against attacks. Layered defenses are now a must.

Along with AV software you should have anti spam software in place to block email-based threats such as phishing. You need to train your workforce to recognize web and email threats through security awareness training. Firewalls need to be set with sensible rules, software must be kept updated and patches must be applied promptly, regular data backups are a must to ensure recovery is possible in the event of a ransomware attack, and a web filtering solution should be installed.

A web filter allows you to carefully control the web content that can be accessed by employees. By using blacklists, websites known to host malware can be simply blocked, redirects via malvertising can be prevented, and controls can be implemented to prevent potentially malicious files from being downloaded. You can also prevent your employees from visiting categories of sites – or specific websites – that carry a higher than average risk.

There are other benefits to web filtering that can help you avoid unnecessary costs. By allowing employees to access any content, organizations leave themselves open to lawsuits. Businesses can be held liable for activities that take place on their networks such as accessing illegal content and downloading/sharing copyright-protected material.

Web Filtering is Prohibitively Expensive

Many businesses are put off implementing a web filtering solution due to the perceived cost of filtering the Internet. If you opt for an appliance-based web filter, you need to make sure you have an appliance with sufficient capacity and powerful appliances are not cheap. However, there is a low-cost alternative that does not require such a major cash commitment.

DNS filtering requires no hardware purchases so there is no major capital expenditure. You simply pay for the licenses you need and you are good to go. You may be surprised to find out just how low the price per user actually is.

Web Filtering is Too Complicated to Implement

Some forms of web filters are complex, and hardware-based filters will take some time to install and configure, which will take IT staff away from important duties. However, DNS based filters could not be any easier to implement. Implementing the solution is a quick process – one that will take just a couple of minutes.  You just need to point your DNS to your web filtering service provider.

Even configuring the filter is straightforward. With WebTitan you are given a web-based portal that you can use to configure the settings and apply the desired controls. In its simplest form, you can simply use a checkbox option to select the categories of websites that you want to block.

Since WebTitan includes a database of malicious websites, any request to visit one of those websites will be denied. You can also easily upload third party blacklists, and for total control, use a whitelist to only allow access to specific websites.

Employees Will Just Bypass Web Filtering Controls

No web filtering solution is infallible, although it is possible to implement some basic controls that will prevent all but the most determined and skilled workers from accessing prohibited websites. Simple firewall rules can be easily set and you can block DNS requests to anything other than your approved DNS service. You can also set up WebTitan to block the use of anonymizers.

IT Support Will be Bombarded with Support Calls from Employees Trying to Access Blocked Websites

If you decide to opt for whitelisting acceptable websites, you are likely to be bombarded with support calls when users discover they are unable to access sites necessary for work. Similarly, if you choose to heavily filter the Internet and block most categories of website, then your helpdesk could well be swamped with calls.

However, for most companies, filtering the internet is simply a way of enforcing acceptable usage policies, which your employees should already be aware of. You are unlikely to get calls from employees who want access to porn at work, or calls from employees who want to continue gambling and gaming on the clock. Restrict productivity draining sites, illegal web content, phishing websites, and sites that are not suitable in the workplace, and explain to staff your polices in advance, and your support calls should be kept to a minimum.

Find Out More About DNS Filtering

If you have yet to implement DNS filtering in your organization, it is possible to discover the benefits of Internet filtering before committing to a purchase. TitanHQ offers a free trial of WebTitan Cloud (and WebTitan Cloud for WiFi) so you can try before committing to a purchase.

If you would like further information on getting started with web filtering, have technical questions about implementation, would like details of pricing or would like a demo or a free trial, contact the TitanHQ team today.

TitanHQ Joins HTG Peer Groups as Gold Vendor

TitanHQ Joins HTG Peer Groups as Gold Vendor

The multi-award-winning email and web filtering solution provider TitanHQ has announced an exciting new partnership with the international consulting, coaching, and peer group organization HTG.

The new partnership – announced at the HTG Peer Groups Q1 quarterly meeting at the Pointe Hilton Squaw Peak Resort in Phoenix AZ will see TitanHQ join HTG Peer Groups as a Gold vendor, which gives the HTG community immediate access to TitanHQ’s leading web filtering solution WebTitan.

Currently, service providers are being called upon to provide costly support to their clients to help them defend against ransomware and malware attacks. They are also required to spend a considerable proportion of the time allocated to each client under service level agreements mitigating malware and ransomware infections caused by careless employees.

By implementing WebTitan, service providers can easily provide an additional layer of Internet security to their clients, helping to protect them against ransomware and malware attacks. With WebTitan in place, they will also avoid the costly and time-consuming task of mitigating attacks and removing malicious software.

By deploying WebTitan, managed service providers quickly and easily secure their clients’ networks. Once protected, instead of accessing the Internet directly, all Internet requests are made through WebTitan, which serves as a protective barrier preventing malicious websites from being accessed. WebTitan scans websites and webpages searching for malicious content and when harmful webpages are identified they are added to block lists. Any request made by a user to access a malicious website will blocked before a connection to the site is made.

Additionally, WebTitan is a powerful content filter that can be controlled by the MSP or their clients. Once the content filter is applied, any attempt to access a webpage or website that contravenes the organization’s acceptable Internet usage polices will be blocked. WebTitan also provides visibility into Internet usage via detailed reports that are automatically sent to security/HR teams.

HTG Peer Groups Founder Arlin Sorensen (Left); TitanHQ CEO Conor Madden (Right)

The new partnership between TitanHQ and HTG will make it even easier for the HTG community to add this important security protection to their service stacks and provide better value to their clients.

“We’re delighted to welcome TitanHQ on board for 2018. As soon as the initial discussion started we knew they would make a great match for our community, as web security is a key area for our members in 2018,” said Arlin Sorensen, founder of HTG Peer Groups.

In contrast to many web filtering solutions that have been developed for enterprises and subsequently tweaked to make the products suitable for MSPs, WebTitan was developed specifically with MSPs in mind.

“The WebTitan web filter was built by MSP’s for MSP’s and this exciting relationship with HTG Peer Groups is a continuation of that process,” said Ronan Kavanagh, CEO of TitanHQ. “It allows us to listen to the opportunities and difficulties faced by MSP senior executives while also allowing us to share how we became a successful web security vendor. Our goal is to successfully engage with HTG members to build strong and long-lasting relationships.”

In addition to being given access to WebTitan, the HTC community will also have access to TitanHQ’s email archiving platform ArcTitan and will be able to offer spam and phishing protection to their clients through SpamTitan, the leading email filtering solution for MSPs.

Emotet Malware Infection Cost Rockingham School District $314,000 to Resolve

The Rockingham school district in North Carolina discovered Emotet malware had been installed on its network in late November. The cost of resolving the infection was an astonishing $314,000.

The malware was delivered via spam emails, which arrived in multiple users’ inboxes. The attack involved a commonly used ploy by cybercriminals to get users to install malware.

The emails appeared to have been sent by the anti-virus vendor used by the school district, with the subject line ‘incorrect invoice’ and the correct invoice included as an attachment. The emails were believable and were similar to many other legitimate emails received on a daily basis.

The emails asked the recipient to open and check the attached invoice; however, doing so would see malware downloaded and installed on the email recipient’s computer.

Soon after those emails were received and opened, staff started to experience problems. Internet access appeared to have been blocked for some users. Reports from Google saying email accounts had been shut down due to spamming started to be received. The school district investigated and discovered several devices and servers had been infected with malware.

Emotet malware is a network worm that is capable of spreading across a network. Infection on one machine will see the virus transmitted to other vulnerable devices. The worm drops a type of banking malware on infected devices that is used to steal victims’ credentials such as online banking details.

Emotet is a particularly advanced malware variant that is difficult to detect and hard to remove. The Rockingham school district discovered just how problematic Emotet malware infections can be when attempts were made to remove the worm. The school district was able to successfully clean some infected machines by reimaging the devices; however, the malware simply re-infected those computers.

Mitigating the attack required assistance from security experts, but even with expert help the recovery process is expected to take up to a month. 10 ProLogic ITS engineers will spend around 1,200 on site reimaging machines. 12 servers and potentially up to 3,000 end points must be reimaged to remove the malware and stop reinfection. The cost of cleanup will be $314,000.

Attacks such as this are far from uncommon. Cybercriminals take advantage of a wide range of vulnerabilities to install malware on business computers and servers. In this case the attack took advantage of gaps in email defenses and a lack of security awareness of employees. Malware can similarly be installed by exploiting unpatched vulnerabilities in software, or by drive-by downloads over the Internet.

To protect against Emotet malware and other viruses and worms layered defenses are required. An advanced spam filtering solution can ensure malicious emails are not delivered, endpoint detection systems can detect atypical user behavior, antivirus solutions can potentially detect and prevent infections, while web filters can block web-based attacks and drive-by downloads. End users are the last line of defense and should therefore be trained to recognize malicious emails and websites.

Only a combination of these and other cybersecurity defenses can keep organizations well protected. Fortunately, with layers defenses, it is possible to avoid costly malware and phishing attacks such as the one experienced by the Rockingham school district.

ACLU Criticizes Excessive Internet Filtering Controls in Schools

The Children’s Internet Protection Act (CIPA) requires Internet filtering controls in schools to be applied to block obscene images, child pornography, or other images that could be harmful to minors.

Compliance with the Children’s Internet Protection Act is not mandatory, but a lack of Internet filtering controls in schools means that it is not possible to receive discounts under the e-rate program – an initiative that makes telecommunications and Internet services more affordable for schools. The discounts are considerable. Schools can reduce their telecommunications costs by up to 90%.

Consequently, many schools choose to comply with CIPA and apply Internet filtering controls to block inappropriate website content. However, Internet filtering controls in schools are often overly restrictive, and are not only used to block obscene content, but other material with important educational value.

A recent report by the American Civil Liberties Union (ACLU) of Rhode Island, has revealed that many schools are choosing to use their Internet filters to block a broad range of website content – Far more than is necessary to comply with CIPA.

The latest report is a follow-on study from a 2013 investigation into Internet filtering controls in schools in Rhode Island. Four years ago, the ACLU study found that teachers were being hampered by Internet filters and prevented from using the Internet to educate students. Students were also blocked from accessing information relevant to their studies.

Since that initial report was released, the Rhode Island Department of Education (RIDE) released guidance for schools on Internet filtering, following the passage of a new state law that required Internet filtering controls in schools to foster academic freedom.

For the latest report, ACLU requested copies of Internet filtering policies from school districts to determine whether state laws were being followed and if Internet filtering controls in schools had improved following the model policy issued by RIDE.

33 school districts responded to the request, but only five of the schools had an Internet filtering policy in place, and out of those five, three were not in compliance with the new state law.

Critics of Internet filtering controls in schools often point out that in an effort to block obscene and sexual content, topics such as sex education are accidentally blocked. However, the report suggests that the blocking of such content by Rhode Island schools was not always accidental.

It is important for children to be able to have their questions answered on sex. Schools are often the only places where children can access such educational content. UCLU found that it was common for sex education content to be blocked by filters in Rhode Island schools.

Other topics that were commonly blocked were material related to drugs, tobacco, alcohol, terrorism, and religion. ACLU pointed out that the Internet filtering controls prevented students from researching topics such as the medicinal use of marijuana, fetal alcohol syndrome, abortion, or the opioid epidemic in the United States.

Some schools had even more restrictive filers in place that prevented students and staff from accessing topics such as hobbies, dictionaries, news and political websites, humor and information about alternative sexual lifestyles.

The Internet filtering law in Rhode Island requires schools to have an Internet filtering policy that explains why a particular category of website content is blocked to ensure transparency, and to list who is responsible for making the decision about blocking that category.

A mechanism must also be put in place that allows staff and students to request the lifting of a block (whitelisting a website for example) to allow educational content to be accessed. Yet the report showed that in many cases, staff and students had to wait for excessively long periods before their request was honored.

The law requires a list to be maintained of all requests and for those lists to be assessed annually to determine whether filtering controls need to be altered. RIDE’s model Internet filtering policy must also be adopted to ensure academic freedom.

ACLU said, “Without adoption and implementation of strong policies across the board, we will continue to see an array of issues involving the over-filtering of our schools’ Internet systems, which will continue to negatively impact students from accessing information and teachers from making use of helpful educational tools.”

Using a clunky system that blocks valuable content will be damaging to children’s education. Internet content filtering in schools is important, but it is also important for a technological control to be implemented that is not overly restrictive.

With WebTitan, it is possible to block obscene content and to comply with CIPA, without restricting access to important educational content. Category filters are accurate, and thanks to highly granular controls, adjusting filtering settings is a quick and straightforward process. With WebTitan, schools can quickly fine tune their filters and process staff and student requests to unblock content and comply with both CIPA and state laws.

If you are looking for an alternative solution that allows you to carefully control the content that can be accessed over the Internet by staff and students, that allows different controls to be applied for different users and user groups and is easy to use, contact the TitanHQ team today and find out about the difference WebTitan can make.

Are Password Managers Safe?

Passwords should be complex and difficult to guess, but that makes them difficult to remember, so what about using password managers to get around that problem? Are password managers safe and secure? Are they better than attempting to remember passwords for every one of your accounts?

First of all, it is worth considering that most people have a great deal of passwords to remember – email accounts (work and personal), social media accounts, bank accounts, retail sites, and just about every other online service. If you rarely venture online and do not make online purchases, that means you will need to learn a handful of passwords (and change them regularly!).

Most people will have many passwords. Far too many to remember. That means people tend to choose easy to remember – and easy to guess – passwords and tend to reuse passwords on multiple sites.

These poor security practices are a recipe for disaster. In the case of password reuse, if one password is guessed, multiple accounts can be compromised. So, are password managers safe? If that is the alternative, then most definitely.

With a password manager you can generate a strong and impossible to remember password for every online account. That makes each of those accounts more secure. Emmanuel Schalit, CEO of Dashline, a popular password manager, said, “Sometimes, it’s better to put all your eggs in the same basket if that basket is more secure than the one you would be able to build on your own.”

That does mean that if the server used by the password manager company is hacked, you do stand to lose all of your passwords. Bear in mind that no server can ever be 100% secure. There have been hacks of password manager servers and vulnerabilities have been discovered (see below). Password managers are not risk-free. Fortunately, password managers encrypt passwords, so even if a server is compromised, it would be unlikely that all of your passwords would be revealed.

That said, you will need to set a master password to access your password manager. Since you are essentially replacing all of your unique passwords with a single password, if the master password is guessed, then your account can be accessed and with it, all of your passwords. To keep password managers safe and secure, it is important to use a strong and complex password for your account – preferably a passphrase of upwards of 12 characters and you should change that password every three months.

If you use a cloud-based password manager, it is possible that when that service goes down, you will not be able to access your own account. Fortunately, downtime is rare, and it would still be possible to reset your passwords. You could also consider keeping a local copy of your passwords and encrypting that file. In a worst-case scenario, such as the password manager company going bust, you would always have a copy. Some services will also allow you to sync your encrypted backups with the service to ensure local copies are kept up to date.

Flaws Discovered in Password Managers

Tavis Ormandy, a renowned researcher from the Google Project Zero team, recently discovered a flaw in Keeper Password Manager that could potentially be exploited to gain access to a user’s entire vault of stored passwords. The Keeper Password Manager flaw could not be exploited remotely without any user interaction. However, if the user was lured onto a specially crafted website while logged into their password manager, the attacker could inject malicious code to execute privileged code in the browser extension and gain access to the account. Fortunately, when Keeper was alerted to the flaw, it was rapidly addressed before the flaw could be exploited.

Last year Ormandy also discovered a flaw in LastPass, one of the most popular password managers. Similarly, that flaw could be exploited by luring the user to a specially crafted webpage via a phishing email. Similarly, that flaw was rapidly addressed. The LastPass server was also hacked the year before, with the attackers gaining access to some users’ information. LastPass reports that while it was hacked, users’ passwords were not revealed.

These flaws do go to show that while password managers are safe, vulnerabilities may exist, and even a password manager can potentially be hacked.

Are Password Managers Safe to Use?

So, are password managers safe? They can be, but as with any other software, vulnerabilities may exist that can leave your passwords exposed. It is therefore essential to ensure that password manager extensions/software are kept up to date, as is the case with all other software and operating systems.

Security is only as good as the weakest link, so while your password manager is safe, you will need to use a complex master password to prevent unauthorized individuals from accessing your password manager account. If that password is weak and easily guessable, it will be vulnerable to a brute force attack.

In addition to a complex master password, you should take some additional precautions. It would be wise not to use your password manager to save the password to your bank account. You should use two-factor authentication so if a new device attempts to connect to any of your online accounts, you will receive an alert on your trusted device or via email.

As an additional protection, businesses that allow the use of password managers should consider implementing a web filtering solution that prevents users from visiting known malicious websites where vulnerabilities could be exploited. By restricting access to certain categories of website, or whitelists of allowable sites, the risk of web-based attacks can be reduced to a low and acceptable level.

Password managers should also be used with other security solutions that provide visibility into who is accessing resources. Identity and access management solutions will help IT managers determine when accounts have been breached, and will raise flags when anomalous activity is detected.

HTTPS Phishing Websites Soar as Cybercriminals Embrace SSL

HTTPS phishing websites have increased significantly this year, to the point that more HTTPS phishing websites are now being registered than legitimate websites with SSL certificates, according to a new analysis by PhishLabs.

If a website starts with HTTPS it means that a SSL certificate is held by the site owner, that the connection between your browser and the website is encrypted, and you are protected from man-in-the-middle attacks. It was not long ago that a green padlock next to the URL, along with a web address starting with HTTPS, meant you could be reasonably confident that that the website you were visiting was genuine. That is no longer the case, yet many people still believe that to be true.

According to PhisLabs, a recent survey showed that 80% of respondents felt the green padlock and HTTPS indicated the site was legitimate and/or secure. The truth is that all it means is traffic between the browser and the website is encrypted. That will prevent information being intercepted, but if you are on a phishing website, it doesn’t matter whether it is HTTP or HTTPS. The end result will be the same.

Over the past couple of years there has been a major push to move websites from HTTP to HTTPS, and most businesses have now made the switch. This was in part due to Google and Firefox issuing warnings about websites that lacked SSL certificates, alerting visitors that entering sensitive information on the sites carried a risk. Since October, Google has been labelling websites as Not Secure in the URL via the Chrome browser.

Such warnings are sufficient to see web visitors leave in their droves and visit other sites where they are better protected. It is no surprise that businesses have sat up and taken notice and made the switch. According to Let’s Encrypt, 65% of websites are now on HTTPS, compared to just 45% in 2016.

However, it is not only legitimate businesses that are switching to secure websites. Phishers are taking advantage of the benefits that come from HTTPS websites. Namely trust.

Consumer trust in HTTPS means cybercriminals who register HTTPS sites can easily add legitimacy to their malicious websites. It is therefore no surprise that HTTPS phishing websites are increasing. As more legitimate websites switch to HTTPS, more phishing websites are registered with SSL certificates. If that were not the case, the fact that a website started with HTTP would be a clear indicator that it may be malicious and cybercriminals would be at a distinct disadvantage.

What is a surprise is the extent to which HTTPS is being abused by scammers. The PhishLabs report shows that in the third quarter of 2017, almost a quarter of phishing websites were hosted on HTTPS pages. Twice the number seen in the previous quarter. An analysis of phishing sites spoofing Apple and PayPal showed that three quarters are hosted on HTTPS pages. Figures from 2016 show that less than 3% of phishing sites were using HTTPS. In 2015 it was just 1%.

While checks are frequently performed on websites before a SSL certificate is issued, certification companies do not check all websites, which allows the scammers to obtain SSL certificates. Many websites are registered before any content is uploaded, so even a check of the site would not provide any clues that the site will be used for malicious purposes. Once the certificate is obtained, malicious content is uploaded.

The PhishLabs report also shows there is an approximate 50/50 spread between websites registered by scammers and legitimate websites that have been compromised and loaded with phishing webpages. Just because a site is secure, it does not mean all plugins are kept up to date and neither that the latest version of the CMS is in use. Vulnerabilities exist on many websites and hackers are quick to take advantage.

The rise in HTTPS phishing websites is bad news for consumers and businesses alike. Consumers should be wary that HTTPS is no guarantee that website is legitimate. Businesses that have restricted Internet access to only allow HTTPS websites to be visited may have a false sense of security that they are protected from phishing and other malicious sites, when that is far from being the case.

For the best protection, businesses should consider implementing a web filter that scans the content of webpages to identify malicious sites, and that the solution is capable of decrypting secure sites to perform scans of the content.

For more information on how a web filter can help to protect your organization from phishing and malware downloads, give the TitanHQ sales team a call today.

Terdot Trojan Steals Banking Credentials and Hijacks Social Media Accounts

The Terdot Trojan is a new incarnation of Zeus, a highly successful banking Trojan that first appeared in 2009. While Zeus has been retired, its source code has been available since 2011, allowing hackers to develop a swathe of new banking Trojans based on its sophisticated code.

The Terdot Trojan is not new, having first appeared in the middle of last year, although a new variant of the credential-stealing malware has been developed and is being actively used in widespread attacks, mostly in Canada, the United States, Australia, Germany, and the UK.

The new variant includes several new features. Not only will the Terdot Trojan steal banking credentials, it will also spy on social media activity, and includes the functionality to modify tweets, Facebook posts, and posts on other social media platforms to spread to the victim’s contacts. The Terdot Trojan can also modify emails, targeting Yahoo Mail and Gmail domains, and the Trojan can also inject code into websites to help itself spread.

Further, once installed on a device, Terdot can download other files. As new capabilities are developed, the modular Trojan can be automatically updated.

The latest variant of this nasty malware was identified by security researchers at Bitdefender. Bitdefender researchers note that in addition to modifying social media posts, the Trojan can create posts on most social media platforms, and suspect that the stolen social media credentials are likely sold on to other malicious actors, spelling further misery for victims.

Aside from social media infections, the Trojan is distributed via phishing emails. One such spam email campaign includes buttons that appear to be PDF files, although a click will launch JavaScript which starts the infection process. However, Bitdefender researchers note that the primary infection vector appears to be the Sundown exploit kit – exploiting vulnerabilities in web browsers.

Unfortunately, detecting the Terdot Trojan is difficult. The malware is downloaded using a complex chain of droppers, code injections and downloaders, to reduce the risk of detection. The malware is also downloaded in chunks and assembled on the infected device. Once installed, it can remain undetected and is not currently picked up by many AV solutions.

“Terdot goes above and beyond the capabilities of a Banker Trojan. Its focus on harvesting credentials for other services such as social networks and e-mail services could turn it into an extremely powerful cyber-espionage tool that is extremely difficult to spot and clean,” warns Bitdefender.

Protecting against threats such as banking Trojans requires powerful anti-malware tools to detect and block downloads, although businesses should consider additional protections to block the main attack vectors: Exploit kits and spam email.

Spam filtering software should be used to block phishing emails containing JavaScript and Visual Basic downloaders. A web filter is also strongly advisable to block access to webpages known to host malware and exploit kits. Even with powerful anti-virus, web filters, and spam filters, employees should be trained to be more security aware. Regular training and cybersecurity updates can help to eradicate risky behavior that can lead to costly malware infections.

TitanHQ Provides Insights into Great Innovations in Enterprise WiFi Security at WiFi Now Europe 2017

TitanHQ Provides Insights into Great Innovations in Enterprise WiFi Security at WiFi Now Europe 2017

TitanHQ Sales Director Conor Madden will be talking enterprise Wi-Fi security at this year’s Wi-Fi Now Europe 2017, explaining some of the key innovations in Wi-Fi security to keep enterprise Wi-Fi networks secure.

This will be the fourth time in two years that Conor has provided his insights into Wi-Fi security developments at Wi-Fi Now conferences. Conor will be giving his presentation – Four Great Innovations in Enterprise Wi-Fi – Part One – on the first day of the conference between 12:00 and 12:30.

Conor will explain how DNS-based Wi-Fi security adds an essential layer of security to keep enterprise Wi-Fi networks secure, and will offer insights into how enterprises can easily create customized Wi-Fi services. In addition to Conor’s headline speech, the TitanHQ team will be in attendance and will be demonstrating WebTitan Cloud for Wi-Fi at Stand 23 over the three days of the event. The team will also demonstrate some of the big-ticket deployments from the past 18 months. The team will also explain some of the new refinements and updates that have made WebTitan even more useful and user friendly, including the new API capability that is proving so popular with product managers and engineers.

Wi-Fi Now Europe 2017 – The Premier Conference for the Wi-Fi Industry

The Wi-Fi Now Europe 2017 event brings together leaders, entrepreneurs, innovators, and experts from all areas of the Wi-Fi industry. This year there will be more than 50 speakers including analysts, thought leaders, technology leaders, carriers and service providers. More than 40 companies from all areas of the Wi-Fi industry will be demonstrating their products and services to attendees.

The conferences are a highlight in the calendar for anyone involved in the Wi-Fi industry and provide attendees with an incredible networking opportunity and the chance to learn about the latest advances in Wi-Fi, exciting new products and new services on offer.

The Wi-Fi Now Europe 2017 Conference will be taking place between October 31st and November 2nd at the NH Den Haag Hotel atop The Hague’s World Trade Center Building.

Gold passes give attendees complete access to all events at the 3-day conference, with day passes also available. Advance registration is required for all attendees.

TitanHQ On the Road

It has been a busy few weeks for TitanHQ. The team has been traveling across Europe and the United States, showcasing its web filtering, spam filtering and email archiving solutions.

The Wi-Fi Now Europe 2017 comes hot on the heels of the DattoCon17 conference in London, where the team met with more than 400 MSPs and the ASCII Summit in Washington D.C., where TitanHQ explained how Managed Service Providers can grow their business and easily increase monthly recurring revenues.  Earlier this month, TitanHQ attended the Kaseya Connect Europe IT Management Event and explained about the new integration of WebTitan with Kaseya.

The road trip continues into November in the United States, with TitanHQ attending both the upcoming HTG Meeting in Orlando, FL (Oct 30-Nov 3) and the IT Nation, ConnectWise Conference at the Hyatt Regency, Orlando, between November 8-10, 2017.

Look Beyond HIPAA Compliance to Prevent Healthcare Data Breaches

Last month saw a significant rise in healthcare data breaches, clearly demonstrating that healthcare providers, health plans, and business associates are struggling to prevent healthcare data breaches.

The Health Insurance Portability and Accountability Act (HIPAA) Security Rule was introduced to ensure that healthcare organizations implement a range of safeguards to ensure the confidentiality, integrity, and availability of healthcare data. It has now been more than decade since the Security Rule was introduced, and data breaches still occurring with alarming frequency. In fact, more data breaches are occurring than ever before.

September Data Breaches in Numbers

The Protenus Breach Barometer Report for September, which tracks all reported healthcare data breaches, showed there were 46 breaches of protected health information (PHI) in September, with those breaches resulting in the exposure of 499,144 individuals’ PHI. Hacking and IT incidents were cited as the cause of 50% of those breaches, with insiders causing 32.6% of incidents. Loss and theft of devices was behind almost 11% of the month’s breaches. Previous monthly reports in 2017 have shown that insiders are often the biggest cause of healthcare data breaches.

HIPAA Compliance Will Not Prevent Healthcare Data Breaches

HIPAA compliance can go some way toward making healthcare organizations more resilient to cyberattacks, malware and ransomware infections, but simply complying with the HIPAA Security Rule does not necessarily mean organizations will be impervious to attack.

HIPAA compliance is about raising the bar for cybersecurity and ensuring a minimum standard is maintained. While many healthcare organizations see HIPAA compliance as a goal to achieve a good security posture, the reality is that it is only a baseline. To prevent data breaches, healthcare organizations must go above and beyond the requirements of HIPAA.

Detect Insider Breaches Promptly

Preventing insider data breaches can be difficult for healthcare organizations. Healthcare employees must be given access to patient records in order to provide medical care, and there will always be the occasional bad apple that snoops on the records of patients who they are not treating, and individuals who steal data to sell to identity thieves.

HIPAA Requires healthcare organizations to maintain access logs and check those logs regularly for any sign of unauthorized access. The term ‘regularly’ is open to interpretation. A check every six months or once a year could be viewed as regular and compliant with HIPAA regulations. However, during those 6 or 12 months, the records of thousands of patients could be accessed. Healthcare organizations should go above and beyond HIPAA requirements and should ideally implement a system that constantly monitors for unauthorized access or at least conduct access log reviews every quarter as a minimum. This will not prevent healthcare data breaches, but it will reduce their severity.

Close the Door to Hackers

50% of breaches in September were due to hacking and IT incidents. Hackers are opportunistic, and while targeted attacks on large healthcare organizations do occur, most of the time hackers take advantage of long-standing vulnerabilities that have not been addressed. In order to correct those vulnerabilities, they must first be identified, hence the need for regular risk analyses as required by the HIPAA Security Rule. An organization-wide risk analysis should take place at least every year to remain HIPAA compliant, but more frequently to ensure vulnerabilities have not crept in.

Additionally, a check should be performed at least every month to make sure all software is up to date and all patches have been applied. There have been numerous examples recently of cloud storage instances being left unprotected and accessible by the public. There are free tools that can be used to check for exposed AWS buckets for example. Scans should be regularly conducted. Cybercriminals will be doing the same.

Prevent Impermissible Disclosures of PHI

One of the leading causes of PHI disclosures occurs when laptop computers, zip drives, and other portable devices are lost or stolen. While employees can be trained to take care of their devices, thieves will seize any opportunity if devices are left unprotected. HIPAA does not demand the use of encryption, and alternative measures can be used to secure devices, but HIPAA covered entities and their business associates should use encryption on portable devices to ensure that in the event of loss or theft, data cannot be accessed. If an encrypted device is stolen or lost, it is not a HIPAA breach. Using encryption on portable devices is a good way to prevent healthcare data breaches.

Small portable storage devices such as pen drives are convenient, but they should never be used for transporting PHI – They are far too easy to lose or misplace. Use HIPAA-compliant cloud storage services such as Dropbox or Google Drive as they are more secure.

Block Malware and Ransomware Attacks

Malware and ransomware attacks are reportable breaches under HIPAA, and can result in major data breaches. Email is the primary vector for delivering malware, so it is essential for an effective spam filtering solution to be implemented. HIPAA requires training to be provided to employees regularly, but a once-a-year training session is no longer sufficient. Training sessions should take place at least every 6 months, with regular security alerts on the latest phishing threats communicated to employees as and when necessary. Ideally, training should be an ongoing process, involving phishing simulation exercises.

Malware and ransomware can also be downloaded in drive-by attacks when browsing the Internet. A web filtering solution should be used to prevent healthcare employees from visiting malicious sites, to block phishing websites, and prevent drive-by malware downloads. A web filter is not a requirement of HIPAA, but it is an important extra layer of security that can prevent healthcare data breaches.

Health Tips Used as Lure in Smoke Loader Malware Malvertising Campaign

Cybercriminals are delivering Smoke Loader malware via a new malvertising campaign that uses health tips and advice to lure end users to a malicious website hosting the Terror Exploit Kit.

Malvertising is the name given to malicious adverts that appear genuine, but redirect users to phishing sites and websites that have been loaded with toolkits – exploit kits – that probe for unpatched vulnerabilities in browsers, plugins, and operating systems.

Spam email is the primary vector used to spread malware, although the threat from exploit kits should not be ignored. Exploit kits were used extensively in 2016 to deliver malware and ransomware, and while EK activity has fallen considerably toward the end of 2016 and has remained fairly low in 2017, attacks are still occurring. The Magnitude Exploit it is still extensively used to spread malware in the Asia Pacific region, and recently there has been an increase in attacks elsewhere using the Rig and Terror exploit kits.

The Smoke Loader malware malvertising campaign has now been running for almost two months. ZScaler first identified the malvertising campaign on September 1, 2017, and it has remained active throughout October.

Fake advertisements are frequently used to lure users to the malicious sites, although the latest campaign is using weight loss promises and help to quit smoking to attract clicks. Obfuscated JavaScript is incorporated into adverts to redirect users to malicious websites hosting the Terror exploit kit.

Exploit kits can be loaded with several exploits for known vulnerabilities, although the Terror EK is currently attempting to exploit two key vulnerabilities: A scripting engine memory corruption vulnerability (CVE-2016-0189) that affects Internet Explorer 9 and 11, and a Windows OLE automation array RCE vulnerability (CVE-2014-6332) affecting unpatched versions of Windows 7 and 8. ZScaler also reports that three Flash exploits are also attempted.

Patches have been released to address these vulnerabilities, but if those patches have not been applied systems will be vulnerable to attack. Since these attacks occur without any user interaction – other than visiting a site hosting the Terror EK – infection is all but guaranteed if users respond to the malicious adverts.

Smoke Loader malware is a backdoor that if installed, will give cybercriminals full access to an infected machine, allowing them to steal data, launch further cyberattacks on the network, and install other malware and ransomware. Smoke Loader malware is not new – it has been around since at least 2011 – but it has recently been upgraded with several anti-analysis mechanisms to prevent detection. Smoke Loader malware has also been associated with the installation of the TrickBot banking Trojan and Globelmposter ransomware.

To protect against attacks, organizations should ensure their systems and browsers are updated to the latest versions and patches are applied promptly. Since there is usually a lag between the release of a new patch and installation, organizations should consider the use of a web filter to block malicious adverts and restrict web access to prevent employees from visiting malicious websites.

For advice on blocking malvertisements, restricting Internet access for employees, and implementing a web filter, contact the TitanHQ team today.

Government Internet Safety Strategy Aims to Make UK the Safest Place to be Online

This week, the UK government’s Culture Secretary Karen Bradley announced the publication of a new green paper outlining the government’s Internet Safety Strategy, saying the aim is to make the UK the safest place to be online.

The Internet Safety Strategy outlines the awareness campaign that the government is taking to prevent cyber-bullying, trolling and the accessing of pornography by minors. The government has come under increasing pressure in recent years to take decisive action to curb the growing problem of online abuse and harm to minors from accessing age-inappropriate websites.

In a recent press release announcing the new Internet Safety Strategy, Bradley said “In the past year, almost one fifth of 12-15-year olds encountered something online that they ‘found worrying or nasty in some way’ and 64% of 13-17-year olds have seen images or videos offensive to a particular group.” The problem is not confined to minors. Adults too have been offended or upset by material they have viewed on social media sites, and the new strategy will also help to keep adults safe and protected online.

The aim of the new proposals is not censorship of the Internet – the UK government continues “to embrace the huge benefits and opportunities the Internet has brought for British citizens.” The aimof the government’s Internet Safety Strategy is simply to make the Internet a safer place and prevent harm to vulnerable people, especially children.

Bradley said, “Behaviour that is unacceptable in real life is unacceptable on a computer screen. We need an approach to the Internet that protects everyone without restricting growth and innovation in the digital economy.”

The Internet Safety Strategy tackles a range of online issues using several different methods – a combination of improved efforts to educate children and the public about online dangers and acceptable online conduct, social media advice, the promotion of safety features for parents to use to protect their children, and the use of Internet filtering in schools.

Some of the key elements in the Internet Safety Strategy are:

  • Developing a new social media code of practice to address bullying, intimidating, or humiliating online content
  • An industry-wide levy so social media companies and communication service providers contribute to raise awareness and counter internet harms​
  • The publication of an annual Internet safety transparency report detailing the progress made at reducing abusive and harmful content and conduct
  • Providing support for start-ups and tech companies to help them build safety features into their products and apps at the design stage
  • Compulsory new subjects in schools: Relationship education at the primary school level and relationship & sex education at secondary level
  • Encouraging social media companies to provide social media safety advice to parents and build that advice into their platforms
  • Promoting the use of social media and Internet safety features by parents
  • Changing the name of the UK Council for Child Internet Safety to the UK Council for Internet Safety, to show the safety of all Internet users is of concern

In the new green paper, the Keeping Children Safe in Education (KCSIE) guidance is highlighted. The guidance details the steps that schools and colleges in England should take to protect students and keep them safe online. The guidance was updated in September last year to include a new section on safeguarding children online. Schools were reminded of their responsibility to prevent children from accessing harmful and inappropriate website content, explaining Internet filtering in schools is a requirement. Solutions that allow Internet filtering in schools should block inappropriate content and also allow the monitoring of the attempted access of inappropriate material.

The use of similar controls by parents is being encouraged, first by making sure the options are available – the big four ISPs in the UK all offer Internet content filtering controls – and to improve education on the need to implement content filtering solutions to protect children at home.

Vicki Shotbolt, Chief Executive Officer at Parent Zone – an organization set up to provide expert information to families, schools and family professionals on the Internet safety – said, “It is encouraging to see the government proposing concrete steps to ensure that industry is doing everything they can to support families and make the Internet a place that contributes to children flourishing.”

WRC Upholds Decision to Terminate Employee for Accessing Porn at Work

A Social Community Partnership in Ireland that terminated an employee for accessing porn at work was sued for unfair dismissal; however, the Workplace Relations Commission (WRC) in Dublin upheld the decision of the company to terminate the employee, which was deemed to be the appropriate sanction under the circumstances.

The viewing of any pornographic material in the workplace is unacceptable, but for a Social Community Partnership that provides services to children and families, it is especially important to take action when employees access obscene material – In this case the webpages depicted rape, the abduction of girls, and non-consensual sex.

A statement released by the unnamed Social Community Partnership read, “[The worker’s] actions go against the grain of the organization, but has the potential to put at risk the company’s funding relationship with Government services.”

The accessing of inappropriate material was discovered during a review of the computers used by receptionists at the Partnership. That review revealed pornographic material had been accessed on a reception computer on seven occasions between September 30th and November 26th, 2015. The material was accessed between 1.28pm and 16.40pm, and while multiple employees had access to the computer, on three of the occasions, the terminated employee was the only member of staff working in the reception area.

Once that was confirmed in May 2016, the employee’s contract was terminated for gross misconduct. The employee appealed the decision internally, claiming the allegations were incorrect. She denied accessing porn at work and claimed she was not the only person to have access to the computer. Two other receptionists were employed at the firm and could have accessed the material. When the appeal was rejected, the employee sued the firm for unfair dismissal.

An independent IT consultant was brought in to conduct a scan of the computer to confirm that a malware infection was not present, which could theoretically have been responsible for the sites being accessed. The woman maintained there was no evidence against her and popups could have explained the accessing of the material. She also said other employees could have accessed the computers in the reception area, which did not require the use of secure passwords.

The WRC ruled that, on the balance of probability, the employee did access pornographic material, and the decision to terminate the employee was correct. The woman has been unable to find further work in the field, despite her 18 years’ experience, due to the nature of her dismissal.

Employees Accessing Porn at Work Is a Widespread Problem

The accessing of pornography at work is widespread, global problem – and one that acceptable Internet usage policies do not prevent.

A 2013 report from the UK government found computers in parliament were used to make an average of 800 visits to pornographic websites per day – more than 300,000 attempts were made over the period of study.

A 2014 survey by Proven Men Ministries found nearly two third of men (63%) and one third of women (36%) admitted accessing pornography at work, while a 2015 poll conducted by The Sun newspaper in the UK found 15% of women in the UK watch pornography at work.

In the United States, a Harris Poll in 2011 found 3% of Americans watch porn at work, with an earlier study by The Nielsen Company placing the figure at around 28%.

While there is some variation between the studies, it is clear that the accessing of pornography at work is a widespread problem, responsible for a significant loss of productivity, the creation of a hostile work environment, and many HR issues.

Companies Can Easily Avoid Pornography-Related HR Issues

Even though acceptable Internet usage policies are developed, and employees have to confirm that those policies have been read and understood, many employees still access porn at work. Some employees simply disregard those policies, others mistakenly believe they will not be found out.

For the company, accessing porn at work causes major HR issues. Complaints are often made by other employees who have caught a glimpse of the material, a hostile work environment can develop, HR departments have to take disciplinary action, and recruit and train replacement employees – all of which are a drain on productivity and result in many lost man hours.

As this case shows, these incidents can result in bad publicity, potentially loss of funding, and legal costs from fighting lawsuits.

However, all of these problems are easy to avoid. Companies can simply block adult website content with a web filter. A web filter allows firms to enforce acceptable Internet usage policies and prevent obscene or otherwise inappropriate material from being accessed by employees.

The Social Community Partnership would have been able to avoid all the bad publicity and paying to fight the unfair dismissal claim if a web filtering solution been put in place to enforce acceptable Internet usage policies.

If you have yet to start filtering the Internet, and are not blocking pornography and other inappropriate material from being accessed in the workplace, contact TitanHQ today and ask about WebTitan – The leading web filtering solution for enterprises.

How Acceptable Internet Usage Policies for Libraries Often Fail

Libraries are places of open learning where the Internet can be freely accessed. Acceptable internet usage policies for libraries are usually developed, but many libraries do not go as far as restricting access to certain types of Internet content. That means acceptable Internet usage policies for libraries can be easily abused. Library computers can be used for highly illegal activities and there is little to prevent minors from coming to harm.

The Importance of Free and Open Internet Access in Libraries

The provision of open access to the Internet in libraries is understandable. Libraries are places of learning where the public can gain access to information of all types. Even if information is highly controversial and causes offense to some individuals, that does not mean access to the information should be blocked.

When Charles Darwin published the Origin of Species it was hugely controversial, but it would be difficult to argue the book has no place in a library.  In order for people to understand and debate Darwin’s views, they need access to his book.

Access to the Internet is now provided in most libraries. For many individuals, libraries are the only places where the Internet can be accessed freely. Children especially may be unable to access the Internet at home and view important educational information without fear of reprisals – viewing information on LGBTI issues for example or information on sex education.

Many libraries, as places of open learning, are reluctant to place any restrictions on Internet access, instead acceptable internet usage policies for libraries are used to lay down the rules on the content that is permitted and prohibited.

Typical Acceptable Internet Usage Policies for Libraries

When acceptable internet usage policies for libraries are used, they usually state that while access to website content is not blocked, library computers should not be used to access illegal web content – content such as child pornography, which is illegal in all forms.

Acceptable Internet usage policies for libraries often reference the Children’s Internet Protection Act (CIPA), which requires schools and libraries to implement controls to prevent the accessing of imagery that could be harmful to minors – pornography, child abuse, child pornography, and other potentially harmful imagery. However, schools and libraries are only required to comply with CIPA if they receive certain state or government funding. Many libraries would be reluctant to block adult pornography, because it is not illegal and would not do so if they are not required to do so by CIPA.

While acceptable internet usage policies for libraries are important for laying down the rules, not all library patrons read those policies or adhere to them.  The policies will do nothing to prevent illegal content from being accessed and minors will not be prevented from accessing potentially harmful images.

Where Acceptable Internet Usage Policies for Libraries Fail

There have been numerous complaints made by members of the public in recent years of cases of patrons using library computers to access pornography, in full view of other library patrons. The past few days have seen another example covered by the media of where the use of acceptable internet usage policies for libraries has failed.

The latest compliant was made about College Terrace Library in Palo Alto, CA. The library has an acceptable Internet usage policy but does not filter the Internet in any way.  The policy states “Libraries and librarians should not deny or limit access to electronic information because of its allegedly controversial content or because of the librarian’s personal beliefs or fear of confrontation.”

The complaint in question, which has led to a police investigation, concerns the actions of one of the library’s patrons, who was seen accessing images of child pornography on a library computer in full view of other patrons. That individual’s actions were illegal and contravened library AUPs, yet it was still possible for that information to be accessed.

Free and Open Internet Access in Libraries, With Certain Restrictions?

The incident shows how the decision not to impose any restrictions on Internet access has potential to cause harm to library patrons, many of whom will be minors. Acceptable internet usage policies for libraries can be ineffective; however, the use of Internet filtering software can solve this problem.

The purpose of Internet filtering software in libraries is not to limit free speech, or even police Internet as such. The aim is to protect minors and to prevent extremely harmful illegal content from being accessed by some individuals to protect all library patrons.

The American Library Association (ALA) is against filtering of Internet content in libraries. The ALA even filed a lawsuit claiming CIPA was unconstitutional and violated the first amendment rights of consumers. The ALA argued that the Internet was a public forum, and as such required strict scrutiny, but that Internet filtering technology would result in overblocking of website content. A lower court agreed, but the case was taken to the Supreme Court which ruled that public-forum principles were not applicable as the Internet is not a traditional public forum. The Court also ruled that even if there was overblocking of website content, librarians could easily disable the filtering for certain individuals or unblock sites that had been caught by the filters and that this would result in only a minimum burden on librarians. The Supreme Court also ruled that CIPA was constitutional.

While the use of Internet filters used to result in overblocking of content, today that is less of an issue. Categorization of websites is now far better and more reliable. Internet filtering software has improved considerably in the past 15 years.

Why a Content Filter for Libraries Should be Implemented

Libraries are places of learning and should provide open access to the Internet, but they are not places where it should be possible to view child pornography. Libraries have a responsibility to protect patrons from viewing such material, and other harmful website content such as phishing websites.

They should also be using content filters to prevent the downloading of malware and ransomware. In January this year, libraries in St. Louis had their computers taken out of action as the result of a ransomware download. That attack not only prevented Internet access for days, but it took out the system used to log borrowed and returned books. Patrons of 16 libraries in Missouri were prevented from borrowing books. The library had to wipe its system and rebuild it from scratch, a process that took weeks.

Provided content filtering software is used wisely, and mechanisms are introduced to allow the content filter to be lifted on sites that are not illegal or do not contravene acceptable internet usage policies for libraries, they should be applied to ensure that illegal website content cannot be accessed, systems are protected, and patrons are prevented from coming to harm.

Internet content filters can be used to block sites known to host illegal content such as images of child abuse and child pornography, and sites that have been shown to be used for phishing or to deliver malware. Blacklists for these sites are maintained by several organizations.

Internet content filtering ensures the public are prevented from engaging in illegal activity and are protected from phishing attacks. Those controls to not contravene Americans’ first amendment rights.

If you are a librarian and are interested in blocking illegal content but keeping Internet access open, or if you wish to apply for grants, funding, or discounts and must comply with CIPA, contact TitanHQ today to find out more about your Internet content filtering options.

Integrating a Web Filter with LDAP Makes Content Filtering Simple

Businesses today need to implement layered defenses to prevent malware and ransomware from being installed on their networks. A web filtering solution should be one of those defenses. At its most basic, a web filter will block access to websites known to contain malware, exploit kits, or be used for phishing.

While web filters are commonly used as an additional security measure to block malware, one of the most important reasons for implementing a web filter is to prevent employees from accessing inappropriate or illegal website content and to prevent productivity draining online activities. In some cases, employers choose to severely restrict Internet access by only allowing employees to access to whitelisted sites – websites that need to be accessed for work purposes.

Regardless of the level of control you want to apply, it is usual for different controls to be needed for different individuals or groups of employees. For example, social media sites could be blocked for the entire organizations, but not for the marketing department, which would need to access corporate social media accounts.

While it is possible to place restrictions on different computers using a virtual local area network (VLAN), using a VLAN for content control lacks flexibility. If a device is on a VLAN that prohibits Internet access entirely, there may be instances when Internet access is temporarily required.

Integrating a Web Filter with LDAP

A better, more flexible solution is to base content filtering controls on the user, or user group. Integrating a web filter with LDAP allows filtering controls to be easily applied for different users, rather than limiting controls to a particular device.

In a call center, a telemarketer could logon using their LDAP information and have one set of filtering controls, whereas a manager could logon to the same device and have far greater permissions. The use of LDAP also allows detailed reports to be generated on which users and devices have accessed certain websites or website content. If DHCP is used on workstation and mobile devices, it may only be possible to view access logs up to a day old. Integrating a web filter with LDAP will make it much easier to generate reports when performing audits of Internet use.

Oftentimes, employees will be assigned to more than one LDAP group, so while it is possible to assign web filtering controls to specific groups, rules can be set to cater for members of more than one group, such as using the most or least restrictive content filtering settings when a user is in multiple LDAP groups. Not everyone will have a LDAP account. When guests require Internet access, a default configuration can be set. If users need to take their devices off site, content filtering by IP address or VLAN would not be possible. In such cases, a client-based solution is used to capture the LDAP session. This is important for K12 Schools that issue laptops for students to take home.

Using a web filtering solution that integrates with LDAP makes content filtering much easier to manage. WebTitan integrates with LDAP allowing you to easily apply content filtering controls by user or user group, with a range of APIs also provided to integrate with Active Directory, NetIQ and other deployment, billing and management tools.

If you want to start filtering the Internet and controlling the content that your users can access, contact TitanHQ today for further information, to schedule a product demonstration, and take advantage of our free trial.

Sonic Data Breach Potentially Impacts Up to 5 Million of the Restaurant Chain’s Customers

Investigations are continuing into a massive Sonic data breach that has potentially impacted millions of its customers.

Sonic, an Oklahoma City-based restaurant chain with more than 3,600 franchise restaurants in the United States, was alerted to a potential breach by its card payment processor after a pattern of fraudulent purchases was identified and linked to the restaurant chain.

The Sonic data breach was first reported by Brian Krebs, who linked the listing of a batch of 5 million credit and debit card numbers on the cybercrime marketplace Joker’s Stash to a potential breach at Sonic.

Krebs reported that two individuals who had agreed to purchase credit card numbers from the seller both said the cards had previously been used in Sonic locations. After contacting Sonic to report the potential breach, Krebs was notified that the restaurant chain was investigating a potential breach.

Sonic has issued a statement saying it is working with law enforcement and has hired a third-party forensics firm to confirm whether its systems have been hacked, and if so, to determine the nature and scope of the breach.

At present it is unclear how many of the restaurants chain’s locations have been impacted or the number of customer’s that have had their card details stolen. While the batch of credit and debit card numbers listed for sale indicates the breach victim count could be as high as 5 million, it has yet to be established whether all of those card numbers came from the Sonic data breach. It is possible the list could be an amalgamation of data from several breaches.

The Sonic data breach has potential to be one of the largest POS data breaches to affect the hospitality industry, and is the latest in a string of cyberattacks on restaurants. Earlier this year Chipotle Mexican Grill experienced a breach that affected most of the chain’s restaurants. Arby’s and the Select restaurant chain have also announced major data breaches. Last year, a major breach of card details was reported by Wendy’s which affected more than 1,000 of its restaurants.

Restaurant chain data breaches typically involve malware installed on point-of-sale systems that collects and exfiltrates card details. The malware infections often go unnoticed for weeks or months. It is only when card processors notice trends in credit card fraud and alert specific restaurants or restaurant chains that the breach is identified. The malicious actors behind these breaches often hold on to the stolen data until a sufficiently large batch of card numbers have been obtained, before listing the data for sale on darknet marketplaces.

In this case, the card numbers from the Sonic data breach were selling for between $25 and $50 depending on the type of card. This is much higher than the usual cost of stolen card numbers, indicating the card details have come from a recent data breach with most of the cards yet to be cancelled.

Hackers can gain access to POS systems via email phishing attacks, by exploiting vulnerabilities using exploit kits, direct attacks on unpatched and out-of-date operating systems, brute force RDP attacks, or by infiltrating the systems of vendors that have legitimate access to restaurant networks. It was the latter that enabled hackers to gain access to Target’s system and steal credit card details of 40 million customers. The same was true of the Wendy’s breach. Hackers obtained the credentials of some of its service providers and were able to login and install malware.

Restaurants can reduce the risk of data breaches by complying with the Payment Card Industry’s Data Security Standard (PCI DSS), a list of 12 requirements spread across six control objectives. Those requirements include the use of spam filtering, web filtering solutions, and securing the Wi-Fi environment – the latter two can both be achieved by implementing WebTitan.

The Rapid Evolution of Ransomware

There has been a rapid evolution of ransomware over the past two years. New variants of ransomware are now being released on an almost daily basis, and the past two years have seen a massive explosion in new ransomware families. Between 2015 and 2016, Proofpoint determined there had been a 600% increase in ransomware families and Symantec identified 100 totally new ransomware families in 2016.

The development of new ransomware variants has largely been automated, allowing developers to massively increase the number of threats, making it much harder for the developers of traditional, signature-based security solutions such as antivirus and antimalware software to maintain pace.

The latest ransomware variants use a wide variety of techniques to evade detection, with advanced obfuscation methods making detection even more problematic.

Ransomware is also becoming much more sophisticated, causing even greater problems for victims. Ransomware is now able to delete Windows Shadow Volume copies, hampering recovery. Ransomware can interfere with file activity logging, making an infection difficult to detect until it is too late. Ransomware can encrypt files on removable drives – including backups – and spread laterally on a network, encrypting files on network shares and multiple end points.

Not only have the ransomware variants become more sophisticated, so too have the methods for distributing the malicious code. Highly sophisticated spam campaigns use a variety of social engineering techniques to fool end users into visiting malicious links and opening infected email attachments. Droppers with heavily obfuscated code are used to download the malicious payload and a considerable amount of effort is put into crafting highly convincing emails to maximize the probability of an end user taking the desired action.

Then, there is ransomware-as-a-service – the use of affiliates to spread ransomware in exchange for a cut of the profits. Ransomware kits are now supplied, complete with intuitive web based interfaces and instructions for crafting ransomware campaigns. Today, it is not even necessary to have any technical skill to conduct a ransomware campaign.

The profits from ransomware are also considerable. In 2016, the FBI estimated profits from ransomware would exceed $1 billion. With such high returns, it is no surprise that ransomware has become the number one malware threat for businesses.

The Evolution of Ransomware – Notorious Ransomware Variants from the Past Two Years

  • Locky: Deletes volume shadow copies from the compromised system, thereby preventing the user from restoring files without paying the ransom.
  • Jigsaw: An extremely aggressive ransomware variant that deletes encrypted files every hour until the ransom is paid, with total file deletion in 72 hours.
  • Petya: Rather than encrypting files, Petya changes and encrypts the master boot record, preventing files from being accessed. Petya is also capable of installing other malware payloads.
  • NotPetya: A wiper that appears to be ransomware, although NotPetya permanently changes the master boot record making file recovery impossible.
  • CryptMix: Attackers claim they will donate the ransom payments to a children’s charity, in an effort to get victims to pay up. There is no evidence ransom payments are directed to worthy causes.
  • Cerber: Now used to target users of cloud-based Office 365, who are less likely to have backed up their data. Some Cerber variants speak to their victims and tell them their files have been encrypted.
  • KeRanger: One of the first ransomware strains to target Mac OS X applications.
  • Gryphon: Spread via remote desktop protocol (RDP) using brute force tactics to guess weak passwords.
  • TorrentLocker: A ransomware variant being used to target SMBs, spread via spam email attachments claiming to be job applications
  • HDDCryptor: A ransomware variant that targets network shares, file, printers, serial ports, and external drives. HDDCryptor locks the entire hard disk
  • CryptMIC: A ransomware variant that does not change file extensions, making it harder for victims to identify the threat
  • ZCryptor: Ransomware with worm-like capabilities, able to rapidly spread across a network and infect multiple networked devices and external drives
  • WannaCrypt: A 2017 ransomware variant with worm-like capabilities, able to spread rapidly to infect all vulnerable computers on a network.

Ransomware is most commonly spread via spam email, exploit kits and by remotely exploiting vulnerabilities. To protect against ransomware you need an advanced spam filter, a web filter such as WebTitan to block access to sites containing exploit kits, and you need to ensure software and operating systems are kept 100% up to date.

In the event that you are infected with ransomware, you must be able to recover files from a backup. Use the 321 approach to ensure you can recover files without paying the ransom – Make three backup copies, on two different media, with one copy stored securely off site. Also make sure backups are tested to ensure files can be restored in an emergency.

New Study Confirms the High Cost of Cyberloafing

A new study has been published in the Journal of Psychosocial Research on Cyberspace on the problem of cyberloafing, highlighting not only the cost to business but also the cost to individuals. Cyberloafing is a major drain on productivity, yet it is all too common. Employees who engage in cyberloafing can also seriously damage their career prospects.

The Business Cost of Cyberloafing

Employers are paying their employees to work, yet a significant amount of time is lost to cyberloafing. Cyberloafing dramatically reduces productivity and eats up company profits. The study was conducted on 273 employees and cyberloafing was measured along with the traits that led to the behaviour.

The study revealed a correlation between dark personality traits such as psychopathy, Machiavellianism and narcissism, but also showed that employees are wasting huge amounts of time simply because they can get away with it. The sites most commonly visited were not social media sites, but news websites and retail sites for online shopping.

In an ideal world, employees would be able to do their jobs and allocate some time each day to personal Internet use without any losses in productivity. Some employees do just that and curb personal Internet use and do not let it interfere with their work duties. However, for many employees, cyberfloafing is a problem and huge losses are suffered by employers as a result.

A 2013 study on cyberloafing conducted by Salary.com showed that 69% of employees waste time at work every day, with 64% visiting non-work related websites. Out of those individuals, 39% said they wasted up to an hour on the Internet at work, 29% wasted 1-2 hours, and 32% wasted more than 2 hours a day.

Cyberloafing can make a huge dent in company profits. A company with 100 employees, each of whom spend an hour a day on personal Internet use, would see productivity losses of in excess of 25,000 man-hours a year.

Productivity losses caused by cyberloafing are not the only problem – or cost. When employees use the Internet for personal reasons, their actions slow down the network resulting in slower Internet speeds for all. Personal Internet use increases the risk of malware and viruses being introduced, which can cause further productivity losses. The cost of resolving those infections can be considerable.

What Can Employers do to Reduce Productivity Losses?

First of all, it is essential that the workforce is advised of company policies relating to personal Internet use. Informing the staff about what is an acceptable level of personal Internet use and what constitutes unacceptable behaviour ensures everyone is aware of the rules. They must also be advised of the consequences of cyberloafing.

The Journal of Psychosocial Research on Cyberspace study suggests “a worker’s perceived ability to take advantage of an employer is a key part of cyberloafing.” By increasing monitoring and making it clear that personal Internet use is being noted, it serves as a good deterrent. When personal Internet use reaches problem levels there should also be repercussions for the employees concerned.

If there are no penalties in place for employees that break the rules and company policies are not enforced, little is likely to change.

As for what those penalties are is down to the employer. Action could be taken against the individuals concerned via standard disciplinary procedures such as verbal and written warnings. Controls could be put in place to curb Internet activity – such as blocks placed on certain websites – social media sites/news sites for example – when employees are spending too much time online. Those blocks could be temporary or even time-based, only allowing personal Internet use during breaks or at times when workloads are typically low.

WebTitan – An Easy Solution to Reduce Productivity Losses and Curb Cyberloafing

Such controls are easily applied with WebTitan. WebTitan is an Internet filter for enterprises that can be used to reclaim lost productivity and block access to web content that is unacceptable in the workplace.

WebTitan allows Internet controls to be easily set for individual employees, user groups, or the entire organisation, with the ability to apply time-based web filtering controls.

Preventing all employees from accessing the Internet for personal reasons may not be the best way forward, as that could have a negative impact on morale which can similarly reduce productivity. However, some controls can certainly help employers reduce productivity losses. Internet filtering can also lower legal liability by preventing illegal activities and the accessing of adult content in the workplace and can help to prevent the development of a hostile work environment.

If you are interested in improving productivity and enforcing Internet usage policies in your organization, contact TitanHQ to discuss your options.

New Facebook Messenger Malware and Adware Campaign Detected

A new Facebook Messenger malware and adware campaign has been detected by Kaspersky Lab. The malware is capable of gathering information about the user and directing them to websites that offer downloads tailored to the users’ operating system and browser. Landing pages are also customized to maximize the probability of the user taking the required actions. This advanced Facebook Messenger malware and adware campaign works on Windows PCs and Macs and is not dependent on the browser being used.

The Facebook Messenger malware and adware campaign starts with a Messenger message containing a link to a video file, with that link pointing to Google Docs. Since Facebook Messenger is used with Bitly URLs it is hard for users to determine that the links are not what they seem.

Cleverly, a picture is taken from the user’s Facebook page which is incorporated into a dynamic landing page that is tailored to the individual. The landing page appears to host a playable video file. Clicking on the video will direct the user to a website where information is gathered on their environment, including their operating system, browser type and other information. The user is then directed to another website that is tailored to the information obtained from the first website.

Windows users using Firefox are directed to one website, IE users to another, and Mac users elsewhere. Those sites offer updates such as Flash downloads and malicious Chrome extensions. At present, these campaigns are being used to download adware, although they could easily be tweaked to install malware.

The Chrome extension is adware, but also includes a downloader which will allow further payloads to be delivered to the user’s device. What is not currently known is how the messages are being sent via Messenger. David Jacoby, the Kaspersky Lab researcher who discovered the Facebook Messenger malware and adware campaign, said, “It may be from stolen credentials, hijacked browsers or clickjacking. At the moment, we are not sure because this research is still ongoing.”

While the messages could be sent by unknown individuals, they may also be sent from Facebook contacts whose accounts have been compromised. Any hyperlinks sent via Messenger should therefore be treated with suspicion, especially when they appear out of the blue.

This new campaign is clever, although it is just one of many that are distributed via Messenger. Businesses can protect themselves against Facebook Messenger malware campaigns by using a Web Filtering solution such as WebTitan.

Many businesses choose not to block Facebook due to the negative impact it has on staff morale. However, with WebTitan it is possible to block Facebook Messenger without blocking the Facebook website. Employees can still access Facebook, while employers are protected from malicious messages that could result in malware downloads.

Internet Filtering for Managed Service Providers: A Must For Your Service Stack

With the volume of cyberattacks increasing and heightened pressure on businesses to offer family-friendly WiFi access, a partnership with a company that offers Internet filtering for managed service providers is now a must.

Businesses that offer WiFi access to customers provide greater value and are more likely to attract customers. Younger age groups in particular are more likely to choose an establishment that allows them to connect to the Internet and not use their own data allowance.  Coffee shops, restaurants, bars, and retail outlets now appreciate that providing WiFi access brings in more customers.

However, it is becoming increasingly important for secure WiFi access to be provided. Customers are now demanding more. They want reassurance that efforts are being made to make WiFi networks secure. Parents also want to make sure their children will not be exposed to harmful website content when hooking up to WiFi networks.

With demand for a filtered Internet service high, it is an easy sell for managed service providers. Further, Internet filtering brings in regular monthly revenue for next to no effort. Once the service is set up there is very little maintenance. Due to the low maintenance overhead and ease of implementation, Internet filtering for managed service providers could even be provided as part of an existing security suite to give clients even greater value for money.

Visiting clients to install solutions and perform updates is costly and eats into profits. It can also be difficult to convince businesses to pay out for an appliance to keep customers safe online. Free WiFi may increase footfall, but having to pay for a $500 appliance is a difficult sell.

However, with a cloud-based filter there is no need for any hardware purchases, no need for MSPs to visit their clients for an installation, and all settings can be changed remotely via an online administration control panel. Customers can even be given their own logins so they can tweak their own settings and whitelist and blacklist certain webpages at will.

WebTitan Cloud for WiFi – Internet Filtering for Managed Service Providers Made Simple

WebTitan Cloud for WiFi has been developed to make Internet filtering for managed service providers as simple as possible. This go-to-market content filtering solution can be set up for each client in around 20 minutes, with no need for site visits or any software downloads. WebTitan Cloud for WiFi is also supplied with a full set of APIs for easy backend integration and reports can be scheduled and sent automatically.

Each client can have their own administration control panel to tweak their content filtering settings, and since the interface is non-technical, there is no steep learning curve. Internet filtering controls are applied by category, so configuration is a quick and easy process.

Content filtering with WebTitan Cloud for WiFi has no discernible impact on Internet speed, there is no limit to the number of WiFi points that can be protected and no limit on bandwidth.

Setting different web filtering controls for different users and user groups is straightforward, since the solution integrates with LDAP and Active Directory. Filtering settings can also be set by the time of day or night.

If you want to offer your clients real-time spyware, malware and virus protection and allow them to carefully control Internet access to keep customers safe online and avoid legal liability, WebTitan Cloud for WiFi is the ideal choice.

To make it even better for MSPs, WebTitan Cloud for WiFi can be supplied in white label form ready to accept MSPs branding and there is a choice of hosting options, including the option of hosting the solution in your own environment. Add to that Industry leading customer service and you have the complete package.

If you are an MSP and are Interested in offering Internet filtering to your service stack or are looking for a lower cost service provider with better margins, contact the MSP team at TitanHQ today and find out how easy – and profitable – Internet filtering for managed service providers can be.

New Disdain Exploit Kit Being Rented on the Cheap on Darknet Forums

Exploit kit activity has fallen considerably since last year, but new variants are being developed, one of the latest being the Disdain exploit kit.

An exploit kit is a web-based toolkit capable of probing web users’ browsers for vulnerabilities. If vulnerabilities are discovered, they can be exploited to silently download ransomware and malware.

All that is required for an attack to take place is for web users to be directed to the domain hosting the exploit kit and for them to have a vulnerable browser or out of date plugin. Currently, the author of the Disdain exploit kit claims his/her toolkit can exploit more than a dozen separate vulnerabilities in Firefox, IE, Edge, Flash and Cisco WebEx – Namely, CVE-2017-5375, CVE-2016-9078, CVE-2014-8636, CVE-2014-1510, CVE-2013-1710, CVE-2017-0037, CVE-2016-7200, CVE-2016-0189, CVE-2015-2419, CVE-2014-6332, CVE-2013-2551, CVE-2016-4117, CVE-2016-1019, CVE-2015-5119, and CVE-2017-3823. Many of those exploits are recent and would have a high chance of success.

No malware distribution campaigns have so far been identified using the Disdain exploit kit, although it is likely to just be a matter of time before attacks are conducted. The Disdain exploit kit has only just started being offered on underground forums.

Fortunately, the developer does not have a particularly good reputation on the forums, which is likely to slow the use of the exploit kit. However, it is being offered at a low price which may tempt some malware distributors to start conducting campaigns. The EK can be rented for as little as $80 a day, with discounts being offered for weekly and monthly use. The Disdain exploit kit is being offered for considerably less than some of the other exploit kits currently being touted on the forums, including the Nebula EK.

All that is required is for someone to rent the kit, provide the malicious payload, and direct traffic to the domain hosting the Disdain exploit kit – such as via a malvertising campaign or botnet. The price and capabilities of the EK mean it has potential to become a major threat.

Protecting Your Business from Online Threats

Cybercriminals may be favouring spam email over exploit kits for delivering malware, although the threat of web-based attacks should not be ignored. To a large extent, good patch management practices can reduce the risk of exploit kit attacks, although not entirely. Exploit kits are frequently updated with new vulnerabilities for which patches have yet to be released. If end users are directed to domains hosting exploit kits, malware and ransomware downloads can be expected.

Along with prompt patching, businesses should consider implementing a web filtering solution. A web filter can be configured to carefully control the websites that end users can visit. A web filter will block access to all webpages known to host malware or contain exploit kits. Risky categories of website, which end users have no work purpose for visiting, can also easily be blocked reducing the risk of phishing attacks and improving employee productivity.

An appliance-based web filter can be costly to implement and can have a negative effect on Internet speed. A DNS-based web filter on the other hand requires no hardware purchases and has no latency. Internet speed is unaffected. Since a web filter can also be used to restrict access to websites that take up a lot of bandwidth, Internet speeds for all can actually improve.

WebTitan Cloud – and WebTitan Cloud for WiFi – are DNS-based web filtering solutions for enterprises that allow precision control over the sites that can be accessed by end users and offer excellent protection against web-based threats such as exploit kits and phishing websites.

The solutions require no hardware purchases, no software downloads, there is no latency, and they are highly scalable. Implementing and configuring the solutions is quick and easy and they require minimal maintenance.

WebTitan is also ideal for MSPs, being available in full white-label form with a choice of hosting options – including hosting in an MSPs environment.

If you want to improve the productivity of your workforce and effectively manage online threats – or offer web filtering to your clients – contact the TitanHQ team today to discuss your options and register for a free trial.

Mamba Ransomware Attacks Resume

In November last year, the San Francisco Municipal Transportation Agency (Muni) was attacked with Mamba ransomware. The attackers issued a ransom demand of 100 Bitcoin – $73,000 – for the keys to unlock the encryption. Muni refused to pay up, instead opting to recover files from backups. However, the Mamba ransomware attack still proved costly. The attack took its fare system out of action and passengers had to be allowed to travel for free for more than a day. The average take on fares on a weekend day is $120,000.

It has been relatively quiet on the Mamba ransomware front since that attack, although this month has seen several Mamba ransomware attacks, indicating the gang behind the malware is back in action. Those attacks are geographically targeted with businesses in Saudi Arabia and Brazil currently in the firing line, according to Kaspersky Lab researchers who first detected the attacks.

Mamba ransomware uses DiskCryptor for full disk encryption rather than searching for and encrypting certain file types. That means a Mamba ransomware attack will prevent the operating system from running.

Once installed, the malware forces a reboot of the system and modifies the Master Boot Record and encrypts disk partitions and reboots again, this time victims are presented with a warning screen advising data have been encrypted. The attacks share some similarities with the NotPetya (ExPetr) attacks of June.

The algorithms used to encrypt the data are strong and there is no known decryptor for Mamba Ransomware. If the disk is encrypted, victims face permanent file loss if they do not have a viable backup and refuse to pay the ransom demand. However, the latest attacks make no mention of payment of a ransom. Victims are just instructed to email one of two email addresses for the decryption key.

The reason for this approach is it allows ransoms to be set by the attackers on an infection by infection basis. Once the extent of encryption is determined and the victim is identified, the attackers can set the ransom payment accordingly.

It is currently unclear whether the attackers hold the keys to unlock the encryption and whether payment of the ransom will result in file recovery. Kaspersky reports that the group behind this ransomware variant has not been identified. This may be a criminal attack by an organized crime gang or a nation-state sponsored cyberattack where the intention is not to obtain ransoms but to sabotage businesses.

Businesses can enhance their defences against this and other malware variants by implementing WebTitan.

WebTitan is a web filtering solution for the enterprise that allows businesses to prevent end users from visiting malicious websites, such as those used for phishing and for downloading malware and ransomware. By blocking access to malicious sites and carefully controlling access to sites known to carry a high risk of malware delivery – file sharing websites for example – businesses can prevent web-based malware attacks.

How Can I Restrict Internet Access at Work?

There are many reasons why businesses want to restrict Internet access at work. Allowing employees to have unrestricted access to the Internet can result in a major drain on productivity, the risk of malware and ransomware downloads must be managed and inappropriate Internet access at work can cause legal issues. However, restricting Internet access at work can also cause problems.

The Problem of Personal Internet Use at Work

Some employees spend an unreasonable amount of the working day surfing the Internet, playing games or accessing their social media accounts. Personal Internet use can see hours of the working day wasted. Multiple an hour a day by your number of employees and the losses are considerable.

There are other drains on productivity as a result of these activities. They can have a knock-on effect on Internet speed. If employees are downloading large files from file sharing websites or streaming music or videos, this can result in latency that affects all employees. Internet speed slows and important websites may become temporarily unavailable.

The Danger of Malware and Ransomware Downloads

Personal Internet use at work can cause other productivity-draining issues. If employees are accessing social media websites, downloading files or are visiting questionable websites, the risk of a malware or ransomware downloads increases significantly.

Ransomware can result in an entire network being taken out of action, as has recently been seen at companies affected by the WannaCry and NotPetya attacks. In the case of the latter, companies have experienced major disruptions for weeks following the attacks.

Even if antivirus software is installed, it may not prevent malware and ransomware downloads. Cybercriminals are getting better at obfuscation. Ransomware may not be detected until it is too late.

Accessing of Inappropriate Web Content

While most employees do not use the Internet to access unsavoury or illegal web content, there are always a few bad apples. The problem of accessing pornography at work is a real issue, and could be much worse than you think.

In 2014, a survey conducted by the Barna Group showed 63% of men and 36% of women have viewed pornography at work. A survey in Forbes in 2013 Forbes revealed 25% of adults have viewed porn at work. 28% of employees have downloaded porn at work according to another survey.

Many businesses feel the best way to tackle the problem of personal Internet use is through acceptable usage policies and greater oversight of employees by line managers. When individuals are discovered to be abusing the Internet, action can be taken against individuals without restricting Internet access at work for everyone. This does not always prove effective.

Even if policies are introduced that threaten instant dismissal for accessing pornography at work, it may not curb use. The use of anonymizer services will prevent bosses from discovering what sites are being visited. In the case of personal Internet use, differentiating between minor personal use and persistent abuse can be difficult.

The alternative is to restrict Internet access at work with a web filter. A web filter can be used to block access to specific websites or categories of website content.

Problems with Using a Web Filter to Restrict Internet Access at Work

A web filter may seem like a quick and easy solution, although companies that restrict Internet access at work with a web filter can experience problems. Those problems can be worse than the issues the web filter was installed to correct.

If you restrict Internet access at work using an appliance-based web filtering solution it can result in latency. Each website must be inspected before it is accessed. In the case of secure (HTTPS) sites, each webpage must be decrypted, inspected, and re-encrypted. This places a considerable strain on resources. The result is considerable latency. As more sites switch to SSL certification and also use 4096-bit encryption, the problem will only get worse.

If you restrict Internet access at work, employees who were only accessing the occasional personal site may be unhappy with the new restrictions. This can have an effect on productivity and create a hostile working environment. Why should all employees be made to suffer because of the actions of a few?

How to Avoid Problems and Still Restrict Internet Access at Work

The issue of latency can be avoided if a cloud-based web filter is used. Cloud-based filters allow employers to restrict Internet access at work, but since the solutions are based in the cloud, they use the service providers resources. The result is Internet control without latency. There are other benefits. Cloud-based web filters are more flexible, scalable, and do not require the purchase of any hardware.

Some cloud-based filters, WebTitan for instance, allow time-based controls to be applied. Employers can use this feature to restrict Internet access at work during busy times and relax control at others. It is easy to block access to certain sites 100% of the time, others some of the time – relaxing controls during breaks for instance – and setting different controls for different employees or groups of employees. Since the filter integrates with LDAP and Active Directory, setting controls for different user groups is simple. It is also possible to block anonymizer websites to prevent users from bypassing content filtering controls.

Speak to TitanHQ About Internet Filtering Controls

Internet content control is quick, easy and low cost with WebTitan. The solution allows you to easily restrict Internet access at work and avoid the common problems associated with web filtering. If you are Interested in curbing personal Internet use at work, contact TitanHQ today for advice. You can also sign up for a free trial and evaluate WebTitan in your own environment before you commit to a purchase.

2017 Sees Huge Rise in Malware Attacks on Schools

2017 has seen a major rise in malware attacks on schools. While cybercriminals have conducted attacks using a variety of different malware, one of the biggest problems is ransomware. Ransomware is malicious code that encrypts files, systems and even master file tables, preventing victims from accessing their data. The attack is accompanied by a ransom demand. Victims are required to pay a ransom amount per infected device. The ransom payments can range from a couple of hundred dollars to more than a thousand dollars per device. Ransom demands of tens of thousands of dollars are now common.

Data can be recovered from a backup, but only if a viable backup of data exists. All too often, backup files are also encrypted, making recovery impossible unless the ransom is paid.

Ransomware attacks can be random, with the malicious code installed via large-scale spam email campaigns involving millions of messages. In other cases, schools are targeted. Cybercriminals are well aware that cybersecurity defenses in schools are often poor and ransoms are more likely to be paid because schools cannot function without access to their data.

Other forms of malware are used to record sensitive information such as login credentials. These are then relayed back to the attackers and are used to gain access to school networks. The attackers search for sensitive personal information such as tax details, Social Security numbers and other information that can be used for identity theft. With ransomware, attacks are discovered immediately as ransom notes are placed on computers and files cannot be accessed. Keyloggers and other forms of information stealing malware often take many months to detect.

Recent malware attacks on schools have resulted in entire networks being sabotaged. The NotPetya attacks involved a form of malware that encrypts the master file table, preventing the computer from locating stored data. In this case, the aim of the attacks was to sabotage critical infrastructure. There was no way of recovering the encrypted MFT apart from with a full system restore.

The implications of malware attacks on schools can be considerable. Malware attacks on schools result in considerable financial losses, data can be lost or stolen, hardware can be rendered useless and educational institutions can face prosecution or law suits as a result of attacks. In some cases, schools have been forced to turn students away while they resolve infections and bring their systems back online.

Major Malware Attacks on Schools in 2017

Listed below are some of the major malware attacks on schools that have been reported in 2017. This is just a very small selection of the large number of malware attacks on schools in the past 6 months.

Minnesota School District Closed for a Day Due to Malware Attack

Malware attacks on schools can have major consequences for students. In March, the Cloquet School District in Minnesota experienced a ransomware attack that resulted in significant amounts of data being encrypted, preventing files from being accessed. The attackers issued a ransom demand of $6,000 for the keys to unlock the encryption. The school district is technology-focused, so without access to its systems, lessons were severely disrupted. The school even had to close for the day while IT support staff restored data. In this case, sensitive data were not compromised, although the disruption caused was severe. The ransomware is understood to have been installed as a result of a member of staff opening a phishing email that installed the ransomware on the network.

Swedesboro-Woolwich School District Suffers Cryptoransomware Attack

The Swedesboro-Woolwich School District in New Jersey comprises four elementary schools and has approximately 2,000 students. It too suffered a crypto-ransomware attack that took its computer systems out of action. The attack occurred on March 22, resulting in documents and spreadsheets being encrypted, although student data were apparently unaffected.

The attack took a significant part of the network out of action, including the District’s internal and external communications systems and even its point-of-sale system used by students to pay for their lunches. The school was forced to resort to pen and paper while the infection was removed. Its network administrator said, “It’s like 1981 again!”

Los Angeles Community College District Pays $28,000 Ransom

Ransomware was installed on the computer network of the Los Angeles County College District, not only taking workstations out of action but also email and its voicemail system. Hundreds of thousands of files were encrypted, with the incident affecting most of the 1,800 staff and 20,000 students. A ransom demand of $28,000 was issued by the attackers. The school had no option but to pay the ransom to unlock the encryption.

Calallen Independent School District Reports Ransomware Attack

The Calallen Independent School District in northwestern Corpus Christi, TX, is one of the latest victims of a ransomware attack. In June, the attack started with a workstation before spreading to other systems. In this case, no student data were compromised or stolen and the IT department was able to act quickly and shut down affected parts of the network, halting its spread. However, the attack still caused considerable disruption while servers and systems were rebuilt. The school district also had to pay for improvements to its security system to prevent similar attacks from occurring.

Preventing Malware and Ransomware Attacks on Schools

Malware attacks on schools can occur via a number of different vectors. The NotPetya attacks took advantage of software vulnerabilities that had not been addressed. In this case, the attackers were able to exploit the vulnerabilities remotely with no user interaction required. A patch to correct the vulnerabilities had been issued by Microsoft two months before the attacks occurred. Prompt patching would have prevented the attacks.

Software vulnerabilities are also exploited via exploit kits – hacking kits loaded on malicious websites that probe for vulnerabilities in browsers and plugins and leverage those vulnerabilities to silently download ransomware and malware. Ensuring browsers and plugins are 100% up to date can prevent these attacks. However, it is not possible to ensure all computers are 100% up to date, 100% of the time. Further, there is usually a delay between an exploit being developed and a patch being released. These web-based malware attacks on schools can be prevented by using a web filtering solution. A web filter can block attempts by end users to access malicious websites that contain exploit kits or malware.

By far the most common method of malware delivery is spam email. Malware – or malware downloaders – are sent as malicious attachments in spam emails. Opening the attachments results in infection. Links to websites that download malware are also sent via spam email. Users can be prevented from visiting those malicious sites if a web filter is employed, while an advanced spam filtering solution can block malware attacks on schools by ensuring malicious emails are not delivered to end users’ inboxes.

TitanHQ Can Help Schools, Colleges and Universities Improve Defenses Against Malware

TitanHQ offers two cybersecurity solutions that can prevent malware attacks on schools. WebTitan is a 100% cloud-based web filter that prevents end users from visiting malicious websites, including phishing sites and those that download malware and ransomware.

WebTitan requires no hardware, involves no software downloads and is quick and easy to install, requiring no technical skill. WebTitan can also be used to block access to inappropriate website content such as pornography, helping schools comply with CIPA.

SpamTitan is an advanced spam filtering solution for schools that blocks more than 99.9% of spam email and prevents malicious messages from being delivered to end users. Used in conjunction with WebTitan, schools will be well protected from malware and ransomware attacks.

To find out more about WebTitan and SpamTitan and for details of pricing, contact the TitanHQ team today. Both solutions are also available on a 30-day no-obligation free trial, allowing you to test both products to find out just how effective they are at blocking cyberthreats.

Secure WiFi Access for Shops to Attract More Repeat Business

Providing free WiFi in shops helps to attract more foot traffic and improves the shopping experience, although retailers are now realizing the benefits of providing secure WiFi access for shops. Over the past two years, there has been considerable media coverage of the dangers of public WiFi hotspots. Consumer websites are reporting horrifying cases of identity theft and fraud with increasing regularity.

With public awareness of the risks of connecting to public WiFi networks now much greater than ever before, secure WiFi access for shops has never been more important. Consumers now expect free WiFi access in shops, but they also want to ensure that connecting to those WiFi networks will not result in a malware infection or their personal information being obtained by hackers.

Fortunately, there are solutions that can easily be adopted by retailers that mitigate the risks and ensure consumers can connect to WiFi networks safely, but before we cover those options, let’s look a little more closely at the risks associated with unsecured WiFi networks.

The Risks of Unsecured WiFi Networks

If retailers provide free WiFi access in store it helps to attract more foot traffic, individuals are encouraged to stay in stores for longer, they have access to information and reviews about products and studies have shown that customers spend more when free WiFi is provided. A survey by iGT, conducted in 2014, showed that more than 6 out of ten customers spend longer in shops that provide WiFi access and approximately 50% of customers spend more money.

Connecting to a public WiFi network is different from connecting to a home network. For a start, considerably more people connect, including individuals who are intent on stealing information for identity theft and fraud. Man-in-the-middle attacks are common. Man-in-the-middle attacks involve a hacker intercepting or altering communications between a customer and a website. If login details or other sensitive information is entered, a hacker can obtain that information.

Malware and ransomware can be downloaded onto users’ devices and phishing websites can easily be accessed if secure WiFi access for shops is not provided. Consumers typically have Internet security solutions in place on home networks that block these malicious websites. They expect the same protections on retailers’ WiFi networks. Malware poses a significant threat. Alcatel-Lucent, a French telecommunications company, reports that malware attacks on mobile devices are increasing by 25% per year.

Then there is the content that can be accessed. Recently, before Starbucks took steps to block the accessing of pornography via its WiFi networks, the coffee shop chain received a lot of criticism from consumers who had caught glimpses of other customers accessing pornography on their devices.

Secure WiFi Access for Shops Brings Many Benefits

The provision of secure WiFi access for shops tells customers you are committed to ensuring they can access the Internet safely and securely on your premises. It tells parents that you are committed to protecting minors and ensuring they can access the Internet without being exposed to adult content. It tells consumers that you care, which helps to improves the image of your brand. It is also likely to result in positive online reviews.

Providing secure WiFi access for shops makes it easier for you to gain an insight into customer behavior. A web filtering solution will provide you with reports on the sites that your consumers are accessing. This allows you to profile your customers and find out more about their interests. You can see what sites they access, which can guide your future advertising programs and help you develop more effective marketing campaigns. You can also find out more about your real competitors from customers browsing habits.

The provision of secure WiFi access for shops will also help you to reduce legal liability. If you do not block illegal activities on your WiFi network, such as file sharing (torrents) sites, you could face legal action for allowing the downloading of pirated material. The failure to block pornography could result in a lawsuit if a minor is not prevented from accessing adult content.

WebTitan – Secure WiFi Access for Shops Made Simple

Secure WiFi access for shops doesn’t have to be complicated or expensive. TitanHQ offers a solution that is cost effective, easy to implement, requires no technical skill, has no effect on Internet speed and the solution can protect any number of shops in any number of locations. The filtering solution can be managed from an intuitive web-based graphical user interface for all WiFi access points, and a full suite of reports provides you with invaluable insights into customer behavior.

WebTitan Cloud for WiFi is a 100% cloud-based DNS filtering solution. Point your DNS records to WebTitan and you will be filtering the Internet in minutes and blocking undesirable, dangerous and illegal web content. You do not need any additional hardware, you do not need to download any software and configuring the filtering settings typically takes about 30 minutes.

To find out more about WebTitan Cloud for WiFi, including details of pricing and to register for a 30-day, no obligation free trial, contact TitanHQ today.

Why is Internet and WiFi Filtering in Hospitals is so Important?

Hospitals have invested heavily in solutions to secure the network perimeter, although Internet and WiFi filtering in hospitals can easily be forgotten. Network and software firewalls have their uses, although IT security staff know all too well that cyberattacks targeting employees can see those defenses bypassed.

A common weak point in security is WiFi networks. IT security teams may have endpoint protection systems installed, but not on mobile devices that connect to WiFi networks.

A look at the Department of Health and Human Services’ Office for Rights breach portal shows just how many cyberattacks on hospitals are now occurring. Cybercriminals are targeting healthcare organizations due to the value of protected health information (PHI) on the black market. PHI is worth ten times as much as credit card information, so it is no surprise that hospitals are in cybercriminals’ crosshairs. Even a small hospital can hold the PHI of more than 100,000 individuals. If access is gained to a hospital network, that signals a huge pay day for a hacker.

There has also been a massive increase in ransomware attacks. Since hospitals need access to patients’ PHI, they are more likely to pay a ransom to regain access to their data if it is encrypted by ransomware. Hollywood Presbyterian Medical Center paid $17,000 for the keys to unlock its ransomware infection in February last year. It was one of several hospitals to give in to attackers’ demands.

The Hospital WiFi Environment is a Potential Gold Mine for Cybercriminals

The increasing number of wireless devices that are now in use in hospitals increases the incentive for cybercriminals to attempt to gain access to WiFi networks. Not only do physicians use mobile phones to connect to the networks and communicate PHI, there are laptops, tablets and an increasing number of medical devices connected to the networks. As use of mobile devices in healthcare continues to grow and the explosion in IoT devices continues, the risk of attacks on the WiFi environment will only ever increase.

Patients also connect to hospital WiFi networks, as do visitors. They too need to be protected from malware and ransomware when connected to hospital guest WiFi networks.

Internet and WiFi filtering in hospitals is therefore no longer an option, it should be part of the cybersecurity strategy for all healthcare organizations.

Internet and WiFi filtering in Hospitals is Not Just About Blocking Cyberthreats

Malware, ransomware, hacking and phishing prevention aside, there are other important reasons for implementing Internet and WiFi filtering in hospitals.

Guest WiFi access in hospitals is provided to allow patients and visitors to gain access to the Internet; however, there is only a certain amount of bandwidth available. If Internet access is to be provided, all patients and visitors should be able to gain access. Internet and WiFi filtering in hospitals can be used to restrict access to Internet services that consume bandwidth, especially at times when network usage is heavy. Time-based controls can be applied at busy times to block access to video streaming sites to ensure all users can still enjoy reasonable Internet speeds.

It is also important to prevent patients, visitors and healthcare professionals from accessing inappropriate website content.  Internet and WiFi filtering in hospitals should include a block on adult content and other inappropriate or illegal material. Blocks can easily be placed on illegal file sharing websites, gambling or gaming sites, or any other undesirable category of web content.

Internet and WiFi filtering in hospitals ensures WiFi networks can be used safely and securely by all users, including minors. Blocking illegal and undesirable content is not just about protecting patients and visitors. It also reduces legal liability.

Internet and WiFi Filtering in Hospitals Made Simple

WebTitan Cloud for WiFi is an ideal solution for Internet and WiFi filtering in hospitals. WebTitan Cloud for WiFi is cost effective to implement, the solution requires no additional hardware or software installations and there is no latency. Being DNS-based, set up is quick and simple. A change to the DNS settings is all that is required to start filtering the Internet.

WebTitan Cloud for WiFi is ideal for hospital systems. The solution is highly scalable and can be used to protect any number of users in any number of locations. Multiple sites can be protected from one easy-to-use web-based graphical user interface. Separate filtering controls can be applied for different locations, user groups or even individuals. Since the solution links in with Active Directory the process is quick and simple. Separate content controls can easily be set for guests, visitors and staff, including by role.

WebTitan Cloud for WiFi supports blacklists, whitelists and allows precision content control via category or keyword and blocks phishing websites and sites known to host exploit kits and malware. In Sort, WebTitan Cloud for WiFi gives you control over what happens on your WiFI network.

To find out more about WebTitan Cloud for WiFi, details of pricing and to register for a free trial, contact the TitanHQ team today.

Secure WiFi for Hotels Demanded by Guests

Hotel guests used to choose hotels based on whether free WiFi was available, now free WiFi is no longer enough – secure WiFi for hotels is required to ensure the Internet can be accessed safely, a fast connection is essential and the WiFi signal must be reliable.

Even budget hotels know the attractive power of free WiFi and how much easier it is to attract guests with free, reliable Internet access. Forrester Research conducted a survey back in 2013 that showed 90% of hotel guests considered free WiFi access to be the most important hotel amenity, while 34% of respondents said when it comes to choosing a hotel, free WiFi was a deal breaker when choosing a place to stay.

Providing Free WiFi is No Longer Enough

Now that most hotels are offering free WiFi, travelers have become much more discerning. Free WiFi access is no longer sufficient. Hotel guests want reliable access, good Internet speeds, sufficient bandwidth to stream music and videos and secure WiFi for hotels is similarly important. Hotels now need to improve their WiFi networks to continue to attract business.

A quick look on TripAdvisor and other review sites is all it takes to assess the quality of the Internet connection. There are even websites dedicated to providing this information. A poor WiFi signal is one of the most common complaints about hotels.

Providing an excellent Internet connection may not mean a 5-star review is guaranteed – but one or two-star reviews can be expected if the Internet connection or WiFi coverage is poor.

If you really want to attract more guests, provide free WiFi access. If you want to gain a serious competitive advantage, ensure all rooms have an excellent signal, there is sufficient bandwidth and make sure your network is secure. Guests now expect the same protections they have at home.

Common Problems with Hotel WiFi Networks

Listed below are some of the common problems reported by guests about hotel WiFi

Problems connecting more than one device to the network – Hotels often have WiFi networks with limited bandwidth. Restrictions may be in place that only allow one device to be connected per room. For a couple or family, that is no longer sufficient. Most guests will require at least two devices to be connected simultaneously per room, without Internet speed dropping to a snail’s pace.

Parents do not want their children to be able to access porn – A night in a hotel should be a relaxing experience. Parents do not want to have to spend their time policing the Internet. They want controls in place to make sure adult content cannot be accessed by their kids.

Connecting to guest WiFi should be safe and secure – Guests should be protected from malware and ransomware infections and steps should be taken by the hotel operator to reduce the risk of man-in-the-middle attacks. Safe and secure WiFi for hotels is essential. Accessing hotel WiFi should not result in nasties being transferred to guests’ devices. Safe and secure WiFi for hotels is especially important for business travelers. They should be able to enter their usernames and passwords without risking an account compromise.

Bandwidth issues are a major bugbear – If some guests are streaming video to their devices, it should not prevent other users from accessing the Internet or enjoying reasonable Internet speeds. Even at busy times, all guests should be able to connect.

How to Resolve these Problems?

Bandwidth is a major issue. Increasing bandwidth comes at a cost. If free WiFi is provided, it is difficult to recover that expenditure. There are solutions however. Hotels can offer free WiFi access to all guests, yet block streaming sites and other bandwidth-heavy activities. If guests want to be able to stream video, they could be offered a premium service and be charged for non-standard access. The same could apply to adult content. Hotels could offer family-friendly WiFi as standard, with a paid for service having fewer restrictions.

Secure WiFi for hotels is a must. Hotels can implement solutions that block malware and prevent guests from accessing phishing websites. Providing an encrypted connection is also essential. Guests should be able to login to their accounts without being spied on.

Secure WiFi for Hotels Made Simple

A web content filter can be used to resolve the above problems and ensure safe and secure Internet access for all guests. Arranging secure WiFi for hotels is simple with TitanHQ.

TitanHQ’s WebTitan Cloud for WiFi is a content filter with a difference. The solution can be deployed on existing hardware with no need for any software installations.  Once installed, it is simple to manage, with updates to the system occurring automatically. Users don’t even need any technical expertise. The solution can be implemented and accounts set up in minutes. It doesn’t matter how many hotels you operate, all can be protected with ease through a central control panel that can be accessed from any location.

Secure WiFi for Hotels from TitanHQ

WebTitan Cloud for WiFi allows hotel operators to:

  • Control content and online activities without any impact on Internet speed
  • Block pornography and other inappropriate content to make the WiFi network family-friendly
  • Prevent users from engaging in illegal activity
  • Block phishing websites
  • Prevent malware and ransomware downloads
  • Restrict bandwidth-heavy activities such as video and music streaming services
  • Create user groups with different restrictions, allowing streaming or adult content for specific user groups
  • Set web filtering controls for different access points
  • Manage content filtering for multiple hotels with ease, no matter where in the world they are located

To find out more about all of the benefits of WebTitan Cloud for Wifi, how secure WiFi for hotels can be provided, details of prices and to register for a free trial, contact the TitanHQ team today. Your guests will thank you for it.

Why Secure Guest WiFi for Business is So Important

Regardless of whether you run a hotel, coffee shop or retail outlet, Internet access is expected by customers, but make sure you secure guest WiFi for business visitors. Providing business visitors and customers with access to the Internet brings many benefits, but if you do not secure guest WiFi for business visitors you will be exposing yourself to considerable risk.

Why Is Providing Internet Access so Important?

In 2013, one study revealed that 80% of customers in retail outlets felt the provision of free WiFi access would influence their purchasing decisions. If retailers provide guest WiFi access, they are likely to encourage more potential customers into their stores and get more sales opportunities.

With more people purchasing online, businesses need to adapt. Customers want to be able to check online before making a purchase or signing up for a service, such as reading online reviews. Fail to offer Internet access and customers are more likely to leave and make a purchase at another time. Chances are that sale will be made elsewhere.

Why is Secure Guest WiFi for Business So Important?

There are considerable benefits to be gained from offering customers free Internet access. It is what customers want, it provides businesses with an opportunity to communicate with customers, it allows them to collect contact details for future marketing and business can gain valuable customer insights.

However, giving customers and guests access to the Internet opens a business up to considerable risks. If those risks are not mitigated, guest WiFi access can prove incredibly costly. You may have trained your employees to be more security aware and have introduced policies covering allowable Internet usage, but guests, customers and other visitors are likely to have different views about the content that can be accessed on your WiFi network.

Guests and customers could take advantage of a lack of control over accessible website content to access inappropriate material such as pornography. Individuals could engage in morally or ethically questionable activities. They may accidentally or deliberately install malware or ransomware, or visit phishing websites. Secure guest WiFi for business means protecting yourself and your customers. Secure guest WiFi for business visitors and it will ensure they are protected when connected to your network, preventing man-in-the-middle attacks, malware downloads and blocking phishing attacks. You will also be protected from legal liability.

5 Things to Consider About Secure Guest WiFi for Business Customers

If you are going to open up your network to guests, security cannot be an afterthought. Before providing WiFi access be sure to consider the points below:

Network Segregation

Segregating your network is important for two reasons. Secure guest WiFi for business means visitors should not be able to gain access to parts of the network used by your employees. Your internal network must be totally separate from the network used by guests. It should not be possible for guests to see your network assets and confidential files and resources. Use a network firewall or create a separate VLAN for guest use and use a software firewall to protect servers and workstations from traffic from the guest network. Secondly, in the event of a malware or ransomware infection, it will not spread from the guest network to your internal network.

Always Change Default Passwords and SSIDs

This is one of the most basic security practices, yet because of that it is easy to forget. The Internet is littered with reports of data breaches that have occurred as a result of the failure to change default passwords. All network peripherals should have strong, unique passwords set.

It is also important to change your SSID for your WiFi network. The SSID should reflect the name of your business and it should be quite clear to your customers which is your network. Fail to do this and you make it too easy for malicious individuals to set up rogue access points to conduct man-in-the-middle attacks.

Keep your Firmware Updated!

Firmware updates are issued for a reason. They correct vulnerabilities that could easily be exploited by cybercriminals to gain access to your devices. If those vulnerabilities are exploited, configurations can be changed for a variety of nefarious purposes. You should have policies in place that require firmware updates to be installed promptly, with checks performed on a monthly basis.

Encrypt Your Wireless Signals

You want to make it as easy as possible for your guest WiFi network to be accessed by your customers and visitors, but don’t make it too easy for hackers to spy on individuals connected to the network. Make sure you encrypt your wireless network with WPA2 encryption. You can then post the SSID and password in your business to make it easy for legitimate users to gain access to your network.

Secure Guest WiFi for Business Means Content Filtering

Secure guest WiFi for business means adding some controls over the content that can be accessed on your WiFi network. Content filtering is a must. You should block access to adult content – which includes pornography, gambling sites and other web content that is ethically or morally questionable. A web filtering solution will also protect your customers from accidental malware and ransomware downloads while blocking phishing websites. Consider using a cloud-based web filter as these require no additional hardware to be purchased. They can also be configured and maintained remotely and will not require software or firmware upgrades.

Family-Guard Saves Tens of Thousands of Dollars by Deploying WebTitan Cloud for WiFi

Family-Guard offers its customers online protection by blocking access to adult website content such as pornography and stopping malware infections, ensuring the Internet can be accessed safely and securely by all family members.

Family-Guard supplies WiFi routers with pre-configured DNS settings to its customers. Plug in the router and customers are instantly protected from online threats and inappropriate content. As more families take steps to prevent their children from harm online, the company has gone from strength to strength.

However, the firm was not entirely satisfied with its previous web filtering provider and sought a partnership with a new company. Before deciding to deploy WebTitan Cloud for WiFi, Family-Guard needed to be certain that WebTitan offered the required level of protection for its customers. It was essential that all harmful and dangerous website content could be filtered out to ensure customers received the service they paid for. TitanHQ could reassure Family-Guard that its URL filtering technology was up to the task.

The problem with the firm’s previous partner was the inaccuracies in categories and site classifications. Those problems could not be overcome. WebTitan on the other hand offers accurate classification of websites, with more than 500 million web addresses present in its database, including sites in more than 200 languages. Since deploying WebTitan Cloud for WiFi through its router packages, Family-Guard has not experienced the accuracy problems of its previous provider.

Another key consideration when selecting a service provider was the ability to provide the solution in white-label form. It was essential for Family-Guard to incorporate its own branding, which includes the product as well as the user interface for setting filtering controls. With WebTitan, the solution can be supplied without any branding, ready for customization. The white label option and choice of hosting also makes WebTitan an ideal web content filter for managed service providers.

While reassurances could be provided by TitanHQ, the proof of the pudding is in the eating. Before committing, Family-Guard needed to perform extensive testing of the solution. The firm signed up for a free trial and conducted independent tests. Tanner Harman, President of Family-Guard said, “In terms of the trial everything was very straightforward, it was good to speak to an engineer that was able to answer all my questions, this is not common in the technology industry.”

WebTitan is incredibly easy to use and maintain. There are no software updates necessary as all are managed by TitanHQ. Setting up the solution is also straightforward. Once the DNS has been directed to WebTitan, it is just a case of configuring the web filtering controls. For Family Guard, it took staff around 30 minutes to become familiar and comfortable with using the solution. The company is now reaping the benefits.

“For our technical staff, it reduced the time spend on support calls as the number of support calls reduced dramatically almost immediately,” the solution has also dramatically reduced the time the support team has spent dealing with malware. Tanner said, “WebTitan Cloud blocks all the bad stuff before it hits the customers location so issues that previously occurred regularly are now avoided.”

It can take some time following deployment to fully appreciate the benefits that WebTitan brings to an organization. Family-Guard implemented the solution in April 2016. The cost saving from deploying WebTitan Cloud has been considerable. In the 12 months following the implementation of WebTitan Cloud, Family Guard has enjoyed savings of more than $10,000.

Further, as Family-Guard grows, it is not limited by its license. With WebTitan, additional licenses can be added as and when required with a dynamic pricing plan lacking the barriers and wastage typical of other web filtering solutions.

Whether you are looking for a web content filter for public hotspots, a filtering solution to package into your products and services or a content filtering solution for your business WiFi network, TitanHQ can help.

For further information on the features and benefits of WebTitan, answers to technical questions and to register for a free trial, contact the TitanHQ team today.

Selfridges Provides Secure WiFi Access In-Store with WebTitan

Customers are increasingly choosing to visit retailers based on whether free Internet access is available in store. Providing WiFi access doesn’t just attract more customers. It provides retailers with an opportunity to communicate new sales initiatives to customers and allows valuable information to be gathered on what customers do inside stores. Monitoring the websites accessed by customers also allows retailers to gain a valuable insight into customer behavior.

Retailers are increasingly offering free WiFi in-store to attract more customers, but providing access to the Internet in-store carries risks. If customers have free, unfettered access to the Internet they would be able to access inappropriate content, accidentally download malware or use the connection for illegal file downloads.

Retailers can gain huge benefits from offering customers free access to WiFi network, but without security solutions to mitigate risk, the offer of free WiFi can backfire. A web content filter for public hotspots is now essential.

Selfridges understands the benefits of providing free WiFi access to customers, but also the risks. If WiFi was to be provided in-store, it would need to be secure to prevent customers from installing malware or accessing phishing websites

Selfridges also needed protection from legal liability. Steps therefore needed to be taken to prevent customers from accessing inappropriate website content in store and to stop minors from accessing adult content.

Selfridges prides itself on providing high quality products and customer service, so it was important to ensure for its WiFi service to reflect the stores values. Alisdair Morison, IT manager at Selfridges, said “We had to ensure that guests could not access malicious sites or to view inappropriate content while in the store.”

In the case of inappropriate website content, the risks are considerable. Morison said, “We knew that if a guest accessed porn on the WiFi connection and a child or other person could inadvertently view that screen, we would be legally liable.” The same applies to illegal file downloads via its WiFi network.

Choosing a solution posed a number of challenges. Selfridges has a small, but busy IT department so a web filtering solution needed to have a small administrative burden. Technical staff are not present in each store so it was important that the solution could be managed remotely for all four locations without the need for any site visits.

Selfridges contacted TitanHQ and chose WebTitan Cloud for WiFi. “We looked at a bunch of solutions. I was really taken aback by the price point, features and functionality we were going to get with WebTitan WiFi,” said Morison, “Other solutions didn’t have all the features and functionalities we wanted; they could do some of what we now do with WebTitan WiFi, but at a higher cost.”

The solution was set up in less than half a day and the IT team can manage the solution remotely and monitor WiFi connections. All four locations are managed through a central administration management console. All that was required to get started was to add the company’s external IP address to the GUI, update DNS forwarders and set the filtering controls.

Selfridges now blocks pornography, illegal activities such as file sharing and activities that are ethically or legally questionable. The WiFi network is child-friendly, so parents need not worry about the content that their children can access in-store. The WiFi network can be used safely and securely by all its 200 million annual visitors, with both Selfridges and its customers gaining benefits from in-store WiFi.

TitanHQ Partners With Intelligent Spaces Firm Purple

TitanHQ has announced a new partnership agreement with the intelligent spaces firm Purple. TitanHQ will be securing the firm’s WiFi networks and providing content filtering with WebTitan Cloud for WiFi.

Purple is a leader in its field, with over 20 million users spread across 125 countries around the globe. Its solution helps businesses monitor their physical spaces and promote their brand, in addition to gaining valuable insights into customer behavior at their venues. Purple’s clients include the City of New York, Legoland, Jaguar, Pizza Express, Outback Steakhouse, the Indiana Pacers, Merlin Entertainments Group and British Land to name but a few.

Purple will be adding WebTitan to its WiFi and Analytics package to improve security for its customers. Current and new customers will benefit from a more secure WiFi package and will be protected from a wide range of web-based threats.

WebTitan is a market-leading web content filtering solution that currently blocks more than 60,000 malware variants each day, protecting end users when they venture online. WebTitan can be used to control the content that can be accessed via WiFi networks around the globe from a single administration console. Companies can protect thousands – or tens of thousands – of WiFi access points simultaneously with WebTitan without any latency. The solution is easy to set up and configure, requires no additional hardware and has an extremely low management overhead.

Protection from exploit kits, phishing websites, and malware and ransomware downloads is more important now than ever. Cybercriminals having increased their efforts and malware, phishing and ransomware attacks are becoming increasingly common.

In the case of ransomware, payment of the ransom demand may not allow data to be recovered as has clearly been demonstrated by the NotPetya attacks. Many companies that were attacked with NotPetya are still experiencing major problems and disruptions to services, with several firms forced to replace entire networks following installation of the malware.

Cyberattacks such as WannaCry and NotPetya are likely to become the new norm, with companies needing to do more to protect their networks – and their customers – from attack.

With WebTitan, malware and ransomware protection is only part of the story. WebTitan is a powerful content filter that prevents inappropriate content from being accessed by WiFi users – Something that is becoming increasingly important in the retail and hospitality industries. With Purple’s retail and hospitality sector clients growing fast, this additional protection was essential.

For Purple, it soon became clear that the partnership with TitanHQ was the perfect choice, as James Wood, Head of Integration at Purple explained, “We approached TitanHQ with a number of specific requirements that were unique to Purple. From day one it was evident that they were capable of not only providing what we needed but were very responsive and technically adept.”

WebTitan was also ideal for Purple customers, Woods said, “We take guest Wi-Fi security seriously so it was important that our customers were protected in the right way. Along with superior protection, WebTitan also allows us to extend the control to our customers via their API. Our customers can now manage their own filtering settings directly from the Purple Portal.”

Installing the new web filtering system and replacing the incumbent system was completed in the quickest possible time frame, with tens of thousands of users migrated to the new system in a matter of days. Woods said, “With demanding timescales involved for the migration, we invested heavily in WebTitan and they have not failed to deliver.”

WebTitan at the Kaseya Connect Europe User Conference

The Kaseya Connect Europe User Conference will be taking place on October 3, 2017 in Amsterdam, Netherlands with the company recently having announced its line-up of speakers and exhibiting partners for the event.

The Kaseya Connect Europe User Conferences are hugely popular. The events provide an excellent networking and learning opportunity with attendees able to see technical presentations with hands on demonstrations to improve usage of Kaseya solutions and find out more about the latest product releases.

Attendees benefit from expert advice, gain strategic insights and receive useful practical knowledge from industry experts and thought leaders and have the opportunity of taking part in product training and other instructional sessions to help them get the most out of their business, optimize their technical operations and boost revenues.

The upcoming Kaseya Connect Europe User Conference will include a business track to help MSPs monetize their business, increase their service stack and boost revenues.

Sue Gilkes, faculty member of CompTIA and founder and managing director of Your Impact Ltd, will be providing her insights into how MSPs can grow their business and improve revenues, while Transmentum’s Adam Harris – Author of “Check-In Strategy Journal” – will be delivering a keynote speech – “7 Sales Strategies to Take Away and Implement Immediately” – a must attend session for all MSPs.

Next year, the General Data Protection Regulation (GDPR) will come into effect in May. MSPs need to start preparing to ensure the deadline for compliance is met. With the deadline just a few months away, a session will be focused on helping MSPs prepare.

TitanHQ is pleased to announce it is an Emerald Sponsor for the event and will be demonstrating its WebTitan and SpamTitan solutions for MSPs.

WebTitan is an innovative web filtering solution ideal for MSPs. The solution can easily be added to MSPs service stacks allowing them to improve the cybersecurity defenses of their clients. WebTitan is a DNS-based web filtering solution that blocks a wide range of online threats and allows users to carefully control the web content that can be accessed via their wired and wireless networks.

SpamTitan is a leading spam filtering solution that blocks more than 99.9% of spam and malicious emails to keep end users protected from phishing attacks, malware and ransomware infections.

Both solutions are provided as white labels with a range of hosting options, including hosting within an MSPs own environment.

Following the massive global ransomware attacks of recent months, businesses are demanding additional protections, with both solutions offering MSPs a golden opportunity to generate regular additional monthly revenue with minimal management time.

“It’s exciting to bring together hundreds of our European customers and partners for this conference, and provide them with convenient access to educational sessions, networking opportunities and insightful discussions from industry leader, said Sabine Link, vice president, customer success for Kaseya” Through this event, we can deliver a unique experience for our European users that will empower them with the knowledge they need to achieve the results they desire.”

The event is free of charge for MSP executives, regardless of whether they are already Kaseya users. However, registration is required in advance of the event. If you are interested in attending the Kaseya Connect Europe User Conference in October, you can register for the conference here.