Email Sextortion Scams are on the Rise

Email is commonly used by threat actors for initial contact with victims and while most attacks attempt to steal credentials or distribute malware distribution, another type of scam has been steadily increasing. Sextortion scams have increased by 178% year over year according to data from ESET and are proving to be lucrative.

Email sextortion scams involve sending unsolicited emails threatening to expose the sexual activities of victims. The threat actor claims to have obtained compromising images or videos of a victim confirming that the individual is seeking sexual gratification or has been recorded engaging in sexual acts. The threat actor typically threatens to share the images and videos with the victim’s partner, family members, friends, social media contacts, and even their employer; however, the embarrassment and exposure can be avoided if the attacker’s demands are met. These scams have proven to be lucrative for threat actors, with many individuals paying to have the non-existent videos and images deleted. The amount charged by threat actors varies but is often in the region of $500 to $1,000.

One of the recently identified scams impersonates the adult website YouPorn. The messages claim that a sexually explicit video has been uploaded to the site and payment is required to have the video removed. If payment is not made, the video will be published on the website in 7 days. The user is told that they do not need to take any action if they have approved the use of the video on the website, but says that if the upload was not approved, it can be removed free of charge; however, there is no free option. The individual must pay and sign up for privacy protection, with the options offered costing from $199 to $1,399.

Scammers have also diversified from the standard sextortion scams and are conducting a range of scams using similar tactics. These include the impersonation of law enforcement agencies that claim illegal activity has been detected and payment is required to bring an investigation to a close, or pending legal action that can be avoided if payment is made. Some scammers have claimed to be hitmen and say the contract can be canceled if payment is made.

These scams can cause considerable stress and fear and many victims pay up due to the fear of the consequences should the threats be real. The best thing to do if you receive one of these emails is to simply delete it and not engage with the scammer as these are empty threats. There are no videos or images.

A worrying new type of sextortion scam is gaining traction where the threats issued are real and the consequences can be devastating for victims. Individuals are targeted and extorted with threats issued to publish explicit material that has been created using deepfake technology, where the victim’s face has been added to legitimate pornographic content. The images used for these scams are often obtained from social media profiles, and according to a recent warning from the Federal Bureau of Investigation (FBI), are also obtained by scammers who convince people to send them sexually explicit photographs. While these types of sextortion scams are much less common there are fears that they could increase as deepfake technology becomes more accessible and affordable. Once this material has been uploaded to online sites it can be very difficult for it to be removed. If you are targeted with one of these scams it is vital that you report it to law enforcement.

TitanHQ Announces WebTitan, SpamTitan, & SafeTitan Updates

Cyber threat actors are conducting increasingly sophisticated attacks on businesses of all sizes. Defending against these threats requires a comprehensive suite of cybersecurity solutions that provide overlapping layers of protection, which are constantly updated in response to threat actors’ changing tactics, techniques, and procedures. TitanHQ has developed a package of AI-driven cybersecurity solutions that work seamlessly with each other and provide protection against email and web-based attacks and data loss.

SMBs, enterprises, and managed service providers (MSPs) can easily take advantage of the TitanSecure bundle of products that include AI-driven threat intelligence and advanced email security through SpamTitan, DNS-based web filtering with WebTitan, data loss protection with ArcTitan email archiving, and comprehensive security awareness training and phishing simulations with the SafeTitan platform.

Updates Released for TitanHQ Solutions

In July, TitanHQ announced upgrades to three of its solutions – SafeTitan, WebTitan, and SpamTitan to improve usability and efficiency.

SafeTitan Security Awareness Training and Phishing Simulation Platform

In early July, a new feature was added to the SafeTitan platform to improve usability for MSPs and eliminate the complexity of creating ongoing phishing simulation campaigns for their clients. The new Auto Campaigns feature allows MSPs to automate the delivery of phishing simulation campaigns for their clients by creating annual campaigns, which significantly reduces the time and resources required for planning and management of cybersecurity initiatives, helping to improve efficiency and profitability. The new feature allows a set of campaigns to be created for customers in just a few minutes and automate those campaigns to ensure they are delivered continuously throughout the year.

WebTitan DNS Filter

TitanHQ has also released WebTitan 5.03, which is now being rolled out to all existing customers. The latest update includes several new features that have been requested by users to improve usability and operational efficiency. The update includes a new summary report page, an improved layout for the custom block page, several bug fixes, and the following new features:

  • Customization of the Global Default policy on the MSP level – Allows a custom default policy when creating a customer account.
  • Customization of the Default Policy on the Customer level.
  • Inherit the Allowed & Blocked Domains from the Customer Default Policy.
  • Blocking of a top-level domain (TLD) on a customer policy and global domains.

SpamTitan Email Security

TitanHQ is just finalizing version 9.01 of SpamTitan email security solution, which is now due for imminent release. The latest version of the award-winning email security solution includes several requested features to improve usability for MSPs. Some of the new features with the 9.01 release include:

  • Availability of history/quarantine for MSPs allowing MSPs to act on customer emails at the MSP level. ​
  • Pattern Filtering for MSPs – Simplification of the administration of SpamTitan allowing customers to be secured from one place.​
  • Link Lock Inheritance – Link lock is inherited from the MSP level, so MSPs no longer need to drill down into individual domains to make changes.
  • Simplified Mail View – Improved user experience and easier email analysis.
  • ‘Other Products’ option – Makes it easier for MSPs to offer multiple TitanHQ solutions to their customers.

Fake AI Chatbots Used for Phishing and Malware Distribution

There is growing evidence that cybercriminals are leveraging AI chatbots for nefarious purposes such as phishing. AI chatbots such as ChatGPT are capable of generating content that is grammatically correct, and free of spelling mistakes, and they are capable of generating convincing content for social engineering and phishing. AI-generated phishing and social engineering content can be very difficult to identify as malicious, as the emails lack many of the tell-tale signs of a phishing email. While AI chatbots certainly have the potential to change the phishing landscape, that is not the only way that cybercriminals are using AI chatbots for phishing.

Chatbots such as ChatGPT have proven incredibly popular, and many companies have rushed to release their own AI chatbots. With multiple chatbots available and high demand for these tools, phishers have been taking advantage and have been creating websites offering fake AI chatbots. These websites claim that their AI chatbot is even more advanced than ChatGPT and can be used by anyone to get rich quick or can be used by businesses for handling customer service inquiries, eliminating the need for expensive human labor.

Links to these websites are sent out in phishing emails that promote these new tools. If the link is clicked, the user is directed to a website where they are asked to register and disclose sensitive information or download a chatbot app. The latter includes Trojan malware that provides the attacker with access to the victim’s device, spyware or a keylogger that can steal personal information and credentials, or other forms of malware.

AI chatbots are incredibly expensive to develop and train, with analysts estimating that the cost of training these AI tools is at least $4 million, and the running costs of ChatGPT have been estimated to be around $700,000 per day. AI chatbots are also attracting a lot of media attention, so the release of a new chatbot, especially one that is better than ChatGPT, is unlikely to fly under the radar. If you receive an email offering a new AI chatbot, it likely is a scam.

You could perform a check of the website to see when it is registered, see if there is any contact information on the site, or do a quick Google search to see if there has been any news coverage. The best thing to do, however, is to simply delete the email or report it to your security team. If you want to use an AI chatbot, use one of the reputable chatbots such as ChatGPT, Microsoft’s Bing, or Google’s Bard.

Cybercriminals can use other methods to drive traffic to their malicious websites, including malicious Google Ads. There has been an increase in ‘malvertising’ for malware delivery and phishing in recent months, where malicious ads are used to drive traffic to attacker-controlled websites. While these adverts are often rapidly identified and taken down by Google, they do not have to be active for long to drive huge amounts of traffic to malicious websites. Businesses can protect against these attacks by using a web filter such as WebTitan. For consumers, the same advice applies as to phishing. Be very cautious and if there is an offer that seems too good to be true, it is most likely a scam.

Due to the popularity of AI chatbots, businesses should consider adding chatbot-related lures to their phishing simulations to see how many employees click these links. This is easy to do with the SafeTitan security awareness training and phishing simulation platform. Any employee that clicks the link in the email will be automatically provided with training content relevant to that threat. By providing intervention training, the next time a similar email is received, employees will be more likely to recognize the scam and avoid it. For more information on SafeTitan, give the TitanHQ team a call.

G2 Names SpamTitan Leader in 5 Email Security Categories in Winter 2023 Grid Reports

Each quarter, the trusted business software review platform, G2 (formerly G2 Crowd), publishes Grid Reports of leading business software solutions. Grid Reports are created across several categories of business software, with each grid divided into four quadrants. The position of each software solution is dictated by market presence and satisfaction scores from users of those solutions. The G2 platform includes more than 2 million reviews from verified business users of software solutions.

Products that combine high satisfaction scores with a strong market presence are placed in the Leader quadrant and five of the G2 Crowd Grid® Winter 2023 Reports name SpamTitan as Leader. In addition to being named Leader in the overall Email Security category, SpamTitan was named Leader in the Cloud Email Security, Email Protection, Small Business Email Security, and Email Anti-Spam SMB categories, and was named as a top 5 product in a further 12 categories. “The overwhelmingly positive feedback from SpamTitan users on independent review sites is a return for the massive investment we made into our products and threat intel,” said Ronan Kavanagh, CEO, TitanHQ.

G2 is one of the most trusted online business review sites and is visited by more than 5 million buyers each month. The Grid Reports are used to determine the best products on the market based on genuine user reviews. The Reports help businesses cut through all the sales speak and determine which products are loved by users and how they actually perform.

SpamTitan consistently attracts high scores on G2, but that is far from the only review site where SpamTitan is rated highly. SpamTitan also ranks as Leader on two other highly respected online review platforms – GetApp and PeerSpot – and the email security solution has more than 500 5-star reviews on platforms such as Capterra, Gartner, GetApp, and Software Advice.

SpamTitan was developed by TitanHQ and is provided as part of a suite of cloud-based cybersecurity solutions that include DNS filtering for Internet Security (WebTitan), Security awareness training and phishing simulations (SafeTitan), email archiving (ArcTitan), and email encryption (EncryptTitan). Last year, the SpamTitan suite of email security solutions had a new addition – SpamTitan Plus. The idea behind SpamTitan Plus was to build on the excellent protection of SpamTitan Cloud and SpamTitan Gateway to provide even greater protection against zero-day phishing attacks and malicious links in emails, with the industry-leading protection coming from AI and machine-learning algorithms and extensive threat intelligence. The result is 1.5% faster detection of phishing emails than any of the market leaders, including the likes of Proofpoint, Mimecast, and Barracuda.

In addition to providing excellent protection against email attacks, all TitanHQ solutions are developed with the end user in mind. Small- and medium-sized businesses, enterprises, and managed service providers, all benefit from products that are easy to implement, easy to use, and are backed up with industry-leading customer service. TitanHQ products are also extremely competitively priced, allowing businesses to save a small fortune on cybersecurity without sacrificing protection.

If you have yet to try TitanHQ solutions there is no better time than the present to discover why these products rank so highly on review platforms and are much loved by users. All TitanHQ solutions are available on a free trial to give you the chance to put them through their paces. Sign up today for a no-obligation free trial on one or more of the products or give the TitanHQ team a call for further information.

New Threats and Attack Vectors Highlight Importance of Security Awareness Training

Several new malware campaigns have been identified recently that are being used to deliver a range of malicious payloads, including malware downloaders, information stealers, remote access Trojans (RATs), backdoors, and ransomware. These threats are delivered through a range of attack vectors, including email, SMS messages, and even over the telephone.

An as-of-yet-unknown malicious actor has been conducting a phishing campaign that distributes PureCrypter malware as the first stage of an attack that involves other malicious payloads. PureCrypter is an advanced, fully featured malware downloader that was first identified in March 2021 and is now being provided to threat groups under the malware-as-a-service model. The operator rents out access to other threat actors to allow them to deliver a range of malicious payloads, the majority of which are information stealers and RATs.

The latest campaign, identified by researchers at Menlo Security, primarily targets government entities in North America and the Asia Pacific region. The attacks start with a malicious email that includes a Discord app URL. If the link is clicked, a password-protected ZIP archive is downloaded from Discord, containing an executable file that delivers the PureCrypter downloader.

While the payloads change, the latest campaign is being used to deliver AgentTesla malware, which is hosted on a legitimate but compromised domain belonging to a non-profit organization. AgentTesla is an advanced backdoor that can steal passwords from browsers, the content of the clipboard, log keystrokes, and perform screen captures. That information is then exfiltrated to a command-and-control server located in Pakistan. PureCrypter has also been used to deliver the RedLine information stealer, the Blackmoon banking Trojan, and Eternity and Philadelphia ransomware.

Email campaigns distributing malware and links to phishing URLs are still common, but threat actors have branched out and are using a range of other methods for distributing malware and stealing credentials. SMS-based phishing campaigns have been soaring as threat actors take advantage of poor protections against SMS-based phishing attacks, and telephone-orientated attack delivery (TOAD) attacks are growing at an incredible rate.

TOAD attacks usually see initial contact made via email, yet the emails contain no malicious content or malware. They have a plausible call to action and provide a telephone number for the recipient to call to resolve a pressing problem. These emails can be very difficult for email security solutions to identify as they contain no malicious content. The phone lines are manned by the threat actor, oftentimes from call centers in India, and the telephone operators convince victims to download a malicious file, which provides the attacker with remote access to their device. The malicious files are typically remote access software or malware downloaders such as BazarLoader, which like PureCrypter, are used to deliver a range of malicious payloads, especially ransomware.

With such a variety of threats to defend against, and the difficulty of identifying these threats using standard cybersecurity solutions, security awareness training has never been more important. Employees need to be made aware of these threats and be trained how to recognize them.

If you want to improve your defenses against increasingly sophisticated attacks targeting employees, give the TitanHQ team a call to find out more about how the SafeTitan security awareness training platform can be leveraged to greatly improve your security posture by addressing the human vulnerabilities that threat actors are so often exploiting.

SMS Phishing Scam Results in Zendesk Data Breach

An SMS phishing attack on Zendesk employees has allowed access to be gained to sensitive customer data. The data breach highlights the importance of implementing a defense-in-depth approach to security that includes multiple layers of protection against all forms of phishing.

Phishing is most commonly conducted via email; however, improvements in email security solutions have made it harder for malicious actors to get their emails delivered to inboxes. Advanced email security solutions such as SpamTitan incorporate many layers of protection, including machine-learning algorithms to predict novel phishing attacks. Advanced malware protection prevents the delivery of malicious files, combining signature-based antivirus engines with behavioral detection through sandboxing, and the solution also scans emails for malicious links and blocks those messages.

Over the past couple of years, there has been an increase in other forms of phishing that take advantage of the paucity of protection against malicious messages sent via the SMS network and instant messaging platforms and the lack of protection against voice phishing. Businesses typically lack technical defenses against these forms of phishing, which allows employees to be reached more easily.

SMS phishing – or smishing as it is commonly known – involves malicious SMS messages, typically including a link to a malicious website where credentials are harvested. This type of phishing is employed by many different threat actors, including a threat group known as 0ktapus. In 2022, the group conducted a campaign targeting more than 130 companies, including Twilio and Cloudflare. An analysis of the campaign revealed the group had successfully compromised at least 9,930 accounts at more than 130 organizations. That campaign saw credentials stolen as well as multi-factor authentication codes.

While it is currently unclear which threat actor was behind the attack on the customer service software provider Zendesk, the phishing attack was conducted via SMS messages. Zendesk has yet to make an official announcement, but the cryptocurrency trading firm Coinigy said it has been notified by Zendesk about the data breach and said it was informed that several Zendesk employee accounts were compromised, in what Coinigy said was “a sophisticated SMS phishing campaign”. Those accounts contained unstructured data from a logging platform from September to October 2022. Other cryptocurrency platforms appear to have also been affected.

SMS phishing takes advantage of a common hole in businesses’ security defenses that is difficult to address with technical solutions. The best defense against these attacks is security awareness training for employees. This is an area where TitanHQ can help. TitanHQ offers businesses a comprehensive security awareness training platform called SafeTitan, which provides training on all aspects of cybersecurity and phishing, including email phishing, SMS phishing, and voice phishing. The platform provides training in short modules of no more than 10 minutes, with the training content gamified to improve knowledge retention and make it enjoyable. Training courses can easily be developed and automated to provide constant training to employees, teaching them the signs of phishing and other malicious attacks and training them on how to respond when threats are encountered.

With phishing attacks becoming more sophisticated and taking many forms, it has never been more important for businesses to ensure that they have appropriate defenses in place, which should include spam filtering, web filtering, and security awareness training, all of which are provided by TitanHQ.

Benefits of Email Archiving for Businesses

Businesses are usually aware of the importance of making data backups, including backups of emails. In the event of a disaster, it must be possible to recover lost data. If regular backups are made, it is easy to restore data to a certain point in time – the last known date before the loss occurred. It is important to store daily backups separately and not overwrite them too soon as it is not always clear when data corruption occurred.

The best practice for backing up data is to use the 3-2-1 approach. That involves creating at least three copies of data – one primary, and two copies – and storing those backups on at least 2 different media, with one copy stored securely off-site. In the event of a ransomware attack backups may be deleted by the threat actor or they may be encrypted; however, the attackers will not be able to access the off-site copy, so data will be recoverable without paying the ransom. It is important to also test backups to make sure data can be recovered and not to leave this to chance. Many organizations only discover their backups have been corrupted when they try to use them to recover data.

Email Archives Versus Email Backups

Backups are copies of data, so the original data remains in place. A backup is a snapshot of data at a specific point in time and they are a short-term storage solution. Email backups are created solely for disaster recovery and they will be used by IT teams during the incident response to restore the entire email system or individual mailboxes to the last known good state before the attack.

Business owners are usually much less familiar with email archives, yet these are just as important, especially following a cyberattack. An email archive is different from a backup and serves a different purpose, although there is some overlap. Email archives are used for the long-term storage of email data. Businesses often store essential data in emails, and that data is often found nowhere else. Backups of emails are made, but backups are typically overwritten every week, month, or year. With email archiving, instead of creating a copy of email data, emails and their attachments are moved into the archive and removed from the mail server for long-term storage. The archive can be housed on separate hardware on-premises, although it is now far more common for email archives to be located in the cloud.  Most importantly, when emails are archived, they are also archived with their metadata and are indexed, which means the archive can be searched. That is not possible with a data backup without third-party software and even then, it can be an incredibly time-consuming process to find and recover individual emails.

Why is Email Archiving Necessary?

Moving emails to an archive makes a great deal of sense, as it will free up space on the mail server, which will improve performance. If emails need to be accessed after they have been archived, they can be accessed directly by users. That means employees will not need to log a support call with the IT department when an email is misplaced or accidentally deleted, as the email will be present in the archive. Email archives not only improve mail server performance, but they also help to improve productivity.

The ability to search archives is vital. Email data needs to be retained for long periods for compliance with many different federal and state regulations. There will be times when email data needs to be found, such as in the event of an audit, legal discovery request, or customer/client dispute. Email archives are also invaluable in incident response and can be used by internal security teams and law enforcement to access past email communications to investigate phishing and business email compromise attacks and insider data breaches.

A cloud email archive is also a failsafe in the event of backup corruption and will help to ensure business continuity in the event of a cyberattack, as the email archive can be accessed in the cloud from any device at any time, which will reduce the downtime following a cyberattack. Cloud storage is preferable as it is cheaper than storing data on-premises, especially as email archives are large – they can contain many millions of messages.

ArcTitan Cloud Email Archiving

ArcTitan is a cloud-based email archiving solution for businesses that is easily integrated with Microsoft 365 and automates the archiving of emails. Rules are set for the emails that need to be archived, messages are deduplicated and compressed, and they are indexed and tagged. The solution allows lightning-fast searches and retrieval whenever messages need to be recovered, with the archive serving as a tamper-proof repository for email data for compliance with regulations. ArcTitan is also one of the most cost-effective email archiving solutions for businesses. For more information speak with TitanHQ today.

7 Benefits of Online Security Awareness Training

In recent years there has been a shift from classroom-based to online security awareness training. Although some of the shift is attributable to the social distancing requirements of the COVID-19 pandemic, it is noticeable that many organizations have not returned to classroom environments to deliver security awareness training having witnessed the benefits of providing training online.

This article discusses seven benefits of online security awareness training. Not all will apply to every organization, while other organizations may find more than seven benefits. If you would like to find out more about how online security awareness training could benefit your organization, do not hesitate to get in touch to request a free demo of SafeTitan´s security awareness training platform.

1.      Online Training is Easier to Organize

Organizing large groups of employees to be in a classroom at the same time can be an administrative nightmare. Who is late? Who is absent? Who needs to leave early to attend a meeting? Who needs more training than time is available to provide? With online training, system administrators can remotely send training modules to each employee for them to complete in their own time.

2.      The Completion of Training is Quantifiable

The completion of each module is recorded via a simple acknowledgement or the modules can have a quiz attached to them for employees to answer. This enables system administrators to see not only who has completed each training module, but also how much of the information has been absorbed in order to assess whether more training is required and on what subject(s).

3.      Online Security Awareness Training Can be More Specialized

While it is not impossible to provide specialized security awareness training in a classroom environment, online security awareness training can be delivered by group or department according to their roles and any unique threats they may encounter. This may be particularly relevant for employees working in finance or with escalated administrator privileges.

4.      Online Training Can Reach Remote Workforces

With classroom training, workforces in satellite offices or in the field may have to take considerably more time away from producing for the organization to attend training. Alternatively, organizations may have to send trainers and training materials out to remote workforces. Online security awareness training overcomes these issues by standardizing training across the whole workforce.

5.      Micro-Training has Higher Retention Rates

It is difficult to find unbiased sources that prove online training has higher retention rates than classroom training; however, there is evidence to suggest that micro-training – which is only realistically providable via online training – is more effective for information retention due to the average adult having a maximum attention span of around twenty minutes.

6.      Online Training Supports Greater Interaction

Interaction with the content of any security awareness training can help trainees better understand the content of the training, put it into context, and apply it in their daily roles. Due to the nature of online security awareness training, there are more opportunities for interactive training via (for example) videos, quizzes, and simulated phishing tests.

7.      The Success of Online Training is Measurable

Online training platforms such as SafeTitan include enterprise level reporting that demonstrate behavioral change and how this has improved organizational security. From these metrics, it is possible to calculate a monetary return for the investment in online security awareness training and facilitate informed decisions about security moving forward.

As mentioned previously, if you would like to know more about SafeTitan online security awareness training, do not hesitate to get in touch.

The Importance of Customizable Phishing Awareness Solutions

There is little doubt that the volume of phishing attacks is increasing and that phishing attacks are becoming more sophisticated. To counter the threat from phishing, many organizations are implementing phishing awareness solutions. However, some phishing awareness solutions fail to reduce the susceptibility of users in real-life scenarios.

The reason for some phishing awareness solutions failing to reduce the susceptibility of users in real life scenarios is that the solutions are provided with a library of phishing scenarios that does not reflect the organization´s operations or that are easy to spot as phishing simulations due to being delivered to an email address the apparent sender of the email would not be aware of.

For example, if an organization does not use Microsoft365, a simulated phishing email alerting a user that their Microsoft365 password is about to expire is going to easily be identified by the user as a test. Similarly, a simulated phishing email advising a user of unusual activity on their personal social media account is not going to be treated as genuine if sent to a corporate email address.

Limited Templates Can Result in a False Sense of Security

The other issue with phishing awareness solutions with fixed libraries of phishing scenarios is that, if an organization only uses the phishing templates appropriate for the organization´s operations, the organization has less scenarios to choose from, and the likelihood increases that users will recognize simulated phishing emails as a test, because they have seen the simulations before.

When simulated phishing emails are easy to spot or the same tests are used repeatedly, employees score highly in phishing susceptibility tests – giving organizations a false sense of security that their “last line of defense” is stronger than it actually is. Consequently, phishing awareness solutions with fixed libraries could actually exacerbate the threat of phishing rather than help prevent it.

Many Solutions Also Overlook the Threat from Inside

An often overlooked threat from phishing exists when an external bad actor takes remote control of an employee´s corporate email account. Once in the control of an external bad actor, the corporate email account can be used to conduct spear phishing or business email compromise attacks on selected members of the workforce or to phish the entire workforce into revealing credentials.

However, despite the potential seriousness of the threat from inside, many phishing awareness solutions do not account for this possibility in phishing simulations. Therefore, any phishing awareness solution deployed by an organization not only has to be customizable to reflect the organization´s operations, but also to account for the possible threat from inside.

Customizable Phishing Awareness Solutions from SafeTitan

SafeTitan is an enterprise-scale security awareness training and phishing simulation platform within the TitanHQ portfolio of cybersecurity solutions. The phishing simulator includes more than 1,800 customizable templates for conducting real-life phishing tests on employee, with automatically generated training content delivered immediately if a user falls for a simulated phish.

With regards to the “threat from inside”, SafeTitan´s enables organizations to change the sender email address to a corporate email account with a simple modification to the SPF record, and every user interaction is recorded so that system administrators can identify repeat offenders, specific weaknesses, and high-risk departments to direct training where it is needed.

To find out more about SafeTitan´s customizable phishing awareness solutions, do not hesitate to get in touch to discuss your requirements with one of our security experts. Alternatively, you are invited to book a demo of SafeTitan in action to see how SafeTitan security awareness training can help protect your users and your organization from email-borne threats.

Which Laws Mandate Cybersecurity Awareness Training?

There are many states in which cybersecurity awareness training is mandated for state employees when they first start working for the state or when they reach a certain paygrade. In these states, training is usually developed and provided by the state´s Chief Technical Officer or a team working on the CTO´s behalf.

For private organizations, cybersecurity awareness training is usually optional unless the organization operates in a regulated industry which mandates cybersecurity awareness training or is a contractor to a federal agency – in which case the organization may be required to comply with various training requirements depending on the federal agency.

This article looks at some of the laws that mandate cybersecurity awareness training in regulated industries, some of the Rules that affect contractors to federal agencies, and the EU´s General Data Protection Regulation, which potentially mandates cybersecurity awareness training for every large organization that collects, maintains, or processes personal data relating to EU subjects.

The Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act requires all financial institutions under the jurisdiction of the Federal Trade Commission to implement safeguards to protect consumer information. One of the required safeguards is an information security program (16 CFR §314.4), and one of the standards relating to the information security program requires organizations to:

“Implement policies and procedures to ensure that personnel are able to enact your information security program by:

(1) Providing your personnel with security awareness training that is updated as necessary to reflect risks identified by a risk assessment;

(2) Utilizing qualified information security personnel employed by you or an affiliate or service provider sufficient to manage your information security risks and to perform or oversee the information security program;

(3) Providing information security personnel with security updates and training sufficient to address relevant security risks; and

(4) Verifying that key information security personnel take steps to maintain current knowledge of changing information security threats and countermeasures.”

Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act applies to most health plans, health care clearinghouses, healthcare providers, and organizations that provide a service for “Covered Entities” that involves the creation, receipt, storage, or transmission of “Protected Health Information” (individually identifiable health information and any identifiers maintained in the same record set).

Without exception, all Covered Entities and their “Business Associates” are required by 45 CFR §164.308 to “implement a security awareness and training program for all members of the workforce (including management)”. Although not specifying the frequency of training, the inclusion of the word “program” implies the cybersecurity awareness training should be ongoing.

Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard applies to all organizations that accept credit card payments. Throughout the Standard there are multiple references to data security that organizations need to take into account; however in the context of mandated cybersecurity awareness training, §12.6 is the most relevant inasmuch as it states:

“Implement a formal security awareness program to make all personnel aware of the cardholder data security policy and procedures.”

Again, the inclusion of “program” implies that, rather than being a one-off event, cybersecurity awareness training should be ongoing. It should also be repeated whenever there is a change to policies and procedures or when a risk assessment identifies a need for refresher training. As with GLBA training and HIPAA training, it is also a requirement that PCI DSS training is documented.


Every organization that supplies goods or services to a federal agency is required to implement a cybersecurity awareness training program. However, the content of the training can depend on what agency goods or services are being supplied to. For example, the requirements for providing services to the Department of Defense are more stringent than those of the Small Business Administration.

It is also the case that the training requirements are frequently changing to respond to evolving threats and advances in cybersecurity defenses. Therefore, organizations required to comply with mandated cybersecurity awareness training in order to supply federal agencies should review the pages relevant to the services and agencies they are supplying:

The General Data Protection Regulation (GDPR)

Although a European regulation, GDPR applies to most large organizations anywhere in the world that collects, maintains, and/or processes personal information relating to EU citizens. Importantly, the EU citizen does not have to be in the EU at the time data is collected, maintained, and/or processed for the personal data to be covered by the regulation.

There are many training requirements within the Regulation, but their applicability can vary depending on the nature of an organization´s operations and can be limited to only personnel with access to personal data rather than the entire workforce. However, organizations transferring data between the US and EU may also need to comply with the Privacy Shield requirements.

How to Comply with Mandated Cybersecurity Awareness Training

Although different laws and regulations, many mandated training requirements share similar components. For example, organizations subject to any of the above will need to train workforces on password security, email security, and mobile device security. However, while many off-the-shelf training programs include these components as standard, it is important to implement a program that is relevant to your organization´s operations or that can be customized to be relevant to your organization´s workforce.

This is why organization´s should evaluate the SafeTitan security awareness training and phishing simulation platform. SafeTitan gives organizations the opportunity to tailor a comprehensive library of training material to their unique requirements, conduct awareness tests and quizzes, and assess the impact of cybersecurity awareness training via an intuitive dashboard with a full reporting suite. To find out more, contact SafeTitan to request a demo of the platform in action.

5 Reasons Why Phishing Simulations Don´t Always Reflect Real Life

If your organization has tried to improve your workforce´s security awareness by using phishing simulation software but have found it not to have been effective in reducing susceptibility to phishing, there are several reasons why phishing simulations don´t always reflect real life.

Phishing simulation software is a great tool for improving a workforce´s security awareness, but it is not always as effective in real life as some vendors claim it to be. There are several reasons for this depending on the type of software deployed and the software´s capabilities.

Unrealistic Phishing Scenarios

Most phishing simulation software is provided with a library of phishing templates which are supposed to reflect real life situations. Too often this isn´t the case. Many include topics users will likely ignore (i.e., HR policy updates) or “put aside to read later”, but never get around to.

For this reason, simulated phishing emails don´t always get opened; or, if they do, the attachments or phishing links in the email are rarely interacted with (because users don´t care what the new dress code is). Consequently, the “pass rate” for phishing simulation tests is misleadingly high.

Repetitive Phishing Simulations

Another reason why pass rates can be misleadingly high is because the same phishing tests are used time and time again. This may be because the organization is limited in the number of templates it has to use or because they have no way of recording which tests have been used before.

The date on which phishing tests are sent can also be a giveaway that – for example – an email requesting a password reset is a phishing simulation. Consequently, an employee receiving a password reset request on the 2nd of each month knows not to interact with it.

Every Phish Gets Sent at the Same Time

A big issue with many phishing simulation solutions is that phishing tests are sent at the same time. As soon as one person realizes the phishing email they have just interacted with is a test, word spreads through the organization so everyone knows not to interact with the test email.

Because of the communication between employees and departments, the phishing simulation test returns a high pass rate. However, in real life, cybercriminals do not send warnings that everyone will receive a phishing email, so simultaneous phishing testing is fairly meaningless.

Emotional Triggers Are Not Sufficiently Granular

Most phishing awareness training revolves around the five emotional triggers of greed, loss, curiosity, helpfulness, and fear of missing out, yet many phishing templates lack the granularity to tempt recipients into interacting with them because they lack the right type of trigger.

For example, one employee may be more curious about playing in a department softball game than attending a department dinner (even though both would be categorized as social events), while another might be more inclined to an animal charity than a disaster relief charity.

Simulations are Too Often One-Step Events

Whereas the preceding four reasons why phishing simulations don´t always reflect real life are likely to skew phishing tests to show more positive results, the fact that they are too often one-step events can have the opposite effect and record an employee as susceptible when they are not.

An example of a one-step event is when an employee is sent a simulated phishing email with a link to click on. As soon as they click on the link, they are informed the email is a phishing test which they have failed. However, some phishing simulation solutions take the employee to a landing page where they are asked to complete login credentials.

The second step of asking for login credentials can often prompt the employee to consider whether or not this is a good idea. If they choose not to enter their credentials and report the email as a phish, the employee should be considered to have passed the phishing test – or at least passed with concerns about clicking on links in unsolicited emails.

If These Reasons Seem Familiar To You … …

If these reasons why your existing phishing simulation software have not been effective in reducing employee susceptibility seem familiar to you, you might wish to consider SafeTitan – an enterprise-scale security awareness training and phishing simulation platform from TitanHQ. SafeTitan has the capabilities required to simulate real life situations, and includes:

  • Customizable phishing templates, including the option to send phishing tests from internal sources.
  • An intuitive administration dashboard that shows which phishing tests have been sent to who and when.
  • A “burst” capability that sends a mixed selection of simulations to a mixed selection of the workforce at mixed intervals.
  • Granular reporting to identify which type of emotional trigger prompts interactions from each employee.
  • The option to add a second step to each simulation, plus a one-click plug-in to simplify the reporting of suspicious emails.

To find out more about SafeTitan or to organize a free demo of our phishing simulator in action, do not hesitate to get in touch. Our team of cybersecurity experts will be happy to answer any questions you have about reducing the susceptibility of your workforce to phishing emails and discuss any issues you have experienced in the past with phishing simulation software.

Why Your Cybersecurity Training Needs to be Flexible

Off-the-shelf cybersecurity training courses often claim to do a, b, and c, because they have done so in the past. These claims should come with the caveat that past performance is no guarantee of future results because it is very unlikely the exact same off-the-shelf cybersecurity training course will achieve the exact same results with a different audience.

Furthermore, in a different audience, there may be a different range of knowledge and susceptibilities – from employees who will click on any link in a Facebook post that arouses their curiosity to seasoned cyber-veterans who have experienced the consequences of a cyberattack and are always on alert for the next one.

Educating people about cybersecurity who are at different ends of the awareness spectrum is difficult when you attempt to use a “one-size-fits-all” training course. Social media devotees tend to think cybersecurity is the IT department´s problem, while seasoned veterans may not give training their full attention when they feel it is light and flimsy.

Consequently, cybersecurity training needs to be flexible so it can be tailored to appeal to everyone in the organization. But how do you convince a social media devotee to take responsibility for cybersecurity, or a seasoned veteran that the training is credible? The answer is a customizable security awareness platform with gamification capabilities.

Introducing SafeTitan

SafeTitan is a fully customizable security awareness training and phishing simulation platform that includes more than 1,800 phishing templates and more than 80 animated videos. Each phishing template can have training material automatically sent to employees if they fail to spot a phish, while each video can be followed by an editable quiz with varying difficulty levels.

If you have employees at either end of the awareness spectrum, you can tailor the platform´s capabilities to encourage them to engage with your cybersecurity training. For example:

  • Share a phishing link purporting to come from Facebook with social media devotees so they reveal their account login. Then take control of the account as any cybercriminal would (This is not illegal provided an employer does not use any information on the Facebook page to discriminate again an employee).
  • Change the SPF record in the platform so it appears an email to seasoned cyber-veterans requesting the donation of a (low value) Google Play gift card comes from a trusted work colleague. It is a good idea to let the “trusted colleague” know you are doing this and be ready to refund the cost of the gift cards.
  • For practically everybody else, send a phishing invitation to an after work free bar for employees who respond to the phishing email with their email username and password. You might still have to provide the free bar, but this will give you an opportunity to discuss why your employees fell for the phish – as well as reminding them to change their passwords in the morning.

It is surprising what you can do – and what you can achieve – with flexible cybersecurity training; and, if you would like to know more about the SafeTitan platform, do not hesitate to get in touch and request a free demo of SafeTitan in action.

Three Important Measures to Improve Phishing Defenses

Phishing is one of the most effective ways of gaining access to corporate accounts and is the most common form of cybercrime. Phishing is most commonly conducted via email, although the attacks can be conducted via SMS (smishing), the telephone (vishing), or on social media websites and instant messaging platforms. Phishing is a form of social engineering that involves convincing a user to open a malicious attachment or disclose their credentials, with the latter usually occurring on a website, the link for which is included in the message.

The linked website – and the email – commonly spoof a trusted and well-known brand. In Microsoft phishing attacks, the user is given a seemingly legitimate reason for visiting the website, where they are presented with a login prompt that mimics the one used by Microsoft to access its services. If the user enters their login credentials they are captured and used by the attacker to access the user’s account. These scams often proceed without the victim being aware that they have been scammed and have disclosed their credentials.

Phishing attacks on businesses have been increasing. According to the Anti Phishing Working Group, in the first Quarter of 2022, it recorded 1,025,968 phishing attacks, with 2021 seeing more attacks than any other year. In December 2021 alone there were 300,000 reported attacks. These attacks are not only increasing in number. They are also becoming much more sophisticated and harder for individuals and cybersecurity solutions to identify.

Businesses are discovering that the email security solutions they could once rely on are failing to block all threats. They will block the vast majority of phishing attempts, but due to the rapidly changing tactics of phishers, many phishing emails land in inboxes. One way to improve detection is to implement SpamTitan Plus.

SpamTitan Plus is TitanHQ’s flagship anti-phishing solution. The key to the success of SpamTitan Plus and its industry-leading protection is 100% coverage of all existing phishing feeds, whereas other solutions receive limited intelligence. SpamTitan Plus has massive clickstream traffic from 600+ million users and endpoints and several hundred billion local queries and 100 million cloud queries a day. That ensures the solution detects more than 10 million new phishing URLs every day, achieves a 1.5x increase in unique detections, and has 1.6x faster detections than the current market leaders.

With SpamTitan Plus, it takes just 5 minutes from the initial detection of a malicious, offending URL to protect all users’ mailboxes. All URLs are rewritten and followed to assess the website, and users will only be allowed to connect if the URL is verified as safe.

However, even with this market-leading solution, businesses need to do more. Phishing is so successful because it targets employees, who being human, are prone to make mistakes. Businesses can reduce the susceptibility of employees to phishing by providing regular security awareness training. Employees should be trained on how to identify phishing attempts so that when a phishing email lands in their inbox, they will be able to identify it as such. Training should be accompanied by phishing simulations – dummy phishing emails sent internally to test whether employees can identify the malicious messages. These simulations are one of the most effective training tools, as they teach employees how to identify phishing emails when they are busy at work. After all, that is when they are likely to receive real phishing emails.

If an employee is fooled, the simulator is programmed to deliver instant training – a short module that explains where the employee went wrong, how they could have identified the phishing attempt, and what they should do when such an email is received in the future. This form of training in real-time in response to mistakes is very effective – more so than a classroom training session.

TitanHQ offers such a platform – SafeTitan – that delivers engaging, gamified training content in modules of 10 minutes covering all aspects of cybersecurity, and a phishing simulator for sending phishing simulations. SafeTitan is the only behavior-driven security awareness solution that delivers security training in real time.

As an added protection, all businesses should implement multifactor authentication. In the event of credentials being compromised, they cannot be used to gain access to an account unless an additional authentication factor is provided. Unfortunately, some phishing campaigns can bypass MFA controls and obtain one-time passwords through the use of reverse proxies. A connection is made to the genuine website for which credentials are sought, and when the credentials are entered on the phishing site they are relayed to the genuine site, and the MFA codes generated are similarly captured along with the session cookies that allow access to be gained to the account.

These attacks work on standard MFA. Businesses can improve protection by implementing phishing-resistant MFA The gold standard for multifactor authentication is FIDO/WebAuthn authentication, with public key infrastructure (PKI)-based authentication another good choice.

With SpamTitan Plus, SafeTitan security awareness training and phishing simulations, and phishing-resistant MFA, businesses will be well protected from phishing attacks. For more information on SpamTitan Plus and SafeTitan, give the TitanHQ team a call, and take an important step toward defending your business against phishing attacks.

SafeTitan for MSPs Has Officially Been Launched

TitanHQ is pleased to announce the launch of SafeTitan for MSPs – a new version of the security awareness training and phishing simulation platform that has been developed specifically to meet the needs of MSPs and help them add security awareness training and phishing simulations to their list of managed services.

The SafeTitan Security awareness training and phishing simulation platform was added to the TitanHQ portfolio of cybersecurity solutions in February 2022, following the acquisition of Cyber Risk Aware. SafeTitan is an enterprise-grade security awareness training platform that incorporates more than 80 videos, training sessions, and webinars covering all aspects of security for teaching employees security best practices and how to recognize and avoid threats such as phishing and smishing.

The phishing simulator includes more than 1,800 customizable phishing templates for conducting phishing tests on employees. If such a test is failed, the platform automatically generates training content in real-time, ensuring it is delivered at the time when it is most likely o be taken on board.

SafeTitan has been available to be used by MSPs since its initial launch; however, TitanHQ has tweaked the platform to make it even easier for MSPs to use and add security awareness training and phishing simulations to their managed services.  To discover how best to improve the platform, TitanHQ asked its extensive MSP customer base for suggestions on improvements and new features and worked with its MSP advisory council, which has resulted in the following new MSP-friendly features being added to the platform.

  • Mass campaigns and training – Easy to create training and phishing simulation campaigns for all clients and spin up new training campaigns for groups of customers.
  • Direct email injection (Graph API) – No configuration of allow lists and firewalls now required to ensure emails are delivered
  • Scheduled client reporting – Set up weekly, bi-monthly, monthly, quarterly, bi-annual, and annual reports to show the ROI to clients
  • New MSP Dashboard for quick actions and live analytics
  • Dynamic User Management – Easily change campaigns, such as adding new users.
  • New Offer – 40 free phishing emails to demonstrate how effective the solution is and how easy it is to use.

In addition, there are great margins for MSPs that make the addition of security awareness training to their security stacks profitable, while helping to ensure their clients address the human element of cybersecurity as well as using technology for blocking phishing and other cyberthreats. The platform can be provided as a white label ready to take an MSP’s branding or add the branding of clients to personalize it for each customer. The training content is engaging, easy to understand, and consists of training modules of no more than 10 minutes, which makes them easy to fit into busy workflows. Training can also be automated so it requires little ongoing maintenance and effort.

The multi-award-winning platform has proven to be a huge hit with SMBs and MSPs alike and significantly reduces susceptibility to phishing attacks. More than 80% of users report noticeable changes in susceptibility to phishing emails after training, and those gains can be achieved at a very affordable price.

“The MSP requested features added to our SafeTitan security awareness and phishing training tool makes it even easier for MSPs to protect their clients from advanced phishing and malware attacks.” said Ronan Kavanagh CEO at TitanHQ. “We believe these key features are game-changers for MSPs seeking to expand their security offerings and scale their businesses, while improving profitability.”

Expert Insights Gives TitanHQ 5 Best-Of Awards

Cyberattacks are occurring in record numbers and attacks are becoming more sophisticated, so it has never been more important for businesses to ensure they are well protected and have the right cybersecurity solutions in place. However, finding the right solutions at the right price can be a challenge for businesses, which is why many rely on independent B2B software review sites.

Expert Insights is a leading online platform that provides invaluable advice on business cybersecurity software solutions. The site has more than one million users a year, and each month more than 85,000 businesses rely on the reviews, advice, and buyers’ guides produced by the site’s researchers to help them find the best cybersecurity solutions to meet their needs so they can purchase with confidence.

Expert Insights regularly recognizes the leading companies and their products in its “Best-Of” awards. For the Fall 2022 Best-Of Awards, the huge range of cybersecurity solutions on the market was whittled down to 150 products in 41 different software categories, with the top 10 vendors in each category given a prestigious Best-Of award. The editorial team selected each product using several criteria, including the features of the products, how easy they are to use, customer satisfaction scores, and the company’s market presence, with each category also having its own specific criteria. Like the advice provided by Expert Insights, the selection of products in each category is not influenced by external factors, and each of the products included in the list is subjected to internal testing and analysis by Expert Insights’ in-house team.

TitanHQ is happy to announce that the company’s innovative cybersecurity solutions have been recognized in the Expert Insights Fall 2022 Best-Of Awards, with four TitanHQ products recognized in five of the cybersecurity categories.

The SafeTitan Security Awareness Training platform collected two Best-Of Awards in the Security Awareness Training and Phishing Simulation Categories, SpamTitan received an award in the Email Security category, WebTitan was recognized in the Web Security category, and ArcTitan received an award in the Email Archiving category. SpamTitan and ArcTitan were also rated top in their respective categories.

All TitanHQ solutions are provided through the best-in-class SaaS Cybersecurity Platform, which allows businesses to implement advanced, layered defenses to protect against a broad range of cyber threats including phishing, spear phishing, BEC, botnets, malware, and ransomware. The platform is also used by thousands of managed service providers to help their SMBs clients improve their security posture. All TitanHQ solutions are cloud-based, easy to implement, easy to use, and provide industry-leading protection at an affordable price.

“We are honored that TitanHQ was named as a Fall 2022 winner of Expert Insights Best-Of award for phishing simulation, email security, security awareness training, web security and email archiving” said TitanHQ CEO, Ronan Kavanagh.  “Our cloud-based platform allows partners and MSPs to take advantage of TitanHQ’s proven technology so they can sell, implement and deliver our advanced network security solutions directly to their client base”.

New WebTitan Cloud Release Gives Users New Functionality and Enhanced Security

On September 6, 2022, TitanHQ announced the release of a new version of WebTitan Cloud that gives users several new functions to add to the already industry-leading feature set, along with product improvements, security enhancements, and a new user interface.

TitanHQ welcomes feedback from users on new features they would like to see incorporated into its cybersecurity solutions. Previous requests from SMBs, enterprise, and MSP customers have been considered when making the latest product enhancements and adding new functionality.

New WebTitan Cloud Features

The key new features in the latest release of WebTitan have been added to improve security, provide easier access to important information through a suite of new reports, and improve protection for off-network users to better support hybrid working. WebTitan users also benefit from a new user interface that places important information at users’ fingertips.

Interactive Threat Intelligence Including DNS Data Offload

WebTitan Cloud now gives users the ability to list and download the DNS history, logs are available for download, and users can access all DNS data which will provide them with valuable insights. DNS data can be easily extracted to allow sophisticated integrations and advanced analyses, which support IT decisions and security planning and help with network troubleshooting.

New User Interface with Advanced Reporting

A new WebTitan Cloud user interface has been launched that makes accessing all features of WebTitan Cloud even more intuitive, with easy access to a new suite of advanced reports. Data visualization tools have been used to embed key data into the user interface to provide a clear view of important metrics to improve the user experience.

Improved Remote Workforce Protection

Many businesses have remote workers or operate under a hybrid working model. WebTitan Cloud protects all users, whether they are on or off the network. When off the network, the WebTitan Cloud On-The-Go (OTG) agent allows businesses to extend the network protections to workers, regardless of where they access the Internet. The latest enhancements vastly improve the WebTitan Cloud OTG agent for managing and monitoring off-network users, with the JSON Config filters for OTG devices replaced. It is also much easier to add and update exceptions for OTG devices through a simple, intuitive user interface.

DNSSEC Added to Enhance Security

The Domain Name System Security Extensions (DNSSEC) was created to enhance the security of the DNS. DNSSEC uses public key cryptography to strengthen authentication through digital signatures and verifies the origin and integrity of data during the DNS resolution process, helping to protect against attacks on the DNS such as DNS poisoning.

“This WebTitan release is hitting so many key pillars of success for TitanHQ. The data offload feature has been requested by many customers and creates real differentiation for our solution in the market. This coupled with our new advanced reporting were major requests from our MSP customers,” said TitanHQ CEO, Ronan Kavanagh. “Finally, security is at the heart of what we do and are, the addition of DNSSEC just continues to add to our credentials.”

The TitanHQ Cybersecurity Suite

WebTitan Cloud is part of TitanHQ’s best-in-class cybersecurity platform that also includes SpamTitan Cloud spam filtering, SpamTitan Plus phishing protection, ArcTitan email archiving, EncryptTitan email encryption, and the SafeTitan security awareness and phishing simulation platform. These solutions provide customers with layered defenses to block the full range of cyber threats and are used by more than 12,000 businesses worldwide for compliance and cybersecurity and have been incorporated into the service stacks of over 3,000 MSP partners.

If you haven’t used TitanHQ solutions or you are an MSP that has yet to incorporate TitanHQ products into your service stack, contact the TitanHQ team today. TitanHQ solutions are available on a free trial to allow you to see for yourself how easy they are to use and the benefits that come from TitanHQ’s layered defenses.

Relatively Simple Smishing Attack Compromised 130 Organizations

Phishing can take many forms and while email phishing is by far the most common way that threat actors phish for sensitive information and distribute malware, other forms of phishing are increasingly being used in attacks on businesses. Cybercriminals are taking advantage of the relatively poor defenses against SMS phishing – smishing. These attacks may be relatively low-tech, but they can be extremely successful.

Smishing involves making contact with targeted individuals via SMS messages. These attacks trick the recipient into clicking a link that directs them to a malicious website. That website may host a phishing kit that collects sensitive data such as login credentials. The website to which the user is directed spoofs a trusted company or may appear to be a website used by the targeted individual’s employer.

An alternate approach is to direct a user to a website hosting a malicious file, which provides the attacker with remote access to their device. If that device is a corporate-issued mobile phone, and single sign-on credentials are stolen, access can be gained to the corporate network. These attacks may be relatively simplistic and be sent in large campaigns to whatever phone numbers the attacker has procured, but some attacks are highly sophisticated and can defeat multi-factor authentication.

One of the most notable examples occurred this month and involved an attack on Twilio. Twilio is a provider of programmable communication tools for making and receiving phone calls and sending and receiving text messages, through its web service APIs. The smishing attack targeted Twilio employees and tricked them into disclosing their credentials, which allowed the attackers to access their accounts and also access the information of a limited number of its customers. The SMS messages themselves appeared to have been sent by the Twilio IT department and suggested the employees’ passwords had expired.

A link was included that employees could click to change their passwords, with the landing page created to mimic the one used by Twilio. Those URLs hosted the 0ktapus phishing kit, with the URLs including familiar words, such as Okta, Twilio, and SSO. The single sign-on credentials obtained in the attack allowed the attackers to gain access to multiple internal systems. They were then able to conduct attacks on 25 companies that used Twilio’s phone verification services and other Twilio services.

An investigation by researchers at Group IB revealed the attackers had successfully compromised more than 130 organizations and from those attacks, stole almost 10,000 sets of credentials, including 2-factor authentication credentials. Supply chain attacks were then conducted on downstream customers, including DoorDash, Digital Ocean, Mailchimp, and Klaviyo.

These attacks have been made much easier due to the reliance on mobile devices, especially with many companies having a hybrid workforce with many employees spending at least some of the working week at home. It is essential for security teams to implement security solutions that cover the mobile attack surface and to ensure that smishing and other types of phishing attacks are covered in employee security awareness training.

TitanHQ Announces Addition of Predictive Threat Detection to SpamTitan Plus

SpamTitan Plus from TitanHQ has the most extensive coverage of any anti-phishing product. It now also has enhanced predictive capabilities to block automated bot campaigns and personalized phishing URLs.  

In December 2021, TitanHQ launched SpamTitan Plus – the most advanced anti-phishing solution released to date. SpamTitan Plus is an AI-driven solution that independent tests have shown to have better coverage than any other anti-phishing product. SpamTitan Plus is fed massive clickstream traffic from more than 600 million endpoints worldwide and has 100% coverage of all current market-leading anti-phishing feeds. Users of the solution get significantly faster detection of phishing threats than any other solution. Independent tests have shown SpamTitan Plus delivers 1.5x more phishing detections than other leading products and up to 1.6x faster phishing detection than any of the current market-leading anti-phishing solutions. Every day, SpamTitan Plus blocks more than 10 million new, unique, never-before-seen phishing and malicious URLs, and it takes just 5 minutes from the detection of a new malicious URL for all users of the solution to be protected.

The solution rewrites all URLs and provides click time protection against malicious links. If a link is initially benign, which allows it to evade email security defenses, and is then turned malicious, most anti-phishing solutions would not block the threat. Click-time protection ensures SpamTitan Plus does identify and block the threat. SpamTitan Plus follows all redirects, identifies spoofed sites in real-time, scans for phishing kits and login pages, and prevents users from visiting malicious websites that are used for phishing and malware distribution.

TitanHQ has recently performed an upgrade of SpamTitan Plus to enhance its capabilities further still to significantly improve its predictive phishing threat capabilities. Phishers are constantly changing their tactics, techniques, and procedures to evade security solutions, and one of the new tactics is to use personalized URLs. Rather than use the same URL for each email in a phishing campaign, programmatically the URLs are made unique for each victim at the path or parameter level. Since each URL is unique, standard anti-phishing solutions are ineffective at detecting the URLs as malicious. When a URL is detected as malicious and is blocked for all users of the anti-phishing solution, they will not be protected as all other emails in the campaign use a different URL.

The latest predictive functionality added to SpamTitan Plus detects and blocks automated bot phishing campaigns and personalized URL attacks. “With predictive phishing detection, SpamTitan Plus can now combat automated bot phishing. At TitanHQ we always strive to innovate and develop solutions that solve real-security problems and provide tangible value to our customers. The end goal is to have our partners and customers two or three steps ahead of the phishers and cybercriminals’ said Ronan Kavanagh, CEO, TitanHQ.

The Key to Effective Security Awareness Training is Providing Training in Real Time

Want to improve the security awareness of your workforce? You will have the greatest success if you provide training in real-time in response to risks taken by employees.

You can implement a new email security solution to block more email threats, use a web filter for blocking web-based threats, and endpoint security solutions for detecting malware and compromised devices. Add in multifactor authentication to stop stolen credentials from being used to access accounts and you will be well protected. However, none of those security measures will block voice phishing for instance, and even with all those security measures, threats will still reach employees, albeit at a much-reduced level. It only takes one employee to respond to a single phishing email to give an attacker a foothold in the network, so security awareness training for the workforce should not be neglected.

Businesses can develop their security awareness training programs from scratch or purchase a training platform from a vendor such as TitanHQ. Training should teach the workforce security best practices, get employees to always stop and think before taking actions that have the potential to compromise security, and employees need to know the signs of phishing. However, to get the greatest benefit from your investment of money and resources, you need to deliver training at a time when it is likely to have the maximum effect.

Many businesses provide classroom-based training sessions as part of the onboarding of new employees, they may even follow up with annual refresher training sessions. Employees may take this training on board and pass end-of-course quizzes, but it doesn’t necessarily mean they will apply what they have learned on a day-to-day basis.

Providing training once a year may be effective at changing behavior in the month after the training session, but what about 11 months later? Bad practices are likely to creep in over time. You can provide annual or biannual training, but also be sure to provide more timely reminders about security. These can include monthly cybersecurity newsletters, and it is also useful to add a banner to external emails warning the user that the email has come from an external and less trustworthy source. A mail client add-on is also recommended to allow one-click reporting of suspicious emails to the security team – You need to make it as quick and easy as possible for employees to report potential threats.

It is also strongly recommended to use a training platform that delivers training in real-time in response to mistakes by employees. If you want to build a security culture, you should be running phishing simulations, and any failure should trigger immediate and relevant training. That training could be a 5-minute video related to the mistake that was made. This timely training is likely to be much more effective than waiting a few months to provide a general training session.

SafeTitan allows timely training to be provided, not just in response to clicks in phishing simulations, but also in response to other security errors. Real-time intervention training can be triggered in response to a risk taken by an employee. This is important as the employee may not even be aware they have engaged in risky behavior and will likely continue to take risks in the future if there is no intervention. With SafeTitan, administrators can configure the solution to automatically send training content, policy reminders, data regulations, and compliance standards to staff when they engage in risky cyber behaviors.

All SafeTitan training content is gamified, highly interactive, and enjoyable for employees, and can be accessed via a browser from anywhere. Since no module is longer than 10 minutes, training is easy to fit into even the busiest workflows. If you want to improve your security posture, ensure you train the workforce, but be sure to also provide real-time training to get the best return on your investment.

For more information about creating a human firewall using SafeTitan, give the TitanHQ a call. Product demonstrations can be arranged on request.

TitanHQ Recognized at the CompTIA UK Spotlight Awards

The Computing Technology Industry Association (CompTIA) has named TitanHQ as one of the finalists in the Innovative Vendor Award Category at this year’s CompTIA UK Spotlight Awards.

The CompTIA UK Spotlight Awards recognize individual and organizational excellence in the UK tech industry, with this year’s award winners announced on June 16, 2022, at the CompTIA UK Business Technology Community Meeting, in Bristol.

CompTIA is a not-for-profit trade association for the $5 trillion global information technology industry. CompTIA provides education, training, certifications, and philanthropy, and conducts valuable market research to support an estimated 75 million tech professionals who work in the IT sector. CompTIA stands for excellence and standards in the industry, and the annual CompTIA UK Spotlight Awards recognize companies and individuals who reflect that.

The awards span several categories, with the UK Innovative Vendor Spotlight Award recognizing CompTIA Corporate Member Vendors that operate in the technology sector who have demonstrated innovation or an innovative approach that has transformed their organization, a client’s organization, or the wider industry.

Inclusion in the list of finalists is recognition that a company has developed innovative solutions that are having a real impact on the business and are providing great benefits to companies of all sizes. While TitanHQ was not named the winner in the category this year, the company was runner-up and was “Highly Commended.”

Just a few weeks ago, TitanHQ was also recognized for being an innovative cybersecurity vendor by Expert insights, which included the company in the Expert Insights’ list of the Top 100 Most Innovative Cybersecurity Companies of 2022, and also collected no fewer than 5 Expert Insights’ “Best of” Awards for Email Security, Email Archiving, Web Security, Security Awareness Training, and Phishing Simulation.

Over the past 12 months, TitanHQ has enjoyed impressive growth, has made significant inroads into the US market, and has recruited a wealth of new talent to continue to drive growth and foster further innovation. Two new products have been launched that expand the company’s portfolio of cybersecurity solutions to provide even greater protection from online and email-based threats.

TitanHQ launched SpamTitan Plus to provide businesses with leading-edge protection against phishing threats – The number one cause of data breaches at businesses. The product provides unrivaled protection against zero-day threats and protects businesses from more than 10 million new phishing URLs every day. The product has 100% coverage of all current market-leading anti-phishing feeds, which translates into 1.5x faster unique phishing URL detection, 1.6x faster phishing detection than the current market leaders, and just 5 minutes from initial detection at any of 600 million+ endpoints worldwide to protecting all users of the solution.

Protecting against phishing and other cyber threats requires a defense in-depth approach, that should include technical safeguards and end user training. TitanHQ now offers comprehensive security awareness training for businesses through the SafeTitan Security Awareness Training Platform. SafeTitan is the only behavior-driven security awareness training that delivers relevant training in real-time in response to user actions, ensuring training is delivered to the people who need it in real-time when the training is most likely to be taken on board. The platform also includes a phishing simulation platform with hundreds of templates based on real-world threats.

These solutions join SpamTitan Email Security, WebTitan DNS Filtering, ArcTitan Email Archiving, and EncryptTitan Email Encryption. For further information on these solutions, to book a product demonstration, or to sign up for a 100% free trial of any TitanHQ solution, give the TitanHQ team a call today.

TitanHQ Appoints Top IT Channel Veteran Tom Watson as Channel Chief

TitanHQ has announced the appointment of Tom Watson as the company’s new Channel Chief. Tom is an IT channel veteran with extensive experience in the MSP market, having previously served as Channel Chief at Grade A vendors such as NinjaOne and Axcient, has been a vendor evangelist for a swathe of tech companies over the past 24 years, and has owned and operated an MSP business and has previously worked as a network engineer.

Tom will be based at TitanHQ’s U.S office in Shelton, Connecticut, and will be working alongside another top IT channel veteran, Jeff Benedetti, who was recently appointed TitanHQ VP of Sales. Tom was appointed to help maintain TitanHQs incredible growth in the US MSP market, where there has been a huge demand for TitanHQ’s MSP services. Tom has been tasked with managing TitanHQ’s MSP tradeshows, roadshows, and webinars and will oversee the company’s new MSP partner program.

TitanHQ has been providing MSPs with innovative technology solutions for more than 2 decades, with the current product portfolio recently expanded to include an industry-leading email security solution – SpamTitan Plus, an email encryption solution – EncryptTitan, and security awareness and phishing simulation platform – SafeTitan. These recently introduced solutions join the award-winning SpamTitan Email Security, WebTitan DNS Filtering, and ArcTitan email archiving solutions.

TitanHQ solutions are delivered through an MSP-centric platform, which allows MSP partners to generate recurring revenues through the sales of TitanHQ solutions to SMBs, and scale and effectively manage their own businesses. The products have been developed from the ground up to meet the needs of MSPs and have proven to be a huge hit due to their ease of implementation, ease of use, and seamless integration into MSPs’ service stacks. TitanHQ solutions are now relied on by more than 8,500 businesses worldwide and are used to protect the clients of more than 2,500 MSPs against malware, ransomware, botnets, phishing, spear phishing, and other cyber threats.

“I’ve wanted to work for a rising cybersecurity company for quite a while now. Here I know I can use my skills and understanding of MSP operations, sales, and marketing to help MSPs succeed. Working together with TitanHQ we can give MSPs everything they need to provide quality cyber services to their clients,” said Tom. “TitanHQ already has a fantastic offering. You’ll be hearing me talk about that in the future. For now, I think it’s more important to highlight the commitments TitanHQ has made to the channel. This is a company that is 100% dedicated to making sure they serve the MSP community.”

Toms’s views are shared by all members of the leadership team at TitanHQ, who are excited about the appointment. “As we continue to further expand into the North American market, introducing industry experts like Tom to our team is vital to allow us to continue to partner with MSPs looking for best in class cybersecurity solutions,” said TitanHQ CEO, Ronan Kavanagh. “We are thrilled to welcome Tom to the team, his wealth of experience working with the MSP sector will serve us well as we continue on our growth journey.”

“For over 20 years TitanHQ has worked with MSPs to develop best in class, advanced, and highly innovative cybersecurity solutions. We pride ourselves on the sophisticated yet easy-to-manage offerings we bring to the market,” said TitanHQ Marketing Director, Dryden Geary, Marketing Director, Bringing Tom on board is yet another leap to allow us to offer the best service to the MSP market.”

ArcTitan Awarded Best In Class Award by Expert Insights

TitanHQ has been awarded a best in class award by Expert insights for ArcTitan Email Archiving, in a haul of 5 awards at the Expert Insights’ Spring 2022 Best-Of awards.

Email archiving is important for compliance with state, federal, and industry regulations for data retention, allowing vast numbers of emails to be searched in seconds and recovered on demand. The solution works seamlessly with Office 365, offering several key benefits over the native Office 365 email archiving feature, including enhanced search and storage, simplified archiving, and a greatly reduced management overhead.

ArcTitan users have reviewed the product on the Expert Insights website and praised the solution for its speed, scalability, ease of use, and the lack of storage limits, with one of the most common plus points from userd being the price of the solution. The solution was ranked top in a group of 10 email archiving solutions at the Expert Insights Spring 2022 Best-Of Awards.

It was not just ArcTitan that was recognized as best in class. TitanHQ’s email security solution,n SpamTitan, ranked 1st in the Best Email Security category, with WebTitan DNS Filter ranking second in the Web Security category. It didn’t end there, as the latest addition to the TitanHQ product portfolio, SafeTitan Security Awareness Training, collected two Best-Of awards in the Security Awareness Training and Phishing Simulation categories.

Expert Insights is an important resource for IT professionals and business owners which helps them make the right purchasing decisions. The site provides valuable insights into the best B2B solutions on the market, provides technical reviews and analysis, editorial buyers’ guides, industry analyses, and other valuable content. The site is visited by 80,000 individuals each month.

These awards recognize the continued excellence of the providers in these categories,” said Joel Witts, Expert Insights’ Content Director. “Each of the services recognized in our awards are providing in many cases an essential service to their users, driving business growth, securing users in a challenging cybersecurity marketplace, and massively improving business efficiency.” 

The awards come after a quarter that has seen TitanHQ beat several growth records, especially in the United States. A new U.S. office has been set up to handle the increase in enterprise, SMB, and MSP customers, and this year has seen an additional 12 strategic hires in North America which is helping to continue to drive the impressive growth.

“The recent pandemic and the growth of remote working initiatives have further highlighted the need for multiple layers of cybersecurity and our award-winning solutions form key pillars in this security strategy. We will continue to innovate and provide solutions that MSPs can use to deliver a consistent, secure and reliable experience to their customers,” said TitanHQ CEO Ronan Kavanagh.

Benefits of a Security Aware Workforce

Technical defenses are essential for preventing cyberattacks, but many attacks target employees and will bypass those defenses. Having a security-aware workforce can be the difference between just another normal business day and the permanent closure of your business. 60% of small businesses permanently close within 6 months of suffering a cyberattack and data breach.

Ensure your technical defenses are up to scratch…

2021 was another record-breaking year for cyberattacks. A 2022 Check Point Research report shows there was a 50% increase in cyberattacks in 2021 compared to 2020 and more than 60% of businesses have now suffered at least one type of cyberattack. Last year, cyberattacks on businesses were occurring at a rate of one every 39 seconds!

Cyber threat actors use a variety of techniques to gain access to business networks, including brute force attacks to guess weak and default credentials, and unpatched vulnerabilities in software and operating systems are exploited, but phishing remains the number one security threat. It is vital for security to implement technical measures to protect against email attacks. The best defense is an advanced email security solution with machine learning technology that is able to predict new attacks and block phishing emails from IP addresses that have not previously been used for malicious purposes. The email security solution should also provide protection against all known malware threats, but also include protection against zero-day malware attacks through sandboxing. SpamTitan from TitanHQ has these features and blocks the vast majority of malicious emails.

…but don’t neglect security awareness training for the workforce

As good as SpamTitan is at detecting and blocking threats, some malicious emails will inevitably be delivered. No email security solution will block all threats without also blocking an unacceptable number of genuine emails. The aim of email security software is to reduce the volume of threats that reach inboxes. Technical defenses will not eliminate threats entirely.

Your technical defenses need to be complemented with human defenses. If your employees are not trained on how to recognize threats, they are likely to be fooled if a threat lands in their inbox. That is especially true for targeted attacks such as spear phishing, where messages are sent to a select group of employees and the emails are carefully crafted to maximize the chance of a response. The emails masquerade as typical business emails, and they often include the logos and color schemes of trusted brands and can be difficult to identify if you don’t know what to look for, If an employee responds to a phishing email and opens an attachment, malware would likely be installed. Employees could be tricked into clicking a hyperlink and visiting a malicious website where their credentials are harvested, which would give the attacker access to the email environment and sensitive data and provide a springboard for a more extensive attack on the organization.

Many businesses invest in email security defenses and other cybersecurity solutions, only to neglect the human element. Some provide cybersecurity training during the onboarding process but then never again, or provide annual refresher training sessions, but such infrequent security training is no longer sufficient given the current threat level.

To create a formidable human firewall, training must be provided and regularly be reinforced. You also need to check whether the training has been effective. Some employees may require multiple training sessions to learn the skills to be able to recognize email threats. The best way to do this is through phishing email simulations. Through regular training and simulations, the risk of a successful cyberattack can be greatly reduced.

To help address this common gap in security, TitanHQ has launched the SafeTitan security awareness training platform. SafeTitan is the only behavior-driven security awareness platform that delivers training in real-time and helps businesses significantly improve their defenses against social engineering and advanced phishing attacks. If you have not provided training to your workforce, or if you are not conducting phishing simulations, take a look at SafeTitan and start working on your human firewall today.

Security Awareness Training Added to TitanHQ Portfolio with Cyber Risk Aware Acquisition

TitanHQ, the leading cybersecurity SaaS business, has announced its acquisition of Cyber Risk Aware. Established in 2016, Cyber Risk Aware is a global leader in security awareness and mitigation of human cyber risk, assisting companies to help their staff protect the company network.

Cyber Risk Aware delivers real-time cyber security awareness training to staff in response to actual staff network behavior. This intuitive and real-time security awareness training reduces the likelihood users will be impacted by the latest threats such as ransomware, BEC attacks, and data breaches, whilst also enabling organizations to meet compliance obligations.  Leading global businesses that trust Cyber Risk Aware include Standard Charter, Glen Dimplex, and Invesco.

The acquisition will further bolster TitanHQ’s already extensive security offering. The combination of intelligent security awareness training with phishing simulation and TitanHQ’s advanced email protection, DNS security, email encryption, and email archiving solutions create a powerful, multi-layered cybersecurity platform that secures end users from compromise. This is the go-to cybersecurity platform for IT Managed Service Providers and internal IT teams.

“This is a fantastic addition to the TitanHQ team and solution portfolio. It allows us to add a human protection layer to our MSP Security platform, with a fantastic feature-rich solution as demonstrated by the high-caliber customers using it. Stephen and his team have built a great company over the years, and we are delighted to have them join the exciting TitanHQ journey.” said TitanHQ CEO Ronan Kavanagh.

Stephen Burke, CEO of Cyber Risk Aware, commented: “I am incredibly proud that Cyber Risk Aware has been acquired by TitanHQ, cybersecurity business that I have greatly admired for a long time. Today’s announcement is fantastic news for both our clients and partners. We will jointly bring together a platform of innovative security solutions that address the #1 threat vector used by bad actors that cause 99% of security breaches, “End User Compromise”. When I first started Cyber Risk Aware, my aim was to be the global security awareness leader in delivering the right message, to the right user at the right time. Now as part of TitanHQ, I am more excited than ever about the unique value proposition we bring to market”.

The solution is available to both new and existing customers and MSP partners at and is now branded as SafeTitan, Security Awareness Training. Cyber Risk Aware existing clients are unaffected and will benefit from improvements in the platform in terms of phishing sims content and an exciting, innovative product roadmap.

For more information on TitanHQ’s new Security Awareness Solution, visit

EncryptTitan: Secure and Easy Email Encryption for Businesses

Email encryption for businesses is important to prevent the accidental exposure of sensitive information and to protect against the interception of data in transit. When an email is sent, there are stopovers on the way from the sender to the recipient. There is the device where the email originates, the company email server, the recipient’s email server, and the recipient’s device. Emails can be intercepted at any of those points, and the sender and receiver would be none the wiser. Emails can also be intercepted in transit and altered in a man-in-the-middle attack, again without the knowledge of the sender or the receiver.

If an email is sent requesting a change to a fantasy football team, encryption is perhaps overkill, but financial reports, password resets, proprietary company information, and sensitive employee data are often sent via email. The interception of those messages could be highly damaging to a business. Individuals can easily lose trust in a company if mistakes are made, and loss of reputation is very hard to recover from. The exposure of sensitive information can also have severe financial consequences for a business.

Due to the sensitive nature of email data, hackers target unencrypted email and mail servers. One notable example is the hacking of Sony Pictures in 2014 when North Korean hackers compromised a mail server and gained access to highly sensitive emails. The hack reportedly cost the company several million dollars to resolve (estimates range from $15 million to $100 million), damaged the company’s reputation and was a major cause of embarrassment.

If you want peace of mind that your emails cannot be intercepted in transit and can only be read by the intended recipient, you need to use email encryption. Secure and easy email encryption for businesses is vital. Businesses need to protect their email communications but do so in a way that does not affect employee productivity. If encrypting emails is time-consuming, employees may end up sending their emails without encrypting them.

Modern email encryption for businesses is virtually invisible. Virtually all the complicated business of encrypting emails takes place behind the scenes and is seamlessly applied to email communications. The productivity of users is not affected, yet emails are fully protected in transit with end-to-end encryption to ensure that only the intended recipient can view messages.

Introducing EncryptTitan from TitanHQ

EncryptTitan was developed by TitanHQ to make email encryption for businesses simple. EncryptTitan is a full-featured, 100% cloud-based email encryption solution for MSPs and enterprises that allows information to be securely transmitted via email without fear of interception in transit. EncryptTitan ensures emails and attachments can only be opened by the intended recipients. EncryptTitan protects your organization and ensures compliance with legal, state, and federal privacy regulations, and is quick and easy to set up and use.

Key Features of EncryptTitan Email Encryption for Businesses

  • 100% cloud-based solution requiring no hardware
  • End-to-end encryption of emails
  • TLS for protection with multiple layers of security
  • Ultimate scalability
  • Data Loss Prevention to prevent the sharing of unsecured data
  • Automatic encryption of emails containing user-specified keywords
  • Compliant with legal requirements for sending sensitive data
  • Compatible with all email environments
  • Message expiry after a user-defined period
  • Quick and easy recall of messages
  • Automatic attachment encryption
  • Automatic encryption of replies to emails
  • Easy integration with Office 365
  • Outlook plugin with one click option of whether to encrypt emails
  • MSP friendly email encryption to seamlessly add to your security stack

If you want to improve email security, prevent the interception of business emails, and prevent costly email data breaches, give the TitanHQ team a call or click here to arrange a product demonstration.

European & US Banks Under Attack from SharkBot Android Banking Trojan

SharkBot, a new Android banking Trojan, has been discovered in campaigns created to steal money from bank accounts and cryptocurrency services in locations including the United States, United Kingdom, and Italy, and targets 27 financial institutions – 22 banks and 5 cryptocurrency apps.

This new Android malware is different from other mobile banking Trojans due to its use of an Automatic Transfer System (ATS) tactic that enables the bypassing of multi-factor authentication measures and automates the stealing of money from victims’ accounts. This does not require any human input as SharkBot auto-completes fields required for completing financial transactions.

SharkBot can capture text messages, such as those sending financial institution multi-factor authentication codes, and can mask those SMS messages to make it seem as if they were never received. SharkBot can also conduct overlay attacks, where a benign pop-up is shown over an application to fool a user into performing tasks, such as alocatting access authorizations. SharkBot is also a keylogger and can capture and exfiltrate sensitive information such as details to the hacker’s command and control server and bypasses the Android doze component to ensure it stays logged on to its C2 servers.

During the configuration process, the user is bombarded with popups to allocate the malicious app the permissions it requires, with those popups only ending when the user shares the required authorizations, such as enabling Accessibility Services. When the malicious app is downloaded, the app’s icon is not shown on the home screen. Users are stopped from removing the malware via settings by abusing Accessibility Services.

The ATS technique deployed by the malware allows it to redirect payments. When a user tries to complete a financial transaction, information is auto-filled to direct payments to an hacker-managed account, with the recipient being aware of it.

The malware was examined by experts at Cleafy, who identified no similarities with any other malware strains. Since the malware has been created from scratch, it currently has a low detection rate. The experts believe the malware is still in the initial stages of development, and new capabilities could well be added to make it even more dangerous.

One of the main issues for developers of malware attacking Android devices is how to get the malware downloaded on a device. Google carries out checks of all apps available before including them in the Google Play Store, so getting a malicious app on the Play Store is tricky. On occasions when they do make it to the store, Google is quick to identify and delete malicious apps.

SharkBot has been witnessed pretending to be a range of apps such as an HD media player, data recovery app, and live TV streaming app, which is delivered via sideloading on rooted devices and by using social engineering tactics on compromised or hacker-owned websites to trick victims to install the fake app.

SharkBot is able to avoid detection and analysis, such as obfuscation to hide malicious commands, by virtue of downloading malicious modules once it has been installed, and by encrypting all communications between the malware and the C2 servers.




Scampage Tools & Brand Phishing Attacks Alert Warning Released

An official warning has been issued by the Federal Bureau of Investigation (FBI) in relation to a spike well known brand being used in spear phishing attacks, focused on tricking people to hand over sensitive data or download malware.

The campaigns work by leveraging the trust that is placed in well-known brands in order to make them complete an action. Typically they include the actual logo of the targeted brand in the same format as real messages from the company. However, they will include links that take those who click on them to a malicious web portal. These web portals will attempt to steal sensitive data. 

Hackers sell scampage tools on the dark web that will allow other hackers to operate successful phishing campaigns. The FBI has confirmed that the scampage tools in question have the ability to spot if a person is their email address as their login ID for a web platform. If this is detected the user is sent to a scam page with the same email domain. The user is then asked to share their login credentials that the hacker can use to access the victim’s email. This in turn allows hackers to receive 2-factor authentication codes, thus rendering this security method useless. With 2FA codes, the cybercriminal can obtain access to accounts and make changes, including updating passwords to lock users out of their accounts or altering security rules before the owner of the account can be alerted.

The FBI release said: “Much like the threat with ransomware-as-a-service, this type of product-as-a-service distribution of scampage and credential harvesting tools presents an increased nationwide risk to private sector businesses and their consumers. Brand-phishing email campaigns and scampage tools that help bypass 2FA security measures represent another aspect to this emerging cyber threat.”

In order to prepare for an attack like this, companies must configure an advanced spam filtering solution to prevent phishing emails and stop them from landing in employee inboxes. Password policies should be set up that make strong passwords mandatory, and reviews carried out to police this and root out commonly used or weak passwords cannot be created on accounts. Employees should be warned to never use passwords on multiple accounts and to see to it that all company accounts have 100% unique passwords. Security awareness training should be conducted for all staff members to make them aware of email security best practices and how to spot  phishing emails and other scams.

Due to the spike in the use of scampage campaigns, all staff members should create a unique username for an account that is not connected to their main email address. 2-factor authentication should be enabled if it is available, and where possible, a software-based authenticator program or a USB security key should be in place as the second factor. 


900% in Ransomware Attacks During First Six Months of 2021

2021 has borne witness to a massive spike in the number of ransomware campaigns being initiated.

According to research data produced by CybSafe‘s, there has been a 900% growth in this type of attack during the first half of 2021 when compared with the same time period from 2020. In tandem with this there has also been significant increases in cost of the cybersecurity required to keep organization safe from this type of attack and the cybercriminals have also been demanding larger ransoms be paid in order to release the locked data.

So far in 2021 there have been major ransomware attacks on many healthcare service providers, including the Health Service Executive, resulting in concerns related to the impact this might have on the provision of patient care. The attack in Ireland took place after one person replied to an email from the Conti ransomware group, allowing them to encrypt files. Recovery of the files took up to nine months, however it is not believed that the $20m ransom demand was met.

There has been a measure of success in relation to holding ransomware groups to account for their crimes. The U.S. government has elevated this type of crime to the same status as that of terrorist attacks and dedicated more manpower to dealing with them. Some Of The success encountered so far include:

  • Taking down the REvil ransomware infrastructure
  • Dismantling the Darkside operation and BlackMatter
  • Arresting suspected members of the Clop ransomware group

Additional in Europe authorities apprehended twelve people believed to be working on the LockerGoga, MegaCortex, and Dharma ransomware campaigns. These successes will have an impact in the short term but it will not be long before some group, or new strain of ransomware, fills the vacuum that has been created. This is why steps are required in order to address the potential for organizations being infiltrated by the cybercriminals responsible. 

Companies face a daunting challenge to protect themselves from attacks like this due to the wide variety of tactics that hackers can use. The starting point should be ensuring that phishing emails are being tackled head on as they are the point of origin for the vast majority of ransomware attacks. This email will be used to deploy malware or steal the credentials needed to access corporate networks and databases.

A cybersecurity solution like SpamTitan will route out malicious messages and stop them from landing in the inboxes of unsuspecting staff members. While staff training can help it will always need to be backed up with a technical solution like this. SpamTitan, for instance, completes an in-depth analysis of all email content and can spot malicious links and email attachments which will be placed in a quarantine folder where they can be reviewed. This means security teams can see how these types of threats are aiming to take advantage of the organization. Additionally, it means that false positives to be identified so filtering rules can be amended appropriately. This solution uses dual antivirus engines, sandboxing that allows suspicious attachments to be analyzed to identify new malware strains, and machine learning technology to ensure that spam filtering learns more the longer that it is used.

In the background, a huge variety of reviews and controls see to it that malicious messages are removed. Managers can control this via a clean, easy-to-use interface that requires no technical skills to navigate and use. All information and controls are simple to learn and control.

Contact the TitanHQ team now to find out more about using this solution.TitanHQ solutions can be trialled for free.


Chromium-Based Web Browsers Vulnerable to Updated Magnitude Exploit Kit

After they were first created during 2006, exploit kits have evolved into the main weapon of choice for automated malware delivery.

These kits are composed of programs that can be installed on web portals in order to identify and take advantage of recognised vulnerabilities. This takes place when a browser comes onto the portal and triggers a scan by the exploit kit to identify specific software vulnerabilities that have yet to be addressed with an update or patch. Once this is found the exploit kit will be able to install a malware payload without any further interaction from the browser. 

This method of attack was widely witnessed from 2010-2017, after which the use of this method dropped somewhat. However they are still very much an active threat when it comes to cybersecurity. Some of the best-known exploit kits are constantly refreshed to add new exploits for known vulnerabilities. In recent times these kits have been mainly deployed in order to install malware that can activate ransomware. One of these is the Fallout exploit kit that was used to share Maze Locker ransomware, and the Magnitude EK which was deployed to spread ransomware in the Asia Pacific region from 2013 onwards. 

Typically, exploit kits are placed on authentic web portals that have been hacked, in addition to malicious hacker-owned websites laced with malware. Due to this it can be the case that someone visits these web portals without realizing it.

One of the most popular kits currently is the Magnitude EK. Previously it was only deployed on Internet Explorer. Recently it has been discovered that the exploit kit has now been updated to be installed using Chromium-based web browsers on Windows PCs.

Anti-virus expert group Avast has revealed that the Magnitude EK has recently added two new exploits. One aimed to take advantage of a vulnerability in Google Chrome – CVE-2021-21224 – and the other focused on the Windows kernel memory corruption vulnerability labelled CVE-2021-31956. A cybercriminal could obtain system privileges using the remote code execution vulnerability Google Chrome bug or the Windows bug that allows bypassing the Chrome sandbox.

Google and Microsoft have made patches available to mitigate these vulnerabilities. The onus is on users to run these updates. If not it will only be a matter of time before Magnitude EK takes advantage of the weaknesses to install malware. For businesses an additional layer of cybersecurity to prevent this type of attack would be using a web filter. These are similar to spam filters in that they stop malware delivery from malicious websites and are one of the strongest anti-phishing measures you can use.

WebTitan, one of the best web filters available, was created by TitanHQ to keep companies safe in the face of these cyberattacks and manage web access levels for office-based and remote workers – a key feature for tools designed to prevent browsers visiting malicious websites. This web filter solution is DNS-based and is very straightforward to configure, so much so that it is in operation on the databases of more than 12,000 companies and MSPs to complete tasks for content filtering, malware prevention and to provide an extra obstacle for phishers.

In order to enhance your cybersecurity protection measures with WebTitan and block malware contact the TitanHQ experts as soon as you can. There is also a 100% free 14-day trial for you to avail of so you can test the solution in your own environment.


Spam Emails Spreading Squirrelwaffle Malware Loader


Squirrelwaffle, a new strain of malware that is being distributed using spam email messages, has been discovered in the last six weeks.

The disabling of the Emotet botnet last January 2021 created a vacuum within the malware-as-a-service market, a gap that a number of malware strains have attempted to take advantage of. Squirrelwaffle boasts similar capabilities to the Emotoet banking malware. Squirrelwaffle allows threat actors to gain a foothold in networks, which the operators of the malware can abuse. However, the access is being sold to other cybercriminals.

A review of this campaign has indicated that it is being leveraged to download Qakbot and Cobalt Strike. However, there is nothing to suggest that these are the only two malware strains that are being delivered by this malware. The Squirrelwaffle emails feature a hyperlink to a malicious website which is used to download a .zip file that includes either a .doc or .xls file. The Office files contain a malicious script that will install the Squirrelwaffle payload.

The Word documents implement the DocuSign signing service to trick recipients into enabling macros, stating that the document was set up with an older version of Microsoft Office Word so the user must “enable editing” then click “enable content” to access the contents of the file. Doing so will run code that will install and execute a Visual Basic script, which downloads the Squirrelwaffle payload from one of 5 hardcoded URLs. Squirrelwaffle is sent as a DLL which is then executed when downloaded and then silently places Qakbot or Cobalt Strike on the device/network, which will allow constant access to compromised devices.

As happened with the Emotet Trojan, Squirrelwaffle can take over message threads and insert malware. As replies to authentic messages are sent from a legitimate email account, a reply to the message is more likely. This attack method was very successful for the Emotet Trojan. In most cases, the attacks take place in English; however, security experts have discovered emails in different languages such as French, German, Dutch, and Polish.

Due to the similarities with Emotet, it is likely that those responsible for the deactivated botnet are trying to make a comeback. However, it is possible that this is an attempt by unrelated threat actors to fill the market vacuum that was created when Emotet was taken down. At present, the malware is not being distributed to the same extent that Emotet was but that may change in the near future. 

The best way to protect devices and servers from an attack like this is to configure email security measures to block the malspam at source and see to it that the malicious messages do not land in inboxes. It is important to implement a spam filtering solution that also scans outbound emails to identify compromised devices and stop attacks on other employees and business contacts from corporate email accounts.

Making Hotel Wi-Fi Safe & Easy to Use


Hotel guests tend to take Wi-Fi security as a given when they are staying overnight. However, if there is no secure connection in place, anyone using the network could be in danger of leaving themselves exposed to malware infection or another type of cyberattack. A cloud-based web content filtering solution mitigates the risk of a guest inadvertently downloading malware onto their own device and also protects guests from being exposed to inappropriate website content on other guests´ mobile devices.

it should not be taken for granted by guests that Wi-Fi is secure. Research will inform the speed and reliability of the network that each hotel is offering, and any checks should also determine if they offer a filtered Internet service. Every hotel offers some level of Wi-Fi but a lot of these solutions are not completely secured Wi-Fi networks. Hotel Wi-Fi can be very susceptible to cyberattacks and malware installations. It is crucial that hotels put in place enterprise cloud-based web filtering and limit the websites that guests are allowed to access.

There are five steps that hotels should take to see to it that the Wi-Fi they are providing for their guests is fully secure.

  • Step 1: Configure cloud-based content filtering: This should be the foundation that hotel Wi-Fi is built upon. This can be implemented for a reasonable level of investment. and there are many different cloud-based web filtering solutions that will allow you to send all of your traffic through their filtering system.  A solution such as WebTitan can prevent access to malware and credential phishing web portals.  The majority of cloud-based filtering solutions incorporate a malware gateway that checks all web traffic for malicious code threats. Another advantage is that these solutions can be utilized to prevent access to certain website categories. This can be implemented using a simple web GUI interface using your web browser.
  • Step 2: Make Wi-Fi security stronger: The reputational damage that unsecured internet access can inflict is massive and can be tricky for businesses to come back from. A hotel or campsite will not be able to state that they are a family-friendly establishment if they permit pornography or illegal websites to be viewed using their Wi-Fi network. Corporate guests must be happy that they can safely access sensitive data. 
  • Step 3: Configure a cloud-based content filter: This will result in the provision of a secure Wi-Fi service that allows guests to browse safely online by forbidding inappropriate content from being loaded. It requires NO software installation and NO need for technical expertise to set up or manage customer accounts. You set up new accounts easily and manage any number of hotels.
  • Step 4: More Secure Wi-Fi is faster Wi-Fi: Cloud-based web filtering for malware and ads not only makes the hotel network safer, but it also boosts network speed by cutting the amount of data that is being shared.  With WebTitan Cloud for Wi-Fi, web access policy can be configured for each Wi-Fi access point. This can be a competitive advantage for hotels that are marketed to families. Parents can be happy that their children are using the web in a safe environment. Cloud-based web filtering allows hotels the chance to create tiered Wi-Fi services. 
  • Step 5: Guide your guests to use Wi-Fi: Ensure that your guests are aware of the correct name of your Wi-Fi network. Provide a secure login page for entering credentials: The “https://” prefix ensures the login page is encrypted to protect guests’ personal information. Hotels can exercise total control over Internet content by using WebTitan, a cloud-based web content filtering solution.

WebTitan is a cloud-based web filter solution that can be used by every kind of hotel that comes with flexible controls. To discover more about the advantages of WebTitan Cloud based filtering for Wi-Fi call the TitanHQ team now.




Lots of Awards for TitanHQ at Expert Insights Annual Awards

TitanHQ’s products have ranked No1 in their respective categories by Expert Insights for the Fall 2021 Best-of Cybersecurity Awards.

This means that TitanHQ has now completed a clean sweep and headed the list for Best Email Security Gateway, Best Web Security Solution, and Best Email Archiving Solution for Business for two years running. Additionally the Best Email Security Solution for Office 365 category was won by SpamTitan.

Ronan Kavanagh, TitanHQ CEO commented on the achievement saying: “TitanHQ are proud to have received continued recognition for all three of our advanced cybersecurity solutions. As the threat landscape continues to be a significant risk to organizations across the globe, we are dedicated to continuous innovation to provide consistent, secure, and reliable protection to our customers”. The annual awards aim to award the best cybersecurity and their solutions, with the winners chosen after taking into account industry recognition, customer feedback, and research conducted by its editorial team and independent technical specialists.

Expert Insights is a recognized online cybersecurity publication and industry analyst that has technical and editorial teams in both the United States and United Kingdom. The publication covers cybersecurity and cloud-based technologies, and its website is used by more than 80,000 business owners, IT admins, and others each month to research B2B solutions. Expert Insights produces editorial buyers’ guides, blog posts, conducts interviews, and publishes industry analyses and technical product reviews from industry experts.

SpamTitan Email Security and WebTitan Web Security were both recognized for their powerful threat protection, and along with ArcTitan Email Archiving, were praised for ease-of-use, cost-effectiveness, and industry-leading technical and customer support.

The high standard of threat protection, simplicity-of-use, and competitive pricing of the solutions are just some of the factors that make TitanHQ the leading provider of cloud-based security products solutions for managed service providers currently on the SMB market. These factors have resulted in the TitanHQ product range being marked as the gold standard for SMBs looking to enhance security and make compliance easier.

Cyberattacks: MSP Guidance

Cyberattacks: MSP Guidance

One of the main focuses of cybercriminals in recent times has been on infiltrating the databases of MSPs. This is due to the large customer base that the cybercriminals are hoping to access and the high probability of these customers having valuable data on their servers. 

So it has become very important for MSPs to be aware of how they should address the risk of cyberattacks focusing on their databases. Here are three of the best ways:

1. Cybersecurity Training

MSPs are vulnerable to phishing attacks that aim to trick staff members into installing ransomware and other types of malware attacks.  If infiltrated, staff accounts can be used to turn off security monitoring tools and permit cybercriminals to access the databases that hold client information without being noticed.  Other things that can be completed include changing security settings, local firewalls, and other services.  

MSPs should be conducting cybersecurity awareness training for all members of staff to address this point of attack. Phishing simulations are a smart move so staff can see what is happening in real-time.

2. Cybersecurity Solutions

The massive amount of enterprise cybersecurity solutions to consider for MSPs can be daunting, so it is crucial to recognize what your organization needs. Using TitanHQ’s cybersecurity suite across your group will allow MSP to use the group’s know-how in order to sell, implement and deliver advanced network security solutions such as SpamTitan and WebTitan to their client base and provide a product that their client will be safe and secure with.  These solutions are provided via the cloud-based which means they can be controlled remotely for workers who travel or are based away from the main office(s).

3. Cybersecurity Audits

A risk assessment is necessary to spot, review and assess any danger that may be present in relation to cybersecurity, particularly vulnerabilities in the existing cybersecurity defenses that a group has in place.  A risk assessment should include:

  • Listing the network area that is most likely to be targeted in a cyberattack
  • Evaluate the dangers, specifically, to these areas
  • Prioritize the importance of addressing each vulnerability 

Doing this will allow a group to see how the MSP must be sure that cybersecurity is enhanced as much as possible to prevent a cybersecurity incident from taking place. SMEs need to find the right happy medium between how much they can reasonably invest in cybersecurity and the minimum level of safety that they need to keep their customers safe.

An audit should be completed at least once annually by an MSP in order to see to it that a secure cybersecurity system is in place for its customers. After identifying potential vulnerabilities, these should be mitigated to prevent hackers from taking advantage of them.  Doing so will provide MSP personnel valuable experience that they can then use to assess their clients.  

If you would like to find out more about adding TitanHQ MSP Security to your offering, get in touch with us now so that we can discuss safeguarding your organization, and your clients from cybercriminals.


Advantages of an Email Archiving Solution for Exchange

The importance of email archiving in today’s business world is undeniable, but many businesses may be questioning why a third-party email archiving solution for Exchange is far superior to using the Exchange archiving feature.

The term archive refers to ‘a collection of information that is permanently stored and unalterable.’ Archives are necessary for all businesses to comply with regulations and in the case of litigation, although the degree to which they are necessary depends on the sector the business operates in, with archives essential in highly regulated industries. 

The terms “backup” and “archive” shouldn’t be confused with one another. The purpose of a backup is to restore entire mailboxes in the event of data corruption or loss. It is also worth noting that backups are overwritten with more recent information as time progresses. In contrast, archives preserve data in its original form for longer periods of time. In contrast to backups, archives can easily be searched to identify and recover individual emails.

Why Archiving is Necessary for Businesses

By moving emails to archives, you are helping to limit the amount of data storage needed for mailboxes and that will help to improve the performance of your mail server. A good archiving solution can also help pinpoint the source of data leaks or even security breaches; however these are side benefits.

Archiving is necessary for regulatory compliance and as a repository of information to meet eDiscovery requirements, which is a legal requirement in many countries. eDiscovery is defined as the process of obtaining electronically stored information for use in litigation. This is not only restricted to email. For example, Word and Excel files on your server may also need to be produced in the event of litigation.

Without archives in place, the cost of eDiscovery can be huge. It would, in fact, require the analyzing of each computer in the company to find emails and searching for emails by restoring data from backups, provided of course that backups exist. The search and organizational aspects of archiving are invaluable. In the Nortel Networks executive criminal case, the prosecution delivered 23 million pages of electronic records. Ontario Superior Court Justice Cary Boswell understandably described this as an “unsearchable morass” and requested the prosecution to organize the information and re-present it to the defense.

Issues with Microsoft Exchange 2010 and 2013 Archiving

Microsoft has applied the term “archiving” to describe the journaling and Personal Archive functions of Microsoft Exchange since its 2007 version.

Email copies can be created in Exchange Standard with journaling. Furthermore, with Exchange Premium, these copies can be directed to specific mailboxes or distribution lists. However, journaling does not provide the same functions as archiving because:

  • It lacks the indexing and searching capabilities necessary for fast email recovery
  • Journaling has no data retention configuration settings
  • Users can still create their own PSTs (copies of email that they keep on their own computer). These copies may not necessarily satisfy eDiscovery requirements.

The Personal Archive function addresses some of the shortcomings of journaling. Exchange 2010 has more capabilities than Exchange 2007 in this regard. In terms of Exchange 2010, each user can establish an “archive” for the mailbox. Microsoft TechNet’s description of these is “secondary mailboxes in which users can store messages they need to keep for a longer duration.”  Additionally, Microsoft explains, “the whole idea behind creating personal archive mailboxes is to avoid the constraints of mailbox quotas.” This does not provide an archiving function.

The Personal Archive doesn’t necessarily need to reside in the same production database, it can even live in the cloud. Users have two options: they can move the emails manually or let them be moved automatically based on retention tags. The major downside of Personal Archive lies in the cost. The reason for this is using Personal Archive requires enterprise client access licenses (CALs) and Office 2010 Professional Plus for Outlook.

Microsoft also states that Personal Archive “may not meet your archiving needs”. Since users have control over their own Personal Archives, they are questionable repositories for compliance and eDiscovery as users are able to delete items and modify retention tags.

Microsoft maintains that users with a Discovery Management role can take advantage of indexing and multiple mailbox searching to meet eDiscovery needs. However, Exchange 2010's Exchange Control Panel is clunky and difficult to use, making it far from ideal for eDiscovery.

Exchange 2013 and Exchange Online Improvements

With the newer Exchange versions, users still have a large amount of control over their mailboxes. Not only can they define their own policies, users can also use creative ways to try bypass imposed corporate policies, e.g. “archiving” items in the Deleted Items folder. Although the Exchange administrator can use Policy Tips to notify users of possible compliance issues with data in their e-mails, the administrator still can’t override user settings unless Litigation Hold or In-Place Hold is applied to a mailbox.

Microsoft Exchange has added improved features for eDiscovery, requiring a SharePoint 2013-based portal to search across all mailboxes. There are two main drawbacks with this approach:

  1. Companies must purchase/upgrade to SharePoint 2013
  2. It makes it necessary to have a monolithic mail store with rapidly growing online storage. Data must be held on an online Exchange server to use Exchange’s In-Place Discovery tools.

Advantages of True Email Archiving

Microsoft Exchange “archiving” is not a complete compliance and eDiscovery tool by any means. A true email archiving solution is far superior to Exchange for archiving.

The approach made by Microsoft towards eDiscovery presupposes that all email that ever passed through your organization resides on an Exchange server. The issue with this idea is data storage requirements will skyrocket over time. It is worth noting that an estimated 90 percent of the information stored in Exchange is never accessed again. True archiving removes a large chunk of that 90 percent through deduplication and archives are compressed. By doing this it reduces not only storage, but greatly increases search and recovery times.

TitanHQ has developed a solution that provides true email archiving for Exchange. ArcTitan will ensure you can achieve all your eDiscovery and data storage needs, improve the performance of your mail server, and significantly reduce email storage costs. 

Here are some of the features of the product:

  • Unlimited cloud based email archiving including inbound/outbound/internal email, folders, calendar and contacts
  • Complete Audit trail
  • Data retention and eDiscovery policy
  • Encrypted storage on AWS cloud
  • HIPAA, SOX (and more) standards compliance and Audited access trail
  • Instantly searchable via your browser - find archived emails in seconds
  • No hardware / software  required
  • Secure transfer from your email server
  • SuperFast Search™ – email compressed, Zipped, message de-duplication, attachment de-duplication allowing for the fastest search and retrieval
  • Web console access with multi-tiered and granular access options; you decide user access permissions.
  • Works with All Email Servers including MS Exchange,Zimbra, Notes, SMTP/IMAP/Google/PO
  • Optional Active Directory integration for seamless Microsoft Windows authentication
  • Optional Outlook email client plugin

If you have not yet implemented an email archiving solution, if you are unhappy with the native Microsoft Exchange email archiving features, or if you are finding your current archiving solution too expensive or difficult to use, contact TitanHQ today to find out more about the benefits of ArcTitan and the improvements it can offer to your business.

Frequently Asked Questions (FAQs)

Will archiving emails delete the messages from the Exchange server?

This will depend on how your Exchange server has been configured. Typically, the message will be deleted from the Exchange server once the message has been transferred to the archive and deleted from an inbox, but a copy may be retained for a period of time to allow for a backup to be created. If there are multiple copies of the same message, such as an email sent to a distribution list, a copy will remain on the server until everyone has archived and deleted the message.

Is email archiving compliant with the GDPR?

Email archiving can be GDPR-compliant with the right policies and procedures in place. Bear in mind that personal data can only be kept for as long as necessary to achieve the purpose for collecting the information and personal data, including information in email accounts, must be deleted if requested by an individual. Email retention periods must also be defined.

What happens if someone responds to an archived email?

When you have an email archiving solution in place, emails that need to be retained will be sent to the archive for long term storage and can be deleted from inboxes. If someone replies to an archived message or reactivates an old message thread, the email will simply reappear in your inbox.

Does email archiving save on storage space?

Email archiving can save a considerable amount of storage space, which can greatly improve the performance of your mail server. For example, ArcTitan typically reduces mail server email storage space by up to 80% - That means 1,000 GB of email storage space is reduced to around 200 GB.

Are there any limits on storage space with ArcTitan?

ArcTitan is 100% cloud based and provides incredibly scalability. Storage space will automatically increase as required and there are essentially no limits on storage space in the cloud, nor the number of users. You just pay for the number of active mailboxes.

Cybersecurity & Email Archiving

Performing backups is a vital part of disaster recovery and this is well known by all IT departments. However, another important aspect of archiving emails is the possibility that they will be needed for incident response and data breach audits.

The majority of companies recognise the importance of creating backups but are unaware of their importance in relation to regulatory compliance. Backups can be implemented to restore a network to its pre-breach status and avoid the chance of users not being able to access older files.

Email archives work a bit differently in that they are a copy of email messages that is held in a different location. This means that the emails are not on the existing network so they are not taking up storage space or hindering network speeds. They are also accessible over the web in most cases.  

Email archives save metadata that can be implemented in order to efficiently organize records and conduct searches for particular messages in the event of an audit being required during an investigation. As a lot of larger companies are being sent millions of emails on a daily basis this allows for a much cleaner search system to be in place.

In order to be compliant with legislation such as HIPAA and GDPR, among others, companies must maintain archives of messages for a long period of time. As these archives take up a lot of network space it is important to be able to store them elsewhere in case they are needed at some point in the future. Archives fulfil this need and ensure that all regulatory requirements are in place. 

It is important to maintain audit trails that can be used to ascertain a vulnerability in the aftermath of a data breach occurring. This will allow third-party software to complete searches and control archive backups. The metadata is used to tag messages with specific words and phrases so that messages will be produced using relevant search queries.

Email Archives Advantages

  • Quicker data recovery following a breach, minimizing downtime.
  • They can be used for data loss prevention if backups fail or the backup files are corrupted. Archives are a copy of email data, so they can be used as failover during disaster recovery.
  • Save network space by holding data on a cloud solution
  • Lower costs as cloud storage is much cheaper than housing storage infrastructure on-site.



Email Retention Legislation in the U.S.

Email retention legislation in the U.S. requires companies to maintain copies of emails for many years. There are federal laws that apply to all companies, data retention laws for specific industries, and a swathe of email retention laws in the United States at the individual state level. Ensuring compliance with all the proper email retention laws in the United States is vital. Noncompliance can prove incredibly expensive and multi-million-dollar fines await any company found to have breached federal, industry, or state regulations.

Certain types of data must be retained by U.S companies in case the information is required by the courts, and that includes email. eDiscovery requests often require massive volumes of data to be provided for use in lawsuits and the failure to provide the data can land a company in serious trouble. Not only are heavy fines issued if data cannot be produced in eDiscovery, companies  can face criminal proceedings if certain data has been erased.

For decades, U.S companies have been required to store documents by law. Document retention laws are included in numerous legislative acts such as the Civil Rights Act of 1964, the Executive Order 11246 of 1965, the Freedom of Information Act of 1967, the Occupational Safety and Health Act of 1970, and the Reform and Control Act of 1986, and data retention laws in the United States were updated a dozen years ago to expand the definition of documents to include electronic communications such as emails and email attachments.

To enhance awareness of the many different email retention laws in the United States, a summary has been included below. Please remember that this is for information purposes only and does not constitute legal advice. For legal counsel on data retention laws in the United States, we recommend you get in touch with your legal representatives and industry and federal electronic data and email retention legislation in the United States are periodically updated.

As you can see from the list below, there are several federal and industry-specific email retention legislative acts in the United States. These laws apply to emails that are sent and received, and include internal as well as external emails.

Reduce storage space, eliminate mailbox quotas and improve email server performance. Book a FREE demo of ArcTitan.
Book Free Demo

Federal Email Retention Legislation in the U.S.

Email retention legislation Who it is applicable to How long emails must be kept
IRS Regulations All companies 7 Years
Freedom of Information Act (FOIA) Federal, state, and local agencies 3 Years
Sarbanes Oxley Act (SOX) All public companies 7 Years
Department of Defense (DOD) Regulations DOD contractors 3 Years
Federal Communications Commission (FCC) Regulations Telecommunications companies 2 Years
Federal Deposit Insurance Corporation (FDIC) Regulations Banks 5 Years
Food and Drug Administration (FDA) Regulations Pharmaceutical firms, food manufacturers, food storage and distribution firms, manufacturers of biological products Minimum of 5 years rising to 35 years
Gramm-Leach-Bliley Act Banks and Financial Institutions 7 Years
Health Insurance Portability and Accountability Act (HIPAA) Healthcare groups (Healthcare providers, health insurers, healthcare clearinghouses and business associates of covered bodies) 7 Years
Payment Card Industry Data Security Standard (PCI DSS) Credit card businesses and credit card processing groups 1 Year
Securities and Exchange Commission (SEC) Regulations Investment banks, investment advisors, brokers, dealers, insurance agents & securities companies Minimum of 7 years up to a lifetime

Email retention legislation in the United States at the state level has not been included in this article. You should seek legal advice about any state-level laws. You should must also consider legislation in other countries where you do business. If you deal with individuals in Europe, or they can access your website, you will need to comply with the General Data Protection Regulation (GDPR) email requirements.

Storing emails for a few years is not likely to take up masses of storage for a small company with a few of members of staff; however, the more employees a company has, the greater the need for extensive resources just to store emails. The average size of a business email may only be 10KB, but multiply that by 123 – the average number of emails sent and received each day by an average company employee (Radicati email statistics report 2015-2019), by 365 days each year, and by the number of years that those emails need to be maintained, and the storage requirements become massive.

If any emails ever need to be obtained, it is vital that an email archive or backup can be searched. In the case of standard backups, that is likely to be an incredibly long process. Backups were not created to be searched and finding the right backup alone can be almost impossible, let alone finding all emails sent to, or received from, a specific company or person. Backups have their uses, but they are not suitable for companies for email retention purposes.

For that, an email archive is necessary. Email archives contain structured email data that can easily be reviewed and searched. If ever an eDiscovery request is received, finding all email correspondence is a quick and simple task. Since many email archives are cloud based, they also do not require large and expensive op-premises storage resources. Emails are stored in the cloud, with the space provided by the service supplier.

ArcTitan is a cost-effective, quick and easy-to-manage email archiving solution supplied by TitanHQ that meets the needs of all businesses and enables them to adhere with all email retention laws in the United States.

ArcTitan includes a variety of security protections to ensure stored data is kept 100% secure and confidential, with email data encrypted in transit and storage, replicated and backed up to ensure constant availability. As opposed to many email archiving solutions, ArcTitan is fast. The solution can process 200 emails per second from your email server and archived emails can be retrieved instantly though a a browser or Outlook plugin. Emails can be archived from any location, whether in the office or on the go via a laptop or tablet. There are no restrictions on storage space or the number of users and the solution can be scaled up to meet the needs of companies of all sizes.

To find out more about ArcTitan, get in touch with the TitanHQ team today.

Frequently Asked Questions (FAQs)

How does email archiving work?

Email archiving involves sending an exact copy of a message outside the email system for long term storage. The messages are usually deduplicated and compressed to save on storage space and are indexed prior to archiving to ensure the archive can be rapidly searched. Email archiving solutions typically have end-to-end encryption to ensure messages cannot be intercepted and the emails are maintained in a tamper-proof repository and can be quickly retrieved on demand.

Is email archiving necessary?

Emails must be retained for compliance and need to be produced quickly for audits and e-discovery. Email recovery is far faster with an email archive. Most businesses have important data stored in email accounts that is stored nowhere else. That data is at risk if it is not sent to an archive. In the event of a ransomware attack that also encrypts backups, email data could be lost forever or cost millions to recover. The regulatory fines for loss of email data can be astronomical. Data loss is not possible with an email archive.

Is email archiving expensive?

Email archiving in the cloud is a low-cost solution that allows businesses to retain a tamper-proof copy of all messages to meet compliance requirements and for disaster recovery. An email archive saves on mail server storage space, which will increase performance. When you factor in productivity improvements and the reduced time producing emails to resolve customer complaints, for audits, and E-discovery requests, an email archive is money well spent.

Is email archiving the same as backing up email?

Email archiving and backing up email are not the same. Backups are intended for short term email storage for disaster recovery purposes. Entire mailboxes can quickly be restored from a backup if a mailbox is corrupted, deleted, or encrypted with ransomware. An email archive is a long-term email storage solution. In contrast to a backup, an archive can be rapidly searched allowing individual emails to be quickly found and recovered.

How much space can be saved with an email archive?

The amount of space saved by implementing an email archiving solution will vary from business to business, but typically businesses can reduce storage space by up to 80% by implementing an email archive and further, if emails ever need to be recovered, the archive can be rapidly searched, and emails retrieved in seconds.

Reduce storage space, eliminate mailbox quotas and improve email server performance. Book a FREE demo of ArcTitan.
Book Free Demo

Tackling Phishing Scams in 2021


There was a huge surge in phishing campaigns conducted during 2021, most companies are now very familiar with them and the danger(s) that they pose. Due to this is it now more important than ever to be aware how to tackle this type of attack head on.

This type of attack typically begins with an email being sent to your inbox which appears 100% authentic and includes a request for you to complete an action urgently.  While you probably think that you would be adept at spotting a ploy such as this, every day three billion spoofing emails are transmitted so there is every chance that if you are not tricked, someone in your organization make take the bait and click a link that will lead to a lot of pain for your group.

To assist you in your fight against spamming, we have put together a number of measures you can introduce at your organization.

Investigate How the Sender is Aware of You

All a phisher will do is sometimes launch a campaign where millions of spoof emails are broadcast pretending to be genuine well-known and reputable companies. They know that companies that operate on a global basis will have millions of customers so there is an excellent chance that the message will reach the inboxes of some actual clients. Always treat the message with suspicion even if it is from a company that you have an existing business relationship with.

Check for Spyware

It is important to check for spyware if you are finding yourself in receipt of a large number of spoof emails that appear to be sent from companies whose web portals you use a lot. If this is the case it is likely that one of your devices has been infiltrated with spyware which is recording your web traffic. This can be managed with a strong endpoint security application or spyware cleaner to make your device safe again.

Review the Email Address that is Contacting You

Even if a phishing email includes everything to make the message appear authentic such as a company logo/image and corporate header, you should pay very close attention to the sending email. Phishing emails are normally uncovered by the sending name and sending email address being completely different from each other. 

Check for Standard Phishing Email Claims

These include: 

  • Someone contacts you to confirm some personal information in relation to an account you hold.
  • You are made aware of suspicious activity on an account that you hold and asked to complete an action like visiting a link to change your password.
  • You are informed that you are entitled to claim a tax refund or government subsidy
  • An email from “IT Department” or “Help Desk”  asking you to complete an action.

Tackling Phishing Emails

Using a strong security solution like SpamTitan will prevent phishing, ransomware, and malware variants attacks while also safeguarding all financial accounts using multi-factor authentication.  

Having this in place will prevent your details from ever being exposed. It is important for companies to recognise the danger posed by cyberattacks and take steps, like configuring SpamTitan, in order to address it. 

Contact TitanHQ as soon as you can in order to find out more about how SpamTitan Email Security helps you tackle phishing attacks.


Supply Chain Targeted by Hackers

Supply Chain Targeted by Hackers

As cybercriminals look for more new targets that might bear them some profit it appears that they have now shifted some focus towards infiltrating supply chains.

These attacks occur when hacking groups manage to infiltrate servers and components that companies will likely buy from third party suppliers. IT departments would presume that new equipment has not been infiltrated and happily install it onto their networks. This type of attack is now increasing, particularly evident within state-sponsored campaigns that may make it easier for cybercriminals to gain access during the production process. 

Igt will come as no surprise that, due to lower costs, the majority of technology components are manufactured in China. These components are then ordered by the manufacturer and they are instructed how to add them to their own equipment. The manufacturing/purchaser configures these components to build their systems locally before sending them on to the final destination. This means that all #malicious components inserted into hardware design will, more than likely, not be detected.

There is a small chance that some groups will carry out penetration tests on new equipment installed into their infrastructure. However, the vast majority of IT professionals will take it for granted that a brand new system will not feature weak points once it is set up and all software remains updated. Sadly there is a possibility that an opening could have been created for cybercriminals to target, allowing private data to be accessed. 

Occasionally, new equipment will transmit a signal to alert cybercriminals that malicious components are now operational. Once this is sent it is possible that a hacker could access data, review the network, remove data to a third-party server, download passwords, or configure more malware on other equipment. In more complex attacks, the malicious equipment could allow a state-sponsored threat actor remote management of the local system.

Anything configured on your network should be dealt with carefully until it’s validated and tested. Most system managers conduct tests on new hardware to see to it that there are no bugs or defects so that performance is at an optimal level. It is now just as important to review this hardware for any possible security issues.

Penetration testing should be completed in order to guarantee that there is no chance of malicious activity taking place after the system becomes operational. Any company installing hardware from third parties can mitigate risk by mapping the supply chain carefully. System penetration testing should also be completed to uncover unusual traffic patterns and activity on the local network. Backdoors might be present in order to transmit data back to the cybercriminals. 

As the targeting of supply chains becomes more prevalent companies will have to increase their testing efforts to ensure the new hardware is safe before it is made operational within a system. TitanHQ can safeguard supply chains from cybercriminal-led.

Contact the TitanHQ team now to discover more about the cybersecurity solutions like email filtering that can be added to your company’s security suite. 


Rockingham School District Emotet Malware Infection Cost $314,000 to Address

In November 2018 the Rockingham school district in North Carolina suffered an Emotet malware infection that cost a massive $314,000 to resolve. The malware was delivered using spam emails, which were sent to multiple users’ inboxes. The attack included an often-used ploy by hackers to get users to install malware.

The emails appeared to have been sent by the anti-virus supplier used by the school district, with the subject line ‘incorrect invoice’ and the correct invoice attached to the email. The emails were believable and looked like many other legitimate emails received on a daily basis. The emails requested the recipient open and check the attached invoice; however, doing so resulted in Emotet being downloaded and installed.

Not long after those emails were received and opened, staff started to experience problems. Internet access seemed to have been disabled for some users and reports were received from Google saying email accounts had been disabled due to spamming. The school district looked into the issue and discovered several devices and servers had been infected with malware.

Emotet malware is a Trojan that can worm its way across a network. Infection on one machine will result in the virus being sent to other vulnerable devices. The malware can also send copies of itself via email, and injects itself into previous message threats. The malware is capable of stealing victims’ credentials including online banking details, and also acts as a downloader of other malware variants and ransomware.

Emotet is a very advanced malware variant that is difficult to spot and hard to remove. The Rockingham school district discovered just how troublesome Emotet malware infections can be when attempts were made to remove the Trojan. The school district was able to successfully clean some infected machines by reimaging the devices; however, malware remained on the network and simply re-infected those devices.

Addressing the attack required assistance from security experts. 10 ProLogic ITS engineers spent approximately 1,200 hours on site reimaging machines. 12 servers and around 3,000 end points had to be reimaged to remove the malware and stop reinfection. The cost of cleanup ran to $314,000.

Attacks such as this are far from unusual. Cybercriminals target a wide range of vulnerabilities to install malware on business computers and servers. In this case, the attack took advantage of gaps in email defenses and a lack of security awareness of staff members.

To safeguard against malware, layered defenses are necessary. An advanced spam filtering solution can ensure malicious emails are not delivered to inboxes, endpoint protection software can detect unusual user behavior indicating an attack in progress, antivirus solutions can potentially discover infections, while web filters can block web-based attacks and drive-by malware downloads. End users are the last line of defense and should be shown how to recognize malicious emails and websites. Using a combination of these measures will help to prevent attacks such as this.

Blocking Drive-By Malware Installations

A drive-by malware download is a web-based attack which occurs when malware is installed on a target device. It is crucial for groups to put in place drive-by malware download security, along with configuring a spam filter to block malware delivery via email. 

The malware could be:

  • Malware to make money for the developer thanks to advertising income
  • Spyware to collect data on the user
  • Keyloggers or banking Trojans that gather credentials
  • Ransomware to encrypt data and demand money from the victim.

These installations typically happen unnoticed to the device user. It can be as simple as a phishing email being received with a hyperlink that avoids the spam filter which takes the recipient to a compromised website which is laden with malware lures.

Authentic web portals can also be infiltrated and loaded with malware and ransomware. This is even more likely for a large web site that allows the placement of third-party ad blocks that generate extra revenue. Malicious adverts – termed malvertising – may get around various testing required by third-party ad networks and be shown to site visitors. If a link is visited, the user is taken to the malicious web portal. Threat actors also participate in #search engine poisoning. This is when search engine optimization tactics are deployed in order to move malicious websites to the top of the search engine results pages. 

It is vital for companies to safeguard themselves from drive-by malware downloads. Using a web-filtering block out undesirable website content from being displayed. The consumer versions come with parental control features for home WiFi networks. 

WebTitan from TitanHQ is popular for corporate entities, managed services providers, and Internet service providers to prevent access to malicious, illegal, and other undesirable web content including pornography and safeguards from drive-by malware downloads in a number of different ways. 

Initially it does not allow downloads of specific file types from the Internet, those most linked to malware (.exe, .js, and .msi for example). Second, it employs the use of blacklists of IP addresses and domains that have previously been marked as involved in spreading malware distribution. Finally it can be utilised to prevent access to dangerous website categories that are typically involved in spreading malware.

WebTitan is simple to configure in a short space of time. It does not impinge on page loads, speeds load, safeguards users regardless of location, and updates automatically as soon as new malicious content is identified in threat intelligence reports. .

In order to protect your company from drive-by malware installations, enhance security in relation to phishing attacks, and safely manage web content that is accessible on your network, get in touch with TitanHQ now to find out more.


Cyberloafing Costs Revealed in New Study

A study published in the Journal of Psychosocial Research on Cyberspace has highlighted the cost of cyberloafing to businesses. Cyberloafing has a massive impact on productivity, yet it is all too common. The cyberloafing costs for businesses are considerable and employees who partake in cyberloafing can seriously damage their career trajectory.

Employers are paying their employees to carry out work duties, yet a huge amount of time is lost to cyberloafing. Cyberloafing dramatically cuts productivity and gobbles up company profits. The study was carried out on 273 employees and cyberloafing was measured along with the characteristics that led to the behavior.

The study indicated a correlation exists between dark personality traits such as psychopathy, Machiavellianism and narcissism, but also suggested that employees are wasting huge amounts of time simply because they can do so. The sites most commonly viewed were not social media sites, but news websites and retail sites for online shopping.

In a perfect world, employees would be able to complete their duties and allocate some time each day to personal Internet use without any reduction in productivity. Some employees do just that and curb personal Internet use and do not let it impact their work duties. However, for many employees, cyberfloafing is an issue and huge losses are suffered by employers.

A report on cyberloafing published by indicated 69% of employees waste time at work every day, with 64% visiting non-work related webs pages. Out of those workers, 39% said they wasted up to an hour on the Internet at work, 29% wasted 1-2 hours, and 32% wasted over two hours a day.

Cyberloafing can have a huge impact in company profits. A company with 100 workers, each of whom spend an hour daily on personal Internet use, would see productivity losses of in excess of 25,000 man-hours annually.

Productivity losses caused by cyberloafing are not the only problem – or cost. When employees use the Internet for personal reasons, their actions slow down the network resulting in slower Internet speeds for all. Personal Internet use increases the chance of malware and viruses being introduced, which can cause further productivity losses. The cost of addressing those infections can be huge.

What Can Employers do to Reduce Cyberloafing Costs?

First of all, it is vital that the workforce is educated on company policies relating to personal Internet use. Advising the staff about what is an acceptable level of personal Internet use and what is considered unacceptable behavior ensures everyone is aware of the rules. They must also be told about the personal consequences of cyberloafing.

The Journal of Psychosocial Research on Cyberspace study says, “a worker’s perceived ability to take advantage of an employer is a key part of cyberloafing.” By improving monitoring and making it clear that personal Internet use is being recorded, it acts as a good deterrent. When personal Internet use reaches problem levels there should be repercussions for the employees involved.

If there are no sanctions for employees that break the rules and company policies are not enforced, little is likely to change. Action could be taken against the workers concerned through standard disciplinary procedures such as verbal and written warnings. Controls could be implemented to curb Internet activity – such as blocks applied for certain websites – social media sites/news sites for example – when employees are wasting too much time online. Those blocks could be temporary or even time-based, only permitting personal Internet use during breaks or at times when workloads are usually low.

WebTitan – An Easy Solution to Cut Productivity Losses and Curb Cyberloafing

Such controls are simple to apply using WebTitan. WebTitan is an Internet filter for SMBs and enterprises that can be deployed in order to reclaim lost productivity and block access to web content that is unacceptable in the workplace.

WebTitan allows administrators to apply Internet controls for individual employees, user groups, or the entire company, with the ability to apply time-based web filtering controls as appropriate.

Stopping all employees from logging onto the Internet for personal reasons may not be the best way forward, as that could have a negative impact on morale which can similarly impact productivity. However, some controls can certainly help employers reduce productivity losses. Internet filtering can also reduce the risk of lawsuits as a result of illegal activity on the network and blocking adult content in the workplace and can help to stop the development of a hostile work environment.

If you would like to increase productivity and start enforcing Internet usage policies in your company, contact TitanHQ today. WebTitan is available on a free trial to test the solution in your own environment before making a decision about a purchase.

Network Segmentation Best Practices to Improve Security

Whatever the size of your company, one of the most important security measure to deploy to block threat actors from gaining access to your servers, workstations, and data is a hardware firewall. A hardware firewall will make sure your digital assets are well secured, but how should your firewall be set up for optimal network security? If you follow network segmentation best practices and implement firewall security zones, you can improve security and keep your internal network isolated and protected from attacks by remote hackers.

Most companies have a well-defined network structure that incorporates a secure internal network zone and an external untrusted network zone, often with intermediate security zones. Security zones are sets of servers and systems that have similar security requirements and include a Layer3 network subnet to which several hosts link up to.

The firewall provides protection by managing traffic to and from those hosts and security zones, whether at the IP, port, or application level.

Network Segmentation Best Practices

There is no single configuration that will be ideal for all companies and all networks, since each business will have its own requirements and required functionalities. However, there are some network segmentation best practices that should be implemented.

Possible Firewall Security Zone Segmentation

Network Segmentation Best Practices

In the above depiction we have used firewall security zone segmentation to keep servers separated. In our example, we have used a a sole firewall and two DMZ (demilitarized) zones and an internal zone. A DMZ zone is an isolated Layer3 subnet.

The servers in these DMZ zones may have to be Internet facing in order to function. For instance, web servers and email servers need to be Internet facing. Because they face the Internet, these servers are the most susceptible to cyberattacks, so they should be separated from servers that do not require direct Internet access. By keeping these servers in separate zones, you can minimize the damage if one of your Internet facing servers is compromised.

In the diagram above, the permitted direction of traffic is shown with the red arrows. As you can see, bidirectional traffic is allowed between the internal zone and DMZ2, which includes the application/database servers, but only one-way traffic is permitted to take place between the internal zone and DMZ1, which is used for the proxy, email, and web servers. The proxy, email, and web servers have been located in a separate DMZ to the application and database servers for the highest possible protection.

Traffic from the Internet is permitted by the firewall to DMZ1 but the firewall should only permit traffic through certain ports (80,443, 25 etc.). All other TCP/UDP ports should be closed. Traffic from the Internet to the servers in DMZ2 is not allowed, at least not directly.

A web server may to link up with a database server, and while it may seem like a good idea to have both of these virtual servers operating on the same machine, from a security perspective this should be avoided. Ideally, both should be separated and located in different DMZs. The same applies to front end web servers and web application servers which should similarly be located in different DMZs. Traffic between DMZ1 and DMZ2 will no doubt be required, but it should only be permitted on certain ports. DMZ2 can connect to the internal zone for certain special cases such as backups or authentication through active directory.

The internal zone is made up of of workstations and internal servers, internal databases that do not have to be web facing, active directory servers, and internal applications. It is recommended that Internet access for users on the internal network to be directed through an HTTP proxy server located in DMZ 1. Remember that the internal zone is isolated from the Internet. Direct traffic from the internet to the internal zone should not be allowed.

The above setup provides important security for your internal networks. In the event that a server in DMZ1 is compromised, your internal network should still be protected since traffic between the internal zone and DMZ1 is only allowed in one direction.

By complying with network segmentation best practices and using the above firewall security zone segmentation you should be able to improve the security of your network. For greater security, we also recommend using a cloud-based web filtering solution such as WebTitan, which filters the Internet and stops end users from accessing websites known to host malware or those that break acceptable usage policies.

Exclaimer Mail Archiver Reaches End of Life

This September, the Exclaimer Mail Archiver reaches end-of-life. The Exclaimer Mail Archiver email archiving solution has been discontinued and support for the solution will no longer be provided by Exclaimer from the end of the month. That means vulnerabilities will no longer be addressed and customers will need to migrate to a new email archiving solution.

The Best Exclaimer Mail Archiver Alternative

If you are looking for an Exclaimer Mail Archiver alternative there are many solutions to choose from, but when it comes to functionality, ease of use, speed, compliance, and usability, you need look no further than ArcTitan from TitanHQ.

ArcTitan is an award-winning email archiving and email retention solution, which was recently rated as the best email archiving software company of 2021 by the independent small business review site, based on archiving features, online support, and encryption availability.

As with all TitanHQ solutions, setup is a quick and simple process. When you sign up to use ArcTitan you will be provided with detailed step-by-step instructions for configuring your email server to duplicate your emails. Your TitanHQ support team will work with your IT team to migrate your existing archive and can even work directly with your service provider for a totally pain-free migration. For the majority of clients, same day account set up is possible.

ArcTitan is a cloud-based email archiving solution, so there is no need for any on-site hardware. Compatibility is not an issue, as ArcTitan will seamlessly integrate with most email systems, including Microsoft Exchange, Microsoft 365, Zimbra, Lotus Notes, and many others and you can import an existing archive from MS Exchange, Google Apps, EML, MBOX, MSG, or PST with ease.

Advantages of ArcTitan Email Archiving

TitanHQ likes to make everything simple. All the complexity is in the background, with users able to access their archives via an Outlook add-on or a web interface. When you need to access your archive to recover emails, lightning-fast searches of the archive can be performed. In fact, TitanHQ is a front runner in the market for searchability of email archives and allows large data searches to be performed at incredible speeds. With a load performance of more than 200 emails per second from your email server, ArcTitan is one of the fastest email archiving solutions on the market.

Users also benefit from

  • Unlimited storage
  • Folder replication
  • Delegated permissions
  • Re-ingestion function
  • Disaster recovery included with impressive SLAs
  • GDPR, HIPAA and SOX Compliance
  • Seamless integration with Microsoft 365 / Office 365
  • No maintenance headaches: we monitor and manage the infrastructure 24/7, it is our job to make sure it’s performing well.
  • Massive cost and time savings

In contrast to many email archiving solutions, customers are not locked into proprietary data formats. That means you can move some or all of your data to another system as required. Email data are transferred and retrieved using open standards and you can export to EML, MSG, PDF, TIFF and PST.

No matter what, you will not have any costly, time-consuming data conversions. That includes when you join and if you leave. On top of that, ArcTitan is extremely competitively priced, which makes it an ideal Exclaimer Mail Archiver alternative.

Contact TitanHQ Today and find out for yourself why ArcTitan is the best Exclaimer Mail Archiver alternative. ArcTitan product demonstrations can be booked on request. Rates ArcTitan by TitanHQ Top Email Archiving Solution for 2021

The leading independent business software review site has recognized ArcTitan by TitanHQ as one of the best email archiving solutions for small businesses, with the product named in Best Email Archiving Software Company ratings for 2021. rates small business online tools, products, and services. The research team conducted a 40-hour assessment of over 45 companies to determine the leading email archiving solution providers. Each company’s product was assessed based on archiving features, online support, and encryption availability.

The researchers were looking for features that make email archiving solutions ideal for small businesses, such as supported deployment, robust access controls, secure backup management, and Microsoft 365 integration.

To be considered as a leader in the field for 2021, experts required companies to provided first-class online support, including self-help resources and easy access to live support with customer support reps. Security was also an important factor. Archives needed to have powerful encryption to ensure files and emails containing sensitive business data were well protected.

Some of the features that makes the award-winning TitanHQ email archiving solution stand out from the competition are:

  • Unlimited storage
  • Folder replication
  • Delegated permissions
  • Re-ingestion function
  • GDPR, HIPAA and SOX Compliance
  • Powerful search and retrieve tool
  • Easy Microsoft 365 integration

Having an email archiving solution that is competitively priced and easy to set up and use is important for small businesses. Small businesses typically have limited budgets and need to buy cost effective solutions. Emails need to be sent to a secure repository to meet compliance requirements, and when emails need to be recovered, when dealing with customer disputes, legal matters, or when emails are deleted from inboxes by mistake for example, it is vital that they can be found and retrieved quickly.

ArcTitan has an intuitive email search and retrieval tool that performs lightning-fast searches of emails and attachments. Plus, emails are stored securely, are replicated, and automatically backed up to ensure they are always available. Seamless integration with Microsoft 365 ensures small businesses have no IT headaches. ArcTitan truly is a set and forget solution.

If you have yet to implement an email archiving solution, are unhappy with your current service provider or want to reduce your email archiving costs, ArcTitan is the solution you need.

For further information on the ArcTitan cloud-based email archiving solution, or to book a product demonstration, contact the TitanHQ team today.

Preventing Phishing Attacks: Five Strong Tactics

As cybercriminals look for more new targets that might bear them some profit it appears that they have now shifted some focus towards infiltrating supply chains.

These attacks occur when hacking groups manage to infiltrate servers and components that companies will likely buy from third party suppliers. IT departments would presume that new equipment has not been infiltrated and happily install it onto their networks. This type of attack is now increasing, particularly evident within state-sponsored campaigns that may make it easier for cybercriminals to gain access during the production process. 

Igt will come as no surprise that, due to lower costs, the majority of technology components are manufactured in China. These components are then ordered by the manufacturer and they are instructed how to add them to their own equipment. The manufacturing/purchaser configures these components to build their systems locally before sending them on to the final destination. This means that all #malicious components inserted into hardware design will, more than likely, not be detected.

There is a small chance that some groups will carry out penetration tests on new equipment installed into their infrastructure. However, the vast majority of IT professionals will take it for granted that a brand new system will not feature weak points once it is set up and all software remains updated. Sadly there is a possibility that an opening could have been created for cybercriminals to target, allowing private data to be accessed. 

Occasionally, new equipment will transmit a signal to alert cybercriminals that malicious components are now operational. Once this is sent it is possible that a hacker could access data, review the network, remove data to a third-party server, download passwords, or configure more malware on other equipment. In more complex attacks, the malicious equipment could allow a state-sponsored threat actor remote management of the local system.

Anything configured on your network should be dealt with carefully until it’s validated and tested. Most system managers conduct tests on new hardware to see to it that there are no bugs or defects so that performance is at an optimal level. It is now just as important to review this hardware for any possible security issues.

Penetration testing should be completed in order to guarantee that there is no chance of malicious activity taking place after the system becomes operational. Any company installing hardware from third parties can mitigate risk by mapping the supply chain carefully. System penetration testing should also be completed to uncover unusual traffic patterns and activity on the local network. Backdoors might be present in order to transmit data back to the cybercriminals. 

As the targeting of supply chains becomes more prevalent  companies will have to increase their testing efforts to ensure the new hardware is safe before it is made operational within a system. TitanHQ can safeguard supply chains from cybercriminal-led.

Contact the TitanHQ team now to discover more about the cybersecurity solutions that can be added to your company’s security suite. 


Cisco Umbrella Alternative for SMBs and MSPs

In this post we propose an ideal Cisco Umbrella alternative that you can implement at a fraction of the cost of Cisco Umbrella, yet still have excellent protection from web-based threats and precision Internet content control for your workforce.

WebTitan Cloud is the leading Cisco Umbrella alternative for SMBs and Managed Service Providers (MSP) that serve the SMB market. WebTitan Cloud is, in many respects, a direct swap out for entry-level Cisco Umbrella packages, and one that will save you a small fortune on DNS filtering costs.

What is Cisco Umbrella?

In 2015, Cisco acquired OpenDNS and rebranded the OpenDNS Umbrella solution Cisco Umbrella. Cisco Umbrella is first and foremost a DNS filtering service – a cloud-based security service that protects office and home workers from online threats by filtering DNS requests. The Cisco Umbrella DNS filtering service works at the DNS lookup stage of a web request, where a URL is translated into an IP address to allow the resource to be located by a computer.

Depending on what Umbrella package you subscribe to, Cisco Umbrella DNS filtering allows administrators to set controls governing the web content that can be accessed, the files that can be downloaded from the Internet, along with a range of other security features such as a cloud-delivered firewall, shadow IT protection, and tools to investigate cyber threats.

Before we cover what each of the Umbrella packages consists of and the cost of WebTitan versus Cisco Umbrella in our Cisco Umbrella review, it is worthwhile taking a moment to explain why DNS filtering is now an essential part of the security stack and why you need to add this additional layer of security if you are not already using a DNS filter.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

Why is a DNS Filter Necessary?

You will no doubt be aware that the internet can be a dangerous place. As an IT professional or SMB owner, you need to make sure that employees do not venture into areas of the Internet that could cause your business harm.

Even general web browsing can pose a risk of a malware infection or ransomware download, and employees can easily be tricked into visiting phishing web pages where credentials are harvested. These are very real threats that need to be mitigated.

Rather than leave things to chance and hope your employees obey the rules and recognize all threats in time, you can implement a content filtering solution such as a DNS filter. A DNS filter requires no hardware purchases nor software downloads. You just reconfigure your DNS and point it to the provider of your DNS filtering service and apply your content controls. A DNS filter will block access to malicious content and can be configured to block downloads of certain file types commonly used to install malware.

All DNS content filtering takes place in the cloud, there will be no latency, and filtering will take place without any content being downloaded. You can control the categories of content that can be accessed and, if rules are broken by employees, they will be directed to a block page and no harm will be done. You can run reports on web usage, apply controls to conserve bandwidth, and perhaps most importantly, you can prevent employees from visiting malicious websites and can block malware and ransomware downloads. Without this additional security layer, your business may be at risk.

Cisco Umbrella Review

In this Cisco Umbrella review we will cover some of the advantages and disadvantages of Cisco Umbrella and will present a Cisco Umbrella alternative that is ideal for SMBs and MSPs. The Cisco Umbrella alternative we suggest includes the most important features of the Umbrella DNS filtering solution, with some key advantages for SMBs and MSPs. First, let us consider some aspects of the Cisco Umbrella solution to save you time in your research.

There are four Cisco Umbrella packages to choose from – each with an increasing number of capabilities as you upgrade from basic DNS filtering to a comprehensive Secure Access Service Edge (SASE) solution. The four packages are:

DNS Essentials

DNS Essentials is the Cisco Umbrella entry level package. The DNS filter blocks websites known to be harboring malware or created for phishing attacks, blocks (or allows) Internet access by domain or category, and enables system administrators to create user policies and view activity reports – albeit at an additional cost when integrated with a directory service such as Active Directory.

The disadvantage of DNS Essentials is that it does not decrypt and inspect the content of encrypted websites. Therefore, if a website is not yet known to be harboring malware – or it contains content that would normally be blocked because of the category of website – the DNS filter will not be able to read the content of the malicious or harmful website.

DNS Advantage

The DNS Advantage package is more advanced than the entry-level package inasmuch as it can inspect and decrypt encrypted websites and will block websites and files if they are identified as malicious by the anti-virus software. DNS Advantage also blocks direct-to-IP traffic such as C2 callbacks that bypass DNS filters and can be integrated with other Cisco tools to analyze threats.

However, like the DNS Essentials package, DNS Advantage only blocks or allows websites by domain, rather than by URL. This can create issues if, for example, you want to allow the finance team access to the money pages of an online newspaper, but want to prevent the rest of the workforce wasting time reading the same newspaper´s sports coverage. It´s either all or nothing.

SIG Essentials

The first of two Secure Internet Gateway (SIG) packages improves on the DNS packages by providing more granular controls to manage Internet access. The SIG Essentials package also comes with a cloud firewall that can be configured to block or allow specific IPs, ports, and protocols, and an anti-virus engine that can be configured to scan previously benign files to disguised threats.

The disadvantage of this package is that it is marketed as a SASE-light solution. This can lead to a false sense of security until you realize that you have to pay extra to subscribe to multiple add-ons (for example, outbound traffic scans). It is also important to be aware there is a mandatory charge for onboarding (which applies to all packages) and an extra charge for priority technical support.

SIG Advantage

SIG Advantage has been acknowledged as a leading SASE solution by Gartner´s Magic Quadrant and this version of the Cisco Umbrella includes almost everything that is an add-on in other versions (except onboarding and technical support). Furthermore, you can enhance the capabilities of the SASE solution by taking advantage of Cisco Talos Incident Response (at an additional cost).

The disadvantage of this package is that it includes many features that businesses may not be able to take advantage of (because the use cases do not apply or the technical skills do not exist) or that are present in existing security solutions (i.e., Microsoft Sentinel, Amazon Security Lake, etc.). Consequently, you may be paying a lot for features you may never use.

Cisco Umbrella Pricing

Cisco Umbrella pricing is not transparent. There are no price lists on the Cisco website, and while it is possible to get an idea of Cisco Umbrella pricing from resellers or customers via Google searches, the prices quoted may be out of date, not include optional extras, and – in the case of resellers´ price lists - may be artificially inflated so customers can be offered discounts at checkout.

From speaking with former customers of Cisco that have switched to WebTitan, we estimate the current price of a DNS Advantage package (with basic customer support) is around $2.70 per user per month based on a 1-year subscription for 100 to 499 users. This may be higher than some customers are paying due to negotiating discounts with resellers or introductory offers.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

Cisco Umbrella Licensing

The Cisco Umbrella licensing model is similar to most other software vendors inasmuch as the cost of Cisco Umbrella is dependent on the package, the number of users, the length of subscription, and location. This model not only applies to the basic subscription cost but also to the cost of add-ons for onboarding, technical support, and any other feature a business subscribes to.

It is important to be aware that businesses can add or remove licenses from a subscription provided they remain within the same cost “band”. Depending on what package the business subscribes to, the cost bands are for 10 - 99 “seats”, 100 – 499 seats, and 500 – 999 seats, with further bands starting at 1,000 seats, 5,000 seats, 10,000 seats, and 25,000 seats.

Is It Worth Paying the Cisco Umbrella Price?

For most businesses, probably not. Businesses currently subscribing to the DNS Essentials and DNS Advantage packages should certainly switch to WebTitan Cloud. Not only is WebTitan Cloud significantly less expensive ($1.58 per user per month for a one-year subscription covering 100 – 499 users), but you also get SSL inspection, granular filtering, and technical support included.

Cisco customers paying more than $1.58 per user per month for the SIG Essentials and SIG Advantage packages, need to consider whether it is worth paying the Cisco Umbrella price or switching to a Cisco Umbrella alternative based on how much use they are making of the additional capabilities and whether they get better protection and flexibility from the Cisco packages.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

There is More to Consider than the Cost of Cisco Umbrella Alone

Cost is not the only consideration, although it is certainly important. You will want to ensure that your DNS filter allows you to control content easily and it must provide protection against web-based threats. So, does opting for a Cisco Umbrella alternative reduce the protection you will get? Actually, you can pay less and improve protection, have an easier to use product, with better reporting, and less complexity.

WebTitan Cloud has a totally transparent and flexible pricing policy and provides the same, high level of protection for everyone. WebTitan is also loved by users who rate it highly for ease of setup, ease of use, ease of admin, and for the quality of support provided. This can be seen on review sites such as G2 Crowd, as detailed below.

Cisco Umbrella Alternative

The Leading DNS Filtering Solution for MSPs Serving the SMB Market

TitanHQ is a global leader in cloud-based email and web security solutions for MSPs that serve the SMB market. WebTitan has been designed to be ideal for MSPs and includes a host of features not offered by Cisco. For example, in contrast to the Cisco Umbrella options for MSPs, we offer a range of hosting options – in TitanHQ´s cloud, in a private cloud, or in your own on-site environment.

You can also have WebTitan in white label form ready to take your own branding - another big plus for MSPs that is not offered by Cisco. The solution is also easy to integrate seamlessly into your own security and customer management solutions thanks to a suite of APIs. Onboarding new customers is simple and painless, and managing their web filtering settings is straightforward.

Cisco Umbrella alternative for MSPs

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

Find out More About Our Alternative to Cisco Umbrella Today!

Our sales staff will be happy to explain the benefits of WebTitan over Cisco Umbrella and schedule a product demonstration to show you how easy the solution is to use and integrate into your own environment. If you would like to try WebTitan before committing, you can also take advantage of our free 14-day trial. For the duration of the trial, you will have access to full product support to ensure you get the most out of the solution. For more information, give the TitanHQ team a call today.

Frequently Asked Questions (FAQs)

Is Cisco Umbrella the same as OpenDNS?

Cisco acquired OpenDNS and rebranded the OpenDNS enterprise security products as Cisco Umbrella. Cisco Umbrella is not exactly the same as OpenDNS, but they do perform the same function, with Cisco Umbrella providing enterprises with greater control, more features, and better integration with other Cisco solutions.

Is Cisco Umbrella worth the cost?

Cisco Umbrella is a powerful web security solution that provides important security benefits and visibility into the Internet activity of all devices and users. While the threat protection is excellent, the cost of the solution can be prohibitively expensive for many small businesses, who can get the features they need from a solution at a fraction of the cost.

Who uses Cisco Umbrella?

While any company can benefit from Cisco Umbrella and improve security, the solution is aimed at mid-to large-sized organizations and includes many features that smaller businesses will not need or use. If you are just looking for a web security solution to control access to web content and block malware downloads, you will be able to make considerable savings with WebTitan.

Is Cisco Umbrella DNS Security Essentials worth the cost?

The features included with the cheapest package of Cisco Umbrella – DNS Security Essentials - are very limited. Businesses looking for the features provided by DNS Security Essentials will be able to get them and more – full SSL inspection for instance - with a Cisco Umbrella alternative such as WebTitan Cloud.

Is Cisco Umbrella a good choice for MSPs?

Cisco does provide Umbrella for Managed Service Providers and it is a good solution for protecting clients and preventing costly malware infections. While an accomplished product, the cost can be high for MSPs, especially those serving the SMB market and there is no option for hosting within an MSP data center and the solution will not be provided as a white label.

New Geo-blocking Email Security Feature Included in SpamTitan 7.11 Release

New Geo-blocking Email Security Feature Included in SpamTitan 7.11 Release

A new version of TitanHQ has been launched that introduces Geo-blocking email filtering in addition to many other updates and fixes aimed at enhancing usability.

This new version of the award-winning email security solution added geo-blocking due to the high level of demand from existing users. It will be included with the solution at no additional cost to the subscription. This Geo-blocking feature means that users of the solution will be able to prevent, or permit, emails sent from specific geographical areas being delivered to their inbox(es). This is done using the country of IP address of the mail server that the email is sent from. This places an additional level of security for companies that allows them to restrict access to geographic threat vectors and stop malware, ransomware, and phishing emails from landing in inboxes.

A country can be selected and all emails from individuals and groups in that location will be blocked. Doing this can greatly improve your company’s cybersecurity efforts as the majority of malicious emails originate from a small number of countries. These are, in most cases, countries that most small- to medium-sized businesses do not have any contact with. Due to this it will not have any impact on business to block this country and it could save a lot of money that would have been lost in addressing a successful cyber attack. 

This is simple to configure within the SpamTitan solution. It can be enabled within the SpamTitan Country IP Database. For companies that do not wish to block every group from a specific country or domain, there is a whitelisted option which will allow you to approve specific senders and their email will be allowed to reach the correct inboxes.A

Along with geoblocking there are a range of other security improvements that have been created in order to further strengthen the already excellent threat detection and blocking mechanisms within SpamTitan. These include an upgraded sandboxing tool that places more security from attacks featuring malware, ransomware, phishing, spear-phishing, Advanced Persistent Threats, and malicious URLs hidden within emails. 

Recently reported bugs have been addressed and have resulted in better email rendering in Mail Viewer and the option of removing quarantine report token expiry and improving domain verification.

TitanHQ CEO Ronan Kavanagh said: “Geoblocking has been a much-requested feature and as always we listen to our customers and provide what they need to implement the very best email security they can. After experiencing 30% growth in 2021, TitanHQ expects these product enhancements and new features to make 2021 another record-breaking year.”

SpamTitan can be provided as a 100% cloud-based solution or as an anti-spam gateway, which is run as a virtual appliance on existing company hardware. Existing users of SpamTitan Cloud will have their solution automatically updated on September 14, 2021.A full description of the latest updates in SpamTitan 7.11 is available here.

Users of SpamTitan Gateway will need to manually upgrade to the latest version via System Setup > System Updates.


Most Popular Phishing Tactics Cybercriminals Use

Most Popular Phishing Tactics Cybercriminals Use

Cybercriminals normally use phishing attacks in order to steal access credentials to corporate networks which will allow them to download private data, install malware, and commit further fraudulent attacks.

This type of attack is, typically, carried out through emailing individuals and getting them to hand over credentials and protected information. hackers normally use ‘social engineering’ tactics to make the recipients of the email believe that the communication they are sending is genuine. This is accomplished by pretending to be real people within the same group, often by creating an email address that is very close to the authentic email address with a similar layout as well. These emails will feature a URL that takes anyone who clicks on it to a data harvesting website that is laden with malware and adware. In order to ensure that their conversion rate is higher the cybercriminals make the spoofed website look almost identical to the real website as is possible.

These spam attacks offer the chance of a high return for a minimal effort for the hackers. Additionally, if they are detected, it is very difficult to apprehend those responsible for conducting them. Here we have listed the most common ways that hackers use email to try and steal private data. The emails will include:

  1. Information that advises accounts are about to be closed unless the website is visited to stop this from happening immediately
  2. Advice related to account changes that could be suspicious
  3. IRS/tax related notices that relate to you qualifying for a refund due to an overpayment
  4. Payment requests for something that you never placed an order for
  5. Proof of identification requests
  6. Contact from the police is relation to crime you are believed to be linked to
  7. Malware detection notices

It is also important to recognise that there are alway new types of phishing email introduced by cybercriminals. Along with the usual phishing campaigns that feature fake invoices and resumes, missed deliveries, and fake account charge notifications are regularly used there are also topical current events-related lures. Recently there have been phishing campaigns linked to COVID-19, the TOkyo Olympics and Euro 2022.

The best way to tackle the most popular types of phishing attacks, along with topical attacks, is to configure an advanced spam filtering solution like SpamTitan. Using SpamTitan will put in place strong security that can prevent phishing and other malicious emails from allowing your databases and valuable information to be accessed by criminals. This is done thanks to the use of a wide variety of tools that include machine-learning to identify suspicious messages, sandboxing, dual antivirus engines, greylisting, and malicious link detection mechanisms. This solution blocks the receipt of malicious messages and, when used in tandem with cybersecurity training, can practically reduce the chance of your system being successfully attacked to zero. 

Contact the TitanHQ team now to discover more in relation to safeguarding your databases from phishing and spam attacks. There is a free trial available and you can request a product demonstration which will allow you to see how little investment is needed to secure your systemes from all possible phishing attacks. 


Cybercriminals Stole $1.9m in Southern Oregon University Phishing Attack

A Southern Oregon University phishing attack has demonstrated exactly why so many hackers have opted for phishing to make money. The Southern Oregon University phishing attack involved just one phishing email. The attackers pretended to be a construction company – Andersen Construction – that was erecting a pavilion and student recreation center at the University.

The attackers spoofed the email address of the construction firm and asked for all future payments be directed to a different bank account. The university then transferred the next payment of €1.9m to the new account in April 2019. The university realized the construction firm had not received the funds three days later. The FBI was made aware of the situation as soon as the fraud was discovered and attempts were made to recover the funds. The university reports that the hackers had not emptied all of the funds from their account, but a sizeable amount of the payment had been withdrawn and could not be recovered. Joe Mosley, a representative for SOU said, “It’s certainly not all of the money that was transferred, but it’s not just nickels and dimes, either.”

In order for a scam like this to be successful, the hackers would need to be aware that the construction project was taking place and the name of the firm that had been awarded the contract. that information is not hard to find, and universities are easy to target as they often have ongoing construction projects.

These attacks are referred to as Business Email Compromise (BEC) scams. They typically involve a contractor’s email account being hacked and used to send an email requesting changes to payment information, although these scams need not involve compromising an email account. Spoofing an email account can be just as effective.

Increase in BEC Attacks Prompts FBI Alert for Universities

In this instance, the payment was massive but it is far from an isolated incident. The FBI has issued warnings to universities to be wary of attacks such as this. BEC attacks may not be nearly as common as other forms of cybercrime, but they are the leading cause of losses to cybercrime as the payments made to the attackers are often considerable. Payments are often of the order of several hundred thousand dollars or in some cases millions.

The FBI said that access to a construction firm’s email account is not required. All that is required is for the scammer to buy a similar domain to the one used by the firm. Accounts department employees should carefully check the email address in any request to change banking information or payment methods, as it is common for domains to be used that differ from the genuine domain by only one letter. for instance, an L may be used instead of an i or a zero instead of the letter O.

The Southern Oregon University phishing attack shows just how simple it can be for cybercriminals to pull off a BEC attack. Protecting against BEC attacks requires employees to be vigilant and to use extreme caution when requests are made to alter bank accounts. Such a request should always be verified by some means other than email. A telephone call to the construction firm could easily have identified this scam before any transfer was completed.

BEC Scammers Steal $2.3m from New Hampshire Town

Peterborough, a town in New Hampshire, was recently the focus of an attack by BEC scammers who were able to diver a number of bank transfers before being discovered.

This occurred when the cybercriminals shared forged documents to workers in the Finance Department of the town, requesting them to complete amendments to account information for a range of different payments. This complex scam was responsible for more than one email exchange between workers. It is clear that the cybercriminals had completed in-depth research to ascertain the most valuable transactions to focus on.

The scam was first identified when the ConVal School District alerted the town when they had never received a $1.2 million transfer of funds that had been. Peterborough officials looked into this and confirmed that the transfer had been made. However, the investigation also confirmed that the bank account details had been changed and that two large bank transfers to the contractor in question had been sent to hacker-controlled accounts. Overall, $2.3m was stolen  in the attack.

BEC attacks are complex in nature. Cybercriminals have finely-honed talents for conducting these campaigns and can very simply fool finance department workers into believing that they are being directed by the CEO, CFO, or a vendor using email, since the authentic email account is being used. The hackers also research the type of emails normally shared by the owner of the account and copy that style so as not to be detected.

There is a process that groups must employ in order to prevent the initial attack vector and to discover scams in time to prevent any fraudulent transfers of funds. The main security measure in this type of attack is a spam filtering solution, which will tackle block the first phishing email used to obtain the credentials for internal email accounts. SpamTitan uses a variety of features to spot and quarantine these phishing emails, including machine learning technology that can identify email messages that are not the same as normal messages usually received by staff members. Outbound scanning is used to discover phishing attacks as the cybercriminals attempt to use employee email accounts to infiltrate the accounts of their final target – the CFO or CEO. Rules can also be set to flag attempts to share sensitive data – such as W-2 forms – using email.

Along with spam filtering, it is crucial for groups to raise awareness of the threat of BEC attacks in their group, particularly among workers in the finance department. Policies and processes should also be implemented that require any change to payment details to be verified by telephone using previously confirmed contact details. Using these simple steps can be the difference between tackling an attack and sending millions of dollars directly to the hackers’ accounts.

Contact the TitanHQ team now if you wish to enhance your cybersecurity measures in the face of BEC and phishing attacks.